import OpenSSL-1.0.0a

author: djm <> 2010-10-01 22:54:19 +0000
committer: djm <> 2010-10-01 22:54:19 +0000
commit: 242690ab2a8e991b85b4735c4e0bac0ec7bd3481 (patch)
tree: a55c90bd6ea9329d2afb5540220340cadd107178 /src/lib
parent: 5d1f64994b96668ba794f5211364ed54dd7ee08d (diff)
download: openbsd-242690ab2a8e991b85b4735c4e0bac0ec7bd3481.tar.gz
openbsd-242690ab2a8e991b85b4735c4e0bac0ec7bd3481.tar.bz2
openbsd-242690ab2a8e991b85b4735c4e0bac0ec7bd3481.zip
798 files changed, 48478 insertions, 31734 deletions
diff --git a/src/lib/libcrypto/Attic/Makefile b/src/lib/libcrypto/Attic/Makefile
index 6557f2b4e1..c1033f6d77 100644
--- a/src/lib/libcrypto/Attic/Makefile
+++ b/src/lib/libcrypto/Attic/Makefile
@@ -5,9 +5,9 @@
 DIR=            crypto
 TOP=            ..
 CC=             cc
-INCLUDE=        -I. -I$(TOP) -I../include
+INCLUDE=        -I. -I$(TOP) -I../include $(ZLIB_INCLUDE)
 # INCLUDES targets sudbirs!
-INCLUDES=       -I.. -I../.. -I../../include
+INCLUDES=       -I.. -I../.. -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE)
 CFLAG=          -g
 MAKEDEPPROG=    makedepend
 MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
@@ -17,7 +17,7 @@ AR=		ar r
 RECURSIVE_MAKE= [ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \
                    (cd $$i && echo "making $$target in $(DIR)/$$i..." && \
-                    $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \
+                    $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='$(INCLUDES)' $$target ) || exit 1; \
                done;
 PEX_LIBS=
@@ -26,6 +26,7 @@ EX_LIBS=
 CFLAGS= $(INCLUDE) $(CFLAG)
 ASFLAGS= $(INCLUDE) $(ASFLAG)
 AFLAGS=$(ASFLAGS)
+CPUID_OBJ=mem_clr.o
 LIBS=
@@ -33,12 +34,12 @@ GENERAL=Makefile README crypto-lib.com install.com
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC= cryptlib.c dyn_lck.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c o_init.c fips_err.c
+LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c
-LIBOBJ= cryptlib.o dyn_lck.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_init.o fips_err.o $(CPUID_OBJ)
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ)
 SRC= $(LIBSRC)
-EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
+EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
        ossl_typ.h
 HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER)
@@ -47,7 +48,7 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
        @(cd ..; $(MAKE) DIRS=$(DIR) all)
-all: lib
+all: shared
 buildinf.h: ../Makefile
        ( echo "#ifndef MK1MF_BUILD"; \
@@ -57,26 +58,26 @@ buildinf.h: ../Makefile
        echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
        echo '#endif' ) >buildinf.h
-x86cpuid-elf.s: x86cpuid.pl perlasm/x86asm.pl
+x86cpuid.s:     x86cpuid.pl perlasm/x86asm.pl
-        $(PERL) x86cpuid.pl elf $(CFLAGS) $(PROCESSOR) > $@
+        $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-x86cpuid-cof.s: x86cpuid.pl perlasm/x86asm.pl
-        $(PERL) x86cpuid.pl coff $(CFLAGS) $(PROCESSOR) > $@
-x86cpuid-out.s: x86cpuid.pl perlasm/x86asm.pl
-        $(PERL) x86cpuid.pl a.out $(CFLAGS) $(PROCESSOR) > $@
-uplink.o:       ../ms/uplink.c
+applink.o:      $(TOP)/ms/applink.c
-        $(CC) $(CFLAGS) -c -o $@ ../ms/uplink.c
+        $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/applink.c
-uplink-cof.s:   ../ms/uplink.pl
+uplink.o:       $(TOP)/ms/uplink.c applink.o
-        $(PERL) ../ms/uplink.pl coff > $@
+        $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/uplink.c
+uplink-cof.s:   $(TOP)/ms/uplink.pl
+        $(PERL) $(TOP)/ms/uplink.pl coff > $@
 x86_64cpuid.s: x86_64cpuid.pl
-        $(PERL) x86_64cpuid.pl $@
+        $(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@
 ia64cpuid.s: ia64cpuid.S
        $(CC) $(CFLAGS) -E ia64cpuid.S > $@
+ppccpuid.s:             ppccpuid.pl;    $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@
 testapps:
-        [ -z "$(THIS)" ] || (   if echo ${SDIRS} | fgrep ' des '; \
+        [ -z "$(THIS)" ] || (   if echo $(SDIRS) | fgrep ' des '; \
                                then cd des && $(MAKE) -e des; fi )
        [ -z "$(THIS)" ] || ( cd pkcs7 && $(MAKE) -e testapps );
        @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
@@ -94,11 +95,11 @@ links:
        @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
        @target=links; $(RECURSIVE_MAKE)
-# lib: and $(LIB): are splitted to avoid end-less loop
+# lib: $(LIB): are splitted to avoid end-less loop
-lib:    buildinf.h $(LIB) subdirs
+lib:    $(LIB)
        @touch lib
 $(LIB): $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
 shared: buildinf.h lib subdirs
@@ -135,6 +136,7 @@ clean:
 dclean:
        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
        mv -f Makefile.new $(MAKEFILE)
+        rm -f opensslconf.h
        @target=dclean; $(RECURSIVE_MAKE)
 # DO NOT DELETE THIS LINE -- make depend depends on it.
@@ -159,13 +161,6 @@ cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 cversion.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
 cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
 cversion.o: cryptlib.h cversion.c
-dyn_lck.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-dyn_lck.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-dyn_lck.o: ../include/openssl/err.h ../include/openssl/lhash.h
-dyn_lck.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dyn_lck.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-dyn_lck.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-dyn_lck.o: dyn_lck.c
 ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
 ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
 ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -174,13 +169,6 @@ ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
 ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 ex_data.o: ex_data.c
-fips_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
-fips_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_err.o: ../include/openssl/fips.h ../include/openssl/lhash.h
-fips_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_err.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-fips_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h fips_err.c
-fips_err.o: fips_err.h
 mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
 mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
@@ -201,23 +189,10 @@ mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 mem_dbg.o: mem_dbg.c
 o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
 o_dir.o: LPdir_unix.c o_dir.c o_dir.h
-o_init.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
-o_init.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-o_init.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-o_init.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-o_init.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-o_init.o: ../include/openssl/symhacks.h o_init.c
 o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
 o_str.o: o_str.c o_str.h
 o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
 o_time.o: o_time.h
-tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h
-tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-tmdiff.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h tmdiff.c
 uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 uid.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
diff --git a/src/lib/libcrypto/aes/Makefile b/src/lib/libcrypto/aes/Makefile
index 9d174f4c3e..c501a43a8f 100644
--- a/src/lib/libcrypto/aes/Makefile
+++ b/src/lib/libcrypto/aes/Makefile
@@ -11,7 +11,7 @@ CFLAG=-g
 MAKEFILE=       Makefile
 AR=             ar r
-AES_ASM_OBJ=aes_core.o aes_cbc.o
+AES_ENC=aes_core.o aes_cbc.o
 CFLAGS= $(INCLUDES) $(CFLAG)
 ASFLAGS= $(INCLUDES) $(ASFLAG)
@@ -26,7 +26,7 @@ LIB=$(TOP)/libcrypto.a
 LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \
       aes_ctr.c aes_ige.c aes_wrap.c
 LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \
-       $(AES_ASM_OBJ)
+       $(AES_ENC)
 SRC= $(LIBSRC)
@@ -41,24 +41,27 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-$(LIBOBJ): $(LIBSRC)
 aes-ia64.s: asm/aes-ia64.S
        $(CC) $(CFLAGS) -E asm/aes-ia64.S > $@
-ax86-elf.s: asm/aes-586.pl ../perlasm/x86asm.pl
+aes-586.s:      asm/aes-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) aes-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
+        $(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) aes-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
-ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
 aes-x86_64.s: asm/aes-x86_64.pl
-        $(PERL) asm/aes-x86_64.pl $@
+        $(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@
+aes-sparcv9.s: asm/aes-sparcv9.pl
+        $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
+aes-ppc.s:      asm/aes-ppc.pl
+        $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@
+# GNU make "catch all"
+aes-%.s:        asm/aes-%.pl;   $(PERL) $< $(CFLAGS) > $@
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -97,16 +100,14 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
-aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
-aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
+aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c
-aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h
+aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
-aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c
-aes_cfb.o: aes_cfb.c aes_locl.h
 aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
-aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
-aes_core.o: aes_core.c aes_locl.h
+aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
-aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c
-aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
 aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
 aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h
@@ -119,8 +120,8 @@ aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h
 aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_misc.o: ../../include/openssl/opensslconf.h
 aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
-aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
-aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
+aes_ofb.o: ../../include/openssl/opensslconf.h aes_ofb.c
 aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h
 aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/src/lib/libcrypto/asn1/Makefile b/src/lib/libcrypto/asn1/Makefile
index 94a6885804..160544eede 100644
--- a/src/lib/libcrypto/asn1/Makefile
+++ b/src/lib/libcrypto/asn1/Makefile
@@ -22,30 +22,32 @@ LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
        a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
        x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
        x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
-        d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+        x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
        t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
        tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+        tasn_prn.c ameth_lib.c \
        f_int.c f_string.c n_pkey.c \
-        f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn_mime.c \
+        f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c \
-        asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
+        asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c \
        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
        a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
        a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
        x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
        x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
-        d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+        x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
        t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
        tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
+        tasn_prn.o ameth_lib.o \
        f_int.o f_string.o n_pkey.o \
-        f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn_mime.o \
+        f_enum.o x_pkey.o a_bool.o x_exten.o bio_asn1.o bio_ndef.o asn_mime.o \
-        asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
+        asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_bytes.o a_strnid.o \
        evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
 SRC= $(LIBSRC)
 EXHEADER=  asn1.h asn1_mac.h asn1t.h
-HEADER= $(EXHEADER)
+HEADER= $(EXHEADER) asn1_locl.h
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -63,7 +65,7 @@ pk:	pk.c
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -142,9 +144,9 @@ a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-a_digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-a_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/opensslconf.h
 a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -173,14 +175,6 @@ a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 a_gentm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_gentm.o: ../cryptlib.h ../o_time.h a_gentm.c
-a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h
-a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_hdr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_hdr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_hdr.c
 a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
 a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_i2d_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -205,13 +199,6 @@ a_mbstr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 a_mbstr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_mbstr.o: ../cryptlib.h a_mbstr.c
-a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_meth.o: ../../include/openssl/symhacks.h ../cryptlib.h a_meth.c
 a_object.o: ../../e_os.h ../../include/openssl/asn1.h
 a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -250,27 +237,27 @@ a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-a_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_sign.c
+a_sign.o: ../cryptlib.h a_sign.c asn1_locl.h
 a_strex.o: ../../e_os.h ../../include/openssl/asn1.h
 a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-a_strex.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-a_strex.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
+a_strex.o: ../cryptlib.h a_strex.c charmap.h
 a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
 a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -318,14 +305,29 @@ a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_verify.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_verify.o: ../../include/openssl/opensslconf.h
 a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_verify.c
+a_verify.o: asn1_locl.h
+ameth_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+ameth_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+ameth_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ameth_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ameth_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ameth_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ameth_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ameth_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ameth_lib.o: ../../include/openssl/opensslconf.h
+ameth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ameth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ameth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ameth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ameth_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ameth_lib.c
+ameth_lib.o: asn1_locl.h
 asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 asn1_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@@ -339,9 +341,8 @@ asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-asn1_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+asn1_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-asn1_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn1_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-asn1_gen.o: ../../include/openssl/opensslconf.h
 asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -371,24 +372,23 @@ asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-asn_mime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-asn_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-asn_mime.o: ../../include/openssl/opensslconf.h
 asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-asn_mime.o: ../cryptlib.h asn_mime.c
+asn_mime.o: ../cryptlib.h asn1_locl.h asn_mime.c
 asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h
 asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-asn_moid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-asn_moid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/opensslconf.h
 asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -402,28 +402,43 @@ asn_pack.o: ../../include/openssl/opensslconf.h
 asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
+bio_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bio_asn1.o: ../../include/openssl/opensslconf.h
+bio_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_asn1.o: ../../include/openssl/symhacks.h bio_asn1.c
+bio_ndef.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+bio_ndef.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bio_ndef.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_ndef.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_ndef.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_ndef.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_ndef.o: ../../include/openssl/symhacks.h bio_ndef.c
 d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+d2i_pr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+d2i_pr.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-d2i_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+d2i_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pr.c
+d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+d2i_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h d2i_pr.c
 d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-d2i_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pu.c
+d2i_pu.o: ../cryptlib.h d2i_pu.c
 evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
 evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -455,77 +470,76 @@ f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
 i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+i2d_pr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-i2d_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+i2d_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pr.c
+i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+i2d_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h i2d_pr.c
 i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-i2d_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pu.c
+i2d_pu.o: ../cryptlib.h i2d_pu.c
 n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
 n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c
-n_pkey.o: ../cryptlib.h n_pkey.c
 nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-nsseq.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-nsseq.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c
+nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c
 p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
 p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p5_pbe.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbe.c
+p5_pbe.o: ../cryptlib.h p5_pbe.c
 p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h
 p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p5_pbev2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p5_pbev2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_pbev2.o: ../../include/openssl/opensslconf.h
 p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -538,51 +552,48 @@ p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p8_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p8_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p8_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c
-p8_pkey.o: ../cryptlib.h p8_pkey.c
 t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
 t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_bitst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c
+t_bitst.o: ../cryptlib.h t_bitst.c
 t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h t_crl.c
+t_crl.o: ../cryptlib.h t_crl.c
 t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-t_pkey.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+t_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 t_pkey.o: ../cryptlib.h t_pkey.c
 t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -591,57 +602,57 @@ t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_req.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h t_req.c
+t_req.o: ../cryptlib.h t_req.c
 t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_spki.c
+t_spki.o: ../cryptlib.h t_spki.c
 t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h t_x509.c
+t_x509.o: ../cryptlib.h t_x509.c
 t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
 t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c
+t_x509a.o: ../cryptlib.h t_x509a.c
 tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -675,6 +686,21 @@ tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
+tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h
+tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+tasn_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tasn_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+tasn_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+tasn_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_prn.o: ../../include/openssl/opensslconf.h
+tasn_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tasn_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tasn_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tasn_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+tasn_prn.o: ../cryptlib.h asn1_locl.h tasn_prn.c
 tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 tasn_typ.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
@@ -694,23 +720,21 @@ x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-x_algor.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_algor.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_algor.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c
-x_algor.o: x_algor.c
 x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h
 x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_attrib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_attrib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_attrib.o: ../../include/openssl/opensslconf.h
 x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -727,44 +751,42 @@ x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
 x_crl.o: ../../e_os.h ../../include/openssl/asn1.h
 x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-x_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_crl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_crl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_crl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_crl.o: ../cryptlib.h x_crl.c
+x_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h asn1_locl.h x_crl.c
 x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-x_exten.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_exten.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_exten.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c
-x_exten.o: x_exten.c
 x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c
-x_info.o: ../cryptlib.h x_info.c
 x_long.o: ../../e_os.h ../../include/openssl/asn1.h
 x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -780,125 +802,129 @@ x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_name.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h x_name.c
-x_name.o: ../cryptlib.h x_name.c
+x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_nx509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_nx509.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_nx509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_nx509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_nx509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_nx509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_nx509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_nx509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_nx509.o: ../../include/openssl/x509_vfy.h x_nx509.c
 x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
 x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
-x_pkey.o: ../cryptlib.h x_pkey.c
 x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h
 x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/opensslconf.h
 x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_pubkey.o: ../cryptlib.h x_pubkey.c
+x_pubkey.o: ../cryptlib.h asn1_locl.h x_pubkey.c
 x_req.o: ../../e_os.h ../../include/openssl/asn1.h
 x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
-x_req.o: ../cryptlib.h x_req.c
 x_sig.o: ../../e_os.h ../../include/openssl/asn1.h
 x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_sig.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_sig.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_sig.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
-x_sig.o: ../cryptlib.h x_sig.c
 x_spki.o: ../../e_os.h ../../include/openssl/asn1.h
 x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
-x_spki.o: ../cryptlib.h x_spki.c
 x_val.o: ../../e_os.h ../../include/openssl/asn1.h
 x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_val.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_val.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_val.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
-x_val.o: ../cryptlib.h x_val.c
 x_x509.o: ../../e_os.h ../../include/openssl/asn1.h
 x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
-x_x509.o: ../cryptlib.h x_x509.c
 x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
 x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_x509a.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c
-x_x509a.o: ../cryptlib.h x_x509a.c
diff --git a/src/lib/libcrypto/asn1/a_gentm.c b/src/lib/libcrypto/asn1/a_gentm.c
index def79062a5..c79c6f538c 100644
--- a/src/lib/libcrypto/asn1/a_gentm.c
+++ b/src/lib/libcrypto/asn1/a_gentm.c
@@ -117,8 +117,8 @@ err:
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
        {
-        static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
+        static const int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
-        static int max[9]={99, 99,12,31,23,59,59,12,59};
+        static const int max[9]={99, 99,12,31,23,59,59,12,59};
        char *a;
        int n,i,l,o;
@@ -176,6 +176,11 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
                        o++;
                        }
                }
+        else
+                {
+                /* Missing time zone information. */
+                goto err;
+                }
        return(o == l);
 err:
        return(0);
@@ -206,6 +211,12 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
             time_t t)
        {
+                return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
+        }
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+             time_t t, int offset_day, long offset_sec)
+        {
        char *p;
        struct tm *ts;
        struct tm data;
@@ -220,13 +231,19 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
        if (ts == NULL)
                return(NULL);
+        if (offset_day || offset_sec)
+                { 
+                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+                        return NULL;
+                }
        p=(char *)s->data;
        if ((p == NULL) || ((size_t)s->length < len))
                {
                p=OPENSSL_malloc(len);
                if (p == NULL)
                        {
-                        ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
+                        ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ,
                                ERR_R_MALLOC_FAILURE);
                        return(NULL);
                        }
diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c
index d31c028193..072e236592 100644
--- a/src/lib/libcrypto/asn1/a_utctm.c
+++ b/src/lib/libcrypto/asn1/a_utctm.c
@@ -114,8 +114,8 @@ err:
 int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
        {
-        static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
+        static const int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
-        static int max[8]={99,12,31,23,59,59,12,59};
+        static const int max[8]={99,12,31,23,59,59,12,59};
        char *a;
        int n,i,l,o;
@@ -186,6 +186,12 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
        {
+        return ASN1_UTCTIME_adj(s, t, 0, 0);
+        }
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                                int offset_day, long offset_sec)
+        {
        char *p;
        struct tm *ts;
        struct tm data;
@@ -200,13 +206,22 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
        if (ts == NULL)
                return(NULL);
+        if (offset_day || offset_sec)
+                { 
+                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+                        return NULL;
+                }
+        if((ts->tm_year < 50) || (ts->tm_year >= 150))
+                return NULL;
        p=(char *)s->data;
        if ((p == NULL) || ((size_t)s->length < len))
                {
                p=OPENSSL_malloc(len);
                if (p == NULL)
                        {
-                        ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE);
+                        ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE);
                        return(NULL);
                        }
                if (s->data != NULL)
diff --git a/src/lib/libcrypto/bf/Makefile b/src/lib/libcrypto/bf/Makefile
index 7f4f03eb82..dd2c2c708e 100644
--- a/src/lib/libcrypto/bf/Makefile
+++ b/src/lib/libcrypto/bf/Makefile
@@ -12,8 +12,6 @@ MAKEFILE=	Makefile
 AR=             ar r
 BF_ENC=         bf_enc.o
-# or use
-#DES_ENC=       bx86-elf.o
 CFLAGS= $(INCLUDES) $(CFLAG)
 ASFLAGS= $(INCLUDES) $(ASFLAG)
@@ -40,19 +38,12 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+bf-586.s:       asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/bf-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-        (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
-# COFF
-bx86-cof.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) bf-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
-# a.out
-bx86-out.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) bf-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -103,9 +94,5 @@ bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
 bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
 bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
 bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
-bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
-bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c
-bf_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bf_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-bf_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bf_skey.o: bf_locl.h bf_pi.h bf_skey.c
diff --git a/src/lib/libcrypto/bio/Makefile b/src/lib/libcrypto/bio/Makefile
index 1cd76ce7a2..c395d80496 100644
--- a/src/lib/libcrypto/bio/Makefile
+++ b/src/lib/libcrypto/bio/Makefile
@@ -45,7 +45,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -102,11 +102,12 @@ b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h b_print.c
 b_sock.o: ../../e_os.h ../../include/openssl/bio.h
 b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_sock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_sock.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+b_sock.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-b_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_sock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-b_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h b_sock.c
+b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_sock.o: ../cryptlib.h b_sock.c
 bf_buff.o: ../../e_os.h ../../include/openssl/bio.h
 bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --git a/src/lib/libcrypto/bn/Makefile b/src/lib/libcrypto/bn/Makefile
index f5e8f65a46..aabc4f56b8 100644
--- a/src/lib/libcrypto/bn/Makefile
+++ b/src/lib/libcrypto/bn/Makefile
@@ -12,8 +12,6 @@ MAKEFILE=	Makefile
 AR=             ar r
 BN_ASM=         bn_asm.o
-# or use
-#BN_ASM=        bn86-elf.o
 CFLAGS= $(INCLUDES) $(CFLAG)
 ASFLAGS= $(INCLUDES) $(ASFLAG)
@@ -28,13 +26,13 @@ LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
        bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
        bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
        bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
-        bn_depr.c bn_x931p.c bn_const.c bn_opt.c
+        bn_depr.c bn_const.c
 LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
        bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
        bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
        bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
-        bn_depr.o bn_x931p.o bn_const.o bn_opt.o
+        bn_depr.o bn_const.o
 SRC= $(LIBSRC)
@@ -58,36 +56,25 @@ bnbug: bnbug.c ../../libcrypto.a top
        cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+bn-586.s:       asm/bn-586.pl ../perlasm/x86asm.pl
-bn86-elf.s:     asm/bn-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/bn-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-        (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > ../$@)
+co-586.s:       asm/co-586.pl ../perlasm/x86asm.pl
-co86-elf.s:     asm/co-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/co-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-        (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > ../$@)
+x86-mont.s:     asm/x86-mont.pl ../perlasm/x86asm.pl
-mo86-elf.s:     asm/mo-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/x86-mont.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-        (cd asm; $(PERL) mo-586.pl elf $(CFLAGS) > ../$@)
-# COFF
-bn86-cof.s: asm/bn-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) bn-586.pl coff $(CFLAGS) > ../$@)
-co86-cof.s: asm/co-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) co-586.pl coff $(CFLAGS) > ../$@)
-mo86-cof.s: asm/mo-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) mo-586.pl coff $(CFLAGS) > ../$@)
-# a.out
-bn86-out.s: asm/bn-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) bn-586.pl a.out $(CFLAGS) > ../$@)
-co86-out.s: asm/co-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) co-586.pl a.out $(CFLAGS) > ../$@)
-mo86-out.s: asm/mo-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) mo-586.pl a.out $(CFLAGS) > ../$@)
 sparcv8.o:      asm/sparcv8.S
        $(CC) $(CFLAGS) -c asm/sparcv8.S
-sparcv8plus.o:  asm/sparcv8plus.S
+bn-sparcv9.o:   asm/sparcv8plus.S
-        $(CC) $(CFLAGS) -c asm/sparcv8plus.S
+        $(CC) $(CFLAGS) -c -o $@ asm/sparcv8plus.S
+sparcv9a-mont.s:        asm/sparcv9a-mont.pl
+        $(PERL) asm/sparcv9a-mont.pl $(CFLAGS) > $@
+sparcv9-mont.s:         asm/sparcv9-mont.pl
+        $(PERL) asm/sparcv9-mont.pl $(CFLAGS) > $@
 bn-mips3.o:     asm/mips3.s
        @if [ "$(CC)" = "gcc" ]; then \
@@ -95,10 +82,13 @@ bn-mips3.o:	asm/mips3.s
                as -$$ABI -O -o $@ asm/mips3.s; \
        else    $(CC) -c $(CFLAGS) -o $@ asm/mips3.s; fi
+bn-s390x.o:     asm/s390x.S
+        $(CC) $(CFLAGS) -c -o $@ asm/s390x.S
 x86_64-gcc.o:   asm/x86_64-gcc.c
        $(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c
 x86_64-mont.s:  asm/x86_64-mont.pl
-        $(PERL) asm/x86_64-mont.pl $@
+        $(PERL) asm/x86_64-mont.pl $(PERLASM_SCHEME) > $@
 bn-ia64.s:      asm/ia64.S
        $(CC) $(CFLAGS) -E asm/ia64.S > $@
@@ -111,12 +101,14 @@ pa-risc2.o: asm/pa-risc2.s
        /usr/ccs/bin/as -o pa-risc2.o asm/pa-risc2.s
 # ppc - AIX, Linux, MacOS X...
-linux_ppc32.s: asm/ppc.pl;      $(PERL) $< $@
+bn-ppc.s:       asm/ppc.pl;     $(PERL) asm/ppc.pl $(PERLASM_SCHEME) $@
-linux_ppc64.s: asm/ppc.pl;      $(PERL) $< $@
+ppc-mont.s:     asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@
-aix_ppc32.s: asm/ppc.pl;        $(PERL) asm/ppc.pl $@
-aix_ppc64.s: asm/ppc.pl;        $(PERL) asm/ppc.pl $@
+alpha-mont.s:   asm/alpha-mont.pl
-osx_ppc32.s: asm/ppc.pl;        $(PERL) $< $@
+        $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
-osx_ppc64.s: asm/ppc.pl;        $(PERL) $< $@
+# GNU make "catch all"
+%-mont.s:       asm/%-mont.pl;  $(PERL) $< $(CFLAGS) > $@
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -184,8 +176,11 @@ bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h
-bn_const.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-bn_const.o: ../../include/openssl/ossl_typ.h bn.h bn_const.c
+bn_const.o: ../../include/openssl/opensslconf.h
+bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_const.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_const.o: ../../include/openssl/symhacks.h bn.h bn_const.c
 bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -292,13 +287,6 @@ bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c
-bn_opt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_opt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_opt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_opt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_opt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_opt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_opt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_opt.c
 bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -357,6 +345,3 @@ bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c
-bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
-bn_x931p.o: ../../include/openssl/opensslconf.h
-bn_x931p.o: ../../include/openssl/ossl_typ.h bn_x931p.c
diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c
index cf190380f5..0cd99c5b4b 100644
--- a/src/lib/libcrypto/bn/bntest.c
+++ b/src/lib/libcrypto/bn/bntest.c
@@ -486,7 +486,7 @@ static void print_word(BIO *bp,BN_ULONG w)
                return;
                }
 #endif
-        BIO_printf(bp,"%lX",w);
+        BIO_printf(bp,BN_HEX_FMT1,w);
        }
 int test_div_word(BIO *bp)
@@ -732,6 +732,8 @@ int test_mont(BIO *bp, BN_CTX *ctx)
        BN_init(&n);
        mont=BN_MONT_CTX_new();
+        if (mont == NULL)
+                return 0;
        BN_bntest_rand(&a,100,0,0); /**/
        BN_bntest_rand(&b,100,0,0); /**/
@@ -1027,7 +1029,7 @@ int test_exp(BIO *bp, BN_CTX *ctx)
                BN_bntest_rand(a,20+i*5,0,0); /**/
                BN_bntest_rand(b,2+i,0,0); /**/
-                if (!BN_exp(d,a,b,ctx))
+                if (BN_exp(d,a,b,ctx) <= 0)
                        return(0);
                if (bp != NULL)
@@ -1116,8 +1118,8 @@ int test_gf2m_mod(BIO *bp)
        {
        BIGNUM *a,*b[2],*c,*d,*e;
        int i, j, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
@@ -1174,8 +1176,8 @@ int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
        {
        BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
        int i, j, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
@@ -1245,8 +1247,8 @@ int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
        {
        BIGNUM *a,*b[2],*c,*d;
        int i, j, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
@@ -1304,8 +1306,8 @@ int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
        {
        BIGNUM *a,*b[2],*c,*d;
        int i, j, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
@@ -1359,8 +1361,8 @@ int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
        {
        BIGNUM *a,*b[2],*c,*d,*e,*f;
        int i, j, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
@@ -1422,8 +1424,8 @@ int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
        {
        BIGNUM *a,*b[2],*c,*d,*e,*f;
        int i, j, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
@@ -1493,8 +1495,8 @@ int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
        {
        BIGNUM *a,*b[2],*c,*d,*e,*f;
        int i, j, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
@@ -1552,8 +1554,8 @@ int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
        {
        BIGNUM *a,*b[2],*c,*d,*e;
        int i, j, s = 0, t, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
diff --git a/src/lib/libcrypto/bn/exptest.c b/src/lib/libcrypto/bn/exptest.c
index f598a07cf5..074a8e882a 100644
--- a/src/lib/libcrypto/bn/exptest.c
+++ b/src/lib/libcrypto/bn/exptest.c
@@ -163,7 +163,7 @@ int main(int argc, char *argv[])
                        {
                        if (BN_cmp(r_simple,r_mont) != 0)
                                printf("\nsimple and mont results differ\n");
-                        if (BN_cmp(r_simple,r_mont) != 0)
+                        if (BN_cmp(r_simple,r_mont_const) != 0)
                                printf("\nsimple and mont const time results differ\n");
                        if (BN_cmp(r_simple,r_recp) != 0)
                                printf("\nsimple and recp results differ\n");
@@ -187,7 +187,7 @@ int main(int argc, char *argv[])
        BN_free(b);
        BN_free(m);
        BN_CTX_free(ctx);
-        ERR_remove_state(0);
+        ERR_remove_thread_state(NULL);
        CRYPTO_mem_leaks(out);
        BIO_free(out);
        printf(" done\n");
diff --git a/src/lib/libcrypto/buffer/Makefile b/src/lib/libcrypto/buffer/Makefile
index 9e0f46e19a..9f3a88d2d6 100644
--- a/src/lib/libcrypto/buffer/Makefile
+++ b/src/lib/libcrypto/buffer/Makefile
@@ -17,8 +17,8 @@ TEST=
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC= buffer.c buf_str.c buf_err.c
+LIBSRC= buffer.c buf_err.c
-LIBOBJ= buffer.o buf_str.o buf_err.o
+LIBOBJ= buffer.o buf_err.o
 SRC= $(LIBSRC)
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -81,13 +81,6 @@ buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 buf_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 buf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 buf_err.o: buf_err.c
-buf_str.o: ../../e_os.h ../../include/openssl/bio.h
-buf_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-buf_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-buf_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-buf_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-buf_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-buf_str.o: ../../include/openssl/symhacks.h ../cryptlib.h buf_str.c
 buffer.o: ../../e_os.h ../../include/openssl/bio.h
 buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --git a/src/lib/libcrypto/cast/Makefile b/src/lib/libcrypto/cast/Makefile
index 2e026dbe0d..0acc38f28d 100644
--- a/src/lib/libcrypto/cast/Makefile
+++ b/src/lib/libcrypto/cast/Makefile
@@ -38,19 +38,12 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+cast-586.s:     asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/cast-586.pl $(PERLASM_SCHEME) $(CLAGS) $(PROCESSOR) > $@
-        (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > ../$@)
-# COFF
-cx86-cof.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) cast-586.pl coff $(CLAGS) $(PROCESSOR) > ../$@)
-# a.out
-cx86-out.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) cast-586.pl a.out $(CLAGS) $(PROCESSOR) > ../$@)
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -102,8 +95,5 @@ c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
 c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 c_ofb64.o: c_ofb64.c cast_lcl.h
 c_skey.o: ../../e_os.h ../../include/openssl/cast.h
-c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-c_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+c_skey.o: c_skey.c cast_lcl.h cast_s.h
-c_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-c_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-c_skey.o: ../../include/openssl/symhacks.h c_skey.c cast_lcl.h cast_s.h
diff --git a/src/lib/libcrypto/comp/Makefile b/src/lib/libcrypto/comp/Makefile
index 5d364b8513..efda832dce 100644
--- a/src/lib/libcrypto/comp/Makefile
+++ b/src/lib/libcrypto/comp/Makefile
@@ -36,7 +36,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
diff --git a/src/lib/libcrypto/conf/Makefile b/src/lib/libcrypto/conf/Makefile
index ccd0721332..78bb324106 100644
--- a/src/lib/libcrypto/conf/Makefile
+++ b/src/lib/libcrypto/conf/Makefile
@@ -36,7 +36,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -114,8 +114,8 @@ conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 conf_mall.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 conf_mall.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-conf_mall.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-conf_mall.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_mall.o: ../../include/openssl/objects.h
 conf_mall.o: ../../include/openssl/opensslconf.h
 conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -128,9 +128,9 @@ conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 conf_mod.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 conf_mod.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-conf_mod.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-conf_mod.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+conf_mod.o: ../../include/openssl/opensslconf.h
 conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 conf_mod.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -143,9 +143,8 @@ conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 conf_sap.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-conf_sap.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-conf_sap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-conf_sap.o: ../../include/openssl/opensslconf.h
 conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com
index e72af90822..a4b6635091 100644
--- a/src/lib/libcrypto/crypto-lib.com
+++ b/src/lib/libcrypto/crypto-lib.com
@@ -6,10 +6,11 @@ $!               A-Com Computing, Inc.
 $!               byer@mail.all-net.net
 $!
 $!  Changes by Richard Levitte <richard@levitte.org>
+$!             Zoltan Arpadffy <arpadffy@polarhome.com>
 $!
 $!  This command files compiles and creates the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" 
-$!  library for OpenSSL.  The "xxx" denotes the machine architecture of AXP
+$!  library for OpenSSL.  The "xxx" denotes the machine architecture, ALPHA,
-$!  or VAX.
+$!  IA64 or VAX.
 $!
 $!  It was re-written so it would try to determine what "C" compiler to use 
 $!  or you can specify which "C" compiler to use.
@@ -17,28 +18,28 @@ $!
 $!  Specify the following as P1 to build just that part or ALL to just
 $!  build everything.
 $!
-$!              LIBRARY    To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
+$!      LIBRARY    To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
-$!              APPS       To just compile the [.xxx.EXE.CRYPTO]*.EXE
+$!      APPS       To just compile the [.xxx.EXE.CRYPTO]*.EXE
-$!              ALL        To do both LIBRARY and APPS
+$!      ALL        To do both LIBRARY and APPS
 $!
 $!  Specify DEBUG or NODEBUG as P2 to compile with or without debugger
 $!  information.
 $!
 $!  Specify which compiler at P3 to try to compile under.
 $!
-$!         VAXC  For VAX C.
+$!      VAXC       For VAX C.
-$!         DECC  For DEC C.
+$!      DECC       For DEC C.
-$!         GNUC  For GNU C.
+$!      GNUC       For GNU C.
 $!
-$!  If you don't speficy a compiler, it will try to determine which
+$!  If you don't specify a compiler, it will try to determine which
 $!  "C" compiler to use.
 $!
 $!  P4, if defined, sets a TCP/IP library to use, through one of the following
 $!  keywords:
 $!
-$!      UCX             for UCX
+$!      UCX        For UCX
-$!      TCPIP           for TCPIP (post UCX)
+$!      TCPIP      For TCPIP (post UCX)
-$!      SOCKETSHR       for SOCKETSHR+NETLIB
+$!      SOCKETSHR  For SOCKETSHR+NETLIB
 $!
 $!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
 $!
@@ -54,36 +55,49 @@ $ TCPIP_LIB = ""
 $!
 $! Check Which Architecture We Are Using.
 $!
-$ IF (F$GETSYI("CPU").GE.128)
+$ IF (F$GETSYI("CPU").LT.128)
 $ THEN
 $!
-$!  The Architecture Is AXP
+$!  The Architecture Is VAX
 $!
-$   ARCH := AXP
+$   ARCH = "VAX"
 $!
 $! Else...
 $!
 $ ELSE
 $!
-$!  The Architecture Is VAX.
+$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
 $!
-$   ARCH := VAX
+$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
 $!
 $! End The Architecture Check.
 $!
 $ ENDIF
 $!
 $! Define The Different Encryption Types.
+$! NOTE: Some might think this list ugly.  However, it's made this way to
+$! reflect the SDIRS variable in [-]Makefile.org as closely as possible,
+$! thereby making it fairly easy to verify that the lists are the same.
 $!
+$ ET_WHIRLPOOL = "WHRLPOOL"
+$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = ""
 $ ENCRYPT_TYPES = "Basic,"+ -
                  "OBJECTS,"+ -
-                  "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
+                  "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ -
-                  "DES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,"+ -
+                  "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ -
-                  "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,"+ -
+                  "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ -
                  "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ -
-                  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
+                  "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
                  "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
-                  "STORE,CMS,PQUEUE,JPAKE"
+                  "STORE,CMS,PQUEUE,TS,JPAKE"
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO]
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]
 $!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
@@ -97,9 +111,6 @@ $! Tell The User What Kind of Machine We Run On.
 $!
 $ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
 $!
-$! Define The OBJ Directory.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO]
 $!
 $! Check To See If The Architecture Specific OBJ Directory Exists.
 $!
@@ -114,10 +125,6 @@ $! End The Architecture Specific OBJ Directory Check.
 $!
 $ ENDIF
 $!
-$! Define The EXE Directory.
-$!
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]
-$!
 $! Check To See If The Architecture Specific Directory Exists.
 $!
 $ IF (F$PARSE(EXE_DIR).EQS."")
@@ -161,15 +168,16 @@ $!
 $ APPS_DES = "DES/DES,CBC3_ENC"
 $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
 $
-$ LIB_ = "cryptlib,dyn_lck,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str,o_dir,o_init,fips_err"
+$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,ebcdic,uid,o_time,o_str,o_dir"
 $ LIB_MD2 = "md2_dgst,md2_one"
 $ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"
 $ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512"
 $ LIB_MDC2 = "mdc2dgst,mdc2_one"
-$ LIB_HMAC = "hmac"
+$ LIB_HMAC = "hmac,hm_ameth,hm_pmeth"
 $ LIB_RIPEMD = "rmd_dgst,rmd_one"
-$ LIB_DES = "des_lib,set_key,ecb_enc,cbc_enc,"+ -
+$ LIB_WHRLPOOL = "wp_dgst,wp_block"
+$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
        "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
        "enc_read,enc_writ,ofb64enc,"+ -
        "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
@@ -184,35 +192,39 @@ $ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64"
 $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
 $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
        "cmll_cfb,cmll_ctr"
-$ LIB_SEED = "seed,seed_cbc,seed_ecb,seed_cfb,seed_ofb"
+$ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
+$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128"
 $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
-$ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm"
+$ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
+     LIB_BN_ASM = "bn_asm"
 $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
        "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
        "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
        "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ -
-        "bn_depr,bn_x931p,bn_const,bn_opt"
+        "bn_depr,bn_const"
 $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ -
        "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ -
-        "ec2_smpl,ec2_mult"
+        "ec2_smpl,ec2_mult,ec_ameth,ec_pmeth,eck_prn"
 $ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
        "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
-        "rsa_pss,rsa_x931,rsa_x931g,rsa_asn1,rsa_depr,rsa_eng"
+        "rsa_pss,rsa_x931,rsa_asn1,rsa_depr,rsa_ameth,rsa_prn,"+ -
+        "rsa_pmeth"
 $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ -
-        "dsa_err,dsa_ossl,dsa_depr,dsa_utl"
+        "dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn"
 $ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"
-$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr"
+$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr,"+ -
+        "dh_ameth,dh_pmeth,dh_prn"
 $ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err"
 $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
-        "dso_openssl,dso_win32,dso_vms"
+        "dso_openssl,dso_win32,dso_vms,dso_beos"
 $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -
        "eng_table,eng_pkey,eng_fat,eng_all,"+ -
        "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ -
-        "tb_cipher,tb_digest,"+ -
+        "tb_cipher,tb_digest,tb_pkmeth,tb_asnmth,"+ -
-        "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock"
+        "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev"
-$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ -
+$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr,"+ -
-        "aes_ctr,aes_ige,aes_wrap"
+        "aes_ige,aes_wrap"
-$ LIB_BUFFER = "buffer,buf_str,buf_err"
+$ LIB_BUFFER = "buffer,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
        "bss_mem,bss_null,bss_fd,"+ -
        "bss_file,bss_sock,bss_conn,"+ -
@@ -224,33 +236,34 @@ $ LIB_STACK = "stack"
 $ LIB_LHASH = "lhash,lh_stats"
 $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
        "rand_vms"
-$ LIB_ERR = "err,err_def,err_all,err_prn,err_str,err_bio"
+$ LIB_ERR = "err,err_all,err_prn"
-$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
+$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref"
-$ LIB_EVP = "encode,digest,dig_eng,evp_enc,evp_key,evp_acnf,evp_cnf,"+ -
+$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
        "e_des,e_bf,e_idea,e_des3,e_camellia,"+ -
        "e_rc4,e_aes,names,e_seed,"+ -
-        "e_xcbc_d,e_rc2,e_cast,e_rc5,enc_min"
+        "e_xcbc_d,e_rc2,e_cast,e_rc5"
-$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + -
+$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1,m_wp," + -
        "m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ -
        "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
        "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
        "c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
        "evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
-$ LIB_EVP_3 = "e_old"
+$ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver"
 $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
        "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -
        "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
        "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ -
        "x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ -
-        "d2i_pu,d2i_pr,i2d_pu,i2d_pr"
+        "x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr"
 $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
        "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
+        "tasn_prn,ameth_lib,"+ -
        "f_int,f_string,n_pkey,"+ -
-        "f_enum,a_hdr,x_pkey,a_bool,x_exten,asn_mime,"+ -
+        "f_enum,x_pkey,a_bool,x_exten,bio_asn1,bio_ndef,asn_mime,"+ -
-        "asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ -
+        "asn1_gen,asn1_par,asn1_lib,asn1_err,a_bytes,a_strnid,"+ -
        "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid"
 $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ -
-        "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey"
+        "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey,pvkfmt"
 $ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ -
        "x509_obj,x509_req,x509spki,x509_vfy,"+ -
        "x509_set,x509cset,x509rset,x509_err,"+ -
@@ -266,7 +279,7 @@ $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
 $ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap"
 $ LIB_TXT_DB = "txt_db"
 $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ -
-        "pk7_mime"
+        "pk7_mime,bio_pk7"
 $ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ -
        "p12_init,p12_key,p12_kiss,p12_mutl,"+ -
        "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e"
@@ -281,6 +294,9 @@ $ LIB_STORE = "str_err,str_lib,str_meth,str_mem"
 $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ -
        "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess"
 $ LIB_PQUEUE = "pqueue"
+$ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+ -
+        "ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ -
+        "ts_asn1"
 $ LIB_JPAKE = "jpake,jpake_err"
 $!
 $! Setup exceptional compilations
@@ -291,7 +307,7 @@ $ ! Disable the DOLLARID warning
 $ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,o_dir"
 $ ! Disable disjoint optimization
 $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
-                    "sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
+                    "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
 $ ! Disable the MIXLINKAGE warning
 $ COMPILEWITH_CC6 = ",enc_read,set_key,"
 $!
@@ -334,11 +350,11 @@ $! Create The Library and Apps Module Names.
 $!
 $ LIB_MODULE = "LIB_" + MODULE_NAME
 $ APPS_MODULE = "APPS_" + MODULE_NAME
-$ IF (MODULE_NAME.EQS."ASN1_2")
+$ IF (F$EXTRACT(0,5,MODULE_NAME).EQS."ASN1_")
 $ THEN
 $   MODULE_NAME = "ASN1"
 $ ENDIF
-$ IF (MODULE_NAME.EQS."EVP_2")
+$ IF (F$EXTRACT(0,4,MODULE_NAME).EQS."EVP_")
 $ THEN
 $   MODULE_NAME = "EVP"
 $ ENDIF
@@ -353,7 +369,7 @@ $!
 $ IF F$TYPE('LIB_MODULE') .EQS. ""
 $ THEN
 $   WRITE SYS$ERROR ""
-$   WRITE SYS$ERROR "The module ",MODULE_NAME," does not exist.  Continuing..."
+$   WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist.  Continuing..."
 $   WRITE SYS$ERROR ""
 $   GOTO MODULE_NEXT
 $ ENDIF
@@ -694,7 +710,7 @@ $!
 $   IF (F$SEARCH(OPT_FILE).EQS."")
 $   THEN
 $!
-$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!    Figure Out If We Need A non-VAX Or A VAX Linker Option File.
 $!
 $     IF ARCH .EQS. "VAX"
 $     THEN
@@ -714,19 +730,19 @@ $!    Else...
 $!
 $     ELSE
 $!
-$!      Create The AXP Linker Option File.
+$!      Create The non-VAX Linker Option File.
 $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For AXP To Link Agianst 
+! Default System Options File For non-VAX To Link Agianst 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
 SYS$SHARE:CMA$OPEN_RTL/SHARE
 $EOD
 $!
-$!    End The VAX/AXP DEC C Option File Check.
+$!    End The DEC C Option File Check.
 $!
 $     ENDIF
 $!
@@ -763,12 +779,12 @@ $! Else...
 $!
 $ ELSE
 $!
-$!  Else, Check To See If P1 Has A Valid Arguement.
+$!  Else, Check To See If P1 Has A Valid Argument.
 $!
 $   IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS")
 $   THEN
 $!
-$!    A Valid Arguement.
+$!    A Valid Argument.
 $!
 $     BUILDALL = P1
 $!
@@ -787,15 +803,16 @@ $     WRITE SYS$OUTPUT "    APPS     :  To Compile Just The [.xxx.EXE.CRYPTO]*.E
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
+$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
 $     WRITE SYS$OUTPUT ""
 $!
 $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -848,7 +865,7 @@ $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -913,7 +930,7 @@ $   ELSE
 $!
 $!    Check To See If We Have VAXC Or DECC.
 $!
-$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
 $     THEN 
 $!
 $!      Looks Like DECC, Set To Use DECC.
@@ -1019,12 +1036,12 @@ $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
         THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
           "/NOLIST/PREFIX=ALL" + -
-           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP])" + -
+           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
           CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -1046,14 +1063,14 @@ $!
 $!    Compile Using VAXC.
 $!
 $     CC = "CC"
-$     IF ARCH.EQS."AXP"
+$     IF ARCH.NES."VAX"
 $     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
 $       EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
           CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -1063,7 +1080,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -1085,12 +1102,12 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
           CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -1135,7 +1152,7 @@ $!  Show user the result
 $!
 $   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
@@ -1153,14 +1170,14 @@ $!  Time To EXIT.
 $!
 $   EXIT
 $!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
 $!
 $ ENDIF
 $!
 $! Build a MACRO command for the architecture at hand
 $!
 $ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
-$ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
+$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
 $!
 $!  Show user the result
 $!
@@ -1248,7 +1265,7 @@ $!  Print info
 $!
 $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
diff --git a/src/lib/libcrypto/des/Makefile b/src/lib/libcrypto/des/Makefile
index 786e68802e..ae982265fd 100644
--- a/src/lib/libcrypto/des/Makefile
+++ b/src/lib/libcrypto/des/Makefile
@@ -12,8 +12,6 @@ MAKEFILE=	Makefile
 AR=             ar r
 RANLIB=         ranlib
 DES_ENC=        des_enc.o fcrypt_b.o
-# or use
-#DES_ENC=       dx86-elf.o yx86-elf.o
 CFLAGS= $(INCLUDES) $(CFLAG)
 ASFLAGS= $(INCLUDES) $(ASFLAG)
@@ -24,7 +22,7 @@ TEST=destest.c
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC= des_lib.c cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+LIBSRC= cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
        ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
        fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
        qud_cksm.c rand_key.c rpc_enc.c  set_key.c  \
@@ -33,7 +31,7 @@ LIBSRC=	des_lib.c cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
        str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \
        read2pwd.c
-LIBOBJ= des_lib.o set_key.o  ecb_enc.o  cbc_enc.o \
+LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
        ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
        enc_read.o enc_writ.o ofb64enc.o \
        ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
@@ -54,7 +52,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -64,21 +62,10 @@ des: des.o cbc3_enc.o lib
 des_enc-sparc.S:        asm/des_enc.m4
        m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S
-# ELF
+des-586.s:      asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-dx86-elf.s:     asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
-        (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > ../$@)
+crypt586.s:     asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-yx86-elf.s:     asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/crypt586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
-        (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > ../$@)
-# COFF
-dx86-cof.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) des-586.pl coff $(CFLAGS) > ../$@)
-yx86-cof.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) crypt586.pl coff $(CFLAGS) > ../$@)
-# a.out
-dx86-out.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) des-586.pl a.out $(CFLAGS) > ../$@)
-yx86-out.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) crypt586.pl a.out $(CFLAGS) > ../$@)
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -156,14 +143,7 @@ des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-des_enc.o: des_enc.c des_locl.h ncbc_enc.c
+des_enc.o: des_enc.c des_locl.h ncbc_enc.c spr.h
-des_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-des_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-des_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-des_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-des_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-des_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-des_lib.o: ../../include/openssl/ui_compat.h des_lib.c des_locl.h des_ver.h
 des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
@@ -182,12 +162,13 @@ ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 ecb3_enc.o: des_locl.h ecb3_enc.c
+ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-ecb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ecb_enc.o: des_locl.h ecb_enc.c spr.h
+ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
 ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 ede_cbcm_enc.o: ../../include/openssl/e_os2.h
 ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
@@ -277,11 +258,11 @@ rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c
 set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h
+set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c
+set_key.o: des_locl.h set_key.c
 str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
diff --git a/src/lib/libcrypto/des/des-lib.com b/src/lib/libcrypto/des/des-lib.com
index fc2c35a1ce..348f1c0470 100644
--- a/src/lib/libcrypto/des/des-lib.com
+++ b/src/lib/libcrypto/des/des-lib.com
@@ -9,7 +9,7 @@ $!  Changes by Richard Levitte <richard@levitte.org>
 $!
 $!  This command files compiles and creates the 
 $!  "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library.  The "xxx" denotes the machine 
-$!  architecture of AXP or VAX.
+$!  architecture of ALPHA, IA64 or VAX.
 $!
 $!  It was re-written to try to determine which "C" compiler to try to use
 $!  or the user can specify a compiler in P3.
@@ -45,25 +45,34 @@ $!
 $!
 $! Check Which Architecture We Are Using.
 $!
-$ IF (F$GETSYI("CPU").GE.128)
+$ IF (F$GETSYI("CPU").LT.128)
 $ THEN
 $!
-$!  The Architecture Is AXP.
+$!  The Architecture Is VAX
 $!
-$   ARCH := AXP
+$   ARCH := VAX
 $!
 $! Else...
 $!
 $ ELSE
 $!
-$!  The Architecture Is VAX.
+$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
 $!
-$   ARCH := VAX
+$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
 $!
 $! End The Architecture Check.
 $!
 $ ENDIF
 $!
+$! Define The OBJ Directory Name.
+$!
+$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
+$!
+$! Define The EXE Directory Name.
+$!
+$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
+$!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
 $ GOSUB CHECK_OPTIONS
@@ -72,10 +81,6 @@ $! Tell The User What Kind of Machine We Run On.
 $!
 $ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
 $!
-$! Define The OBJ Directory Name.
-$!
-$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
-$!
 $! Check To See If The Architecture Specific OBJ Directory Exists.
 $!
 $ IF (F$PARSE(OBJ_DIR).EQS."")
@@ -89,10 +94,6 @@ $! End The Architecture Specific OBJ Directory Check.
 $!
 $ ENDIF
 $!
-$! Define The EXE Directory Name.
-$!
-$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
-$!
 $! Check To See If The Architecture Specific Directory Exists.
 $!
 $ IF (F$PARSE(EXE_DIR).EQS."")
@@ -564,7 +565,7 @@ $!
 $   IF (F$SEARCH(OPT_FILE).EQS."")
 $   THEN
 $!
-$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!    Figure Out If We Need An non-VAX Or A VAX Linker Option File.
 $!
 $     IF (F$GETSYI("CPU").LT.128)
 $     THEN
@@ -584,19 +585,19 @@ $!    Else...
 $!
 $     ELSE
 $!
-$!      Create The AXP Linker Option File.
+$!      Create The non-VAX Linker Option File.
 $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For AXP To Link Agianst 
+! Default System Options File For non-VAX To Link Agianst 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
 SYS$SHARE:CMA$OPEN_RTL/SHARE
 $EOD
 $!
-$!    End The VAX/AXP DEC C Option File Check.
+$!    End The DEC C Option File Check.
 $!
 $     ENDIF
 $!
@@ -658,13 +659,13 @@ $! Else...
 $!
 $ ELSE
 $!
-$!  Else, Check To See If P1 Has A Valid Arguement.
+$!  Else, Check To See If P1 Has A Valid Argument.
 $!
 $   IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") -
       .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS")
 $   THEN
 $!
-$!    A Valid Arguement.
+$!    A Valid Argument.
 $!
 $     BUILDALL = P1
 $!
@@ -677,7 +678,7 @@ $!
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything.
+$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
 $     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library."
 $     WRITE SYS$OUTPUT "    DESTEST  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program."
 $     WRITE SYS$OUTPUT "    SPEED    :  To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program."
@@ -687,15 +688,16 @@ $     WRITE SYS$OUTPUT "    DES_OPTS :  To Compile Just The [.xxx.EXE.CRYTPO.DES
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " Where 'xxx' Stands For: "
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
+$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
 $     WRITE SYS$OUTPUT ""
 $!
 $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -752,7 +754,7 @@ $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -817,7 +819,7 @@ $   ELSE
 $!
 $!    Check To See If We Have VAXC Or DECC.
 $!
-$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
 $     THEN 
 $!
 $!      Looks Like DECC, Set To Use DECC.
@@ -882,7 +884,7 @@ $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -904,9 +906,9 @@ $!
 $!    Compile Using VAXC.
 $!
 $     CC = "CC"
-$     IF ARCH.EQS."AXP"
+$     IF ARCH.NES."VAX"
 $     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
 $       EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
@@ -919,7 +921,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -944,7 +946,7 @@ $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -976,7 +978,7 @@ $!  Show user the result
 $!
 $   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
diff --git a/src/lib/libcrypto/des/rpc_des.h b/src/lib/libcrypto/des/rpc_des.h
index 4cbb4d2dcd..41328d7965 100644
--- a/src/lib/libcrypto/des/rpc_des.h
+++ b/src/lib/libcrypto/des/rpc_des.h
@@ -122,10 +122,10 @@ struct desparams {
 /*
 * Encrypt an arbitrary sized buffer
 */
-#define DESIOCBLOCK     _IOWR(d, 6, struct desparams)
+#define DESIOCBLOCK     _IOWR('d', 6, struct desparams)
 /* 
 * Encrypt of small amount of data, quickly
 */
-#define DESIOCQUICK     _IOWR(d, 7, struct desparams) 
+#define DESIOCQUICK     _IOWR('d', 7, struct desparams) 
diff --git a/src/lib/libcrypto/dh/Makefile b/src/lib/libcrypto/dh/Makefile
index d01fa960eb..f23b4f7fde 100644
--- a/src/lib/libcrypto/dh/Makefile
+++ b/src/lib/libcrypto/dh/Makefile
@@ -17,8 +17,10 @@ TEST= dhtest.c
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c
+LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c \
-LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o
+        dh_ameth.c dh_pmeth.c dh_prn.c
+LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o \
+        dh_ameth.o dh_pmeth.o dh_prn.o
 SRC= $(LIBSRC)
@@ -33,7 +35,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -74,6 +76,21 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+dh_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_ameth.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+dh_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+dh_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+dh_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dh_ameth.o: ../../include/openssl/opensslconf.h
+dh_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dh_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dh_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+dh_ameth.o: dh_ameth.c
 dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -129,11 +146,35 @@ dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-dh_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-dh_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dh_lib.c
+dh_lib.o: ../cryptlib.h dh_lib.c
+dh_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dh_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dh_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dh_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dh_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dh_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dh_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
+dh_pmeth.o: dh_pmeth.c
+dh_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_prn.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dh_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_prn.c
diff --git a/src/lib/libcrypto/dsa/Makefile b/src/lib/libcrypto/dsa/Makefile
index 2cc45cdc62..8073c4ecfe 100644
--- a/src/lib/libcrypto/dsa/Makefile
+++ b/src/lib/libcrypto/dsa/Makefile
@@ -18,14 +18,14 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
-        dsa_err.c dsa_ossl.c dsa_depr.c dsa_utl.c
+        dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c
 LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
-        dsa_err.o dsa_ossl.o dsa_depr.o dsa_utl.o
+        dsa_err.o dsa_ossl.o dsa_depr.o dsa_ameth.o dsa_pmeth.o dsa_prn.o
 SRC= $(LIBSRC)
 EXHEADER= dsa.h
-HEADER= $(EXHEADER)
+HEADER= dsa_locl.h $(EXHEADER)
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -35,7 +35,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -76,12 +76,27 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+dsa_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+dsa_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dsa_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dsa_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_ameth.o: ../../include/openssl/objects.h
+dsa_ameth.o: ../../include/openssl/opensslconf.h
+dsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dsa_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dsa_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+dsa_ameth.o: dsa_ameth.c
 dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-dsa_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 dsa_asn1.o: ../../include/openssl/opensslconf.h
 dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
@@ -91,9 +106,8 @@ dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dsa_depr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+dsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-dsa_depr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-dsa_depr.o: ../../include/openssl/opensslconf.h
 dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -110,13 +124,12 @@ dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c dsa_locl.h
-dsa_gen.o: ../cryptlib.h dsa_gen.c
 dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
@@ -132,14 +145,14 @@ dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-dsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-dsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_lib.c
+dsa_lib.o: ../cryptlib.h dsa_lib.c
 dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
 dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -148,40 +161,48 @@ dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dsa_ossl.o: ../../include/openssl/opensslconf.h
 dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dsa_ossl.o: ../cryptlib.h dsa_ossl.c
+dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_ossl.c
-dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
-dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dsa_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dsa_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_pmeth.o: ../../include/openssl/objects.h
+dsa_pmeth.o: ../../include/openssl/opensslconf.h
+dsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dsa_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dsa_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
+dsa_pmeth.o: dsa_locl.h dsa_pmeth.c
+dsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+dsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+dsa_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_prn.o: ../cryptlib.h dsa_prn.c
+dsa_sign.o: ../../e_os.h ../../include/openssl/bio.h
 dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/fips.h
+dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/opensslconf.h
 dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dsa_sign.o: ../cryptlib.h dsa_sign.c
-dsa_utl.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_vrf.o: ../../e_os.h ../../include/openssl/bio.h
-dsa_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_utl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-dsa_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-dsa_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-dsa_utl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-dsa_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-dsa_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-dsa_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-dsa_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dsa_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-dsa_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_utl.c
-dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
-dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c
+dsa_vrf.o: ../cryptlib.h dsa_vrf.c
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c
index 912317bb44..edffd24e6b 100644
--- a/src/lib/libcrypto/dsa/dsatest.c
+++ b/src/lib/libcrypto/dsa/dsatest.c
@@ -169,7 +169,6 @@ int main(int argc, char **argv)
                }
        BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
                
-        if (dsa == NULL) goto end;
        DSA_print(bio_err,dsa,0);
        if (counter != 105) 
                {
@@ -223,7 +222,7 @@ end:
                ERR_print_errors(bio_err);
        if (dsa != NULL) DSA_free(dsa);
        CRYPTO_cleanup_all_ex_data();
-        ERR_remove_state(0);
+        ERR_remove_thread_state(NULL);
        ERR_free_strings();
        CRYPTO_mem_leaks(bio_err);
        if (bio_err != NULL)
diff --git a/src/lib/libcrypto/dso/Makefile b/src/lib/libcrypto/dso/Makefile
index 52f152888c..fb2709ed63 100644
--- a/src/lib/libcrypto/dso/Makefile
+++ b/src/lib/libcrypto/dso/Makefile
@@ -18,9 +18,9 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \
-        dso_openssl.c dso_win32.c dso_vms.c
+        dso_openssl.c dso_win32.c dso_vms.c dso_beos.c
 LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \
-        dso_openssl.o dso_win32.o dso_vms.o
+        dso_openssl.o dso_win32.o dso_vms.o dso_beos.o
 SRC= $(LIBSRC)
@@ -35,7 +35,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -76,6 +76,14 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+dso_beos.o: ../../e_os.h ../../include/openssl/bio.h
+dso_beos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_beos.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_beos.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_beos.o: ../../include/openssl/opensslconf.h
+dso_beos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dso_beos.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_beos.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_beos.c
 dso_dl.o: ../../e_os.h ../../include/openssl/bio.h
 dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
diff --git a/src/lib/libcrypto/dso/dso_dl.c b/src/lib/libcrypto/dso/dso_dl.c
index 417abb6ea9..fc4236bd9a 100644
--- a/src/lib/libcrypto/dso/dso_dl.c
+++ b/src/lib/libcrypto/dso/dso_dl.c
@@ -85,6 +85,8 @@ static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
 #endif
 static char *dl_name_converter(DSO *dso, const char *filename);
 static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2);
+static int dl_pathbyaddr(void *addr,char *path,int sz);
+static void *dl_globallookup(const char *name);
 static DSO_METHOD dso_meth_dl = {
        "OpenSSL 'dl' shared library method",
@@ -101,7 +103,9 @@ static DSO_METHOD dso_meth_dl = {
        dl_name_converter,
        dl_merger,
        NULL, /* init */
-        NULL  /* finish */
+        NULL, /* finish */
+        dl_pathbyaddr,
+        dl_globallookup
        };
 DSO_METHOD *DSO_METHOD_dl(void)
@@ -350,4 +354,40 @@ static char *dl_name_converter(DSO *dso, const char *filename)
        return(translated);
        }
+static int dl_pathbyaddr(void *addr,char *path,int sz)
+        {
+        struct shl_descriptor inf;
+        int i,len;
+        if (addr == NULL)
+                {
+                union   { int(*f)(void*,char*,int); void *p; } t =
+                        { dl_pathbyaddr };
+                addr = t.p;
+                }
+        for (i=-1;shl_get_r(i,&inf)==0;i++)
+                {
+                if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
+                    ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend))
+                        {
+                        len = (int)strlen(inf.filename);
+                        if (sz <= 0) return len+1;
+                        if (len >= sz) len=sz-1;
+                        memcpy(path,inf.filename,len);
+                        path[len++] = 0;
+                        return len;
+                        }
+                }
+        return -1;
+        }
+static void *dl_globallookup(const char *name)
+        {
+        void *ret;
+        shl_t h = NULL;
+        return shl_findsym(&h,name,TYPE_UNDEFINED,&ret) ? NULL : ret;
+        }
 #endif /* DSO_DL */
diff --git a/src/lib/libcrypto/dso/dso_vms.c b/src/lib/libcrypto/dso/dso_vms.c
index 2c434ee8a6..321512772a 100644
--- a/src/lib/libcrypto/dso/dso_vms.c
+++ b/src/lib/libcrypto/dso/dso_vms.c
@@ -215,7 +215,7 @@ static int vms_load(DSO *dso)
        p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
        p->imagename_dsc.dsc$a_pointer = p->imagename;
-        if(!sk_push(dso->meth_data, (char *)p))
+        if(!sk_void_push(dso->meth_data, (char *)p))
                {
                DSOerr(DSO_F_VMS_LOAD,DSO_R_STACK_ERROR);
                goto err;
@@ -245,9 +245,9 @@ static int vms_unload(DSO *dso)
                DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
                return(0);
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                return(1);
-        p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data);
+        p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data);
        if(p == NULL)
                {
                DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE);
@@ -302,13 +302,13 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym)
                DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER);
                return;
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                {
                DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR);
                return;
                }
-        ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data,
+        ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data,
-                sk_num(dso->meth_data) - 1);
+                sk_void_num(dso->meth_data) - 1);
        if(ptr == NULL)
                {
                DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_NULL_HANDLE);
diff --git a/src/lib/libcrypto/dso/dso_win32.c b/src/lib/libcrypto/dso/dso_win32.c
index fd3dd6a7fe..6fb6c54181 100644
--- a/src/lib/libcrypto/dso/dso_win32.c
+++ b/src/lib/libcrypto/dso/dso_win32.c
@@ -96,7 +96,11 @@ static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName)
 #else
        fnamw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
 #endif
-        if (fnamw == NULL) return NULL;
+        if (fnamw == NULL)
+                {
+                SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+                return NULL;
+                }
 #if defined(_WIN32_WCE) && _WIN32_WCE>=101
        if (!MultiByteToWideChar(CP_ACP,0,lpLibFileName,len_0,fnamw,len_0))
@@ -124,6 +128,8 @@ static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg);
 static char *win32_name_converter(DSO *dso, const char *filename);
 static char *win32_merger(DSO *dso, const char *filespec1,
        const char *filespec2);
+static int win32_pathbyaddr(void *addr,char *path,int sz);
+static void *win32_globallookup(const char *name);
 static const char *openssl_strnchr(const char *string, int c, size_t len);
@@ -142,7 +148,9 @@ static DSO_METHOD dso_meth_win32 = {
        win32_name_converter,
        win32_merger,
        NULL, /* init */
-        NULL  /* finish */
+        NULL, /* finish */
+        win32_pathbyaddr,
+        win32_globallookup
        };
 DSO_METHOD *DSO_METHOD_win32(void)
@@ -180,7 +188,7 @@ static int win32_load(DSO *dso)
                goto err;
                }
        *p = h;
-        if(!sk_push(dso->meth_data, (char *)p))
+        if(!sk_void_push(dso->meth_data, p))
                {
                DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR);
                goto err;
@@ -207,9 +215,9 @@ static int win32_unload(DSO *dso)
                DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
                return(0);
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                return(1);
-        p = (HINSTANCE *)sk_pop(dso->meth_data);
+        p = sk_void_pop(dso->meth_data);
        if(p == NULL)
                {
                DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE);
@@ -220,7 +228,7 @@ static int win32_unload(DSO *dso)
                DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED);
                /* We should push the value back onto the stack in
                 * case of a retry. */
-                sk_push(dso->meth_data, (char *)p);
+                sk_void_push(dso->meth_data, p);
                return(0);
                }
        /* Cleanup */
@@ -240,12 +248,12 @@ static void *win32_bind_var(DSO *dso, const char *symname)
                DSOerr(DSO_F_WIN32_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
                return(NULL);
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                {
                DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_STACK_ERROR);
                return(NULL);
                }
-        ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
        if(ptr == NULL)
                {
                DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_NULL_HANDLE);
@@ -271,12 +279,12 @@ static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
                DSOerr(DSO_F_WIN32_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
                return(NULL);
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                {
                DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_STACK_ERROR);
                return(NULL);
                }
-        ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
        if(ptr == NULL)
                {
                DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_NULL_HANDLE);
@@ -327,8 +335,8 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
        memset(result, 0, sizeof(struct file_st));
        position = IN_DEVICE;
-        if(filename[0] == '\\' && filename[1] == '\\'
+        if((filename[0] == '\\' && filename[1] == '\\')
-                || filename[0] == '/' && filename[1] == '/')
+                || (filename[0] == '/' && filename[1] == '/'))
                {
                position = IN_NODE;
                filename += 2;
@@ -347,10 +355,11 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
                                DSOerr(DSO_F_WIN32_SPLITTER,
                                        DSO_R_INCORRECT_FILE_SYNTAX);
                                /*goto err;*/
+                                OPENSSL_free(result);
                                return(NULL);
                                }
                        result->device = start;
-                        result->devicelen = filename - start;
+                        result->devicelen = (int)(filename - start);
                        position = IN_FILE;
                        start = ++filename;
                        result->dir = start;
@@ -359,7 +368,7 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
                case '/':
                        if(position == IN_NODE)
                                {
-                                result->nodelen = filename - start;
+                                result->nodelen = (int)(filename - start);
                                position = IN_FILE;
                                start = ++filename;
                                result->dir = start;
@@ -369,20 +378,20 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
                                position = IN_FILE;
                                filename++;
                                result->dir = start;
-                                result->dirlen = filename - start;
+                                result->dirlen = (int)(filename - start);
                                start = filename;
                                }
                        else
                                {
                                filename++;
-                                result->dirlen += filename - start;
+                                result->dirlen += (int)(filename - start);
                                start = filename;
                                }
                        break;
                case '\0':
                        if(position == IN_NODE)
                                {
-                                result->nodelen = filename - start;
+                                result->nodelen = (int)(filename - start);
                                }
                        else
                                {
@@ -396,13 +405,13 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
                                                        result->dirlen = 0;
                                                        }
                                                result->dirlen +=
-                                                        filename - start;
+                                                        (int)(filename - start);
                                                }
                                        else
                                                {
                                                result->file = start;
                                                result->filelen =
-                                                        filename - start;
+                                                        (int)(filename - start);
                                                }
                                        }
                                }
@@ -496,7 +505,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split)
                                + file_split->predirlen
                                - (start - file_split->predir);
                strncpy(&result[offset], start,
-                        end - start); offset += end - start;
+                        end - start); offset += (int)(end - start);
                result[offset] = '\\'; offset++;
                start = end + 1;
                }
@@ -517,7 +526,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split)
                                + file_split->dirlen
                                - (start - file_split->dir);
                strncpy(&result[offset], start,
-                        end - start); offset += end - start;
+                        end - start); offset += (int)(end - start);
                result[offset] = '\\'; offset++;
                start = end + 1;
                }
@@ -613,6 +622,8 @@ static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2
                merged = win32_joiner(dso, filespec1_split);
                }
+        OPENSSL_free(filespec1_split);
+        OPENSSL_free(filespec2_split);
        return(merged);
        }
@@ -656,5 +667,178 @@ static const char *openssl_strnchr(const char *string, int c, size_t len)
        return NULL;
        }
+#include <tlhelp32.h>
+#ifdef _WIN32_WCE
+# define DLLNAME "TOOLHELP.DLL"
+#else
+# ifdef MODULEENTRY32
+# undef MODULEENTRY32   /* unmask the ASCII version! */
+# endif
+# define DLLNAME "KERNEL32.DLL"
+#endif
+typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
+typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
+typedef BOOL (WINAPI *MODULE32)(HANDLE, MODULEENTRY32 *);
-#endif /* OPENSSL_SYS_WIN32 */
+static int win32_pathbyaddr(void *addr,char *path,int sz)
+        {
+        HMODULE dll;
+        HANDLE hModuleSnap = INVALID_HANDLE_VALUE; 
+        MODULEENTRY32 me32; 
+        CREATETOOLHELP32SNAPSHOT create_snap;
+        CLOSETOOLHELP32SNAPSHOT  close_snap;
+        MODULE32 module_first, module_next;
+        int len;
+ 
+        if (addr == NULL)
+                {
+                union   { int(*f)(void*,char*,int); void *p; } t =
+                        { win32_pathbyaddr };
+                addr = t.p;
+                }
+        dll = LoadLibrary(TEXT(DLLNAME));
+        if (dll == NULL)
+                {
+                DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED);
+                return -1;
+                }
+        create_snap = (CREATETOOLHELP32SNAPSHOT)
+                GetProcAddress(dll,"CreateToolhelp32Snapshot");
+        if (create_snap == NULL)
+                {
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED);
+                return -1;
+                }
+        /* We take the rest for granted... */
+#ifdef _WIN32_WCE
+        close_snap = (CLOSETOOLHELP32SNAPSHOT)
+                GetProcAddress(dll,"CloseToolhelp32Snapshot");
+#else
+        close_snap = (CLOSETOOLHELP32SNAPSHOT)CloseHandle;
+#endif
+        module_first = (MODULE32)GetProcAddress(dll,"Module32First");
+        module_next  = (MODULE32)GetProcAddress(dll,"Module32Next");
+        hModuleSnap = (*create_snap)(TH32CS_SNAPMODULE,0); 
+        if( hModuleSnap == INVALID_HANDLE_VALUE ) 
+                { 
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED);
+                return -1;
+                } 
+ 
+        me32.dwSize = sizeof(me32); 
+ 
+        if(!(*module_first)(hModuleSnap,&me32)) 
+                { 
+                (*close_snap)(hModuleSnap);
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_FAILURE);
+                return -1;
+                }
+ 
+        do      { 
+                if ((BYTE *)addr >= me32.modBaseAddr &&
+                    (BYTE *)addr <  me32.modBaseAddr+me32.modBaseSize)
+                        {
+                        (*close_snap)(hModuleSnap);
+                        FreeLibrary(dll);
+#ifdef _WIN32_WCE
+# if _WIN32_WCE >= 101
+                        return WideCharToMultiByte(CP_ACP,0,me32.szExePath,-1,
+                                                        path,sz,NULL,NULL);
+# else
+                        len = (int)wcslen(me32.szExePath);
+                        if (sz <= 0) return len+1;
+                        if (len >= sz) len=sz-1;
+                        for(i=0;i<len;i++)
+                                path[i] = (char)me32.szExePath[i];
+                        path[len++] = 0;
+                        return len;
+# endif
+#else
+                        len = (int)strlen(me32.szExePath);
+                        if (sz <= 0) return len+1;
+                        if (len >= sz) len=sz-1;
+                        memcpy(path,me32.szExePath,len);
+                        path[len++] = 0;
+                        return len;
+#endif
+                        } 
+                } while((*module_next)(hModuleSnap, &me32)); 
+ 
+        (*close_snap)(hModuleSnap); 
+        FreeLibrary(dll);
+        return 0;
+        }
+static void *win32_globallookup(const char *name)
+        {
+        HMODULE dll;
+        HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
+        MODULEENTRY32 me32;
+        CREATETOOLHELP32SNAPSHOT create_snap;
+        CLOSETOOLHELP32SNAPSHOT  close_snap;
+        MODULE32 module_first, module_next;
+        FARPROC ret=NULL;
+        dll = LoadLibrary(TEXT(DLLNAME));
+        if (dll == NULL)
+                {
+                DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED);
+                return NULL;
+                }
+        create_snap = (CREATETOOLHELP32SNAPSHOT)
+                GetProcAddress(dll,"CreateToolhelp32Snapshot");
+        if (create_snap == NULL)
+                {
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED);
+                return NULL;
+                }
+        /* We take the rest for granted... */
+#ifdef _WIN32_WCE
+        close_snap = (CLOSETOOLHELP32SNAPSHOT)
+                GetProcAddress(dll,"CloseToolhelp32Snapshot");
+#else
+        close_snap = (CLOSETOOLHELP32SNAPSHOT)CloseHandle;
+#endif
+        module_first = (MODULE32)GetProcAddress(dll,"Module32First");
+        module_next  = (MODULE32)GetProcAddress(dll,"Module32Next");
+        hModuleSnap = (*create_snap)(TH32CS_SNAPMODULE,0);
+        if( hModuleSnap == INVALID_HANDLE_VALUE )
+                {
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED);
+                return NULL;
+                }
+        me32.dwSize = sizeof(me32);
+        if (!(*module_first)(hModuleSnap,&me32))
+                {
+                (*close_snap)(hModuleSnap);
+                FreeLibrary(dll);
+                return NULL;
+                }
+        do      {
+                if ((ret = GetProcAddress(me32.hModule,name)))
+                        {
+                        (*close_snap)(hModuleSnap);
+                        FreeLibrary(dll);
+                        return ret;
+                        }
+                } while((*module_next)(hModuleSnap,&me32));
+        (*close_snap)(hModuleSnap); 
+        FreeLibrary(dll);
+        return NULL;
+        }
+#endif /* DSO_WIN32 */
diff --git a/src/lib/libcrypto/ec/Makefile b/src/lib/libcrypto/ec/Makefile
index b5bbc9faa1..db380ed16f 100644
--- a/src/lib/libcrypto/ec/Makefile
+++ b/src/lib/libcrypto/ec/Makefile
@@ -19,11 +19,11 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c\
        ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c\
-        ec2_smpl.c ec2_smpt.c ec2_mult.c
+        ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c
 LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_nist.o ec_cvt.o ec_mult.o\
        ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o\
-        ec2_smpl.o ec2_mult.o
+        ec2_smpl.o ec2_mult.o ec_ameth.o ec_pmeth.o eck_prn.o
 SRC= $(LIBSRC)
@@ -38,7 +38,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -94,8 +94,22 @@ ec2_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 ec2_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
 ec2_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ec2_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec2_smpt.c ec_lcl.h
+ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec_lcl.h
-ec2_smpt.o: ec2_smpt.c
+ec_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+ec_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+ec_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ec_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ec_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ec_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ec_ameth.o: ../../include/openssl/opensslconf.h
+ec_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ec_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ec_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ec_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+ec_ameth.o: ec_ameth.c
 ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -160,6 +174,20 @@ ec_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
 ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ec_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 ec_mult.o: ../../include/openssl/symhacks.h ec_lcl.h ec_mult.c
+ec_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+ec_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+ec_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ec_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ec_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ec_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ec_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ec_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ec_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ec_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ec_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
+ec_pmeth.o: ec_pmeth.c
 ec_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ec_print.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 ec_print.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -167,6 +195,16 @@ ec_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
 ec_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ec_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 ec_print.o: ../../include/openssl/symhacks.h ec_lcl.h ec_print.c
+eck_prn.o: ../../e_os.h ../../include/openssl/asn1.h
+eck_prn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eck_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eck_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eck_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eck_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eck_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eck_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eck_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eck_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h eck_prn.c
 ecp_mont.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ecp_mont.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 ecp_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/src/lib/libcrypto/ec/ectest.c b/src/lib/libcrypto/ec/ectest.c
index 6148d553f9..7509cb9c7c 100644
--- a/src/lib/libcrypto/ec/ectest.c
+++ b/src/lib/libcrypto/ec/ectest.c
@@ -432,9 +432,7 @@ void prime_field_tests()
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, ".");
        fflush(stdout);
-#if 0
        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, " ok\n");
@@ -478,9 +476,7 @@ void prime_field_tests()
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, ".");
        fflush(stdout);
-#if 0
        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, " ok\n");
@@ -525,9 +521,7 @@ void prime_field_tests()
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, ".");
        fflush(stdout);
-#if 0
        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, " ok\n");
@@ -577,9 +571,7 @@ void prime_field_tests()
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, ".");
        fflush(stdout);
-#if 0
        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, " ok\n");
@@ -635,9 +627,7 @@ void prime_field_tests()
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, ".");
        fflush(stdout);
-#if 0
        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, " ok\n");
@@ -809,7 +799,7 @@ void prime_field_tests()
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \
        fprintf(stdout, "."); \
        fflush(stdout); \
-        /* if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; */ \
+        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; \
        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \
        fprintf(stdout, " ok\n"); \
@@ -1336,7 +1326,7 @@ int main(int argc, char *argv[])
 #endif
        CRYPTO_cleanup_all_ex_data();
        ERR_free_strings();
-        ERR_remove_state(0);
+        ERR_remove_thread_state(NULL);
        CRYPTO_mem_leaks_fp(stderr);
        
        return 0;
diff --git a/src/lib/libcrypto/engine/Makefile b/src/lib/libcrypto/engine/Makefile
index 0cc3722089..9c214824eb 100644
--- a/src/lib/libcrypto/engine/Makefile
+++ b/src/lib/libcrypto/engine/Makefile
@@ -20,13 +20,13 @@ LIB=$(TOP)/libcrypto.a
 LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
        eng_table.c eng_pkey.c eng_fat.c eng_all.c \
        tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
-        tb_cipher.c tb_digest.c \
+        tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
-        eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c
+        eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c
 LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
        eng_table.o eng_pkey.o eng_fat.o eng_all.o \
        tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
-        tb_cipher.o tb_digest.o \
+        tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
-        eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o
+        eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o
 SRC= $(LIBSRC)
@@ -41,7 +41,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -88,35 +88,34 @@ eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 eng_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-eng_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-eng_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_all.c eng_int.h
-eng_all.o: ../cryptlib.h eng_all.c eng_int.h
 eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 eng_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 eng_cnf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 eng_cnf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-eng_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_cnf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_cnf.c eng_int.h
+eng_cnf.o: ../cryptlib.h eng_cnf.c eng_int.h
 eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_cryptodev.o: ../../include/openssl/obj_mac.h
 eng_cryptodev.o: ../../include/openssl/objects.h
 eng_cryptodev.o: ../../include/openssl/opensslconf.h
 eng_cryptodev.o: ../../include/openssl/opensslv.h
@@ -131,9 +130,8 @@ eng_ctrl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_ctrl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_ctrl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_ctrl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_ctrl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_ctrl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_ctrl.o: ../../include/openssl/opensslconf.h
 eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -145,50 +143,49 @@ eng_dyn.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
 eng_dyn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 eng_dyn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_dyn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-eng_dyn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_dyn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_dyn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_dyn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_dyn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_dyn.c eng_int.h
+eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h
 eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 eng_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-eng_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-eng_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_err.o: ../../include/openssl/x509_vfy.h eng_err.c
+eng_err.o: eng_err.c
 eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 eng_fat.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 eng_fat.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 eng_fat.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_fat.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-eng_fat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_fat.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_fat.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_fat.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_fat.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_fat.c eng_int.h
+eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h
 eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 eng_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 eng_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_init.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_init.o: ../../include/openssl/opensslconf.h
 eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -200,23 +197,22 @@ eng_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 eng_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+eng_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-eng_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_lib.c
+eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c
 eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_list.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 eng_list.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_list.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_list.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 eng_list.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_list.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_list.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_list.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_list.o: ../../include/openssl/opensslconf.h
 eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -229,9 +225,8 @@ eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
 eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 eng_openssl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-eng_openssl.o: ../../include/openssl/objects.h
 eng_openssl.o: ../../include/openssl/opensslconf.h
 eng_openssl.o: ../../include/openssl/opensslv.h
 eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
@@ -241,31 +236,14 @@ eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c
-eng_padlock.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-eng_padlock.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
-eng_padlock.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-eng_padlock.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-eng_padlock.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_padlock.o: ../../include/openssl/objects.h
-eng_padlock.o: ../../include/openssl/opensslconf.h
-eng_padlock.o: ../../include/openssl/opensslv.h
-eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_padlock.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-eng_padlock.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-eng_padlock.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-eng_padlock.o: ../../include/openssl/x509_vfy.h eng_padlock.c
 eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 eng_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_pkey.o: ../../include/openssl/opensslconf.h
 eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -277,8 +255,8 @@ eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_table.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_table.o: ../../include/openssl/objects.h
 eng_table.o: ../../include/openssl/opensslconf.h
 eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -286,14 +264,29 @@ eng_table.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
 eng_table.o: eng_table.c
+tb_asnmth.o: ../../e_os.h ../../include/openssl/asn1.h
+tb_asnmth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tb_asnmth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_asnmth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_asnmth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_asnmth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_asnmth.o: ../../include/openssl/objects.h
+tb_asnmth.o: ../../include/openssl/opensslconf.h
+tb_asnmth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_asnmth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_asnmth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_asnmth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_asnmth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+tb_asnmth.o: eng_int.h tb_asnmth.c
 tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h
 tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_cipher.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_cipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_cipher.o: ../../include/openssl/objects.h
 tb_cipher.o: ../../include/openssl/opensslconf.h
 tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -306,22 +299,22 @@ tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 tb_dh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-tb_dh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-tb_dh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-tb_dh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_dh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-tb_dh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_dh.c
+tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c
 tb_digest.o: ../../e_os.h ../../include/openssl/asn1.h
 tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_digest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_digest.o: ../../include/openssl/objects.h
 tb_digest.o: ../../include/openssl/opensslconf.h
 tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -334,78 +327,89 @@ tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 tb_dsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-tb_dsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-tb_dsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-tb_dsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_dsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-tb_dsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_dsa.c
+tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c
 tb_ecdh.o: ../../e_os.h ../../include/openssl/asn1.h
 tb_ecdh.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_ecdh.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_ecdh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_ecdh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-tb_ecdh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_ecdh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-tb_ecdh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+tb_ecdh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdh.c
-tb_ecdh.o: ../cryptlib.h eng_int.h tb_ecdh.c
 tb_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
 tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_ecdsa.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-tb_ecdsa.o: ../../include/openssl/opensslconf.h
 tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 tb_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 tb_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdsa.c
+tb_pkmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+tb_pkmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tb_pkmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tb_pkmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_pkmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_pkmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_pkmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_pkmeth.o: ../../include/openssl/objects.h
+tb_pkmeth.o: ../../include/openssl/opensslconf.h
+tb_pkmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_pkmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_pkmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_pkmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_pkmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
+tb_pkmeth.o: tb_pkmeth.c
 tb_rand.o: ../../e_os.h ../../include/openssl/asn1.h
 tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_rand.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-tb_rand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+tb_rand.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rand.c
-tb_rand.o: ../cryptlib.h eng_int.h tb_rand.c
 tb_rsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 tb_rsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-tb_rsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-tb_rsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-tb_rsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_rsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-tb_rsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rsa.c
+tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c
 tb_store.o: ../../e_os.h ../../include/openssl/asn1.h
 tb_store.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 tb_store.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 tb_store.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 tb_store.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_store.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_store.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_store.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_store.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-tb_store.o: ../../include/openssl/opensslconf.h
 tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/src/lib/libcrypto/engine/eng_cryptodev.c b/src/lib/libcrypto/engine/eng_cryptodev.c
index ab38cd52f0..52f4ca3901 100644
--- a/src/lib/libcrypto/engine/eng_cryptodev.c
+++ b/src/lib/libcrypto/engine/eng_cryptodev.c
@@ -32,7 +32,7 @@
 #include <openssl/bn.h>
 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
-        (defined(OpenBSD) || defined(__FreeBSD_version))
+        (defined(OpenBSD) || defined(__FreeBSD__))
 #include <sys/param.h>
 # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
 #  define HAVE_CRYPTODEV
@@ -55,6 +55,10 @@ ENGINE_load_cryptodev(void)
 
 #include <sys/types.h>
 #include <crypto/cryptodev.h>
+#include <crypto/dh/dh.h>
+#include <crypto/dsa/dsa.h>
+#include <crypto/err/err.h>
+#include <crypto/rsa/rsa.h>
 #include <sys/ioctl.h>
 #include <errno.h>
 #include <stdio.h>
@@ -68,6 +72,16 @@ ENGINE_load_cryptodev(void)
 struct dev_crypto_state {
        struct session_op d_sess;
        int d_fd;
+#ifdef USE_CRYPTODEV_DIGESTS
+        char dummy_mac_key[HASH_MAX_LEN];
+        unsigned char digest_res[HASH_MAX_LEN];
+        char *mac_data;
+        int mac_len;
+        int copy;
+#endif
 };
 static u_int32_t cryptodev_asymfeat = 0;
@@ -75,15 +89,14 @@ static u_int32_t cryptodev_asymfeat = 0;
 static int get_asym_dev_crypto(void);
 static int open_dev_crypto(void);
 static int get_dev_crypto(void);
-static int cryptodev_max_iv(int cipher);
-static int cryptodev_key_length_valid(int cipher, int len);
-static int cipher_nid_to_cryptodev(int nid);
 static int get_cryptodev_ciphers(const int **cnids);
+#ifdef USE_CRYPTODEV_DIGESTS
 static int get_cryptodev_digests(const int **cnids);
+#endif
 static int cryptodev_usable_ciphers(const int **nids);
 static int cryptodev_usable_digests(const int **nids);
 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, unsigned int inl);
+    const unsigned char *in, size_t inl);
 static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
    const unsigned char *iv, int enc);
 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
@@ -100,7 +113,7 @@ static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
 static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
-    RSA *rsa);
+    RSA *rsa, BN_CTX *ctx);
 static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
 static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
@@ -117,7 +130,7 @@ static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
 static int cryptodev_dh_compute_key(unsigned char *key,
    const BIGNUM *pub_key, DH *dh);
 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-    void (*f)());
+    void (*f)(void));
 void ENGINE_load_cryptodev(void);
 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
@@ -130,27 +143,34 @@ static struct {
        int     ivmax;
        int     keylen;
 } ciphers[] = {
+        { CRYPTO_ARC4,                  NID_rc4,                0,      16, },
        { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
        { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
        { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
+        { CRYPTO_AES_CBC,               NID_aes_192_cbc,        16,     24, },
+        { CRYPTO_AES_CBC,               NID_aes_256_cbc,        16,     32, },
        { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
        { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
        { CRYPTO_SKIPJACK_CBC,          NID_undef,              0,       0, },
        { 0,                            NID_undef,              0,       0, },
 };
+#ifdef USE_CRYPTODEV_DIGESTS
 static struct {
        int     id;
        int     nid;
+        int     keylen;
 } digests[] = {
-        { CRYPTO_SHA1_HMAC,             NID_hmacWithSHA1,       },
+        { CRYPTO_MD5_HMAC,              NID_hmacWithMD5,        16},
-        { CRYPTO_RIPEMD160_HMAC,        NID_ripemd160,          },
+        { CRYPTO_SHA1_HMAC,             NID_hmacWithSHA1,       20},
-        { CRYPTO_MD5_KPDK,              NID_undef,              },
+        { CRYPTO_RIPEMD160_HMAC,        NID_ripemd160,          16/*?*/},
-        { CRYPTO_SHA1_KPDK,             NID_undef,              },
+        { CRYPTO_MD5_KPDK,              NID_undef,              0},
-        { CRYPTO_MD5,                   NID_md5,                },
+        { CRYPTO_SHA1_KPDK,             NID_undef,              0},
-        { CRYPTO_SHA1,                  NID_undef,              },
+        { CRYPTO_MD5,                   NID_md5,                16},
-        { 0,                            NID_undef,              },
+        { CRYPTO_SHA1,                  NID_sha1,               20},
+        { 0,                            NID_undef,              0},
 };
+#endif
 /*
 * Return a fd if /dev/crypto seems usable, 0 otherwise.
@@ -203,50 +223,6 @@ get_asym_dev_crypto(void)
 }
 /*
- * XXXX this needs to be set for each alg - and determined from
- * a running card.
- */
-static int
-cryptodev_max_iv(int cipher)
-{
-        int i;
-        for (i = 0; ciphers[i].id; i++)
-                if (ciphers[i].id == cipher)
-                        return (ciphers[i].ivmax);
-        return (0);
-}
-/*
- * XXXX this needs to be set for each alg - and determined from
- * a running card. For now, fake it out - but most of these
- * for real devices should return 1 for the supported key
- * sizes the device can handle.
- */
-static int
-cryptodev_key_length_valid(int cipher, int len)
-{
-        int i;
-        for (i = 0; ciphers[i].id; i++)
-                if (ciphers[i].id == cipher)
-                        return (ciphers[i].keylen == len);
-        return (0);
-}
-/* convert libcrypto nids to cryptodev */
-static int
-cipher_nid_to_cryptodev(int nid)
-{
-        int i;
-        for (i = 0; ciphers[i].id; i++)
-                if (ciphers[i].nid == nid)
-                        return (ciphers[i].id);
-        return (0);
-}
-/*
 * Find out what ciphers /dev/crypto will let us have a session for.
 * XXX note, that some of these openssl doesn't deal with yet!
 * returning them here is harmless, as long as we return NULL
@@ -264,7 +240,7 @@ get_cryptodev_ciphers(const int **cnids)
                return (0);
        }
        memset(&sess, 0, sizeof(sess));
-        sess.key = (caddr_t)"123456781234567812345678";
+        sess.key = (caddr_t)"123456789abcdefghijklmno";
        for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
                if (ciphers[i].nid == NID_undef)
@@ -285,6 +261,7 @@ get_cryptodev_ciphers(const int **cnids)
        return (count);
 }
+#ifdef USE_CRYPTODEV_DIGESTS
 /*
 * Find out what digests /dev/crypto will let us have a session for.
 * XXX note, that some of these openssl doesn't deal with yet!
@@ -303,10 +280,12 @@ get_cryptodev_digests(const int **cnids)
                return (0);
        }
        memset(&sess, 0, sizeof(sess));
+        sess.mackey = (caddr_t)"123456789abcdefghijklmno";
        for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
                if (digests[i].nid == NID_undef)
                        continue;
                sess.mac = digests[i].id;
+                sess.mackeylen = digests[i].keylen;
                sess.cipher = 0;
                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
@@ -320,6 +299,7 @@ get_cryptodev_digests(const int **cnids)
                *cnids = NULL;
        return (count);
 }
+#endif  /* 0 */
 /*
 * Find the useable ciphers|digests from dev/crypto - this is the first
@@ -351,6 +331,9 @@ cryptodev_usable_ciphers(const int **nids)
 static int
 cryptodev_usable_digests(const int **nids)
 {
+#ifdef USE_CRYPTODEV_DIGESTS
+        return (get_cryptodev_digests(nids));
+#else
        /*
         * XXXX just disable all digests for now, because it sucks.
         * we need a better way to decide this - i.e. I may not
@@ -365,16 +348,17 @@ cryptodev_usable_digests(const int **nids)
         */
        *nids = NULL;
        return (0);
+#endif
 }
 static int
 cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, unsigned int inl)
+    const unsigned char *in, size_t inl)
 {
        struct crypt_op cryp;
        struct dev_crypto_state *state = ctx->cipher_data;
        struct session_op *sess = &state->d_sess;
-        void *iiv;
+        const void *iiv;
        unsigned char save_iv[EVP_MAX_IV_LENGTH];
        if (state->d_fd < 0)
@@ -398,7 +382,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        if (ctx->cipher->iv_len) {
                cryp.iv = (caddr_t) ctx->iv;
                if (!ctx->encrypt) {
-                        iiv = (void *) in + inl - ctx->cipher->iv_len;
+                        iiv = in + inl - ctx->cipher->iv_len;
                        memcpy(save_iv, iiv, ctx->cipher->iv_len);
                }
        } else
@@ -413,7 +397,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        if (ctx->cipher->iv_len) {
                if (ctx->encrypt)
-                        iiv = (void *) out + inl - ctx->cipher->iv_len;
+                        iiv = out + inl - ctx->cipher->iv_len;
                else
                        iiv = save_iv;
                memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
@@ -427,23 +411,27 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 {
        struct dev_crypto_state *state = ctx->cipher_data;
        struct session_op *sess = &state->d_sess;
-        int cipher;
+        int cipher = -1, i;
-        if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
+        for (i = 0; ciphers[i].id; i++)
-                return (0);
+                if (ctx->cipher->nid == ciphers[i].nid &&
+                    ctx->cipher->iv_len <= ciphers[i].ivmax &&
-        if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
+                    ctx->key_len == ciphers[i].keylen) {
-                return (0);
+                        cipher = ciphers[i].id;
+                        break;
+                }
-        if (!cryptodev_key_length_valid(cipher, ctx->key_len))
+        if (!ciphers[i].id) {
+                state->d_fd = -1;
                return (0);
+        }
        memset(sess, 0, sizeof(struct session_op));
        if ((state->d_fd = get_dev_crypto()) < 0)
                return (0);
-        sess->key = (unsigned char *)key;
+        sess->key = (caddr_t)key;
        sess->keylen = ctx->key_len;
        sess->cipher = cipher;
@@ -496,6 +484,20 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
 * gets called when libcrypto requests a cipher NID.
 */
+/* RC4 */
+const EVP_CIPHER cryptodev_rc4 = {
+        NID_rc4,
+        1, 16, 0,
+        EVP_CIPH_VARIABLE_LENGTH,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        NULL,
+        NULL,
+        NULL
+};
 /* DES CBC EVP */
 const EVP_CIPHER cryptodev_des_cbc = {
        NID_des_cbc,
@@ -563,6 +565,32 @@ const EVP_CIPHER cryptodev_aes_cbc = {
        NULL
 };
+const EVP_CIPHER cryptodev_aes_192_cbc = {
+        NID_aes_192_cbc,
+        16, 24, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+const EVP_CIPHER cryptodev_aes_256_cbc = {
+        NID_aes_256_cbc,
+        16, 32, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
 /*
 * Registered by the ENGINE when used to find out how to deal with
 * a particular NID in the ENGINE. this says what we'll do at the
@@ -576,6 +604,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
                return (cryptodev_usable_ciphers(nids));
        switch (nid) {
+        case NID_rc4:
+                *cipher = &cryptodev_rc4;
+                break;
        case NID_des_ede3_cbc:
                *cipher = &cryptodev_3des_cbc;
                break;
@@ -591,6 +622,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
        case NID_aes_128_cbc:
                *cipher = &cryptodev_aes_cbc;
                break;
+        case NID_aes_192_cbc:
+                *cipher = &cryptodev_aes_192_cbc;
+                break;
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
+                break;
        default:
                *cipher = NULL;
                break;
@@ -598,6 +635,234 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
        return (*cipher != NULL);
 }
+#ifdef USE_CRYPTODEV_DIGESTS
+/* convert digest type to cryptodev */
+static int
+digest_nid_to_cryptodev(int nid)
+{
+        int i;
+        for (i = 0; digests[i].id; i++)
+                if (digests[i].nid == nid)
+                        return (digests[i].id);
+        return (0);
+}
+static int
+digest_key_length(int nid)
+{
+        int i;
+        for (i = 0; digests[i].id; i++)
+                if (digests[i].nid == nid)
+                        return digests[i].keylen;
+        return (0);
+}
+static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+{
+        struct dev_crypto_state *state = ctx->md_data;
+        struct session_op *sess = &state->d_sess;
+        int digest;
+        if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
+                printf("cryptodev_digest_init: Can't get digest \n");
+                return (0);
+        }
+        memset(state, 0, sizeof(struct dev_crypto_state));
+        if ((state->d_fd = get_dev_crypto()) < 0) {
+                printf("cryptodev_digest_init: Can't get Dev \n");
+                return (0);
+        }
+        sess->mackey = state->dummy_mac_key;
+        sess->mackeylen = digest_key_length(ctx->digest->type);
+        sess->mac = digest;
+        if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+                close(state->d_fd);
+                state->d_fd = -1;
+                printf("cryptodev_digest_init: Open session failed\n");
+                return (0);
+        }
+        return (1);
+}
+static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+                size_t count)
+{
+        struct crypt_op cryp;
+        struct dev_crypto_state *state = ctx->md_data;
+        struct session_op *sess = &state->d_sess;
+        if (!data || state->d_fd < 0) {
+                printf("cryptodev_digest_update: illegal inputs \n");
+                return (0);
+        }
+        if (!count) {
+                return (0);
+        }
+        if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+                /* if application doesn't support one buffer */
+                state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
+                if (!state->mac_data) {
+                        printf("cryptodev_digest_update: realloc failed\n");
+                        return (0);
+                }
+                memcpy(state->mac_data + state->mac_len, data, count);
+                state->mac_len += count;
+        
+                return (1);
+        }
+        memset(&cryp, 0, sizeof(cryp));
+        cryp.ses = sess->ses;
+        cryp.flags = 0;
+        cryp.len = count;
+        cryp.src = (caddr_t) data;
+        cryp.dst = NULL;
+        cryp.mac = (caddr_t) state->digest_res;
+        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+                printf("cryptodev_digest_update: digest failed\n");
+                return (0);
+        }
+        return (1);
+}
+static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        struct crypt_op cryp;
+        struct dev_crypto_state *state = ctx->md_data;
+        struct session_op *sess = &state->d_sess;
+        int ret = 1;
+        if (!md || state->d_fd < 0) {
+                printf("cryptodev_digest_final: illegal input\n");
+                return(0);
+        }
+        if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
+                /* if application doesn't support one buffer */
+                memset(&cryp, 0, sizeof(cryp));
+                cryp.ses = sess->ses;
+                cryp.flags = 0;
+                cryp.len = state->mac_len;
+                cryp.src = state->mac_data;
+                cryp.dst = NULL;
+                cryp.mac = (caddr_t)md;
+                if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+                        printf("cryptodev_digest_final: digest failed\n");
+                        return (0);
+                }
+                return 1;
+        }
+        memcpy(md, state->digest_res, ctx->digest->md_size);
+        return (ret);
+}
+static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+{
+        int ret = 1;
+        struct dev_crypto_state *state = ctx->md_data;
+        struct session_op *sess = &state->d_sess;
+        if (state->d_fd < 0) {
+                printf("cryptodev_digest_cleanup: illegal input\n");
+                return (0);
+        }
+        if (state->mac_data) {
+                OPENSSL_free(state->mac_data);
+                state->mac_data = NULL;
+                state->mac_len = 0;
+        }
+        if (state->copy)
+                return 1;
+        if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+                printf("cryptodev_digest_cleanup: failed to close session\n");
+                ret = 0;
+        } else {
+                ret = 1;
+        }
+        close(state->d_fd);     
+        state->d_fd = -1;
+        return (ret);
+}
+static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
+{
+        struct dev_crypto_state *fstate = from->md_data;
+        struct dev_crypto_state *dstate = to->md_data;
+        memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
+        if (fstate->mac_len != 0) {
+                dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+                memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+        }
+        dstate->copy = 1;
+        return 1;
+}
+const EVP_MD cryptodev_sha1 = {
+        NID_sha1,
+        NID_undef, 
+        SHA_DIGEST_LENGTH, 
+        EVP_MD_FLAG_ONESHOT,
+        cryptodev_digest_init,
+        cryptodev_digest_update,
+        cryptodev_digest_final,
+        cryptodev_digest_copy,
+        cryptodev_digest_cleanup,
+        EVP_PKEY_NULL_method,
+        SHA_CBLOCK,
+        sizeof(struct dev_crypto_state),
+};
+const EVP_MD cryptodev_md5 = {
+        NID_md5,
+        NID_undef, 
+        16 /* MD5_DIGEST_LENGTH */, 
+        EVP_MD_FLAG_ONESHOT,
+        cryptodev_digest_init,
+        cryptodev_digest_update,
+        cryptodev_digest_final,
+        cryptodev_digest_copy,
+        cryptodev_digest_cleanup,
+        EVP_PKEY_NULL_method,
+        64 /* MD5_CBLOCK */,
+        sizeof(struct dev_crypto_state),
+};
+#endif /* USE_CRYPTODEV_DIGESTS */
 static int
 cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
    const int **nids, int nid)
@@ -606,10 +871,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
                return (cryptodev_usable_digests(nids));
        switch (nid) {
+#ifdef USE_CRYPTODEV_DIGESTS
        case NID_md5:
-                *digest = NULL; /* need to make a clean md5 critter */
+                *digest = &cryptodev_md5; 
                break;
+        case NID_sha1:
+                *digest = &cryptodev_sha1;
+                break;
        default:
+#endif /* USE_CRYPTODEV_DIGESTS */
                *digest = NULL;
                break;
        }
@@ -625,7 +895,7 @@ static int
 bn2crparam(const BIGNUM *a, struct crparam *crp)
 {
        int i, j, k;
-        ssize_t words, bytes, bits;
+        ssize_t bytes, bits;
        u_char *b;
        crp->crp_p = NULL;
@@ -637,8 +907,9 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
        b = malloc(bytes);
        if (b == NULL)
                return (1);
+        memset(b, 0, bytes);
-        crp->crp_p = b;
+        crp->crp_p = (caddr_t) b;
        crp->crp_nbits = bits;
        for (i = 0, j = 0; i < a->top; i++) {
@@ -681,7 +952,7 @@ zapparams(struct crypt_kop *kop)
 {
        int i;
-        for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
+        for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
                if (kop->crk_param[i].crp_p)
                        free(kop->crk_param[i].crp_p);
                kop->crk_param[i].crp_p = NULL;
@@ -746,21 +1017,27 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                goto err;
        kop.crk_iparams = 3;
-        if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {
+        if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                printf("OCF asym process failed, Running in software\n");
+                ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+        } else if (ECANCELED == kop.crk_status) {
                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                printf("OCF hardware operation cancelled. Running in Software\n");
                ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
        }
+        /* else cryptodev operation worked ok ==> ret = 1*/
 err:
        zapparams(&kop);
        return (ret);
 }
 static int
-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 {
        int r;
-        BN_CTX *ctx;
        ctx = BN_CTX_new();
        r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
        BN_CTX_free(ctx);
@@ -795,10 +1072,18 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
                goto err;
        kop.crk_iparams = 6;
-        if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
+        if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                printf("OCF asym process failed, running in Software\n");
+                ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
+        } else if (ECANCELED == kop.crk_status) {
                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                printf("OCF hardware operation cancelled. Running in Software\n");
                ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
        }
+        /* else cryptodev operation worked ok ==> ret = 1*/
 err:
        zapparams(&kop);
        return (ret);
@@ -934,7 +1219,8 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
        kop.crk_iparams = 7;
        if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-                dsaret = kop.crk_status;
+/*OCF success value is 0, if not zero, change dsaret to fail*/
+                if(0 != kop.crk_status) dsaret  = 0;
        } else {
                const DSA_METHOD *meth = DSA_OpenSSL();
@@ -994,7 +1280,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
                goto err;
        kop.crk_iparams = 3;
-        kop.crk_param[3].crp_p = key;
+        kop.crk_param[3].crp_p = (caddr_t) key;
        kop.crk_param[3].crp_nbits = keylen * 8;
        kop.crk_oparams = 1;
@@ -1025,7 +1311,7 @@ static DH_METHOD cryptodev_dh = {
 * but I expect we'll want some options soon.
 */
 static int
-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
 {
 #ifdef HAVE_SYSLOG_R
        struct syslog_data sd = SYSLOG_DATA_INIT;
diff --git a/src/lib/libcrypto/engine/enginetest.c b/src/lib/libcrypto/engine/enginetest.c
index e3834611db..f4d70e7e0a 100644
--- a/src/lib/libcrypto/engine/enginetest.c
+++ b/src/lib/libcrypto/engine/enginetest.c
@@ -276,7 +276,7 @@ end:
        ENGINE_cleanup();
        CRYPTO_cleanup_all_ex_data();
        ERR_free_strings();
-        ERR_remove_state(0);
+        ERR_remove_thread_state(NULL);
        CRYPTO_mem_leaks_fp(stderr);
        return to_return;
        }
diff --git a/src/lib/libcrypto/err/Makefile b/src/lib/libcrypto/err/Makefile
index 91d1379d41..862b23ba17 100644
--- a/src/lib/libcrypto/err/Makefile
+++ b/src/lib/libcrypto/err/Makefile
@@ -17,8 +17,8 @@ TEST=
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC=err.c err_def.c err_all.c err_prn.c err_str.c err_bio.c
+LIBSRC=err.c err_all.c err_prn.c
-LIBOBJ=err.o err_def.o err_all.o err_prn.o err_str.o err_bio.o
+LIBOBJ=err.o err_all.o err_prn.o
 SRC= $(LIBSRC)
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -83,37 +83,24 @@ err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 err.o: ../cryptlib.h err.c
 err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+err_all.o: ../../include/openssl/cms.h ../../include/openssl/comp.h
 err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 err_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-err_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-err_all.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h
-err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+err_all.o: ../../include/openssl/ts.h ../../include/openssl/ui.h
 err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 err_all.o: ../../include/openssl/x509v3.h err_all.c
-err_bio.o: ../../e_os.h ../../include/openssl/bio.h
-err_bio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-err_bio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-err_bio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-err_bio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-err_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-err_bio.o: ../../include/openssl/symhacks.h ../cryptlib.h err_bio.c
-err_def.o: ../../e_os.h ../../include/openssl/bio.h
-err_def.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-err_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-err_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-err_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-err_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-err_def.o: ../../include/openssl/symhacks.h ../cryptlib.h err_def.c
 err_prn.o: ../../e_os.h ../../include/openssl/bio.h
 err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -121,10 +108,3 @@ err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 err_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 err_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h err_prn.c
-err_str.o: ../../e_os.h ../../include/openssl/bio.h
-err_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-err_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-err_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-err_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-err_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-err_str.o: ../../include/openssl/symhacks.h ../cryptlib.h err_str.c
diff --git a/src/lib/libcrypto/evp/Makefile b/src/lib/libcrypto/evp/Makefile
index c204f84c1d..82825e5299 100644
--- a/src/lib/libcrypto/evp/Makefile
+++ b/src/lib/libcrypto/evp/Makefile
@@ -18,34 +18,34 @@ TESTDATA=evptests.txt
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC= encode.c digest.c dig_eng.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
        e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
        e_rc4.c e_aes.c names.c e_seed.c \
-        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c enc_min.c \
+        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
-        m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \
+        m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c \
        m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\
        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
        c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
-        e_old.c
+        e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c
-LIBOBJ= encode.o digest.o dig_eng.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
+LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
        e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
        e_rc4.o e_aes.o names.o e_seed.o \
-        e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o enc_min.o \
+        e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
-        m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \
+        m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o m_wp.o \
        m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\
        p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
        bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
        c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
        evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
-        e_old.o
+        e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o
 SRC= $(LIBSRC)
 EXHEADER= evp.h
-HEADER= $(EXHEADER)
+HEADER= evp_locl.h $(EXHEADER)
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -55,7 +55,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -101,201 +101,185 @@ bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h
 bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_b64.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c
-bio_b64.o: ../cryptlib.h bio_b64.c
 bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h
 bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c
-bio_enc.o: ../cryptlib.h bio_enc.c
 bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bio_md.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+bio_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-bio_md.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bio_md.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_md.c
+bio_md.o: ../cryptlib.h bio_md.c
 bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c
-bio_ok.o: ../cryptlib.h bio_ok.c
 c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-c_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+c_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_all.c
+c_all.o: ../cryptlib.h c_all.c
 c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_allc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-c_allc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-c_allc.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c
+c_allc.o: ../cryptlib.h c_allc.c
 c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_alld.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-c_alld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-c_alld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c
+c_alld.o: ../cryptlib.h c_alld.c
-dig_eng.o: ../../e_os.h ../../include/openssl/asn1.h
-dig_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-dig_eng.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-dig_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-dig_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-dig_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dig_eng.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-dig_eng.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-dig_eng.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dig_eng.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-dig_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-dig_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dig_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-dig_eng.o: ../cryptlib.h dig_eng.c evp_locl.h
 digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h digest.c evp_locl.h
+digest.o: ../cryptlib.h digest.c
 e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
 e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_aes.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_aes.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h e_aes.c
-e_aes.o: ../../include/openssl/symhacks.h e_aes.c evp_locl.h
+e_aes.o: evp_locl.h
 e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
 e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_bf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_bf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_bf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h
-e_bf.o: ../cryptlib.h e_bf.c evp_locl.h
+e_camellia.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_camellia.o: ../../include/openssl/opensslconf.h e_camellia.c
+e_camellia.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h
+e_camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_camellia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_camellia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_camellia.o: ../../include/openssl/opensslconf.h
+e_camellia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_camellia.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_camellia.o: ../../include/openssl/symhacks.h e_camellia.c evp_locl.h
 e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cast.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_cast.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_cast.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h
-e_cast.o: ../cryptlib.h e_cast.c evp_locl.h
 e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_des.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_des.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-e_des.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_des.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_des.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h
-e_des.o: ../cryptlib.h e_des.c evp_locl.h
 e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_des3.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-e_des3.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_des3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_des3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h
-e_des3.o: ../cryptlib.h e_des3.c evp_locl.h
 e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_idea.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-e_idea.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_idea.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_idea.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h
-e_idea.o: ../cryptlib.h e_idea.c evp_locl.h
 e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_null.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_null.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-e_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_null.o: ../../include/openssl/symhacks.h ../cryptlib.h e_null.c
+e_null.o: ../cryptlib.h e_null.c
 e_old.o: e_old.c
 e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
-e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h
+e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_rc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h
-e_rc2.o: ../cryptlib.h e_rc2.c evp_locl.h
 e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
-e_rc4.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
+e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_rc4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c
-e_rc4.o: ../cryptlib.h e_rc4.c evp_locl.h
 e_rc5.o: ../../e_os.h ../../include/openssl/bio.h
 e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -306,256 +290,221 @@ e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c
 e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_seed.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_seed.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_seed.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_seed.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_seed.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_seed.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_seed.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_seed.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h
 e_seed.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_seed.o: e_seed.c
+e_seed.o: e_seed.c evp_locl.h
 e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h
 e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_xcbc_d.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_xcbc_d.o: ../../include/openssl/opensslconf.h
 e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
-enc_min.o: ../../e_os.h ../../include/openssl/asn1.h
+e_xcbc_d.o: evp_locl.h
-enc_min.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-enc_min.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-enc_min.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-enc_min.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-enc_min.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-enc_min.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-enc_min.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-enc_min.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-enc_min.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-enc_min.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-enc_min.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-enc_min.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-enc_min.o: ../../include/openssl/x509_vfy.h ../cryptlib.h enc_min.c evp_locl.h
 encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-encode.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+encode.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-encode.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-encode.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-encode.o: ../../include/openssl/symhacks.h ../cryptlib.h encode.c
+encode.o: ../cryptlib.h encode.c
 evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_acnf.o: ../../include/openssl/opensslconf.h
 evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
-evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-evp_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-evp_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-evp_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-evp_cnf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-evp_cnf.o: ../cryptlib.h evp_cnf.c
 evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_enc.c evp_locl.h
+evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
 evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+evp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_err.o: ../../include/openssl/symhacks.h evp_err.c
-evp_err.o: evp_err.c
 evp_key.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_key.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h
-evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c
-evp_key.o: ../cryptlib.h evp_key.c
 evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c
-evp_lib.o: ../cryptlib.h evp_lib.c
 evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
 evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c
 evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_pkey.o: ../../include/openssl/opensslconf.h
 evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c
+evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c
 m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_dss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_dss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss.c
+m_dss.o: ../cryptlib.h m_dss.c
 m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_dss1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_dss1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss1.c
+m_dss1.o: ../cryptlib.h m_dss1.c
 m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
 m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_ecdsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_ecdsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ecdsa.c
+m_ecdsa.o: ../cryptlib.h m_ecdsa.c
-m_md2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md2.o: ../../e_os.h ../../include/openssl/bio.h
 m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-m_md2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-m_md2.o: ../../include/openssl/md2.h ../../include/openssl/obj_mac.h
-m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_md2.c
-m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_md2.o: ../cryptlib.h evp_locl.h m_md2.c
 m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md4.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h
-m_md4.o: ../../include/openssl/md4.h ../../include/openssl/obj_mac.h
+m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_md4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_md4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c
-m_md4.o: ../cryptlib.h evp_locl.h m_md4.c
 m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md5.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
-m_md5.o: ../../include/openssl/md5.h ../../include/openssl/obj_mac.h
+m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c
-m_md5.o: ../cryptlib.h evp_locl.h m_md5.c
+m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_mdc2.o: ../../e_os.h ../../include/openssl/bio.h
 m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_mdc2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h m_mdc2.c
+m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
+m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_mdc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_mdc2.c
 m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_null.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c
-m_null.o: ../cryptlib.h m_null.c
 m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h
 m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_ripemd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_ripemd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_ripemd.o: ../../include/openssl/opensslconf.h
 m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h
 m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
@@ -567,62 +516,87 @@ m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-m_sha.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_sha.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_sha.c
+m_sha.o: ../cryptlib.h m_sha.c
 m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-m_sha1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_sha1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_sha1.c
+m_sha1.o: ../cryptlib.h m_sha1.c
+m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h
+m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+m_sigver.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+m_sigver.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_sigver.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_sigver.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_sigver.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sigver.o: ../../include/openssl/opensslconf.h
+m_sigver.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sigver.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_sigver.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sigver.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_sigver.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
+m_sigver.o: m_sigver.c
+m_wp.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_wp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_wp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_wp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_wp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_wp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_wp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_wp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_wp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_wp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_wp.o: ../../include/openssl/symhacks.h ../../include/openssl/whrlpool.h
+m_wp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_wp.o: ../cryptlib.h m_wp.c
 names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-names.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c
-names.o: ../cryptlib.h names.c
 p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
 p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p5_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p5_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p5_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c
+p5_crpt.o: ../cryptlib.h p5_crpt.c
 p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h
 p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p5_crpt2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_crpt2.o: ../../include/openssl/opensslconf.h
 p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -633,37 +607,35 @@ p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_dec.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_dec.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_dec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_dec.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_dec.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_dec.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c
-p_dec.o: ../cryptlib.h p_dec.c
 p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_enc.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c
-p_enc.o: ../cryptlib.h p_enc.c
 p_lib.o: ../../e_os.h ../../include/openssl/asn1.h
 p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
 p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-p_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -671,57 +643,91 @@ p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_lib.o: ../cryptlib.h p_lib.c
+p_lib.o: ../asn1/asn1_locl.h ../cryptlib.h p_lib.c
 p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_open.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_open.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-p_open.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_open.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p_open.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_open.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_open.c
+p_open.o: ../cryptlib.h p_open.c
 p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_seal.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_seal.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_seal.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c
-p_seal.o: ../cryptlib.h p_seal.c
 p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c
-p_sign.o: ../cryptlib.h p_sign.c
 p_verify.o: ../../e_os.h ../../include/openssl/asn1.h
 p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p_verify.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_verify.o: ../../include/openssl/opensslconf.h
 p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_verify.c
+pmeth_fn.o: ../../e_os.h ../../include/openssl/asn1.h
+pmeth_fn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pmeth_fn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pmeth_fn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pmeth_fn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pmeth_fn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pmeth_fn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pmeth_fn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+pmeth_fn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+pmeth_fn.o: pmeth_fn.c
+pmeth_gn.o: ../../e_os.h ../../include/openssl/asn1.h
+pmeth_gn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+pmeth_gn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pmeth_gn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pmeth_gn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pmeth_gn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pmeth_gn.o: ../../include/openssl/opensslconf.h
+pmeth_gn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pmeth_gn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+pmeth_gn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+pmeth_gn.o: pmeth_gn.c
+pmeth_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+pmeth_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pmeth_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pmeth_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pmeth_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+pmeth_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pmeth_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pmeth_lib.o: ../../include/openssl/objects.h
+pmeth_lib.o: ../../include/openssl/opensslconf.h
+pmeth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pmeth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pmeth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pmeth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pmeth_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+pmeth_lib.o: evp_locl.h pmeth_lib.c
diff --git a/src/lib/libcrypto/evp/c_allc.c b/src/lib/libcrypto/evp/c_allc.c
index 7054d8125d..c5f9268378 100644
--- a/src/lib/libcrypto/evp/c_allc.c
+++ b/src/lib/libcrypto/evp/c_allc.c
@@ -71,6 +71,8 @@ void OpenSSL_add_all_ciphers(void)
        EVP_add_cipher(EVP_des_cfb8());
        EVP_add_cipher(EVP_des_ede_cfb());
        EVP_add_cipher(EVP_des_ede3_cfb());
+        EVP_add_cipher(EVP_des_ede3_cfb1());
+        EVP_add_cipher(EVP_des_ede3_cfb8());
        EVP_add_cipher(EVP_des_ofb());
        EVP_add_cipher(EVP_des_ede_ofb());
@@ -219,7 +221,4 @@ void OpenSSL_add_all_ciphers(void)
        EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
        EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
 #endif
-        PKCS12_PBE_add();
-        PKCS5_PBE_add();
        }
diff --git a/src/lib/libcrypto/evp/c_alld.c b/src/lib/libcrypto/evp/c_alld.c
index d270b0ee03..311e1fe2f8 100644
--- a/src/lib/libcrypto/evp/c_alld.c
+++ b/src/lib/libcrypto/evp/c_alld.c
@@ -64,9 +64,6 @@
 void OpenSSL_add_all_digests(void)
        {
-#ifndef OPENSSL_NO_MD2
-        EVP_add_digest(EVP_md2());
-#endif
 #ifndef OPENSSL_NO_MD4
        EVP_add_digest(EVP_md4());
 #endif
@@ -81,7 +78,7 @@ void OpenSSL_add_all_digests(void)
        EVP_add_digest(EVP_dss());
 #endif
 #endif
-#ifndef OPENSSL_NO_SHA
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
        EVP_add_digest(EVP_sha1());
        EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
        EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
@@ -111,4 +108,7 @@ void OpenSSL_add_all_digests(void)
        EVP_add_digest(EVP_sha384());
        EVP_add_digest(EVP_sha512());
 #endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+        EVP_add_digest(EVP_whirlpool());
+#endif
        }
diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c
index 436be20bf1..902efac975 100644
--- a/src/lib/libcrypto/evp/evp_test.c
+++ b/src/lib/libcrypto/evp/evp_test.c
@@ -153,8 +153,8 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
    
    if(kn != c->key_len)
        {
-        fprintf(stderr,"Key length doesn't match, got %d expected %d\n",kn,
+        fprintf(stderr,"Key length doesn't match, got %d expected %lu\n",kn,
-                c->key_len);
+                (unsigned long)c->key_len);
        test1_exit(5);
        }
    EVP_CIPHER_CTX_init(&ctx);
@@ -441,7 +441,7 @@ int main(int argc,char **argv)
 #endif
    EVP_cleanup();
    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_state(0);
+    ERR_remove_thread_state(NULL);
    ERR_free_strings();
    CRYPTO_mem_leaks_fp(stderr);
diff --git a/src/lib/libcrypto/evp/m_md2.c b/src/lib/libcrypto/evp/m_md2.c
index 8eee6236ba..5ce849f161 100644
--- a/src/lib/libcrypto/evp/m_md2.c
+++ b/src/lib/libcrypto/evp/m_md2.c
@@ -58,7 +58,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp_locl.h"
 #ifndef OPENSSL_NO_MD2
diff --git a/src/lib/libcrypto/evp/m_mdc2.c b/src/lib/libcrypto/evp/m_mdc2.c
index 9f9bcf06ed..b08d559803 100644
--- a/src/lib/libcrypto/evp/m_mdc2.c
+++ b/src/lib/libcrypto/evp/m_mdc2.c
@@ -58,7 +58,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp_locl.h"
 #ifndef OPENSSL_NO_MDC2
@@ -66,7 +65,9 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/mdc2.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
 static int init(EVP_MD_CTX *ctx)
        { return MDC2_Init(ctx->md_data); }
diff --git a/src/lib/libcrypto/evp/m_sha.c b/src/lib/libcrypto/evp/m_sha.c
index 3f30dfc579..acccc8f92d 100644
--- a/src/lib/libcrypto/evp/m_sha.c
+++ b/src/lib/libcrypto/evp/m_sha.c
@@ -58,7 +58,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp_locl.h"
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
diff --git a/src/lib/libcrypto/hmac/Makefile b/src/lib/libcrypto/hmac/Makefile
index 5cfa37d99c..0e91709f64 100644
--- a/src/lib/libcrypto/hmac/Makefile
+++ b/src/lib/libcrypto/hmac/Makefile
@@ -17,8 +17,8 @@ TEST=hmactest.c
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC=hmac.c
+LIBSRC=hmac.c hm_ameth.c hm_pmeth.c
-LIBOBJ=hmac.o
+LIBOBJ=hmac.o hm_ameth.o hm_pmeth.o
 SRC= $(LIBSRC)
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -74,13 +74,37 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+hm_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+hm_ameth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+hm_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+hm_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hm_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+hm_ameth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+hm_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hm_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hm_ameth.o: ../../include/openssl/symhacks.h ../asn1/asn1_locl.h ../cryptlib.h
+hm_ameth.o: hm_ameth.c
+hm_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+hm_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+hm_pmeth.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+hm_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+hm_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+hm_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hm_pmeth.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+hm_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hm_pmeth.o: ../../include/openssl/opensslconf.h
+hm_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hm_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+hm_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hm_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+hm_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+hm_pmeth.o: ../cryptlib.h ../evp/evp_locl.h hm_pmeth.c
 hmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 hmac.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-hmac.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+hmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hmac.o: ../../include/openssl/symhacks.h ../cryptlib.h hmac.c
-hmac.o: ../cryptlib.h hmac.c
diff --git a/src/lib/libcrypto/idea/Makefile b/src/lib/libcrypto/idea/Makefile
index 55c0d4dbff..b2e7add666 100644
--- a/src/lib/libcrypto/idea/Makefile
+++ b/src/lib/libcrypto/idea/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -82,9 +82,5 @@ i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
 i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
 i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
 i_ofb64.o: i_ofb64.c idea_lcl.h
-i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
-i_skey.o: ../../include/openssl/fips.h ../../include/openssl/idea.h
-i_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-i_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-i_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 i_skey.o: i_skey.c idea_lcl.h
diff --git a/src/lib/libcrypto/install.com b/src/lib/libcrypto/install.com
index ffad1f97a7..ad3e4d48c7 100644
--- a/src/lib/libcrypto/install.com
+++ b/src/lib/libcrypto/install.com
@@ -3,15 +3,26 @@ $!
 $! Author: Richard Levitte <richard@levitte.org>
 $! Time of creation: 22-MAY-1998 10:13
 $!
+$! Changes by Zoltan Arpadffy <zoli@polarhome.com>
+$!
 $! P1   root of the directory tree
 $!
 $       IF P1 .EQS. ""
 $       THEN
 $           WRITE SYS$OUTPUT "First argument missing."
-$           WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$           WRITE SYS$OUTPUT -
+                  "It should be the directory where you want things installed."
 $           EXIT
 $       ENDIF
 $
+$       IF (F$GETSYI("CPU").LT.128)
+$       THEN
+$           ARCH := VAX
+$       ELSE
+$           ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$           IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$       ENDIF
+$
 $       ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
 $       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
 $       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
@@ -19,30 +30,28 @@ $	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
 $       ROOT = ROOT_DEV + "[" + ROOT_DIR
 $
 $       DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$       DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$       DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:['ARCH'_LIB]
-$       DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
 $       DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
 $
 $       IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
           CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$       IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN -
+$       IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLVLIB:
+           CREATE/DIR/LOG WRK_SSLLIB:
-$       IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLALIB:
 $       IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
           CREATE/DIR/LOG WRK_SSLINCLUDE:
 $
 $       SDIRS := ,-
+                 _'ARCH',-
                 OBJECTS,-
-                 MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,-
+                 MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,-
                 DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,-
                 BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,-
                 BUFFER,BIO,STACK,LHASH,RAND,ERR,-
                 EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,-
                 UI,KRB5,-
-                 STORE,PQUEUE,JPAKE
+                 STORE,CMS,PQUEUE,TS,JPAKE
-$       EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,-
+$       EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h
-                symhacks.h,ossl_typ.h
+$       EXHEADER__'ARCH' := opensslconf.h
 $       EXHEADER_OBJECTS := objects.h,obj_mac.h
 $       EXHEADER_MD2 := md2.h
 $       EXHEADER_MD4 := md4.h
@@ -51,6 +60,7 @@ $	EXHEADER_SHA := sha.h
 $       EXHEADER_MDC2 := mdc2.h
 $       EXHEADER_HMAC := hmac.h
 $       EXHEADER_RIPEMD := ripemd.h
+$       EXHEADER_WHRLPOOL := whrlpool.h
 $       EXHEADER_DES := des.h,des_old.h
 $       EXHEADER_AES := aes.h
 $       EXHEADER_RC2 := rc2.h
@@ -61,6 +71,7 @@ $	EXHEADER_BF := blowfish.h
 $       EXHEADER_CAST := cast.h
 $       EXHEADER_CAMELLIA := camellia.h
 $       EXHEADER_SEED := seed.h
+$       EXHEADER_MODES := modes.h
 $       EXHEADER_BN := bn.h
 $       EXHEADER_EC := ec.h
 $       EXHEADER_RSA := rsa.h
@@ -91,12 +102,13 @@ $	EXHEADER_UI := ui.h,ui_compat.h
 $       EXHEADER_KRB5 := krb5_asn.h
 $!      EXHEADER_STORE := store.h,str_compat.h
 $       EXHEADER_STORE := store.h
-$       EXHEADER_PQUEUE := pqueue.h,pq_compat.h
+$       EXHEADER_CMS := cms.h
+$       EXHEADER_PQUEUE := pqueue.h
+$       EXHEADER_TS := ts.h
 $       EXHEADER_JPAKE := jpake.h
 $       LIBS := LIBCRYPTO
 $
-$       VEXE_DIR := [-.VAX.EXE.CRYPTO]
+$       EXE_DIR := [-.'ARCH'.EXE.CRYPTO]
-$       AEXE_DIR := [-.AXP.EXE.CRYPTO]
 $
 $       I = 0
 $ LOOP_SDIRS: 
@@ -108,7 +120,12 @@ $	IF D .EQS. ""
 $       THEN
 $         COPY 'tmp' WRK_SSLINCLUDE: /LOG
 $       ELSE
-$         COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
+$         IF D .EQS. "_''ARCH'"
+$         THEN
+$           COPY [-.'ARCH'.CRYPTO]'tmp' WRK_SSLINCLUDE: /LOG
+$         ELSE
+$           COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
+$         ENDIF
 $       ENDIF
 $       SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp'
 $       GOTO LOOP_SDIRS
@@ -120,27 +137,16 @@ $	E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
 $       I = I + 1
 $       IF E .EQS. "," THEN GOTO LOOP_LIB_END
 $       SET NOON
-$       IF F$SEARCH(VEXE_DIR+E+".OLB") .NES. ""
+$       IF F$SEARCH(EXE_DIR+E+".OLB") .NES. ""
-$       THEN
-$         COPY 'VEXE_DIR''E'.OLB WRK_SSLVLIB:'E'.OLB/log
-$         SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.OLB
-$       ENDIF
-$       ! Preparing for the time when we have shareable images
-$       IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
-$       THEN
-$         COPY 'VEXE_DIR''E'.EXE WRK_SSLVLIB:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.EXE
-$       ENDIF
-$       IF F$SEARCH(AEXE_DIR+E+".OLB") .NES. ""
 $       THEN
-$         COPY 'AEXE_DIR''E'.OLB WRK_SSLALIB:'E'.OLB/log
+$         COPY 'EXE_DIR''E'.OLB WRK_SSLLIB:'E'.OLB/log
-$         SET FILE/PROT=W:RE WRK_SSLALIB:'E'.OLB
+$         SET FILE/PROT=W:RE WRK_SSLLIB:'E'.OLB
 $       ENDIF
 $       ! Preparing for the time when we have shareable images
-$       IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
+$       IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
 $       THEN
-$         COPY 'AEXE_DIR''E'.EXE WRK_SSLALIB:'E'.EXE/log
+$         COPY 'EXE_DIR''E'.EXE WRK_SSLLIB:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLALIB:'E'.EXE
+$         SET FILE/PROT=W:RE WRK_SSLLIB:'E'.EXE
 $       ENDIF
 $       SET ON
 $       GOTO LOOP_LIB
diff --git a/src/lib/libcrypto/krb5/Makefile b/src/lib/libcrypto/krb5/Makefile
index 8efb9e8910..14077390d6 100644
--- a/src/lib/libcrypto/krb5/Makefile
+++ b/src/lib/libcrypto/krb5/Makefile
@@ -34,7 +34,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
diff --git a/src/lib/libcrypto/lhash/Makefile b/src/lib/libcrypto/lhash/Makefile
index 35f0932971..82bddac474 100644
--- a/src/lib/libcrypto/lhash/Makefile
+++ b/src/lib/libcrypto/lhash/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
diff --git a/src/lib/libcrypto/md2/Makefile b/src/lib/libcrypto/md2/Makefile
index 7f43321ab2..17f878aeb7 100644
--- a/src/lib/libcrypto/md2/Makefile
+++ b/src/lib/libcrypto/md2/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -74,9 +74,7 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
-md2_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-md2_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-md2_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
 md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 md2_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
diff --git a/src/lib/libcrypto/md2/md2.h b/src/lib/libcrypto/md2/md2.h
index d59c9f2593..a46120e7d4 100644
--- a/src/lib/libcrypto/md2/md2.h
+++ b/src/lib/libcrypto/md2/md2.h
@@ -81,9 +81,6 @@ typedef struct MD2state_st
        } MD2_CTX;
 const char *MD2_options(void);
-#ifdef OPENSSL_FIPS
-int private_MD2_Init(MD2_CTX *c);
-#endif
 int MD2_Init(MD2_CTX *c);
 int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
 int MD2_Final(unsigned char *md, MD2_CTX *c);
diff --git a/src/lib/libcrypto/md2/md2_dgst.c b/src/lib/libcrypto/md2/md2_dgst.c
index cc4eeaf7a7..c57b3da288 100644
--- a/src/lib/libcrypto/md2/md2_dgst.c
+++ b/src/lib/libcrypto/md2/md2_dgst.c
@@ -62,11 +62,6 @@
 #include <openssl/md2.h>
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-#include <openssl/err.h>
 const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
@@ -78,7 +73,7 @@ const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
 static void md2_block(MD2_CTX *c, const unsigned char *d);
 /* The magic S table - I have converted it to hex since it is
 * basically just a random byte string. */
-static MD2_INT S[256]={
+static const MD2_INT S[256]={
        0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
        0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
        0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
@@ -121,7 +116,7 @@ const char *MD2_options(void)
                return("md2(int)");
        }
-FIPS_NON_FIPS_MD_Init(MD2)
+int MD2_Init(MD2_CTX *c)
        {
        c->num=0;
        memset(c->state,0,sizeof c->state);
diff --git a/src/lib/libcrypto/md4/Makefile b/src/lib/libcrypto/md4/Makefile
index 0bc4896585..c94a1398ed 100644
--- a/src/lib/libcrypto/md4/Makefile
+++ b/src/lib/libcrypto/md4/Makefile
@@ -34,7 +34,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -69,19 +69,16 @@ depend:
 dclean:
        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
        mv -f Makefile.new $(MAKEFILE)
+        rm -f ../../include/openssl/$(EXHEADER) ../../test/$(TEST) ../../apps/$(APPS)
 clean:
        rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 # DO NOT DELETE THIS LINE -- make depend depends on it.
-md4_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h
-md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md4_dgst.o: ../../include/openssl/opensslconf.h
-md4_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c
-md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
-md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-md4_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-md4_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md4_dgst.c
 md4_dgst.o: md4_locl.h
 md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
diff --git a/src/lib/libcrypto/md5/Makefile b/src/lib/libcrypto/md5/Makefile
index 3c450fcfc0..9858d53d31 100644
--- a/src/lib/libcrypto/md5/Makefile
+++ b/src/lib/libcrypto/md5/Makefile
@@ -38,21 +38,19 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+md5-586.s:      asm/md5-586.pl ../perlasm/x86asm.pl
-mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/md5-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
-        (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > ../$@)
-# COFF
-mx86-cof.s: asm/md5-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) md5-586.pl coff $(CFLAGS) > ../$@)
-# a.out
-mx86-out.s: asm/md5-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) md5-586.pl a.out $(CFLAGS) > ../$@)
-md5-x86_64.s:   asm/md5-x86_64.pl;      $(PERL) asm/md5-x86_64.pl $@
+md5-x86_64.s:   asm/md5-x86_64.pl
+        $(PERL) asm/md5-x86_64.pl $(PERLASM_SCHEME) > $@
+md5-ia64.s: asm/md5-ia64.S
+        $(CC) $(CFLAGS) -E asm/md5-ia64.S | \
+        $(PERL) -ne 's/;\s+/;\n/g; print;' > $@
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -91,13 +89,9 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
-md5_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h
-md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md5_dgst.o: ../../include/openssl/opensslconf.h
-md5_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c
-md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
-md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-md5_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-md5_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md5_dgst.c
 md5_dgst.o: md5_locl.h
 md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
diff --git a/src/lib/libcrypto/mdc2/Makefile b/src/lib/libcrypto/mdc2/Makefile
index ea25688d88..1d064f17a6 100644
--- a/src/lib/libcrypto/mdc2/Makefile
+++ b/src/lib/libcrypto/mdc2/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
diff --git a/src/lib/libcrypto/mdc2/mdc2.h b/src/lib/libcrypto/mdc2/mdc2.h
index 7e1354116a..72778a5212 100644
--- a/src/lib/libcrypto/mdc2/mdc2.h
+++ b/src/lib/libcrypto/mdc2/mdc2.h
@@ -80,9 +80,7 @@ typedef struct mdc2_ctx_st
        int pad_type; /* either 1 or 2, default 1 */
        } MDC2_CTX;
-#ifdef OPENSSL_FIPS
-int private_MDC2_Init(MDC2_CTX *c);
-#endif
 int MDC2_Init(MDC2_CTX *c);
 int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
 int MDC2_Final(unsigned char *md, MDC2_CTX *c);
diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c
index 00ebaf0b9b..6f80dd33eb 100644
--- a/src/lib/libcrypto/mem.c
+++ b/src/lib/libcrypto/mem.c
@@ -101,7 +101,7 @@ static void (*free_locked_func)(void *)     = free;
 /* may be changed as long as 'allow_customize_debug' is set */
 /* XXX use correct function pointer types */
-#if defined(CRYPTO_MDEBUG) && !defined(OPENSSL_FIPS)
+#ifdef CRYPTO_MDEBUG
 /* use default functions from mem_dbg.c */
 static void (*malloc_debug_func)(void *,int,const char *,int,int)
        = CRYPTO_dbg_malloc;
@@ -110,14 +110,6 @@ static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
 static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
 static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
 static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
-static int  (*push_info_func)(const char *info, const char *file, int line)
-        = CRYPTO_dbg_push_info;
-static int  (*pop_info_func)(void)
-        = CRYPTO_dbg_pop_info;
-static int (*remove_all_info_func)(void)
-        = CRYPTO_dbg_remove_all_info;
 #else
 /* applications can use CRYPTO_malloc_debug_init() to select above case
 * at run-time */
@@ -127,13 +119,6 @@ static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
 static void (*free_debug_func)(void *,int) = NULL;
 static void (*set_debug_options_func)(long) = NULL;
 static long (*get_debug_options_func)(void) = NULL;
-static int  (*push_info_func)(const char *info, const char *file, int line)
-        = NULL;
-static int  (*pop_info_func)(void) = NULL;
-static int (*remove_all_info_func)(void) = NULL;
 #endif
@@ -209,15 +194,6 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
        return 1;
        }
-void CRYPTO_set_mem_info_functions(
-        int  (*push_info_fn)(const char *info, const char *file, int line),
-        int  (*pop_info_fn)(void),
-        int (*remove_all_info_fn)(void))
-        {
-        push_info_func = push_info_fn;
-        pop_info_func = pop_info_fn;
-        remove_all_info_func = remove_all_info_fn;
-        }
 void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t),
        void (**f)(void *))
@@ -274,7 +250,6 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
 void *CRYPTO_malloc_locked(int num, const char *file, int line)
        {
        void *ret = NULL;
-        extern unsigned char cleanse_ctr;
        if (num <= 0) return NULL;
@@ -291,11 +266,15 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
        if (malloc_debug_func != NULL)
                malloc_debug_func(ret, num, file, line, 1);
+#ifndef OPENSSL_CPUID_OBJ
        /* Create a dependency on the value of 'cleanse_ctr' so our memory
         * sanitisation function can't be optimised out. NB: We only do
         * this for >2Kb so the overhead doesn't bother us. */
        if(ret && (num > 2048))
+        {       extern unsigned char cleanse_ctr;
                ((unsigned char *)ret)[0] = cleanse_ctr;
+        }
+#endif
        return ret;
        }
@@ -315,7 +294,6 @@ void CRYPTO_free_locked(void *str)
 void *CRYPTO_malloc(int num, const char *file, int line)
        {
        void *ret = NULL;
-        extern unsigned char cleanse_ctr;
        if (num <= 0) return NULL;
@@ -332,12 +310,23 @@ void *CRYPTO_malloc(int num, const char *file, int line)
        if (malloc_debug_func != NULL)
                malloc_debug_func(ret, num, file, line, 1);
+#ifndef OPENSSL_CPUID_OBJ
        /* Create a dependency on the value of 'cleanse_ctr' so our memory
         * sanitisation function can't be optimised out. NB: We only do
         * this for >2Kb so the overhead doesn't bother us. */
        if(ret && (num > 2048))
+        {       extern unsigned char cleanse_ctr;
                ((unsigned char *)ret)[0] = cleanse_ctr;
+        }
+#endif
+        return ret;
+        }
+char *CRYPTO_strdup(const char *str, const char *file, int line)
+        {
+        char *ret = CRYPTO_malloc(strlen(str)+1, file, line);
+        strcpy(ret, str);
        return ret;
        }
@@ -423,24 +412,3 @@ long CRYPTO_get_mem_debug_options(void)
                return get_debug_options_func();
        return 0;
        }
-int CRYPTO_push_info_(const char *info, const char *file, int line)
-        {
-        if (push_info_func)
-                return push_info_func(info, file, line);
-        return 1;
-        }
-int CRYPTO_pop_info(void)
-        {
-        if (pop_info_func)
-                return pop_info_func();
-        return 1;
-        }
-int CRYPTO_remove_all_info(void)
-        {
-        if (remove_all_info_func)
-                return remove_all_info_func();
-        return 1;
-        }
diff --git a/src/lib/libcrypto/objects/Makefile b/src/lib/libcrypto/objects/Makefile
index 25e8b23b5d..a8aedbd422 100644
--- a/src/lib/libcrypto/objects/Makefile
+++ b/src/lib/libcrypto/objects/Makefile
@@ -18,23 +18,23 @@ TEST=
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c
+LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c
-LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o
+LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o obj_xref.o
 SRC= $(LIBSRC)
 EXHEADER= objects.h obj_mac.h
-HEADER= $(EXHEADER) obj_dat.h
+HEADER= $(EXHEADER) obj_dat.h obj_xref.h
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-all:    obj_dat.h lib
+all:    obj_dat.h obj_xref.h lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -46,6 +46,10 @@ obj_mac.h: objects.pl objects.txt obj_mac.num
        $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
        @sleep 1; touch obj_mac.h; sleep 1
+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
+        $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
+        @sleep 1; touch obj_xref.h; sleep 1
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -117,3 +121,10 @@ obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 obj_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 obj_lib.o: ../cryptlib.h obj_lib.c
+obj_xref.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_xref.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+obj_xref.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+obj_xref.o: ../../include/openssl/opensslconf.h
+obj_xref.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_xref.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_xref.o: ../../include/openssl/symhacks.h obj_xref.c obj_xref.h
diff --git a/src/lib/libcrypto/objects/obj_dat.h b/src/lib/libcrypto/objects/obj_dat.h
index dccc15e03c..6449be6071 100644
--- a/src/lib/libcrypto/objects/obj_dat.h
+++ b/src/lib/libcrypto/objects/obj_dat.h
@@ -62,12 +62,12 @@
 * [including the GNU Public Licence.]
 */
-#define NUM_NID 859
+#define NUM_NID 893
-#define NUM_SN 852
+#define NUM_SN 886
-#define NUM_LN 852
+#define NUM_LN 886
-#define NUM_OBJ 806
+#define NUM_OBJ 840
-static unsigned char lvalues[5722]={
+static const unsigned char lvalues[5824]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -707,7 +707,7 @@ static unsigned char lvalues[5722]={
 0x2B,                                        /* [4582] OBJ_identified_organization */
 0x2B,0x81,0x04,                              /* [4583] OBJ_certicom_arc */
 0x67,0x2B,                                   /* [4586] OBJ_wap */
-0x67,0x2B,0x0D,                              /* [4588] OBJ_wap_wsg */
+0x67,0x2B,0x01,                              /* [4588] OBJ_wap_wsg */
 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,     /* [4591] OBJ_X9_62_id_characteristic_two_basis */
 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4599] OBJ_X9_62_onBasis */
 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4608] OBJ_X9_62_tpBasis */
@@ -763,17 +763,17 @@ static unsigned char lvalues[5722]={
 0x2B,0x81,0x04,0x00,0x25,                    /* [4926] OBJ_sect409r1 */
 0x2B,0x81,0x04,0x00,0x26,                    /* [4931] OBJ_sect571k1 */
 0x2B,0x81,0x04,0x00,0x27,                    /* [4936] OBJ_sect571r1 */
-0x67,0x2B,0x0D,0x04,0x01,                    /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */
+0x67,0x2B,0x01,0x04,0x01,                    /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */
-0x67,0x2B,0x0D,0x04,0x03,                    /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */
+0x67,0x2B,0x01,0x04,0x03,                    /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */
-0x67,0x2B,0x0D,0x04,0x04,                    /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */
+0x67,0x2B,0x01,0x04,0x04,                    /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */
-0x67,0x2B,0x0D,0x04,0x05,                    /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */
+0x67,0x2B,0x01,0x04,0x05,                    /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */
-0x67,0x2B,0x0D,0x04,0x06,                    /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */
+0x67,0x2B,0x01,0x04,0x06,                    /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */
-0x67,0x2B,0x0D,0x04,0x07,                    /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */
+0x67,0x2B,0x01,0x04,0x07,                    /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */
-0x67,0x2B,0x0D,0x04,0x08,                    /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */
+0x67,0x2B,0x01,0x04,0x08,                    /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */
-0x67,0x2B,0x0D,0x04,0x09,                    /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */
+0x67,0x2B,0x01,0x04,0x09,                    /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */
-0x67,0x2B,0x0D,0x04,0x0A,                    /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */
+0x67,0x2B,0x01,0x04,0x0A,                    /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */
-0x67,0x2B,0x0D,0x04,0x0B,                    /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */
+0x67,0x2B,0x01,0x04,0x0B,                    /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */
-0x67,0x2B,0x0D,0x04,0x0C,                    /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */
+0x67,0x2B,0x01,0x04,0x0C,                    /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */
 0x55,0x1D,0x20,0x00,                         /* [4996] OBJ_any_policy */
 0x55,0x1D,0x21,                              /* [5000] OBJ_policy_mappings */
 0x55,0x1D,0x36,                              /* [5003] OBJ_inhibit_any_policy */
@@ -874,9 +874,43 @@ static unsigned char lvalues[5722]={
 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */
 0x55,0x1D,0x2E,                              /* [5710] OBJ_freshest_crl */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03,     /* [5713] OBJ_id_on_permanentIdentifier */
+0x55,0x04,0x0E,                              /* [5721] OBJ_searchGuide */
+0x55,0x04,0x0F,                              /* [5724] OBJ_businessCategory */
+0x55,0x04,0x10,                              /* [5727] OBJ_postalAddress */
+0x55,0x04,0x12,                              /* [5730] OBJ_postOfficeBox */
+0x55,0x04,0x13,                              /* [5733] OBJ_physicalDeliveryOfficeName */
+0x55,0x04,0x14,                              /* [5736] OBJ_telephoneNumber */
+0x55,0x04,0x15,                              /* [5739] OBJ_telexNumber */
+0x55,0x04,0x16,                              /* [5742] OBJ_teletexTerminalIdentifier */
+0x55,0x04,0x17,                              /* [5745] OBJ_facsimileTelephoneNumber */
+0x55,0x04,0x18,                              /* [5748] OBJ_x121Address */
+0x55,0x04,0x19,                              /* [5751] OBJ_internationaliSDNNumber */
+0x55,0x04,0x1A,                              /* [5754] OBJ_registeredAddress */
+0x55,0x04,0x1B,                              /* [5757] OBJ_destinationIndicator */
+0x55,0x04,0x1C,                              /* [5760] OBJ_preferredDeliveryMethod */
+0x55,0x04,0x1D,                              /* [5763] OBJ_presentationAddress */
+0x55,0x04,0x1E,                              /* [5766] OBJ_supportedApplicationContext */
+0x55,0x04,0x1F,                              /* [5769] OBJ_member */
+0x55,0x04,0x20,                              /* [5772] OBJ_owner */
+0x55,0x04,0x21,                              /* [5775] OBJ_roleOccupant */
+0x55,0x04,0x22,                              /* [5778] OBJ_seeAlso */
+0x55,0x04,0x23,                              /* [5781] OBJ_userPassword */
+0x55,0x04,0x24,                              /* [5784] OBJ_userCertificate */
+0x55,0x04,0x25,                              /* [5787] OBJ_cACertificate */
+0x55,0x04,0x26,                              /* [5790] OBJ_authorityRevocationList */
+0x55,0x04,0x27,                              /* [5793] OBJ_certificateRevocationList */
+0x55,0x04,0x28,                              /* [5796] OBJ_crossCertificatePair */
+0x55,0x04,0x2F,                              /* [5799] OBJ_enhancedSearchGuide */
+0x55,0x04,0x30,                              /* [5802] OBJ_protocolInformation */
+0x55,0x04,0x31,                              /* [5805] OBJ_distinguishedName */
+0x55,0x04,0x32,                              /* [5808] OBJ_uniqueMember */
+0x55,0x04,0x33,                              /* [5811] OBJ_houseIdentifier */
+0x55,0x04,0x34,                              /* [5814] OBJ_supportedAlgorithms */
+0x55,0x04,0x35,                              /* [5817] OBJ_deltaRevocationList */
+0x55,0x04,0x36,                              /* [5820] OBJ_dmdName */
 };
-static ASN1_OBJECT nid_objs[NUM_NID]={
+static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"UNDEF","undefined",NID_undef,1,&(lvalues[0]),0},
 {"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[1]),0},
 {"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[7]),0},
@@ -1928,7 +1962,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0},
 {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0},
 {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0},
-{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0},
+{"street","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0},
 {"postalCode","postalCode",NID_postalCode,3,&(lvalues[4465]),0},
 {"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4468]),0},
 {"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8,
@@ -2262,2524 +2296,2681 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
        &(lvalues[5710]),0},
 {"id-on-permanentIdentifier","Permanent Identifier",
        NID_id_on_permanentIdentifier,8,&(lvalues[5713]),0},
+{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5721]),0},
+{"businessCategory","businessCategory",NID_businessCategory,3,
+        &(lvalues[5724]),0},
+{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5727]),0},
+{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5730]),0},
+{"physicalDeliveryOfficeName","physicalDeliveryOfficeName",
+        NID_physicalDeliveryOfficeName,3,&(lvalues[5733]),0},
+{"telephoneNumber","telephoneNumber",NID_telephoneNumber,3,
+        &(lvalues[5736]),0},
+{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5739]),0},
+{"teletexTerminalIdentifier","teletexTerminalIdentifier",
+        NID_teletexTerminalIdentifier,3,&(lvalues[5742]),0},
+{"facsimileTelephoneNumber","facsimileTelephoneNumber",
+        NID_facsimileTelephoneNumber,3,&(lvalues[5745]),0},
+{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5748]),0},
+{"internationaliSDNNumber","internationaliSDNNumber",
+        NID_internationaliSDNNumber,3,&(lvalues[5751]),0},
+{"registeredAddress","registeredAddress",NID_registeredAddress,3,
+        &(lvalues[5754]),0},
+{"destinationIndicator","destinationIndicator",
+        NID_destinationIndicator,3,&(lvalues[5757]),0},
+{"preferredDeliveryMethod","preferredDeliveryMethod",
+        NID_preferredDeliveryMethod,3,&(lvalues[5760]),0},
+{"presentationAddress","presentationAddress",NID_presentationAddress,
+        3,&(lvalues[5763]),0},
+{"supportedApplicationContext","supportedApplicationContext",
+        NID_supportedApplicationContext,3,&(lvalues[5766]),0},
+{"member","member",NID_member,3,&(lvalues[5769]),0},
+{"owner","owner",NID_owner,3,&(lvalues[5772]),0},
+{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5775]),0},
+{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5778]),0},
+{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5781]),0},
+{"userCertificate","userCertificate",NID_userCertificate,3,
+        &(lvalues[5784]),0},
+{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5787]),0},
+{"authorityRevocationList","authorityRevocationList",
+        NID_authorityRevocationList,3,&(lvalues[5790]),0},
+{"certificateRevocationList","certificateRevocationList",
+        NID_certificateRevocationList,3,&(lvalues[5793]),0},
+{"crossCertificatePair","crossCertificatePair",
+        NID_crossCertificatePair,3,&(lvalues[5796]),0},
+{"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide,
+        3,&(lvalues[5799]),0},
+{"protocolInformation","protocolInformation",NID_protocolInformation,
+        3,&(lvalues[5802]),0},
+{"distinguishedName","distinguishedName",NID_distinguishedName,3,
+        &(lvalues[5805]),0},
+{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5808]),0},
+{"houseIdentifier","houseIdentifier",NID_houseIdentifier,3,
+        &(lvalues[5811]),0},
+{"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms,
+        3,&(lvalues[5814]),0},
+{"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList,
+        3,&(lvalues[5817]),0},
+{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5820]),0},
 };
-static ASN1_OBJECT *sn_objs[NUM_SN]={
+static const unsigned int sn_objs[NUM_SN]={
-&(nid_objs[364]),/* "AD_DVCS" */
+364,    /* "AD_DVCS" */
-&(nid_objs[419]),/* "AES-128-CBC" */
+419,    /* "AES-128-CBC" */
-&(nid_objs[421]),/* "AES-128-CFB" */
+421,    /* "AES-128-CFB" */
-&(nid_objs[650]),/* "AES-128-CFB1" */
+650,    /* "AES-128-CFB1" */
-&(nid_objs[653]),/* "AES-128-CFB8" */
+653,    /* "AES-128-CFB8" */
-&(nid_objs[418]),/* "AES-128-ECB" */
+418,    /* "AES-128-ECB" */
-&(nid_objs[420]),/* "AES-128-OFB" */
+420,    /* "AES-128-OFB" */
-&(nid_objs[423]),/* "AES-192-CBC" */
+423,    /* "AES-192-CBC" */
-&(nid_objs[425]),/* "AES-192-CFB" */
+425,    /* "AES-192-CFB" */
-&(nid_objs[651]),/* "AES-192-CFB1" */
+651,    /* "AES-192-CFB1" */
-&(nid_objs[654]),/* "AES-192-CFB8" */
+654,    /* "AES-192-CFB8" */
-&(nid_objs[422]),/* "AES-192-ECB" */
+422,    /* "AES-192-ECB" */
-&(nid_objs[424]),/* "AES-192-OFB" */
+424,    /* "AES-192-OFB" */
-&(nid_objs[427]),/* "AES-256-CBC" */
+427,    /* "AES-256-CBC" */
-&(nid_objs[429]),/* "AES-256-CFB" */
+429,    /* "AES-256-CFB" */
-&(nid_objs[652]),/* "AES-256-CFB1" */
+652,    /* "AES-256-CFB1" */
-&(nid_objs[655]),/* "AES-256-CFB8" */
+655,    /* "AES-256-CFB8" */
-&(nid_objs[426]),/* "AES-256-ECB" */
+426,    /* "AES-256-ECB" */
-&(nid_objs[428]),/* "AES-256-OFB" */
+428,    /* "AES-256-OFB" */
-&(nid_objs[91]),/* "BF-CBC" */
+91,     /* "BF-CBC" */
-&(nid_objs[93]),/* "BF-CFB" */
+93,     /* "BF-CFB" */
-&(nid_objs[92]),/* "BF-ECB" */
+92,     /* "BF-ECB" */
-&(nid_objs[94]),/* "BF-OFB" */
+94,     /* "BF-OFB" */
-&(nid_objs[14]),/* "C" */
+14,     /* "C" */
-&(nid_objs[751]),/* "CAMELLIA-128-CBC" */
+751,    /* "CAMELLIA-128-CBC" */
-&(nid_objs[757]),/* "CAMELLIA-128-CFB" */
+757,    /* "CAMELLIA-128-CFB" */
-&(nid_objs[760]),/* "CAMELLIA-128-CFB1" */
+760,    /* "CAMELLIA-128-CFB1" */
-&(nid_objs[763]),/* "CAMELLIA-128-CFB8" */
+763,    /* "CAMELLIA-128-CFB8" */
-&(nid_objs[754]),/* "CAMELLIA-128-ECB" */
+754,    /* "CAMELLIA-128-ECB" */
-&(nid_objs[766]),/* "CAMELLIA-128-OFB" */
+766,    /* "CAMELLIA-128-OFB" */
-&(nid_objs[752]),/* "CAMELLIA-192-CBC" */
+752,    /* "CAMELLIA-192-CBC" */
-&(nid_objs[758]),/* "CAMELLIA-192-CFB" */
+758,    /* "CAMELLIA-192-CFB" */
-&(nid_objs[761]),/* "CAMELLIA-192-CFB1" */
+761,    /* "CAMELLIA-192-CFB1" */
-&(nid_objs[764]),/* "CAMELLIA-192-CFB8" */
+764,    /* "CAMELLIA-192-CFB8" */
-&(nid_objs[755]),/* "CAMELLIA-192-ECB" */
+755,    /* "CAMELLIA-192-ECB" */
-&(nid_objs[767]),/* "CAMELLIA-192-OFB" */
+767,    /* "CAMELLIA-192-OFB" */
-&(nid_objs[753]),/* "CAMELLIA-256-CBC" */
+753,    /* "CAMELLIA-256-CBC" */
-&(nid_objs[759]),/* "CAMELLIA-256-CFB" */
+759,    /* "CAMELLIA-256-CFB" */
-&(nid_objs[762]),/* "CAMELLIA-256-CFB1" */
+762,    /* "CAMELLIA-256-CFB1" */
-&(nid_objs[765]),/* "CAMELLIA-256-CFB8" */
+765,    /* "CAMELLIA-256-CFB8" */
-&(nid_objs[756]),/* "CAMELLIA-256-ECB" */
+756,    /* "CAMELLIA-256-ECB" */
-&(nid_objs[768]),/* "CAMELLIA-256-OFB" */
+768,    /* "CAMELLIA-256-OFB" */
-&(nid_objs[108]),/* "CAST5-CBC" */
+108,    /* "CAST5-CBC" */
-&(nid_objs[110]),/* "CAST5-CFB" */
+110,    /* "CAST5-CFB" */
-&(nid_objs[109]),/* "CAST5-ECB" */
+109,    /* "CAST5-ECB" */
-&(nid_objs[111]),/* "CAST5-OFB" */
+111,    /* "CAST5-OFB" */
-&(nid_objs[13]),/* "CN" */
+13,     /* "CN" */
-&(nid_objs[141]),/* "CRLReason" */
+141,    /* "CRLReason" */
-&(nid_objs[417]),/* "CSPName" */
+417,    /* "CSPName" */
-&(nid_objs[367]),/* "CrlID" */
+367,    /* "CrlID" */
-&(nid_objs[391]),/* "DC" */
+391,    /* "DC" */
-&(nid_objs[31]),/* "DES-CBC" */
+31,     /* "DES-CBC" */
-&(nid_objs[643]),/* "DES-CDMF" */
+643,    /* "DES-CDMF" */
-&(nid_objs[30]),/* "DES-CFB" */
+30,     /* "DES-CFB" */
-&(nid_objs[656]),/* "DES-CFB1" */
+656,    /* "DES-CFB1" */
-&(nid_objs[657]),/* "DES-CFB8" */
+657,    /* "DES-CFB8" */
-&(nid_objs[29]),/* "DES-ECB" */
+29,     /* "DES-ECB" */
-&(nid_objs[32]),/* "DES-EDE" */
+32,     /* "DES-EDE" */
-&(nid_objs[43]),/* "DES-EDE-CBC" */
+43,     /* "DES-EDE-CBC" */
-&(nid_objs[60]),/* "DES-EDE-CFB" */
+60,     /* "DES-EDE-CFB" */
-&(nid_objs[62]),/* "DES-EDE-OFB" */
+62,     /* "DES-EDE-OFB" */
-&(nid_objs[33]),/* "DES-EDE3" */
+33,     /* "DES-EDE3" */
-&(nid_objs[44]),/* "DES-EDE3-CBC" */
+44,     /* "DES-EDE3-CBC" */
-&(nid_objs[61]),/* "DES-EDE3-CFB" */
+61,     /* "DES-EDE3-CFB" */
-&(nid_objs[658]),/* "DES-EDE3-CFB1" */
+658,    /* "DES-EDE3-CFB1" */
-&(nid_objs[659]),/* "DES-EDE3-CFB8" */
+659,    /* "DES-EDE3-CFB8" */
-&(nid_objs[63]),/* "DES-EDE3-OFB" */
+63,     /* "DES-EDE3-OFB" */
-&(nid_objs[45]),/* "DES-OFB" */
+45,     /* "DES-OFB" */
-&(nid_objs[80]),/* "DESX-CBC" */
+80,     /* "DESX-CBC" */
-&(nid_objs[380]),/* "DOD" */
+380,    /* "DOD" */
-&(nid_objs[116]),/* "DSA" */
+116,    /* "DSA" */
-&(nid_objs[66]),/* "DSA-SHA" */
+66,     /* "DSA-SHA" */
-&(nid_objs[113]),/* "DSA-SHA1" */
+113,    /* "DSA-SHA1" */
-&(nid_objs[70]),/* "DSA-SHA1-old" */
+70,     /* "DSA-SHA1-old" */
-&(nid_objs[67]),/* "DSA-old" */
+67,     /* "DSA-old" */
-&(nid_objs[297]),/* "DVCS" */
+297,    /* "DVCS" */
-&(nid_objs[99]),/* "GN" */
+99,     /* "GN" */
-&(nid_objs[855]),/* "HMAC" */
+855,    /* "HMAC" */
-&(nid_objs[780]),/* "HMAC-MD5" */
+780,    /* "HMAC-MD5" */
-&(nid_objs[781]),/* "HMAC-SHA1" */
+781,    /* "HMAC-SHA1" */
-&(nid_objs[381]),/* "IANA" */
+381,    /* "IANA" */
-&(nid_objs[34]),/* "IDEA-CBC" */
+34,     /* "IDEA-CBC" */
-&(nid_objs[35]),/* "IDEA-CFB" */
+35,     /* "IDEA-CFB" */
-&(nid_objs[36]),/* "IDEA-ECB" */
+36,     /* "IDEA-ECB" */
-&(nid_objs[46]),/* "IDEA-OFB" */
+46,     /* "IDEA-OFB" */
-&(nid_objs[181]),/* "ISO" */
+181,    /* "ISO" */
-&(nid_objs[183]),/* "ISO-US" */
+183,    /* "ISO-US" */
-&(nid_objs[645]),/* "ITU-T" */
+645,    /* "ITU-T" */
-&(nid_objs[646]),/* "JOINT-ISO-ITU-T" */
+646,    /* "JOINT-ISO-ITU-T" */
-&(nid_objs[773]),/* "KISA" */
+773,    /* "KISA" */
-&(nid_objs[15]),/* "L" */
+15,     /* "L" */
-&(nid_objs[856]),/* "LocalKeySet" */
+856,    /* "LocalKeySet" */
-&(nid_objs[ 3]),/* "MD2" */
+ 3,     /* "MD2" */
-&(nid_objs[257]),/* "MD4" */
+257,    /* "MD4" */
-&(nid_objs[ 4]),/* "MD5" */
+ 4,     /* "MD5" */
-&(nid_objs[114]),/* "MD5-SHA1" */
+114,    /* "MD5-SHA1" */
-&(nid_objs[95]),/* "MDC2" */
+95,     /* "MDC2" */
-&(nid_objs[388]),/* "Mail" */
+388,    /* "Mail" */
-&(nid_objs[393]),/* "NULL" */
+393,    /* "NULL" */
-&(nid_objs[404]),/* "NULL" */
+404,    /* "NULL" */
-&(nid_objs[57]),/* "Netscape" */
+57,     /* "Netscape" */
-&(nid_objs[366]),/* "Nonce" */
+366,    /* "Nonce" */
-&(nid_objs[17]),/* "O" */
+17,     /* "O" */
-&(nid_objs[178]),/* "OCSP" */
+178,    /* "OCSP" */
-&(nid_objs[180]),/* "OCSPSigning" */
+180,    /* "OCSPSigning" */
-&(nid_objs[379]),/* "ORG" */
+379,    /* "ORG" */
-&(nid_objs[18]),/* "OU" */
+18,     /* "OU" */
-&(nid_objs[749]),/* "Oakley-EC2N-3" */
+749,    /* "Oakley-EC2N-3" */
-&(nid_objs[750]),/* "Oakley-EC2N-4" */
+750,    /* "Oakley-EC2N-4" */
-&(nid_objs[ 9]),/* "PBE-MD2-DES" */
+ 9,     /* "PBE-MD2-DES" */
-&(nid_objs[168]),/* "PBE-MD2-RC2-64" */
+168,    /* "PBE-MD2-RC2-64" */
-&(nid_objs[10]),/* "PBE-MD5-DES" */
+10,     /* "PBE-MD5-DES" */
-&(nid_objs[169]),/* "PBE-MD5-RC2-64" */
+169,    /* "PBE-MD5-RC2-64" */
-&(nid_objs[147]),/* "PBE-SHA1-2DES" */
+147,    /* "PBE-SHA1-2DES" */
-&(nid_objs[146]),/* "PBE-SHA1-3DES" */
+146,    /* "PBE-SHA1-3DES" */
-&(nid_objs[170]),/* "PBE-SHA1-DES" */
+170,    /* "PBE-SHA1-DES" */
-&(nid_objs[148]),/* "PBE-SHA1-RC2-128" */
+148,    /* "PBE-SHA1-RC2-128" */
-&(nid_objs[149]),/* "PBE-SHA1-RC2-40" */
+149,    /* "PBE-SHA1-RC2-40" */
-&(nid_objs[68]),/* "PBE-SHA1-RC2-64" */
+68,     /* "PBE-SHA1-RC2-64" */
-&(nid_objs[144]),/* "PBE-SHA1-RC4-128" */
+144,    /* "PBE-SHA1-RC4-128" */
-&(nid_objs[145]),/* "PBE-SHA1-RC4-40" */
+145,    /* "PBE-SHA1-RC4-40" */
-&(nid_objs[161]),/* "PBES2" */
+161,    /* "PBES2" */
-&(nid_objs[69]),/* "PBKDF2" */
+69,     /* "PBKDF2" */
-&(nid_objs[162]),/* "PBMAC1" */
+162,    /* "PBMAC1" */
-&(nid_objs[127]),/* "PKIX" */
+127,    /* "PKIX" */
-&(nid_objs[98]),/* "RC2-40-CBC" */
+98,     /* "RC2-40-CBC" */
-&(nid_objs[166]),/* "RC2-64-CBC" */
+166,    /* "RC2-64-CBC" */
-&(nid_objs[37]),/* "RC2-CBC" */
+37,     /* "RC2-CBC" */
-&(nid_objs[39]),/* "RC2-CFB" */
+39,     /* "RC2-CFB" */
-&(nid_objs[38]),/* "RC2-ECB" */
+38,     /* "RC2-ECB" */
-&(nid_objs[40]),/* "RC2-OFB" */
+40,     /* "RC2-OFB" */
-&(nid_objs[ 5]),/* "RC4" */
+ 5,     /* "RC4" */
-&(nid_objs[97]),/* "RC4-40" */
+97,     /* "RC4-40" */
-&(nid_objs[120]),/* "RC5-CBC" */
+120,    /* "RC5-CBC" */
-&(nid_objs[122]),/* "RC5-CFB" */
+122,    /* "RC5-CFB" */
-&(nid_objs[121]),/* "RC5-ECB" */
+121,    /* "RC5-ECB" */
-&(nid_objs[123]),/* "RC5-OFB" */
+123,    /* "RC5-OFB" */
-&(nid_objs[117]),/* "RIPEMD160" */
+117,    /* "RIPEMD160" */
-&(nid_objs[124]),/* "RLE" */
+124,    /* "RLE" */
-&(nid_objs[19]),/* "RSA" */
+19,     /* "RSA" */
-&(nid_objs[ 7]),/* "RSA-MD2" */
+ 7,     /* "RSA-MD2" */
-&(nid_objs[396]),/* "RSA-MD4" */
+396,    /* "RSA-MD4" */
-&(nid_objs[ 8]),/* "RSA-MD5" */
+ 8,     /* "RSA-MD5" */
-&(nid_objs[96]),/* "RSA-MDC2" */
+96,     /* "RSA-MDC2" */
-&(nid_objs[104]),/* "RSA-NP-MD5" */
+104,    /* "RSA-NP-MD5" */
-&(nid_objs[119]),/* "RSA-RIPEMD160" */
+119,    /* "RSA-RIPEMD160" */
-&(nid_objs[42]),/* "RSA-SHA" */
+42,     /* "RSA-SHA" */
-&(nid_objs[65]),/* "RSA-SHA1" */
+65,     /* "RSA-SHA1" */
-&(nid_objs[115]),/* "RSA-SHA1-2" */
+115,    /* "RSA-SHA1-2" */
-&(nid_objs[671]),/* "RSA-SHA224" */
+671,    /* "RSA-SHA224" */
-&(nid_objs[668]),/* "RSA-SHA256" */
+668,    /* "RSA-SHA256" */
-&(nid_objs[669]),/* "RSA-SHA384" */
+669,    /* "RSA-SHA384" */
-&(nid_objs[670]),/* "RSA-SHA512" */
+670,    /* "RSA-SHA512" */
-&(nid_objs[777]),/* "SEED-CBC" */
+777,    /* "SEED-CBC" */
-&(nid_objs[779]),/* "SEED-CFB" */
+779,    /* "SEED-CFB" */
-&(nid_objs[776]),/* "SEED-ECB" */
+776,    /* "SEED-ECB" */
-&(nid_objs[778]),/* "SEED-OFB" */
+778,    /* "SEED-OFB" */
-&(nid_objs[41]),/* "SHA" */
+41,     /* "SHA" */
-&(nid_objs[64]),/* "SHA1" */
+64,     /* "SHA1" */
-&(nid_objs[675]),/* "SHA224" */
+675,    /* "SHA224" */
-&(nid_objs[672]),/* "SHA256" */
+672,    /* "SHA256" */
-&(nid_objs[673]),/* "SHA384" */
+673,    /* "SHA384" */
-&(nid_objs[674]),/* "SHA512" */
+674,    /* "SHA512" */
-&(nid_objs[188]),/* "SMIME" */
+188,    /* "SMIME" */
-&(nid_objs[167]),/* "SMIME-CAPS" */
+167,    /* "SMIME-CAPS" */
-&(nid_objs[100]),/* "SN" */
+100,    /* "SN" */
-&(nid_objs[16]),/* "ST" */
+16,     /* "ST" */
-&(nid_objs[143]),/* "SXNetID" */
+143,    /* "SXNetID" */
-&(nid_objs[458]),/* "UID" */
+458,    /* "UID" */
-&(nid_objs[ 0]),/* "UNDEF" */
+ 0,     /* "UNDEF" */
-&(nid_objs[11]),/* "X500" */
+11,     /* "X500" */
-&(nid_objs[378]),/* "X500algorithms" */
+378,    /* "X500algorithms" */
-&(nid_objs[12]),/* "X509" */
+12,     /* "X509" */
-&(nid_objs[184]),/* "X9-57" */
+184,    /* "X9-57" */
-&(nid_objs[185]),/* "X9cm" */
+185,    /* "X9cm" */
-&(nid_objs[125]),/* "ZLIB" */
+125,    /* "ZLIB" */
-&(nid_objs[478]),/* "aRecord" */
+478,    /* "aRecord" */
-&(nid_objs[289]),/* "aaControls" */
+289,    /* "aaControls" */
-&(nid_objs[287]),/* "ac-auditEntity" */
+287,    /* "ac-auditEntity" */
-&(nid_objs[397]),/* "ac-proxying" */
+397,    /* "ac-proxying" */
-&(nid_objs[288]),/* "ac-targeting" */
+288,    /* "ac-targeting" */
-&(nid_objs[368]),/* "acceptableResponses" */
+368,    /* "acceptableResponses" */
-&(nid_objs[446]),/* "account" */
+446,    /* "account" */
-&(nid_objs[363]),/* "ad_timestamping" */
+363,    /* "ad_timestamping" */
-&(nid_objs[376]),/* "algorithm" */
+376,    /* "algorithm" */
-&(nid_objs[405]),/* "ansi-X9-62" */
+405,    /* "ansi-X9-62" */
-&(nid_objs[746]),/* "anyPolicy" */
+746,    /* "anyPolicy" */
-&(nid_objs[370]),/* "archiveCutoff" */
+370,    /* "archiveCutoff" */
-&(nid_objs[484]),/* "associatedDomain" */
+484,    /* "associatedDomain" */
-&(nid_objs[485]),/* "associatedName" */
+485,    /* "associatedName" */
-&(nid_objs[501]),/* "audio" */
+501,    /* "audio" */
-&(nid_objs[177]),/* "authorityInfoAccess" */
+177,    /* "authorityInfoAccess" */
-&(nid_objs[90]),/* "authorityKeyIdentifier" */
+90,     /* "authorityKeyIdentifier" */
-&(nid_objs[87]),/* "basicConstraints" */
+882,    /* "authorityRevocationList" */
-&(nid_objs[365]),/* "basicOCSPResponse" */
+87,     /* "basicConstraints" */
-&(nid_objs[285]),/* "biometricInfo" */
+365,    /* "basicOCSPResponse" */
-&(nid_objs[494]),/* "buildingName" */
+285,    /* "biometricInfo" */
-&(nid_objs[691]),/* "c2onb191v4" */
+494,    /* "buildingName" */
-&(nid_objs[692]),/* "c2onb191v5" */
+860,    /* "businessCategory" */
-&(nid_objs[697]),/* "c2onb239v4" */
+691,    /* "c2onb191v4" */
-&(nid_objs[698]),/* "c2onb239v5" */
+692,    /* "c2onb191v5" */
-&(nid_objs[684]),/* "c2pnb163v1" */
+697,    /* "c2onb239v4" */
-&(nid_objs[685]),/* "c2pnb163v2" */
+698,    /* "c2onb239v5" */
-&(nid_objs[686]),/* "c2pnb163v3" */
+684,    /* "c2pnb163v1" */
-&(nid_objs[687]),/* "c2pnb176v1" */
+685,    /* "c2pnb163v2" */
-&(nid_objs[693]),/* "c2pnb208w1" */
+686,    /* "c2pnb163v3" */
-&(nid_objs[699]),/* "c2pnb272w1" */
+687,    /* "c2pnb176v1" */
-&(nid_objs[700]),/* "c2pnb304w1" */
+693,    /* "c2pnb208w1" */
-&(nid_objs[702]),/* "c2pnb368w1" */
+699,    /* "c2pnb272w1" */
-&(nid_objs[688]),/* "c2tnb191v1" */
+700,    /* "c2pnb304w1" */
-&(nid_objs[689]),/* "c2tnb191v2" */
+702,    /* "c2pnb368w1" */
-&(nid_objs[690]),/* "c2tnb191v3" */
+688,    /* "c2tnb191v1" */
-&(nid_objs[694]),/* "c2tnb239v1" */
+689,    /* "c2tnb191v2" */
-&(nid_objs[695]),/* "c2tnb239v2" */
+690,    /* "c2tnb191v3" */
-&(nid_objs[696]),/* "c2tnb239v3" */
+694,    /* "c2tnb239v1" */
-&(nid_objs[701]),/* "c2tnb359v1" */
+695,    /* "c2tnb239v2" */
-&(nid_objs[703]),/* "c2tnb431r1" */
+696,    /* "c2tnb239v3" */
-&(nid_objs[483]),/* "cNAMERecord" */
+701,    /* "c2tnb359v1" */
-&(nid_objs[179]),/* "caIssuers" */
+703,    /* "c2tnb431r1" */
-&(nid_objs[785]),/* "caRepository" */
+881,    /* "cACertificate" */
-&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */
+483,    /* "cNAMERecord" */
-&(nid_objs[152]),/* "certBag" */
+179,    /* "caIssuers" */
-&(nid_objs[677]),/* "certicom-arc" */
+785,    /* "caRepository" */
-&(nid_objs[771]),/* "certificateIssuer" */
+443,    /* "caseIgnoreIA5StringSyntax" */
-&(nid_objs[89]),/* "certificatePolicies" */
+152,    /* "certBag" */
-&(nid_objs[54]),/* "challengePassword" */
+677,    /* "certicom-arc" */
-&(nid_objs[407]),/* "characteristic-two-field" */
+771,    /* "certificateIssuer" */
-&(nid_objs[395]),/* "clearance" */
+89,     /* "certificatePolicies" */
-&(nid_objs[130]),/* "clientAuth" */
+883,    /* "certificateRevocationList" */
-&(nid_objs[131]),/* "codeSigning" */
+54,     /* "challengePassword" */
-&(nid_objs[50]),/* "contentType" */
+407,    /* "characteristic-two-field" */
-&(nid_objs[53]),/* "countersignature" */
+395,    /* "clearance" */
-&(nid_objs[153]),/* "crlBag" */
+130,    /* "clientAuth" */
-&(nid_objs[103]),/* "crlDistributionPoints" */
+131,    /* "codeSigning" */
-&(nid_objs[88]),/* "crlNumber" */
+50,     /* "contentType" */
-&(nid_objs[806]),/* "cryptocom" */
+53,     /* "countersignature" */
-&(nid_objs[805]),/* "cryptopro" */
+153,    /* "crlBag" */
-&(nid_objs[500]),/* "dITRedirect" */
+103,    /* "crlDistributionPoints" */
-&(nid_objs[451]),/* "dNSDomain" */
+88,     /* "crlNumber" */
-&(nid_objs[495]),/* "dSAQuality" */
+884,    /* "crossCertificatePair" */
-&(nid_objs[434]),/* "data" */
+806,    /* "cryptocom" */
-&(nid_objs[390]),/* "dcobject" */
+805,    /* "cryptopro" */
-&(nid_objs[140]),/* "deltaCRL" */
+500,    /* "dITRedirect" */
-&(nid_objs[107]),/* "description" */
+451,    /* "dNSDomain" */
-&(nid_objs[28]),/* "dhKeyAgreement" */
+495,    /* "dSAQuality" */
-&(nid_objs[382]),/* "directory" */
+434,    /* "data" */
-&(nid_objs[174]),/* "dnQualifier" */
+390,    /* "dcobject" */
-&(nid_objs[447]),/* "document" */
+140,    /* "deltaCRL" */
-&(nid_objs[471]),/* "documentAuthor" */
+891,    /* "deltaRevocationList" */
-&(nid_objs[468]),/* "documentIdentifier" */
+107,    /* "description" */
-&(nid_objs[472]),/* "documentLocation" */
+871,    /* "destinationIndicator" */
-&(nid_objs[502]),/* "documentPublisher" */
+28,     /* "dhKeyAgreement" */
-&(nid_objs[449]),/* "documentSeries" */
+382,    /* "directory" */
-&(nid_objs[469]),/* "documentTitle" */
+887,    /* "distinguishedName" */
-&(nid_objs[470]),/* "documentVersion" */
+892,    /* "dmdName" */
-&(nid_objs[392]),/* "domain" */
+174,    /* "dnQualifier" */
-&(nid_objs[452]),/* "domainRelatedObject" */
+447,    /* "document" */
-&(nid_objs[802]),/* "dsa_with_SHA224" */
+471,    /* "documentAuthor" */
-&(nid_objs[803]),/* "dsa_with_SHA256" */
+468,    /* "documentIdentifier" */
-&(nid_objs[791]),/* "ecdsa-with-Recommended" */
+472,    /* "documentLocation" */
-&(nid_objs[416]),/* "ecdsa-with-SHA1" */
+502,    /* "documentPublisher" */
-&(nid_objs[793]),/* "ecdsa-with-SHA224" */
+449,    /* "documentSeries" */
-&(nid_objs[794]),/* "ecdsa-with-SHA256" */
+469,    /* "documentTitle" */
-&(nid_objs[795]),/* "ecdsa-with-SHA384" */
+470,    /* "documentVersion" */
-&(nid_objs[796]),/* "ecdsa-with-SHA512" */
+392,    /* "domain" */
-&(nid_objs[792]),/* "ecdsa-with-Specified" */
+452,    /* "domainRelatedObject" */
-&(nid_objs[48]),/* "emailAddress" */
+802,    /* "dsa_with_SHA224" */
-&(nid_objs[132]),/* "emailProtection" */
+803,    /* "dsa_with_SHA256" */
-&(nid_objs[389]),/* "enterprises" */
+791,    /* "ecdsa-with-Recommended" */
-&(nid_objs[384]),/* "experimental" */
+416,    /* "ecdsa-with-SHA1" */
-&(nid_objs[172]),/* "extReq" */
+793,    /* "ecdsa-with-SHA224" */
-&(nid_objs[56]),/* "extendedCertificateAttributes" */
+794,    /* "ecdsa-with-SHA256" */
-&(nid_objs[126]),/* "extendedKeyUsage" */
+795,    /* "ecdsa-with-SHA384" */
-&(nid_objs[372]),/* "extendedStatus" */
+796,    /* "ecdsa-with-SHA512" */
-&(nid_objs[462]),/* "favouriteDrink" */
+792,    /* "ecdsa-with-Specified" */
-&(nid_objs[857]),/* "freshestCRL" */
+48,     /* "emailAddress" */
-&(nid_objs[453]),/* "friendlyCountry" */
+132,    /* "emailProtection" */
-&(nid_objs[490]),/* "friendlyCountryName" */
+885,    /* "enhancedSearchGuide" */
-&(nid_objs[156]),/* "friendlyName" */
+389,    /* "enterprises" */
-&(nid_objs[509]),/* "generationQualifier" */
+384,    /* "experimental" */
-&(nid_objs[815]),/* "gost-mac" */
+172,    /* "extReq" */
-&(nid_objs[811]),/* "gost2001" */
+56,     /* "extendedCertificateAttributes" */
-&(nid_objs[851]),/* "gost2001cc" */
+126,    /* "extendedKeyUsage" */
-&(nid_objs[813]),/* "gost89" */
+372,    /* "extendedStatus" */
-&(nid_objs[814]),/* "gost89-cnt" */
+867,    /* "facsimileTelephoneNumber" */
-&(nid_objs[812]),/* "gost94" */
+462,    /* "favouriteDrink" */
-&(nid_objs[850]),/* "gost94cc" */
+857,    /* "freshestCRL" */
-&(nid_objs[797]),/* "hmacWithMD5" */
+453,    /* "friendlyCountry" */
-&(nid_objs[163]),/* "hmacWithSHA1" */
+490,    /* "friendlyCountryName" */
-&(nid_objs[798]),/* "hmacWithSHA224" */
+156,    /* "friendlyName" */
-&(nid_objs[799]),/* "hmacWithSHA256" */
+509,    /* "generationQualifier" */
-&(nid_objs[800]),/* "hmacWithSHA384" */
+815,    /* "gost-mac" */
-&(nid_objs[801]),/* "hmacWithSHA512" */
+811,    /* "gost2001" */
-&(nid_objs[432]),/* "holdInstructionCallIssuer" */
+851,    /* "gost2001cc" */
-&(nid_objs[430]),/* "holdInstructionCode" */
+813,    /* "gost89" */
-&(nid_objs[431]),/* "holdInstructionNone" */
+814,    /* "gost89-cnt" */
-&(nid_objs[433]),/* "holdInstructionReject" */
+812,    /* "gost94" */
-&(nid_objs[486]),/* "homePostalAddress" */
+850,    /* "gost94cc" */
-&(nid_objs[473]),/* "homeTelephoneNumber" */
+797,    /* "hmacWithMD5" */
-&(nid_objs[466]),/* "host" */
+163,    /* "hmacWithSHA1" */
-&(nid_objs[442]),/* "iA5StringSyntax" */
+798,    /* "hmacWithSHA224" */
-&(nid_objs[783]),/* "id-DHBasedMac" */
+799,    /* "hmacWithSHA256" */
-&(nid_objs[824]),/* "id-Gost28147-89-CryptoPro-A-ParamSet" */
+800,    /* "hmacWithSHA384" */
-&(nid_objs[825]),/* "id-Gost28147-89-CryptoPro-B-ParamSet" */
+801,    /* "hmacWithSHA512" */
-&(nid_objs[826]),/* "id-Gost28147-89-CryptoPro-C-ParamSet" */
+432,    /* "holdInstructionCallIssuer" */
-&(nid_objs[827]),/* "id-Gost28147-89-CryptoPro-D-ParamSet" */
+430,    /* "holdInstructionCode" */
-&(nid_objs[819]),/* "id-Gost28147-89-CryptoPro-KeyMeshing" */
+431,    /* "holdInstructionNone" */
-&(nid_objs[829]),/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
+433,    /* "holdInstructionReject" */
-&(nid_objs[828]),/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
+486,    /* "homePostalAddress" */
-&(nid_objs[830]),/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
+473,    /* "homeTelephoneNumber" */
-&(nid_objs[820]),/* "id-Gost28147-89-None-KeyMeshing" */
+466,    /* "host" */
-&(nid_objs[823]),/* "id-Gost28147-89-TestParamSet" */
+889,    /* "houseIdentifier" */
-&(nid_objs[849]),/* "id-Gost28147-89-cc" */
+442,    /* "iA5StringSyntax" */
-&(nid_objs[840]),/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
+783,    /* "id-DHBasedMac" */
-&(nid_objs[841]),/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
+824,    /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
-&(nid_objs[842]),/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
+825,    /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
-&(nid_objs[843]),/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
+826,    /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
-&(nid_objs[844]),/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
+827,    /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
-&(nid_objs[854]),/* "id-GostR3410-2001-ParamSet-cc" */
+819,    /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
-&(nid_objs[839]),/* "id-GostR3410-2001-TestParamSet" */
+829,    /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
-&(nid_objs[817]),/* "id-GostR3410-2001DH" */
+828,    /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
-&(nid_objs[832]),/* "id-GostR3410-94-CryptoPro-A-ParamSet" */
+830,    /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
-&(nid_objs[833]),/* "id-GostR3410-94-CryptoPro-B-ParamSet" */
+820,    /* "id-Gost28147-89-None-KeyMeshing" */
-&(nid_objs[834]),/* "id-GostR3410-94-CryptoPro-C-ParamSet" */
+823,    /* "id-Gost28147-89-TestParamSet" */
-&(nid_objs[835]),/* "id-GostR3410-94-CryptoPro-D-ParamSet" */
+849,    /* "id-Gost28147-89-cc" */
-&(nid_objs[836]),/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
+840,    /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
-&(nid_objs[837]),/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
+841,    /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
-&(nid_objs[838]),/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
+842,    /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
-&(nid_objs[831]),/* "id-GostR3410-94-TestParamSet" */
+843,    /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
-&(nid_objs[845]),/* "id-GostR3410-94-a" */
+844,    /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
-&(nid_objs[846]),/* "id-GostR3410-94-aBis" */
+854,    /* "id-GostR3410-2001-ParamSet-cc" */
-&(nid_objs[847]),/* "id-GostR3410-94-b" */
+839,    /* "id-GostR3410-2001-TestParamSet" */
-&(nid_objs[848]),/* "id-GostR3410-94-bBis" */
+817,    /* "id-GostR3410-2001DH" */
-&(nid_objs[818]),/* "id-GostR3410-94DH" */
+832,    /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
-&(nid_objs[822]),/* "id-GostR3411-94-CryptoProParamSet" */
+833,    /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
-&(nid_objs[821]),/* "id-GostR3411-94-TestParamSet" */
+834,    /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
-&(nid_objs[807]),/* "id-GostR3411-94-with-GostR3410-2001" */
+835,    /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
-&(nid_objs[853]),/* "id-GostR3411-94-with-GostR3410-2001-cc" */
+836,    /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
-&(nid_objs[808]),/* "id-GostR3411-94-with-GostR3410-94" */
+837,    /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
-&(nid_objs[852]),/* "id-GostR3411-94-with-GostR3410-94-cc" */
+838,    /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
-&(nid_objs[810]),/* "id-HMACGostR3411-94" */
+831,    /* "id-GostR3410-94-TestParamSet" */
-&(nid_objs[782]),/* "id-PasswordBasedMAC" */
+845,    /* "id-GostR3410-94-a" */
-&(nid_objs[266]),/* "id-aca" */
+846,    /* "id-GostR3410-94-aBis" */
-&(nid_objs[355]),/* "id-aca-accessIdentity" */
+847,    /* "id-GostR3410-94-b" */
-&(nid_objs[354]),/* "id-aca-authenticationInfo" */
+848,    /* "id-GostR3410-94-bBis" */
-&(nid_objs[356]),/* "id-aca-chargingIdentity" */
+818,    /* "id-GostR3410-94DH" */
-&(nid_objs[399]),/* "id-aca-encAttrs" */
+822,    /* "id-GostR3411-94-CryptoProParamSet" */
-&(nid_objs[357]),/* "id-aca-group" */
+821,    /* "id-GostR3411-94-TestParamSet" */
-&(nid_objs[358]),/* "id-aca-role" */
+807,    /* "id-GostR3411-94-with-GostR3410-2001" */
-&(nid_objs[176]),/* "id-ad" */
+853,    /* "id-GostR3411-94-with-GostR3410-2001-cc" */
-&(nid_objs[788]),/* "id-aes128-wrap" */
+808,    /* "id-GostR3411-94-with-GostR3410-94" */
-&(nid_objs[789]),/* "id-aes192-wrap" */
+852,    /* "id-GostR3411-94-with-GostR3410-94-cc" */
-&(nid_objs[790]),/* "id-aes256-wrap" */
+810,    /* "id-HMACGostR3411-94" */
-&(nid_objs[262]),/* "id-alg" */
+782,    /* "id-PasswordBasedMAC" */
-&(nid_objs[323]),/* "id-alg-des40" */
+266,    /* "id-aca" */
-&(nid_objs[326]),/* "id-alg-dh-pop" */
+355,    /* "id-aca-accessIdentity" */
-&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */
+354,    /* "id-aca-authenticationInfo" */
-&(nid_objs[324]),/* "id-alg-noSignature" */
+356,    /* "id-aca-chargingIdentity" */
-&(nid_objs[268]),/* "id-cct" */
+399,    /* "id-aca-encAttrs" */
-&(nid_objs[361]),/* "id-cct-PKIData" */
+357,    /* "id-aca-group" */
-&(nid_objs[362]),/* "id-cct-PKIResponse" */
+358,    /* "id-aca-role" */
-&(nid_objs[360]),/* "id-cct-crs" */
+176,    /* "id-ad" */
-&(nid_objs[81]),/* "id-ce" */
+788,    /* "id-aes128-wrap" */
-&(nid_objs[680]),/* "id-characteristic-two-basis" */
+789,    /* "id-aes192-wrap" */
-&(nid_objs[263]),/* "id-cmc" */
+790,    /* "id-aes256-wrap" */
-&(nid_objs[334]),/* "id-cmc-addExtensions" */
+262,    /* "id-alg" */
-&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */
+323,    /* "id-alg-des40" */
-&(nid_objs[330]),/* "id-cmc-dataReturn" */
+326,    /* "id-alg-dh-pop" */
-&(nid_objs[336]),/* "id-cmc-decryptedPOP" */
+325,    /* "id-alg-dh-sig-hmac-sha1" */
-&(nid_objs[335]),/* "id-cmc-encryptedPOP" */
+324,    /* "id-alg-noSignature" */
-&(nid_objs[339]),/* "id-cmc-getCRL" */
+268,    /* "id-cct" */
-&(nid_objs[338]),/* "id-cmc-getCert" */
+361,    /* "id-cct-PKIData" */
-&(nid_objs[328]),/* "id-cmc-identification" */
+362,    /* "id-cct-PKIResponse" */
-&(nid_objs[329]),/* "id-cmc-identityProof" */
+360,    /* "id-cct-crs" */
-&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */
+81,     /* "id-ce" */
-&(nid_objs[344]),/* "id-cmc-popLinkRandom" */
+680,    /* "id-characteristic-two-basis" */
-&(nid_objs[345]),/* "id-cmc-popLinkWitness" */
+263,    /* "id-cmc" */
-&(nid_objs[343]),/* "id-cmc-queryPending" */
+334,    /* "id-cmc-addExtensions" */
-&(nid_objs[333]),/* "id-cmc-recipientNonce" */
+346,    /* "id-cmc-confirmCertAcceptance" */
-&(nid_objs[341]),/* "id-cmc-regInfo" */
+330,    /* "id-cmc-dataReturn" */
-&(nid_objs[342]),/* "id-cmc-responseInfo" */
+336,    /* "id-cmc-decryptedPOP" */
-&(nid_objs[340]),/* "id-cmc-revokeRequest" */
+335,    /* "id-cmc-encryptedPOP" */
-&(nid_objs[332]),/* "id-cmc-senderNonce" */
+339,    /* "id-cmc-getCRL" */
-&(nid_objs[327]),/* "id-cmc-statusInfo" */
+338,    /* "id-cmc-getCert" */
-&(nid_objs[331]),/* "id-cmc-transactionId" */
+328,    /* "id-cmc-identification" */
-&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */
+329,    /* "id-cmc-identityProof" */
-&(nid_objs[408]),/* "id-ecPublicKey" */
+337,    /* "id-cmc-lraPOPWitness" */
-&(nid_objs[508]),/* "id-hex-multipart-message" */
+344,    /* "id-cmc-popLinkRandom" */
-&(nid_objs[507]),/* "id-hex-partial-message" */
+345,    /* "id-cmc-popLinkWitness" */
-&(nid_objs[260]),/* "id-it" */
+343,    /* "id-cmc-queryPending" */
-&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */
+333,    /* "id-cmc-recipientNonce" */
-&(nid_objs[298]),/* "id-it-caProtEncCert" */
+341,    /* "id-cmc-regInfo" */
-&(nid_objs[311]),/* "id-it-confirmWaitTime" */
+342,    /* "id-cmc-responseInfo" */
-&(nid_objs[303]),/* "id-it-currentCRL" */
+340,    /* "id-cmc-revokeRequest" */
-&(nid_objs[300]),/* "id-it-encKeyPairTypes" */
+332,    /* "id-cmc-senderNonce" */
-&(nid_objs[310]),/* "id-it-implicitConfirm" */
+327,    /* "id-cmc-statusInfo" */
-&(nid_objs[308]),/* "id-it-keyPairParamRep" */
+331,    /* "id-cmc-transactionId" */
-&(nid_objs[307]),/* "id-it-keyPairParamReq" */
+787,    /* "id-ct-asciiTextWithCRLF" */
-&(nid_objs[312]),/* "id-it-origPKIMessage" */
+408,    /* "id-ecPublicKey" */
-&(nid_objs[301]),/* "id-it-preferredSymmAlg" */
+508,    /* "id-hex-multipart-message" */
-&(nid_objs[309]),/* "id-it-revPassphrase" */
+507,    /* "id-hex-partial-message" */
-&(nid_objs[299]),/* "id-it-signKeyPairTypes" */
+260,    /* "id-it" */
-&(nid_objs[305]),/* "id-it-subscriptionRequest" */
+302,    /* "id-it-caKeyUpdateInfo" */
-&(nid_objs[306]),/* "id-it-subscriptionResponse" */
+298,    /* "id-it-caProtEncCert" */
-&(nid_objs[784]),/* "id-it-suppLangTags" */
+311,    /* "id-it-confirmWaitTime" */
-&(nid_objs[304]),/* "id-it-unsupportedOIDs" */
+303,    /* "id-it-currentCRL" */
-&(nid_objs[128]),/* "id-kp" */
+300,    /* "id-it-encKeyPairTypes" */
-&(nid_objs[280]),/* "id-mod-attribute-cert" */
+310,    /* "id-it-implicitConfirm" */
-&(nid_objs[274]),/* "id-mod-cmc" */
+308,    /* "id-it-keyPairParamRep" */
-&(nid_objs[277]),/* "id-mod-cmp" */
+307,    /* "id-it-keyPairParamReq" */
-&(nid_objs[284]),/* "id-mod-cmp2000" */
+312,    /* "id-it-origPKIMessage" */
-&(nid_objs[273]),/* "id-mod-crmf" */
+301,    /* "id-it-preferredSymmAlg" */
-&(nid_objs[283]),/* "id-mod-dvcs" */
+309,    /* "id-it-revPassphrase" */
-&(nid_objs[275]),/* "id-mod-kea-profile-88" */
+299,    /* "id-it-signKeyPairTypes" */
-&(nid_objs[276]),/* "id-mod-kea-profile-93" */
+305,    /* "id-it-subscriptionRequest" */
-&(nid_objs[282]),/* "id-mod-ocsp" */
+306,    /* "id-it-subscriptionResponse" */
-&(nid_objs[278]),/* "id-mod-qualified-cert-88" */
+784,    /* "id-it-suppLangTags" */
-&(nid_objs[279]),/* "id-mod-qualified-cert-93" */
+304,    /* "id-it-unsupportedOIDs" */
-&(nid_objs[281]),/* "id-mod-timestamp-protocol" */
+128,    /* "id-kp" */
-&(nid_objs[264]),/* "id-on" */
+280,    /* "id-mod-attribute-cert" */
-&(nid_objs[858]),/* "id-on-permanentIdentifier" */
+274,    /* "id-mod-cmc" */
-&(nid_objs[347]),/* "id-on-personalData" */
+277,    /* "id-mod-cmp" */
-&(nid_objs[265]),/* "id-pda" */
+284,    /* "id-mod-cmp2000" */
-&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */
+273,    /* "id-mod-crmf" */
-&(nid_objs[353]),/* "id-pda-countryOfResidence" */
+283,    /* "id-mod-dvcs" */
-&(nid_objs[348]),/* "id-pda-dateOfBirth" */
+275,    /* "id-mod-kea-profile-88" */
-&(nid_objs[351]),/* "id-pda-gender" */
+276,    /* "id-mod-kea-profile-93" */
-&(nid_objs[349]),/* "id-pda-placeOfBirth" */
+282,    /* "id-mod-ocsp" */
-&(nid_objs[175]),/* "id-pe" */
+278,    /* "id-mod-qualified-cert-88" */
-&(nid_objs[261]),/* "id-pkip" */
+279,    /* "id-mod-qualified-cert-93" */
-&(nid_objs[258]),/* "id-pkix-mod" */
+281,    /* "id-mod-timestamp-protocol" */
-&(nid_objs[269]),/* "id-pkix1-explicit-88" */
+264,    /* "id-on" */
-&(nid_objs[271]),/* "id-pkix1-explicit-93" */
+858,    /* "id-on-permanentIdentifier" */
-&(nid_objs[270]),/* "id-pkix1-implicit-88" */
+347,    /* "id-on-personalData" */
-&(nid_objs[272]),/* "id-pkix1-implicit-93" */
+265,    /* "id-pda" */
-&(nid_objs[662]),/* "id-ppl" */
+352,    /* "id-pda-countryOfCitizenship" */
-&(nid_objs[664]),/* "id-ppl-anyLanguage" */
+353,    /* "id-pda-countryOfResidence" */
-&(nid_objs[667]),/* "id-ppl-independent" */
+348,    /* "id-pda-dateOfBirth" */
-&(nid_objs[665]),/* "id-ppl-inheritAll" */
+351,    /* "id-pda-gender" */
-&(nid_objs[267]),/* "id-qcs" */
+349,    /* "id-pda-placeOfBirth" */
-&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */
+175,    /* "id-pe" */
-&(nid_objs[259]),/* "id-qt" */
+261,    /* "id-pkip" */
-&(nid_objs[164]),/* "id-qt-cps" */
+258,    /* "id-pkix-mod" */
-&(nid_objs[165]),/* "id-qt-unotice" */
+269,    /* "id-pkix1-explicit-88" */
-&(nid_objs[313]),/* "id-regCtrl" */
+271,    /* "id-pkix1-explicit-93" */
-&(nid_objs[316]),/* "id-regCtrl-authenticator" */
+270,    /* "id-pkix1-implicit-88" */
-&(nid_objs[319]),/* "id-regCtrl-oldCertID" */
+272,    /* "id-pkix1-implicit-93" */
-&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */
+662,    /* "id-ppl" */
-&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */
+664,    /* "id-ppl-anyLanguage" */
-&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */
+667,    /* "id-ppl-independent" */
-&(nid_objs[315]),/* "id-regCtrl-regToken" */
+665,    /* "id-ppl-inheritAll" */
-&(nid_objs[314]),/* "id-regInfo" */
+267,    /* "id-qcs" */
-&(nid_objs[322]),/* "id-regInfo-certReq" */
+359,    /* "id-qcs-pkixQCSyntax-v1" */
-&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */
+259,    /* "id-qt" */
-&(nid_objs[512]),/* "id-set" */
+164,    /* "id-qt-cps" */
-&(nid_objs[191]),/* "id-smime-aa" */
+165,    /* "id-qt-unotice" */
-&(nid_objs[215]),/* "id-smime-aa-contentHint" */
+313,    /* "id-regCtrl" */
-&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */
+316,    /* "id-regCtrl-authenticator" */
-&(nid_objs[221]),/* "id-smime-aa-contentReference" */
+319,    /* "id-regCtrl-oldCertID" */
-&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */
+318,    /* "id-regCtrl-pkiArchiveOptions" */
-&(nid_objs[217]),/* "id-smime-aa-encapContentType" */
+317,    /* "id-regCtrl-pkiPublicationInfo" */
-&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */
+320,    /* "id-regCtrl-protocolEncrKey" */
-&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */
+315,    /* "id-regCtrl-regToken" */
-&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */
+314,    /* "id-regInfo" */
-&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */
+322,    /* "id-regInfo-certReq" */
-&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */
+321,    /* "id-regInfo-utf8Pairs" */
-&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */
+512,    /* "id-set" */
-&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */
+191,    /* "id-smime-aa" */
-&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */
+215,    /* "id-smime-aa-contentHint" */
-&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */
+218,    /* "id-smime-aa-contentIdentifier" */
-&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */
+221,    /* "id-smime-aa-contentReference" */
-&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */
+240,    /* "id-smime-aa-dvcs-dvc" */
-&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */
+217,    /* "id-smime-aa-encapContentType" */
-&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */
+222,    /* "id-smime-aa-encrypKeyPref" */
-&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */
+220,    /* "id-smime-aa-equivalentLabels" */
-&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */
+232,    /* "id-smime-aa-ets-CertificateRefs" */
-&(nid_objs[219]),/* "id-smime-aa-macValue" */
+233,    /* "id-smime-aa-ets-RevocationRefs" */
-&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */
+238,    /* "id-smime-aa-ets-archiveTimeStamp" */
-&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */
+237,    /* "id-smime-aa-ets-certCRLTimestamp" */
-&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */
+234,    /* "id-smime-aa-ets-certValues" */
-&(nid_objs[213]),/* "id-smime-aa-securityLabel" */
+227,    /* "id-smime-aa-ets-commitmentType" */
-&(nid_objs[239]),/* "id-smime-aa-signatureType" */
+231,    /* "id-smime-aa-ets-contentTimestamp" */
-&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */
+236,    /* "id-smime-aa-ets-escTimeStamp" */
-&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */
+230,    /* "id-smime-aa-ets-otherSigCert" */
-&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */
+235,    /* "id-smime-aa-ets-revocationValues" */
-&(nid_objs[192]),/* "id-smime-alg" */
+226,    /* "id-smime-aa-ets-sigPolicyId" */
-&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */
+229,    /* "id-smime-aa-ets-signerAttr" */
-&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */
+228,    /* "id-smime-aa-ets-signerLocation" */
-&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */
+219,    /* "id-smime-aa-macValue" */
-&(nid_objs[245]),/* "id-smime-alg-ESDH" */
+214,    /* "id-smime-aa-mlExpandHistory" */
-&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */
+216,    /* "id-smime-aa-msgSigDigest" */
-&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */
+212,    /* "id-smime-aa-receiptRequest" */
-&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */
+213,    /* "id-smime-aa-securityLabel" */
-&(nid_objs[193]),/* "id-smime-cd" */
+239,    /* "id-smime-aa-signatureType" */
-&(nid_objs[248]),/* "id-smime-cd-ldap" */
+223,    /* "id-smime-aa-signingCertificate" */
-&(nid_objs[190]),/* "id-smime-ct" */
+224,    /* "id-smime-aa-smimeEncryptCerts" */
-&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */
+225,    /* "id-smime-aa-timeStampToken" */
-&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */
+192,    /* "id-smime-alg" */
-&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
+243,    /* "id-smime-alg-3DESwrap" */
-&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
+246,    /* "id-smime-alg-CMS3DESwrap" */
-&(nid_objs[205]),/* "id-smime-ct-authData" */
+247,    /* "id-smime-alg-CMSRC2wrap" */
-&(nid_objs[786]),/* "id-smime-ct-compressedData" */
+245,    /* "id-smime-alg-ESDH" */
-&(nid_objs[209]),/* "id-smime-ct-contentInfo" */
+241,    /* "id-smime-alg-ESDHwith3DES" */
-&(nid_objs[206]),/* "id-smime-ct-publishCert" */
+242,    /* "id-smime-alg-ESDHwithRC2" */
-&(nid_objs[204]),/* "id-smime-ct-receipt" */
+244,    /* "id-smime-alg-RC2wrap" */
-&(nid_objs[195]),/* "id-smime-cti" */
+193,    /* "id-smime-cd" */
-&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */
+248,    /* "id-smime-cd-ldap" */
-&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */
+190,    /* "id-smime-ct" */
-&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */
+210,    /* "id-smime-ct-DVCSRequestData" */
-&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */
+211,    /* "id-smime-ct-DVCSResponseData" */
-&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */
+208,    /* "id-smime-ct-TDTInfo" */
-&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */
+207,    /* "id-smime-ct-TSTInfo" */
-&(nid_objs[189]),/* "id-smime-mod" */
+205,    /* "id-smime-ct-authData" */
-&(nid_objs[196]),/* "id-smime-mod-cms" */
+786,    /* "id-smime-ct-compressedData" */
-&(nid_objs[197]),/* "id-smime-mod-ess" */
+209,    /* "id-smime-ct-contentInfo" */
-&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */
+206,    /* "id-smime-ct-publishCert" */
-&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */
+204,    /* "id-smime-ct-receipt" */
-&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */
+195,    /* "id-smime-cti" */
-&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */
+255,    /* "id-smime-cti-ets-proofOfApproval" */
-&(nid_objs[199]),/* "id-smime-mod-msg-v3" */
+256,    /* "id-smime-cti-ets-proofOfCreation" */
-&(nid_objs[198]),/* "id-smime-mod-oid" */
+253,    /* "id-smime-cti-ets-proofOfDelivery" */
-&(nid_objs[194]),/* "id-smime-spq" */
+251,    /* "id-smime-cti-ets-proofOfOrigin" */
-&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */
+252,    /* "id-smime-cti-ets-proofOfReceipt" */
-&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
+254,    /* "id-smime-cti-ets-proofOfSender" */
-&(nid_objs[676]),/* "identified-organization" */
+189,    /* "id-smime-mod" */
-&(nid_objs[461]),/* "info" */
+196,    /* "id-smime-mod-cms" */
-&(nid_objs[748]),/* "inhibitAnyPolicy" */
+197,    /* "id-smime-mod-ess" */
-&(nid_objs[101]),/* "initials" */
+202,    /* "id-smime-mod-ets-eSigPolicy-88" */
-&(nid_objs[647]),/* "international-organizations" */
+203,    /* "id-smime-mod-ets-eSigPolicy-97" */
-&(nid_objs[142]),/* "invalidityDate" */
+200,    /* "id-smime-mod-ets-eSignature-88" */
-&(nid_objs[294]),/* "ipsecEndSystem" */
+201,    /* "id-smime-mod-ets-eSignature-97" */
-&(nid_objs[295]),/* "ipsecTunnel" */
+199,    /* "id-smime-mod-msg-v3" */
-&(nid_objs[296]),/* "ipsecUser" */
+198,    /* "id-smime-mod-oid" */
-&(nid_objs[86]),/* "issuerAltName" */
+194,    /* "id-smime-spq" */
-&(nid_objs[770]),/* "issuingDistributionPoint" */
+250,    /* "id-smime-spq-ets-sqt-unotice" */
-&(nid_objs[492]),/* "janetMailbox" */
+249,    /* "id-smime-spq-ets-sqt-uri" */
-&(nid_objs[150]),/* "keyBag" */
+676,    /* "identified-organization" */
-&(nid_objs[83]),/* "keyUsage" */
+461,    /* "info" */
-&(nid_objs[477]),/* "lastModifiedBy" */
+748,    /* "inhibitAnyPolicy" */
-&(nid_objs[476]),/* "lastModifiedTime" */
+101,    /* "initials" */
-&(nid_objs[157]),/* "localKeyID" */
+647,    /* "international-organizations" */
-&(nid_objs[480]),/* "mXRecord" */
+869,    /* "internationaliSDNNumber" */
-&(nid_objs[460]),/* "mail" */
+142,    /* "invalidityDate" */
-&(nid_objs[493]),/* "mailPreferenceOption" */
+294,    /* "ipsecEndSystem" */
-&(nid_objs[467]),/* "manager" */
+295,    /* "ipsecTunnel" */
-&(nid_objs[809]),/* "md_gost94" */
+296,    /* "ipsecUser" */
-&(nid_objs[182]),/* "member-body" */
+86,     /* "issuerAltName" */
-&(nid_objs[51]),/* "messageDigest" */
+770,    /* "issuingDistributionPoint" */
-&(nid_objs[383]),/* "mgmt" */
+492,    /* "janetMailbox" */
-&(nid_objs[504]),/* "mime-mhs" */
+150,    /* "keyBag" */
-&(nid_objs[506]),/* "mime-mhs-bodies" */
+83,     /* "keyUsage" */
-&(nid_objs[505]),/* "mime-mhs-headings" */
+477,    /* "lastModifiedBy" */
-&(nid_objs[488]),/* "mobileTelephoneNumber" */
+476,    /* "lastModifiedTime" */
-&(nid_objs[136]),/* "msCTLSign" */
+157,    /* "localKeyID" */
-&(nid_objs[135]),/* "msCodeCom" */
+480,    /* "mXRecord" */
-&(nid_objs[134]),/* "msCodeInd" */
+460,    /* "mail" */
-&(nid_objs[138]),/* "msEFS" */
+493,    /* "mailPreferenceOption" */
-&(nid_objs[171]),/* "msExtReq" */
+467,    /* "manager" */
-&(nid_objs[137]),/* "msSGC" */
+809,    /* "md_gost94" */
-&(nid_objs[648]),/* "msSmartcardLogin" */
+875,    /* "member" */
-&(nid_objs[649]),/* "msUPN" */
+182,    /* "member-body" */
-&(nid_objs[481]),/* "nSRecord" */
+51,     /* "messageDigest" */
-&(nid_objs[173]),/* "name" */
+383,    /* "mgmt" */
-&(nid_objs[666]),/* "nameConstraints" */
+504,    /* "mime-mhs" */
-&(nid_objs[369]),/* "noCheck" */
+506,    /* "mime-mhs-bodies" */
-&(nid_objs[403]),/* "noRevAvail" */
+505,    /* "mime-mhs-headings" */
-&(nid_objs[72]),/* "nsBaseUrl" */
+488,    /* "mobileTelephoneNumber" */
-&(nid_objs[76]),/* "nsCaPolicyUrl" */
+136,    /* "msCTLSign" */
-&(nid_objs[74]),/* "nsCaRevocationUrl" */
+135,    /* "msCodeCom" */
-&(nid_objs[58]),/* "nsCertExt" */
+134,    /* "msCodeInd" */
-&(nid_objs[79]),/* "nsCertSequence" */
+138,    /* "msEFS" */
-&(nid_objs[71]),/* "nsCertType" */
+171,    /* "msExtReq" */
-&(nid_objs[78]),/* "nsComment" */
+137,    /* "msSGC" */
-&(nid_objs[59]),/* "nsDataType" */
+648,    /* "msSmartcardLogin" */
-&(nid_objs[75]),/* "nsRenewalUrl" */
+649,    /* "msUPN" */
-&(nid_objs[73]),/* "nsRevocationUrl" */
+481,    /* "nSRecord" */
-&(nid_objs[139]),/* "nsSGC" */
+173,    /* "name" */
-&(nid_objs[77]),/* "nsSslServerName" */
+666,    /* "nameConstraints" */
-&(nid_objs[681]),/* "onBasis" */
+369,    /* "noCheck" */
-&(nid_objs[491]),/* "organizationalStatus" */
+403,    /* "noRevAvail" */
-&(nid_objs[475]),/* "otherMailbox" */
+72,     /* "nsBaseUrl" */
-&(nid_objs[489]),/* "pagerTelephoneNumber" */
+76,     /* "nsCaPolicyUrl" */
-&(nid_objs[374]),/* "path" */
+74,     /* "nsCaRevocationUrl" */
-&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
+58,     /* "nsCertExt" */
-&(nid_objs[499]),/* "personalSignature" */
+79,     /* "nsCertSequence" */
-&(nid_objs[487]),/* "personalTitle" */
+71,     /* "nsCertType" */
-&(nid_objs[464]),/* "photo" */
+78,     /* "nsComment" */
-&(nid_objs[437]),/* "pilot" */
+59,     /* "nsDataType" */
-&(nid_objs[439]),/* "pilotAttributeSyntax" */
+75,     /* "nsRenewalUrl" */
-&(nid_objs[438]),/* "pilotAttributeType" */
+73,     /* "nsRevocationUrl" */
-&(nid_objs[479]),/* "pilotAttributeType27" */
+139,    /* "nsSGC" */
-&(nid_objs[456]),/* "pilotDSA" */
+77,     /* "nsSslServerName" */
-&(nid_objs[441]),/* "pilotGroups" */
+681,    /* "onBasis" */
-&(nid_objs[444]),/* "pilotObject" */
+491,    /* "organizationalStatus" */
-&(nid_objs[440]),/* "pilotObjectClass" */
+475,    /* "otherMailbox" */
-&(nid_objs[455]),/* "pilotOrganization" */
+876,    /* "owner" */
-&(nid_objs[445]),/* "pilotPerson" */
+489,    /* "pagerTelephoneNumber" */
-&(nid_objs[ 2]),/* "pkcs" */
+374,    /* "path" */
-&(nid_objs[186]),/* "pkcs1" */
+112,    /* "pbeWithMD5AndCast5CBC" */
-&(nid_objs[27]),/* "pkcs3" */
+499,    /* "personalSignature" */
-&(nid_objs[187]),/* "pkcs5" */
+487,    /* "personalTitle" */
-&(nid_objs[20]),/* "pkcs7" */
+464,    /* "photo" */
-&(nid_objs[21]),/* "pkcs7-data" */
+863,    /* "physicalDeliveryOfficeName" */
-&(nid_objs[25]),/* "pkcs7-digestData" */
+437,    /* "pilot" */
-&(nid_objs[26]),/* "pkcs7-encryptedData" */
+439,    /* "pilotAttributeSyntax" */
-&(nid_objs[23]),/* "pkcs7-envelopedData" */
+438,    /* "pilotAttributeType" */
-&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
+479,    /* "pilotAttributeType27" */
-&(nid_objs[22]),/* "pkcs7-signedData" */
+456,    /* "pilotDSA" */
-&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
+441,    /* "pilotGroups" */
-&(nid_objs[47]),/* "pkcs9" */
+444,    /* "pilotObject" */
-&(nid_objs[401]),/* "policyConstraints" */
+440,    /* "pilotObjectClass" */
-&(nid_objs[747]),/* "policyMappings" */
+455,    /* "pilotOrganization" */
-&(nid_objs[661]),/* "postalCode" */
+445,    /* "pilotPerson" */
-&(nid_objs[683]),/* "ppBasis" */
+ 2,     /* "pkcs" */
-&(nid_objs[816]),/* "prf-gostr3411-94" */
+186,    /* "pkcs1" */
-&(nid_objs[406]),/* "prime-field" */
+27,     /* "pkcs3" */
-&(nid_objs[409]),/* "prime192v1" */
+187,    /* "pkcs5" */
-&(nid_objs[410]),/* "prime192v2" */
+20,     /* "pkcs7" */
-&(nid_objs[411]),/* "prime192v3" */
+21,     /* "pkcs7-data" */
-&(nid_objs[412]),/* "prime239v1" */
+25,     /* "pkcs7-digestData" */
-&(nid_objs[413]),/* "prime239v2" */
+26,     /* "pkcs7-encryptedData" */
-&(nid_objs[414]),/* "prime239v3" */
+23,     /* "pkcs7-envelopedData" */
-&(nid_objs[415]),/* "prime256v1" */
+24,     /* "pkcs7-signedAndEnvelopedData" */
-&(nid_objs[385]),/* "private" */
+22,     /* "pkcs7-signedData" */
-&(nid_objs[84]),/* "privateKeyUsagePeriod" */
+151,    /* "pkcs8ShroudedKeyBag" */
-&(nid_objs[663]),/* "proxyCertInfo" */
+47,     /* "pkcs9" */
-&(nid_objs[510]),/* "pseudonym" */
+401,    /* "policyConstraints" */
-&(nid_objs[435]),/* "pss" */
+747,    /* "policyMappings" */
-&(nid_objs[286]),/* "qcStatements" */
+862,    /* "postOfficeBox" */
-&(nid_objs[457]),/* "qualityLabelledData" */
+861,    /* "postalAddress" */
-&(nid_objs[450]),/* "rFC822localPart" */
+661,    /* "postalCode" */
-&(nid_objs[400]),/* "role" */
+683,    /* "ppBasis" */
-&(nid_objs[448]),/* "room" */
+872,    /* "preferredDeliveryMethod" */
-&(nid_objs[463]),/* "roomNumber" */
+873,    /* "presentationAddress" */
-&(nid_objs[ 6]),/* "rsaEncryption" */
+816,    /* "prf-gostr3411-94" */
-&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */
+406,    /* "prime-field" */
-&(nid_objs[377]),/* "rsaSignature" */
+409,    /* "prime192v1" */
-&(nid_objs[ 1]),/* "rsadsi" */
+410,    /* "prime192v2" */
-&(nid_objs[482]),/* "sOARecord" */
+411,    /* "prime192v3" */
-&(nid_objs[155]),/* "safeContentsBag" */
+412,    /* "prime239v1" */
-&(nid_objs[291]),/* "sbgp-autonomousSysNum" */
+413,    /* "prime239v2" */
-&(nid_objs[290]),/* "sbgp-ipAddrBlock" */
+414,    /* "prime239v3" */
-&(nid_objs[292]),/* "sbgp-routerIdentifier" */
+415,    /* "prime256v1" */
-&(nid_objs[159]),/* "sdsiCertificate" */
+385,    /* "private" */
-&(nid_objs[704]),/* "secp112r1" */
+84,     /* "privateKeyUsagePeriod" */
-&(nid_objs[705]),/* "secp112r2" */
+886,    /* "protocolInformation" */
-&(nid_objs[706]),/* "secp128r1" */
+663,    /* "proxyCertInfo" */
-&(nid_objs[707]),/* "secp128r2" */
+510,    /* "pseudonym" */
-&(nid_objs[708]),/* "secp160k1" */
+435,    /* "pss" */
-&(nid_objs[709]),/* "secp160r1" */
+286,    /* "qcStatements" */
-&(nid_objs[710]),/* "secp160r2" */
+457,    /* "qualityLabelledData" */
-&(nid_objs[711]),/* "secp192k1" */
+450,    /* "rFC822localPart" */
-&(nid_objs[712]),/* "secp224k1" */
+870,    /* "registeredAddress" */
-&(nid_objs[713]),/* "secp224r1" */
+400,    /* "role" */
-&(nid_objs[714]),/* "secp256k1" */
+877,    /* "roleOccupant" */
-&(nid_objs[715]),/* "secp384r1" */
+448,    /* "room" */
-&(nid_objs[716]),/* "secp521r1" */
+463,    /* "roomNumber" */
-&(nid_objs[154]),/* "secretBag" */
+ 6,     /* "rsaEncryption" */
-&(nid_objs[474]),/* "secretary" */
+644,    /* "rsaOAEPEncryptionSET" */
-&(nid_objs[717]),/* "sect113r1" */
+377,    /* "rsaSignature" */
-&(nid_objs[718]),/* "sect113r2" */
+ 1,     /* "rsadsi" */
-&(nid_objs[719]),/* "sect131r1" */
+482,    /* "sOARecord" */
-&(nid_objs[720]),/* "sect131r2" */
+155,    /* "safeContentsBag" */
-&(nid_objs[721]),/* "sect163k1" */
+291,    /* "sbgp-autonomousSysNum" */
-&(nid_objs[722]),/* "sect163r1" */
+290,    /* "sbgp-ipAddrBlock" */
-&(nid_objs[723]),/* "sect163r2" */
+292,    /* "sbgp-routerIdentifier" */
-&(nid_objs[724]),/* "sect193r1" */
+159,    /* "sdsiCertificate" */
-&(nid_objs[725]),/* "sect193r2" */
+859,    /* "searchGuide" */
-&(nid_objs[726]),/* "sect233k1" */
+704,    /* "secp112r1" */
-&(nid_objs[727]),/* "sect233r1" */
+705,    /* "secp112r2" */
-&(nid_objs[728]),/* "sect239k1" */
+706,    /* "secp128r1" */
-&(nid_objs[729]),/* "sect283k1" */
+707,    /* "secp128r2" */
-&(nid_objs[730]),/* "sect283r1" */
+708,    /* "secp160k1" */
-&(nid_objs[731]),/* "sect409k1" */
+709,    /* "secp160r1" */
-&(nid_objs[732]),/* "sect409r1" */
+710,    /* "secp160r2" */
-&(nid_objs[733]),/* "sect571k1" */
+711,    /* "secp192k1" */
-&(nid_objs[734]),/* "sect571r1" */
+712,    /* "secp224k1" */
-&(nid_objs[386]),/* "security" */
+713,    /* "secp224r1" */
-&(nid_objs[394]),/* "selected-attribute-types" */
+714,    /* "secp256k1" */
-&(nid_objs[105]),/* "serialNumber" */
+715,    /* "secp384r1" */
-&(nid_objs[129]),/* "serverAuth" */
+716,    /* "secp521r1" */
-&(nid_objs[371]),/* "serviceLocator" */
+154,    /* "secretBag" */
-&(nid_objs[625]),/* "set-addPolicy" */
+474,    /* "secretary" */
-&(nid_objs[515]),/* "set-attr" */
+717,    /* "sect113r1" */
-&(nid_objs[518]),/* "set-brand" */
+718,    /* "sect113r2" */
-&(nid_objs[638]),/* "set-brand-AmericanExpress" */
+719,    /* "sect131r1" */
-&(nid_objs[637]),/* "set-brand-Diners" */
+720,    /* "sect131r2" */
-&(nid_objs[636]),/* "set-brand-IATA-ATA" */
+721,    /* "sect163k1" */
-&(nid_objs[639]),/* "set-brand-JCB" */
+722,    /* "sect163r1" */
-&(nid_objs[641]),/* "set-brand-MasterCard" */
+723,    /* "sect163r2" */
-&(nid_objs[642]),/* "set-brand-Novus" */
+724,    /* "sect193r1" */
-&(nid_objs[640]),/* "set-brand-Visa" */
+725,    /* "sect193r2" */
-&(nid_objs[517]),/* "set-certExt" */
+726,    /* "sect233k1" */
-&(nid_objs[513]),/* "set-ctype" */
+727,    /* "sect233r1" */
-&(nid_objs[514]),/* "set-msgExt" */
+728,    /* "sect239k1" */
-&(nid_objs[516]),/* "set-policy" */
+729,    /* "sect283k1" */
-&(nid_objs[607]),/* "set-policy-root" */
+730,    /* "sect283r1" */
-&(nid_objs[624]),/* "set-rootKeyThumb" */
+731,    /* "sect409k1" */
-&(nid_objs[620]),/* "setAttr-Cert" */
+732,    /* "sect409r1" */
-&(nid_objs[631]),/* "setAttr-GenCryptgrm" */
+733,    /* "sect571k1" */
-&(nid_objs[623]),/* "setAttr-IssCap" */
+734,    /* "sect571r1" */
-&(nid_objs[628]),/* "setAttr-IssCap-CVM" */
+386,    /* "security" */
-&(nid_objs[630]),/* "setAttr-IssCap-Sig" */
+878,    /* "seeAlso" */
-&(nid_objs[629]),/* "setAttr-IssCap-T2" */
+394,    /* "selected-attribute-types" */
-&(nid_objs[621]),/* "setAttr-PGWYcap" */
+105,    /* "serialNumber" */
-&(nid_objs[635]),/* "setAttr-SecDevSig" */
+129,    /* "serverAuth" */
-&(nid_objs[632]),/* "setAttr-T2Enc" */
+371,    /* "serviceLocator" */
-&(nid_objs[633]),/* "setAttr-T2cleartxt" */
+625,    /* "set-addPolicy" */
-&(nid_objs[634]),/* "setAttr-TokICCsig" */
+515,    /* "set-attr" */
-&(nid_objs[627]),/* "setAttr-Token-B0Prime" */
+518,    /* "set-brand" */
-&(nid_objs[626]),/* "setAttr-Token-EMV" */
+638,    /* "set-brand-AmericanExpress" */
-&(nid_objs[622]),/* "setAttr-TokenType" */
+637,    /* "set-brand-Diners" */
-&(nid_objs[619]),/* "setCext-IssuerCapabilities" */
+636,    /* "set-brand-IATA-ATA" */
-&(nid_objs[615]),/* "setCext-PGWYcapabilities" */
+639,    /* "set-brand-JCB" */
-&(nid_objs[616]),/* "setCext-TokenIdentifier" */
+641,    /* "set-brand-MasterCard" */
-&(nid_objs[618]),/* "setCext-TokenType" */
+642,    /* "set-brand-Novus" */
-&(nid_objs[617]),/* "setCext-Track2Data" */
+640,    /* "set-brand-Visa" */
-&(nid_objs[611]),/* "setCext-cCertRequired" */
+517,    /* "set-certExt" */
-&(nid_objs[609]),/* "setCext-certType" */
+513,    /* "set-ctype" */
-&(nid_objs[608]),/* "setCext-hashedRoot" */
+514,    /* "set-msgExt" */
-&(nid_objs[610]),/* "setCext-merchData" */
+516,    /* "set-policy" */
-&(nid_objs[613]),/* "setCext-setExt" */
+607,    /* "set-policy-root" */
-&(nid_objs[614]),/* "setCext-setQualf" */
+624,    /* "set-rootKeyThumb" */
-&(nid_objs[612]),/* "setCext-tunneling" */
+620,    /* "setAttr-Cert" */
-&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */
+631,    /* "setAttr-GenCryptgrm" */
-&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */
+623,    /* "setAttr-IssCap" */
-&(nid_objs[570]),/* "setct-AuthReqTBE" */
+628,    /* "setAttr-IssCap-CVM" */
-&(nid_objs[534]),/* "setct-AuthReqTBS" */
+630,    /* "setAttr-IssCap-Sig" */
-&(nid_objs[527]),/* "setct-AuthResBaggage" */
+629,    /* "setAttr-IssCap-T2" */
-&(nid_objs[571]),/* "setct-AuthResTBE" */
+621,    /* "setAttr-PGWYcap" */
-&(nid_objs[572]),/* "setct-AuthResTBEX" */
+635,    /* "setAttr-SecDevSig" */
-&(nid_objs[535]),/* "setct-AuthResTBS" */
+632,    /* "setAttr-T2Enc" */
-&(nid_objs[536]),/* "setct-AuthResTBSX" */
+633,    /* "setAttr-T2cleartxt" */
-&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */
+634,    /* "setAttr-TokICCsig" */
-&(nid_objs[577]),/* "setct-AuthRevReqTBE" */
+627,    /* "setAttr-Token-B0Prime" */
-&(nid_objs[541]),/* "setct-AuthRevReqTBS" */
+626,    /* "setAttr-Token-EMV" */
-&(nid_objs[529]),/* "setct-AuthRevResBaggage" */
+622,    /* "setAttr-TokenType" */
-&(nid_objs[542]),/* "setct-AuthRevResData" */
+619,    /* "setCext-IssuerCapabilities" */
-&(nid_objs[578]),/* "setct-AuthRevResTBE" */
+615,    /* "setCext-PGWYcapabilities" */
-&(nid_objs[579]),/* "setct-AuthRevResTBEB" */
+616,    /* "setCext-TokenIdentifier" */
-&(nid_objs[543]),/* "setct-AuthRevResTBS" */
+618,    /* "setCext-TokenType" */
-&(nid_objs[573]),/* "setct-AuthTokenTBE" */
+617,    /* "setCext-Track2Data" */
-&(nid_objs[537]),/* "setct-AuthTokenTBS" */
+611,    /* "setCext-cCertRequired" */
-&(nid_objs[600]),/* "setct-BCIDistributionTBS" */
+609,    /* "setCext-certType" */
-&(nid_objs[558]),/* "setct-BatchAdminReqData" */
+608,    /* "setCext-hashedRoot" */
-&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */
+610,    /* "setCext-merchData" */
-&(nid_objs[559]),/* "setct-BatchAdminResData" */
+613,    /* "setCext-setExt" */
-&(nid_objs[593]),/* "setct-BatchAdminResTBE" */
+614,    /* "setCext-setQualf" */
-&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */
+612,    /* "setCext-tunneling" */
-&(nid_objs[598]),/* "setct-CRLNotificationTBS" */
+540,    /* "setct-AcqCardCodeMsg" */
-&(nid_objs[580]),/* "setct-CapReqTBE" */
+576,    /* "setct-AcqCardCodeMsgTBE" */
-&(nid_objs[581]),/* "setct-CapReqTBEX" */
+570,    /* "setct-AuthReqTBE" */
-&(nid_objs[544]),/* "setct-CapReqTBS" */
+534,    /* "setct-AuthReqTBS" */
-&(nid_objs[545]),/* "setct-CapReqTBSX" */
+527,    /* "setct-AuthResBaggage" */
-&(nid_objs[546]),/* "setct-CapResData" */
+571,    /* "setct-AuthResTBE" */
-&(nid_objs[582]),/* "setct-CapResTBE" */
+572,    /* "setct-AuthResTBEX" */
-&(nid_objs[583]),/* "setct-CapRevReqTBE" */
+535,    /* "setct-AuthResTBS" */
-&(nid_objs[584]),/* "setct-CapRevReqTBEX" */
+536,    /* "setct-AuthResTBSX" */
-&(nid_objs[547]),/* "setct-CapRevReqTBS" */
+528,    /* "setct-AuthRevReqBaggage" */
-&(nid_objs[548]),/* "setct-CapRevReqTBSX" */
+577,    /* "setct-AuthRevReqTBE" */
-&(nid_objs[549]),/* "setct-CapRevResData" */
+541,    /* "setct-AuthRevReqTBS" */
-&(nid_objs[585]),/* "setct-CapRevResTBE" */
+529,    /* "setct-AuthRevResBaggage" */
-&(nid_objs[538]),/* "setct-CapTokenData" */
+542,    /* "setct-AuthRevResData" */
-&(nid_objs[530]),/* "setct-CapTokenSeq" */
+578,    /* "setct-AuthRevResTBE" */
-&(nid_objs[574]),/* "setct-CapTokenTBE" */
+579,    /* "setct-AuthRevResTBEB" */
-&(nid_objs[575]),/* "setct-CapTokenTBEX" */
+543,    /* "setct-AuthRevResTBS" */
-&(nid_objs[539]),/* "setct-CapTokenTBS" */
+573,    /* "setct-AuthTokenTBE" */
-&(nid_objs[560]),/* "setct-CardCInitResTBS" */
+537,    /* "setct-AuthTokenTBS" */
-&(nid_objs[566]),/* "setct-CertInqReqTBS" */
+600,    /* "setct-BCIDistributionTBS" */
-&(nid_objs[563]),/* "setct-CertReqData" */
+558,    /* "setct-BatchAdminReqData" */
-&(nid_objs[595]),/* "setct-CertReqTBE" */
+592,    /* "setct-BatchAdminReqTBE" */
-&(nid_objs[596]),/* "setct-CertReqTBEX" */
+559,    /* "setct-BatchAdminResData" */
-&(nid_objs[564]),/* "setct-CertReqTBS" */
+593,    /* "setct-BatchAdminResTBE" */
-&(nid_objs[565]),/* "setct-CertResData" */
+599,    /* "setct-CRLNotificationResTBS" */
-&(nid_objs[597]),/* "setct-CertResTBE" */
+598,    /* "setct-CRLNotificationTBS" */
-&(nid_objs[586]),/* "setct-CredReqTBE" */
+580,    /* "setct-CapReqTBE" */
-&(nid_objs[587]),/* "setct-CredReqTBEX" */
+581,    /* "setct-CapReqTBEX" */
-&(nid_objs[550]),/* "setct-CredReqTBS" */
+544,    /* "setct-CapReqTBS" */
-&(nid_objs[551]),/* "setct-CredReqTBSX" */
+545,    /* "setct-CapReqTBSX" */
-&(nid_objs[552]),/* "setct-CredResData" */
+546,    /* "setct-CapResData" */
-&(nid_objs[588]),/* "setct-CredResTBE" */
+582,    /* "setct-CapResTBE" */
-&(nid_objs[589]),/* "setct-CredRevReqTBE" */
+583,    /* "setct-CapRevReqTBE" */
-&(nid_objs[590]),/* "setct-CredRevReqTBEX" */
+584,    /* "setct-CapRevReqTBEX" */
-&(nid_objs[553]),/* "setct-CredRevReqTBS" */
+547,    /* "setct-CapRevReqTBS" */
-&(nid_objs[554]),/* "setct-CredRevReqTBSX" */
+548,    /* "setct-CapRevReqTBSX" */
-&(nid_objs[555]),/* "setct-CredRevResData" */
+549,    /* "setct-CapRevResData" */
-&(nid_objs[591]),/* "setct-CredRevResTBE" */
+585,    /* "setct-CapRevResTBE" */
-&(nid_objs[567]),/* "setct-ErrorTBS" */
+538,    /* "setct-CapTokenData" */
-&(nid_objs[526]),/* "setct-HODInput" */
+530,    /* "setct-CapTokenSeq" */
-&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */
+574,    /* "setct-CapTokenTBE" */
-&(nid_objs[522]),/* "setct-OIData" */
+575,    /* "setct-CapTokenTBEX" */
-&(nid_objs[519]),/* "setct-PANData" */
+539,    /* "setct-CapTokenTBS" */
-&(nid_objs[521]),/* "setct-PANOnly" */
+560,    /* "setct-CardCInitResTBS" */
-&(nid_objs[520]),/* "setct-PANToken" */
+566,    /* "setct-CertInqReqTBS" */
-&(nid_objs[556]),/* "setct-PCertReqData" */
+563,    /* "setct-CertReqData" */
-&(nid_objs[557]),/* "setct-PCertResTBS" */
+595,    /* "setct-CertReqTBE" */
-&(nid_objs[523]),/* "setct-PI" */
+596,    /* "setct-CertReqTBEX" */
-&(nid_objs[532]),/* "setct-PI-TBS" */
+564,    /* "setct-CertReqTBS" */
-&(nid_objs[524]),/* "setct-PIData" */
+565,    /* "setct-CertResData" */
-&(nid_objs[525]),/* "setct-PIDataUnsigned" */
+597,    /* "setct-CertResTBE" */
-&(nid_objs[568]),/* "setct-PIDualSignedTBE" */
+586,    /* "setct-CredReqTBE" */
-&(nid_objs[569]),/* "setct-PIUnsignedTBE" */
+587,    /* "setct-CredReqTBEX" */
-&(nid_objs[531]),/* "setct-PInitResData" */
+550,    /* "setct-CredReqTBS" */
-&(nid_objs[533]),/* "setct-PResData" */
+551,    /* "setct-CredReqTBSX" */
-&(nid_objs[594]),/* "setct-RegFormReqTBE" */
+552,    /* "setct-CredResData" */
-&(nid_objs[562]),/* "setct-RegFormResTBS" */
+588,    /* "setct-CredResTBE" */
-&(nid_objs[606]),/* "setext-cv" */
+589,    /* "setct-CredRevReqTBE" */
-&(nid_objs[601]),/* "setext-genCrypt" */
+590,    /* "setct-CredRevReqTBEX" */
-&(nid_objs[602]),/* "setext-miAuth" */
+553,    /* "setct-CredRevReqTBS" */
-&(nid_objs[604]),/* "setext-pinAny" */
+554,    /* "setct-CredRevReqTBSX" */
-&(nid_objs[603]),/* "setext-pinSecure" */
+555,    /* "setct-CredRevResData" */
-&(nid_objs[605]),/* "setext-track2" */
+591,    /* "setct-CredRevResTBE" */
-&(nid_objs[52]),/* "signingTime" */
+567,    /* "setct-ErrorTBS" */
-&(nid_objs[454]),/* "simpleSecurityObject" */
+526,    /* "setct-HODInput" */
-&(nid_objs[496]),/* "singleLevelQuality" */
+561,    /* "setct-MeAqCInitResTBS" */
-&(nid_objs[387]),/* "snmpv2" */
+522,    /* "setct-OIData" */
-&(nid_objs[660]),/* "streetAddress" */
+519,    /* "setct-PANData" */
-&(nid_objs[85]),/* "subjectAltName" */
+521,    /* "setct-PANOnly" */
-&(nid_objs[769]),/* "subjectDirectoryAttributes" */
+520,    /* "setct-PANToken" */
-&(nid_objs[398]),/* "subjectInfoAccess" */
+556,    /* "setct-PCertReqData" */
-&(nid_objs[82]),/* "subjectKeyIdentifier" */
+557,    /* "setct-PCertResTBS" */
-&(nid_objs[498]),/* "subtreeMaximumQuality" */
+523,    /* "setct-PI" */
-&(nid_objs[497]),/* "subtreeMinimumQuality" */
+532,    /* "setct-PI-TBS" */
-&(nid_objs[402]),/* "targetInformation" */
+524,    /* "setct-PIData" */
-&(nid_objs[459]),/* "textEncodedORAddress" */
+525,    /* "setct-PIDataUnsigned" */
-&(nid_objs[293]),/* "textNotice" */
+568,    /* "setct-PIDualSignedTBE" */
-&(nid_objs[133]),/* "timeStamping" */
+569,    /* "setct-PIUnsignedTBE" */
-&(nid_objs[106]),/* "title" */
+531,    /* "setct-PInitResData" */
-&(nid_objs[682]),/* "tpBasis" */
+533,    /* "setct-PResData" */
-&(nid_objs[375]),/* "trustRoot" */
+594,    /* "setct-RegFormReqTBE" */
-&(nid_objs[436]),/* "ucl" */
+562,    /* "setct-RegFormResTBS" */
-&(nid_objs[55]),/* "unstructuredAddress" */
+606,    /* "setext-cv" */
-&(nid_objs[49]),/* "unstructuredName" */
+601,    /* "setext-genCrypt" */
-&(nid_objs[465]),/* "userClass" */
+602,    /* "setext-miAuth" */
-&(nid_objs[373]),/* "valid" */
+604,    /* "setext-pinAny" */
-&(nid_objs[678]),/* "wap" */
+603,    /* "setext-pinSecure" */
-&(nid_objs[679]),/* "wap-wsg" */
+605,    /* "setext-track2" */
-&(nid_objs[735]),/* "wap-wsg-idm-ecid-wtls1" */
+52,     /* "signingTime" */
-&(nid_objs[743]),/* "wap-wsg-idm-ecid-wtls10" */
+454,    /* "simpleSecurityObject" */
-&(nid_objs[744]),/* "wap-wsg-idm-ecid-wtls11" */
+496,    /* "singleLevelQuality" */
-&(nid_objs[745]),/* "wap-wsg-idm-ecid-wtls12" */
+387,    /* "snmpv2" */
-&(nid_objs[736]),/* "wap-wsg-idm-ecid-wtls3" */
+660,    /* "street" */
-&(nid_objs[737]),/* "wap-wsg-idm-ecid-wtls4" */
+85,     /* "subjectAltName" */
-&(nid_objs[738]),/* "wap-wsg-idm-ecid-wtls5" */
+769,    /* "subjectDirectoryAttributes" */
-&(nid_objs[739]),/* "wap-wsg-idm-ecid-wtls6" */
+398,    /* "subjectInfoAccess" */
-&(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */
+82,     /* "subjectKeyIdentifier" */
-&(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */
+498,    /* "subtreeMaximumQuality" */
-&(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */
+497,    /* "subtreeMinimumQuality" */
-&(nid_objs[804]),/* "whirlpool" */
+890,    /* "supportedAlgorithms" */
-&(nid_objs[503]),/* "x500UniqueIdentifier" */
+874,    /* "supportedApplicationContext" */
-&(nid_objs[158]),/* "x509Certificate" */
+402,    /* "targetInformation" */
-&(nid_objs[160]),/* "x509Crl" */
+864,    /* "telephoneNumber" */
+866,    /* "teletexTerminalIdentifier" */
+865,    /* "telexNumber" */
+459,    /* "textEncodedORAddress" */
+293,    /* "textNotice" */
+133,    /* "timeStamping" */
+106,    /* "title" */
+682,    /* "tpBasis" */
+375,    /* "trustRoot" */
+436,    /* "ucl" */
+888,    /* "uniqueMember" */
+55,     /* "unstructuredAddress" */
+49,     /* "unstructuredName" */
+880,    /* "userCertificate" */
+465,    /* "userClass" */
+879,    /* "userPassword" */
+373,    /* "valid" */
+678,    /* "wap" */
+679,    /* "wap-wsg" */
+735,    /* "wap-wsg-idm-ecid-wtls1" */
+743,    /* "wap-wsg-idm-ecid-wtls10" */
+744,    /* "wap-wsg-idm-ecid-wtls11" */
+745,    /* "wap-wsg-idm-ecid-wtls12" */
+736,    /* "wap-wsg-idm-ecid-wtls3" */
+737,    /* "wap-wsg-idm-ecid-wtls4" */
+738,    /* "wap-wsg-idm-ecid-wtls5" */
+739,    /* "wap-wsg-idm-ecid-wtls6" */
+740,    /* "wap-wsg-idm-ecid-wtls7" */
+741,    /* "wap-wsg-idm-ecid-wtls8" */
+742,    /* "wap-wsg-idm-ecid-wtls9" */
+804,    /* "whirlpool" */
+868,    /* "x121Address" */
+503,    /* "x500UniqueIdentifier" */
+158,    /* "x509Certificate" */
+160,    /* "x509Crl" */
 };
-static ASN1_OBJECT *ln_objs[NUM_LN]={
+static const unsigned int ln_objs[NUM_LN]={
-&(nid_objs[363]),/* "AD Time Stamping" */
+363,    /* "AD Time Stamping" */
-&(nid_objs[405]),/* "ANSI X9.62" */
+405,    /* "ANSI X9.62" */
-&(nid_objs[368]),/* "Acceptable OCSP Responses" */
+368,    /* "Acceptable OCSP Responses" */
-&(nid_objs[664]),/* "Any language" */
+664,    /* "Any language" */
-&(nid_objs[177]),/* "Authority Information Access" */
+177,    /* "Authority Information Access" */
-&(nid_objs[365]),/* "Basic OCSP Response" */
+365,    /* "Basic OCSP Response" */
-&(nid_objs[285]),/* "Biometric Info" */
+285,    /* "Biometric Info" */
-&(nid_objs[179]),/* "CA Issuers" */
+179,    /* "CA Issuers" */
-&(nid_objs[785]),/* "CA Repository" */
+785,    /* "CA Repository" */
-&(nid_objs[131]),/* "Code Signing" */
+131,    /* "Code Signing" */
-&(nid_objs[783]),/* "Diffie-Hellman based MAC" */
+783,    /* "Diffie-Hellman based MAC" */
-&(nid_objs[382]),/* "Directory" */
+382,    /* "Directory" */
-&(nid_objs[392]),/* "Domain" */
+392,    /* "Domain" */
-&(nid_objs[132]),/* "E-mail Protection" */
+132,    /* "E-mail Protection" */
-&(nid_objs[389]),/* "Enterprises" */
+389,    /* "Enterprises" */
-&(nid_objs[384]),/* "Experimental" */
+384,    /* "Experimental" */
-&(nid_objs[372]),/* "Extended OCSP Status" */
+372,    /* "Extended OCSP Status" */
-&(nid_objs[172]),/* "Extension Request" */
+172,    /* "Extension Request" */
-&(nid_objs[813]),/* "GOST 28147-89" */
+813,    /* "GOST 28147-89" */
-&(nid_objs[849]),/* "GOST 28147-89 Cryptocom ParamSet" */
+849,    /* "GOST 28147-89 Cryptocom ParamSet" */
-&(nid_objs[815]),/* "GOST 28147-89 MAC" */
+815,    /* "GOST 28147-89 MAC" */
-&(nid_objs[851]),/* "GOST 34.10-2001 Cryptocom" */
+851,    /* "GOST 34.10-2001 Cryptocom" */
-&(nid_objs[850]),/* "GOST 34.10-94 Cryptocom" */
+850,    /* "GOST 34.10-94 Cryptocom" */
-&(nid_objs[811]),/* "GOST R 34.10-2001" */
+811,    /* "GOST R 34.10-2001" */
-&(nid_objs[817]),/* "GOST R 34.10-2001 DH" */
+817,    /* "GOST R 34.10-2001 DH" */
-&(nid_objs[812]),/* "GOST R 34.10-94" */
+812,    /* "GOST R 34.10-94" */
-&(nid_objs[818]),/* "GOST R 34.10-94 DH" */
+818,    /* "GOST R 34.10-94 DH" */
-&(nid_objs[809]),/* "GOST R 34.11-94" */
+809,    /* "GOST R 34.11-94" */
-&(nid_objs[816]),/* "GOST R 34.11-94 PRF" */
+816,    /* "GOST R 34.11-94 PRF" */
-&(nid_objs[807]),/* "GOST R 34.11-94 with GOST R 34.10-2001" */
+807,    /* "GOST R 34.11-94 with GOST R 34.10-2001" */
-&(nid_objs[853]),/* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */
+853,    /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */
-&(nid_objs[808]),/* "GOST R 34.11-94 with GOST R 34.10-94" */
+808,    /* "GOST R 34.11-94 with GOST R 34.10-94" */
-&(nid_objs[852]),/* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
+852,    /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
-&(nid_objs[854]),/* "GOST R 3410-2001 Parameter Set Cryptocom" */
+854,    /* "GOST R 3410-2001 Parameter Set Cryptocom" */
-&(nid_objs[810]),/* "HMAC GOST 34.11-94" */
+810,    /* "HMAC GOST 34.11-94" */
-&(nid_objs[432]),/* "Hold Instruction Call Issuer" */
+432,    /* "Hold Instruction Call Issuer" */
-&(nid_objs[430]),/* "Hold Instruction Code" */
+430,    /* "Hold Instruction Code" */
-&(nid_objs[431]),/* "Hold Instruction None" */
+431,    /* "Hold Instruction None" */
-&(nid_objs[433]),/* "Hold Instruction Reject" */
+433,    /* "Hold Instruction Reject" */
-&(nid_objs[634]),/* "ICC or token signature" */
+634,    /* "ICC or token signature" */
-&(nid_objs[294]),/* "IPSec End System" */
+294,    /* "IPSec End System" */
-&(nid_objs[295]),/* "IPSec Tunnel" */
+295,    /* "IPSec Tunnel" */
-&(nid_objs[296]),/* "IPSec User" */
+296,    /* "IPSec User" */
-&(nid_objs[182]),/* "ISO Member Body" */
+182,    /* "ISO Member Body" */
-&(nid_objs[183]),/* "ISO US Member Body" */
+183,    /* "ISO US Member Body" */
-&(nid_objs[667]),/* "Independent" */
+667,    /* "Independent" */
-&(nid_objs[665]),/* "Inherit all" */
+665,    /* "Inherit all" */
-&(nid_objs[647]),/* "International Organizations" */
+647,    /* "International Organizations" */
-&(nid_objs[142]),/* "Invalidity Date" */
+142,    /* "Invalidity Date" */
-&(nid_objs[504]),/* "MIME MHS" */
+504,    /* "MIME MHS" */
-&(nid_objs[388]),/* "Mail" */
+388,    /* "Mail" */
-&(nid_objs[383]),/* "Management" */
+383,    /* "Management" */
-&(nid_objs[417]),/* "Microsoft CSP Name" */
+417,    /* "Microsoft CSP Name" */
-&(nid_objs[135]),/* "Microsoft Commercial Code Signing" */
+135,    /* "Microsoft Commercial Code Signing" */
-&(nid_objs[138]),/* "Microsoft Encrypted File System" */
+138,    /* "Microsoft Encrypted File System" */
-&(nid_objs[171]),/* "Microsoft Extension Request" */
+171,    /* "Microsoft Extension Request" */
-&(nid_objs[134]),/* "Microsoft Individual Code Signing" */
+134,    /* "Microsoft Individual Code Signing" */
-&(nid_objs[856]),/* "Microsoft Local Key set" */
+856,    /* "Microsoft Local Key set" */
-&(nid_objs[137]),/* "Microsoft Server Gated Crypto" */
+137,    /* "Microsoft Server Gated Crypto" */
-&(nid_objs[648]),/* "Microsoft Smartcardlogin" */
+648,    /* "Microsoft Smartcardlogin" */
-&(nid_objs[136]),/* "Microsoft Trust List Signing" */
+136,    /* "Microsoft Trust List Signing" */
-&(nid_objs[649]),/* "Microsoft Universal Principal Name" */
+649,    /* "Microsoft Universal Principal Name" */
-&(nid_objs[393]),/* "NULL" */
+393,    /* "NULL" */
-&(nid_objs[404]),/* "NULL" */
+404,    /* "NULL" */
-&(nid_objs[72]),/* "Netscape Base Url" */
+72,     /* "Netscape Base Url" */
-&(nid_objs[76]),/* "Netscape CA Policy Url" */
+76,     /* "Netscape CA Policy Url" */
-&(nid_objs[74]),/* "Netscape CA Revocation Url" */
+74,     /* "Netscape CA Revocation Url" */
-&(nid_objs[71]),/* "Netscape Cert Type" */
+71,     /* "Netscape Cert Type" */
-&(nid_objs[58]),/* "Netscape Certificate Extension" */
+58,     /* "Netscape Certificate Extension" */
-&(nid_objs[79]),/* "Netscape Certificate Sequence" */
+79,     /* "Netscape Certificate Sequence" */
-&(nid_objs[78]),/* "Netscape Comment" */
+78,     /* "Netscape Comment" */
-&(nid_objs[57]),/* "Netscape Communications Corp." */
+57,     /* "Netscape Communications Corp." */
-&(nid_objs[59]),/* "Netscape Data Type" */
+59,     /* "Netscape Data Type" */
-&(nid_objs[75]),/* "Netscape Renewal Url" */
+75,     /* "Netscape Renewal Url" */
-&(nid_objs[73]),/* "Netscape Revocation Url" */
+73,     /* "Netscape Revocation Url" */
-&(nid_objs[77]),/* "Netscape SSL Server Name" */
+77,     /* "Netscape SSL Server Name" */
-&(nid_objs[139]),/* "Netscape Server Gated Crypto" */
+139,    /* "Netscape Server Gated Crypto" */
-&(nid_objs[178]),/* "OCSP" */
+178,    /* "OCSP" */
-&(nid_objs[370]),/* "OCSP Archive Cutoff" */
+370,    /* "OCSP Archive Cutoff" */
-&(nid_objs[367]),/* "OCSP CRL ID" */
+367,    /* "OCSP CRL ID" */
-&(nid_objs[369]),/* "OCSP No Check" */
+369,    /* "OCSP No Check" */
-&(nid_objs[366]),/* "OCSP Nonce" */
+366,    /* "OCSP Nonce" */
-&(nid_objs[371]),/* "OCSP Service Locator" */
+371,    /* "OCSP Service Locator" */
-&(nid_objs[180]),/* "OCSP Signing" */
+180,    /* "OCSP Signing" */
-&(nid_objs[161]),/* "PBES2" */
+161,    /* "PBES2" */
-&(nid_objs[69]),/* "PBKDF2" */
+69,     /* "PBKDF2" */
-&(nid_objs[162]),/* "PBMAC1" */
+162,    /* "PBMAC1" */
-&(nid_objs[127]),/* "PKIX" */
+127,    /* "PKIX" */
-&(nid_objs[858]),/* "Permanent Identifier" */
+858,    /* "Permanent Identifier" */
-&(nid_objs[164]),/* "Policy Qualifier CPS" */
+164,    /* "Policy Qualifier CPS" */
-&(nid_objs[165]),/* "Policy Qualifier User Notice" */
+165,    /* "Policy Qualifier User Notice" */
-&(nid_objs[385]),/* "Private" */
+385,    /* "Private" */
-&(nid_objs[663]),/* "Proxy Certificate Information" */
+663,    /* "Proxy Certificate Information" */
-&(nid_objs[ 1]),/* "RSA Data Security, Inc." */
+ 1,     /* "RSA Data Security, Inc." */
-&(nid_objs[ 2]),/* "RSA Data Security, Inc. PKCS" */
+ 2,     /* "RSA Data Security, Inc. PKCS" */
-&(nid_objs[188]),/* "S/MIME" */
+188,    /* "S/MIME" */
-&(nid_objs[167]),/* "S/MIME Capabilities" */
+167,    /* "S/MIME Capabilities" */
-&(nid_objs[387]),/* "SNMPv2" */
+387,    /* "SNMPv2" */
-&(nid_objs[512]),/* "Secure Electronic Transactions" */
+512,    /* "Secure Electronic Transactions" */
-&(nid_objs[386]),/* "Security" */
+386,    /* "Security" */
-&(nid_objs[394]),/* "Selected Attribute Types" */
+394,    /* "Selected Attribute Types" */
-&(nid_objs[143]),/* "Strong Extranet ID" */
+143,    /* "Strong Extranet ID" */
-&(nid_objs[398]),/* "Subject Information Access" */
+398,    /* "Subject Information Access" */
-&(nid_objs[130]),/* "TLS Web Client Authentication" */
+130,    /* "TLS Web Client Authentication" */
-&(nid_objs[129]),/* "TLS Web Server Authentication" */
+129,    /* "TLS Web Server Authentication" */
-&(nid_objs[133]),/* "Time Stamping" */
+133,    /* "Time Stamping" */
-&(nid_objs[375]),/* "Trust Root" */
+375,    /* "Trust Root" */
-&(nid_objs[12]),/* "X509" */
+12,     /* "X509" */
-&(nid_objs[402]),/* "X509v3 AC Targeting" */
+402,    /* "X509v3 AC Targeting" */
-&(nid_objs[746]),/* "X509v3 Any Policy" */
+746,    /* "X509v3 Any Policy" */
-&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
+90,     /* "X509v3 Authority Key Identifier" */
-&(nid_objs[87]),/* "X509v3 Basic Constraints" */
+87,     /* "X509v3 Basic Constraints" */
-&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
+103,    /* "X509v3 CRL Distribution Points" */
-&(nid_objs[88]),/* "X509v3 CRL Number" */
+88,     /* "X509v3 CRL Number" */
-&(nid_objs[141]),/* "X509v3 CRL Reason Code" */
+141,    /* "X509v3 CRL Reason Code" */
-&(nid_objs[771]),/* "X509v3 Certificate Issuer" */
+771,    /* "X509v3 Certificate Issuer" */
-&(nid_objs[89]),/* "X509v3 Certificate Policies" */
+89,     /* "X509v3 Certificate Policies" */
-&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */
+140,    /* "X509v3 Delta CRL Indicator" */
-&(nid_objs[126]),/* "X509v3 Extended Key Usage" */
+126,    /* "X509v3 Extended Key Usage" */
-&(nid_objs[857]),/* "X509v3 Freshest CRL" */
+857,    /* "X509v3 Freshest CRL" */
-&(nid_objs[748]),/* "X509v3 Inhibit Any Policy" */
+748,    /* "X509v3 Inhibit Any Policy" */
-&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
+86,     /* "X509v3 Issuer Alternative Name" */
-&(nid_objs[770]),/* "X509v3 Issuing Distrubution Point" */
+770,    /* "X509v3 Issuing Distrubution Point" */
-&(nid_objs[83]),/* "X509v3 Key Usage" */
+83,     /* "X509v3 Key Usage" */
-&(nid_objs[666]),/* "X509v3 Name Constraints" */
+666,    /* "X509v3 Name Constraints" */
-&(nid_objs[403]),/* "X509v3 No Revocation Available" */
+403,    /* "X509v3 No Revocation Available" */
-&(nid_objs[401]),/* "X509v3 Policy Constraints" */
+401,    /* "X509v3 Policy Constraints" */
-&(nid_objs[747]),/* "X509v3 Policy Mappings" */
+747,    /* "X509v3 Policy Mappings" */
-&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
+84,     /* "X509v3 Private Key Usage Period" */
-&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */
+85,     /* "X509v3 Subject Alternative Name" */
-&(nid_objs[769]),/* "X509v3 Subject Directory Attributes" */
+769,    /* "X509v3 Subject Directory Attributes" */
-&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
+82,     /* "X509v3 Subject Key Identifier" */
-&(nid_objs[184]),/* "X9.57" */
+184,    /* "X9.57" */
-&(nid_objs[185]),/* "X9.57 CM ?" */
+185,    /* "X9.57 CM ?" */
-&(nid_objs[478]),/* "aRecord" */
+478,    /* "aRecord" */
-&(nid_objs[289]),/* "aaControls" */
+289,    /* "aaControls" */
-&(nid_objs[287]),/* "ac-auditEntity" */
+287,    /* "ac-auditEntity" */
-&(nid_objs[397]),/* "ac-proxying" */
+397,    /* "ac-proxying" */
-&(nid_objs[288]),/* "ac-targeting" */
+288,    /* "ac-targeting" */
-&(nid_objs[446]),/* "account" */
+446,    /* "account" */
-&(nid_objs[364]),/* "ad dvcs" */
+364,    /* "ad dvcs" */
-&(nid_objs[606]),/* "additional verification" */
+606,    /* "additional verification" */
-&(nid_objs[419]),/* "aes-128-cbc" */
+419,    /* "aes-128-cbc" */
-&(nid_objs[421]),/* "aes-128-cfb" */
+421,    /* "aes-128-cfb" */
-&(nid_objs[650]),/* "aes-128-cfb1" */
+650,    /* "aes-128-cfb1" */
-&(nid_objs[653]),/* "aes-128-cfb8" */
+653,    /* "aes-128-cfb8" */
-&(nid_objs[418]),/* "aes-128-ecb" */
+418,    /* "aes-128-ecb" */
-&(nid_objs[420]),/* "aes-128-ofb" */
+420,    /* "aes-128-ofb" */
-&(nid_objs[423]),/* "aes-192-cbc" */
+423,    /* "aes-192-cbc" */
-&(nid_objs[425]),/* "aes-192-cfb" */
+425,    /* "aes-192-cfb" */
-&(nid_objs[651]),/* "aes-192-cfb1" */
+651,    /* "aes-192-cfb1" */
-&(nid_objs[654]),/* "aes-192-cfb8" */
+654,    /* "aes-192-cfb8" */
-&(nid_objs[422]),/* "aes-192-ecb" */
+422,    /* "aes-192-ecb" */
-&(nid_objs[424]),/* "aes-192-ofb" */
+424,    /* "aes-192-ofb" */
-&(nid_objs[427]),/* "aes-256-cbc" */
+427,    /* "aes-256-cbc" */
-&(nid_objs[429]),/* "aes-256-cfb" */
+429,    /* "aes-256-cfb" */
-&(nid_objs[652]),/* "aes-256-cfb1" */
+652,    /* "aes-256-cfb1" */
-&(nid_objs[655]),/* "aes-256-cfb8" */
+655,    /* "aes-256-cfb8" */
-&(nid_objs[426]),/* "aes-256-ecb" */
+426,    /* "aes-256-ecb" */
-&(nid_objs[428]),/* "aes-256-ofb" */
+428,    /* "aes-256-ofb" */
-&(nid_objs[376]),/* "algorithm" */
+376,    /* "algorithm" */
-&(nid_objs[484]),/* "associatedDomain" */
+484,    /* "associatedDomain" */
-&(nid_objs[485]),/* "associatedName" */
+485,    /* "associatedName" */
-&(nid_objs[501]),/* "audio" */
+501,    /* "audio" */
-&(nid_objs[91]),/* "bf-cbc" */
+882,    /* "authorityRevocationList" */
-&(nid_objs[93]),/* "bf-cfb" */
+91,     /* "bf-cbc" */
-&(nid_objs[92]),/* "bf-ecb" */
+93,     /* "bf-cfb" */
-&(nid_objs[94]),/* "bf-ofb" */
+92,     /* "bf-ecb" */
-&(nid_objs[494]),/* "buildingName" */
+94,     /* "bf-ofb" */
-&(nid_objs[691]),/* "c2onb191v4" */
+494,    /* "buildingName" */
-&(nid_objs[692]),/* "c2onb191v5" */
+860,    /* "businessCategory" */
-&(nid_objs[697]),/* "c2onb239v4" */
+691,    /* "c2onb191v4" */
-&(nid_objs[698]),/* "c2onb239v5" */
+692,    /* "c2onb191v5" */
-&(nid_objs[684]),/* "c2pnb163v1" */
+697,    /* "c2onb239v4" */
-&(nid_objs[685]),/* "c2pnb163v2" */
+698,    /* "c2onb239v5" */
-&(nid_objs[686]),/* "c2pnb163v3" */
+684,    /* "c2pnb163v1" */
-&(nid_objs[687]),/* "c2pnb176v1" */
+685,    /* "c2pnb163v2" */
-&(nid_objs[693]),/* "c2pnb208w1" */
+686,    /* "c2pnb163v3" */
-&(nid_objs[699]),/* "c2pnb272w1" */
+687,    /* "c2pnb176v1" */
-&(nid_objs[700]),/* "c2pnb304w1" */
+693,    /* "c2pnb208w1" */
-&(nid_objs[702]),/* "c2pnb368w1" */
+699,    /* "c2pnb272w1" */
-&(nid_objs[688]),/* "c2tnb191v1" */
+700,    /* "c2pnb304w1" */
-&(nid_objs[689]),/* "c2tnb191v2" */
+702,    /* "c2pnb368w1" */
-&(nid_objs[690]),/* "c2tnb191v3" */
+688,    /* "c2tnb191v1" */
-&(nid_objs[694]),/* "c2tnb239v1" */
+689,    /* "c2tnb191v2" */
-&(nid_objs[695]),/* "c2tnb239v2" */
+690,    /* "c2tnb191v3" */
-&(nid_objs[696]),/* "c2tnb239v3" */
+694,    /* "c2tnb239v1" */
-&(nid_objs[701]),/* "c2tnb359v1" */
+695,    /* "c2tnb239v2" */
-&(nid_objs[703]),/* "c2tnb431r1" */
+696,    /* "c2tnb239v3" */
-&(nid_objs[483]),/* "cNAMERecord" */
+701,    /* "c2tnb359v1" */
-&(nid_objs[751]),/* "camellia-128-cbc" */
+703,    /* "c2tnb431r1" */
-&(nid_objs[757]),/* "camellia-128-cfb" */
+881,    /* "cACertificate" */
-&(nid_objs[760]),/* "camellia-128-cfb1" */
+483,    /* "cNAMERecord" */
-&(nid_objs[763]),/* "camellia-128-cfb8" */
+751,    /* "camellia-128-cbc" */
-&(nid_objs[754]),/* "camellia-128-ecb" */
+757,    /* "camellia-128-cfb" */
-&(nid_objs[766]),/* "camellia-128-ofb" */
+760,    /* "camellia-128-cfb1" */
-&(nid_objs[752]),/* "camellia-192-cbc" */
+763,    /* "camellia-128-cfb8" */
-&(nid_objs[758]),/* "camellia-192-cfb" */
+754,    /* "camellia-128-ecb" */
-&(nid_objs[761]),/* "camellia-192-cfb1" */
+766,    /* "camellia-128-ofb" */
-&(nid_objs[764]),/* "camellia-192-cfb8" */
+752,    /* "camellia-192-cbc" */
-&(nid_objs[755]),/* "camellia-192-ecb" */
+758,    /* "camellia-192-cfb" */
-&(nid_objs[767]),/* "camellia-192-ofb" */
+761,    /* "camellia-192-cfb1" */
-&(nid_objs[753]),/* "camellia-256-cbc" */
+764,    /* "camellia-192-cfb8" */
-&(nid_objs[759]),/* "camellia-256-cfb" */
+755,    /* "camellia-192-ecb" */
-&(nid_objs[762]),/* "camellia-256-cfb1" */
+767,    /* "camellia-192-ofb" */
-&(nid_objs[765]),/* "camellia-256-cfb8" */
+753,    /* "camellia-256-cbc" */
-&(nid_objs[756]),/* "camellia-256-ecb" */
+759,    /* "camellia-256-cfb" */
-&(nid_objs[768]),/* "camellia-256-ofb" */
+762,    /* "camellia-256-cfb1" */
-&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */
+765,    /* "camellia-256-cfb8" */
-&(nid_objs[108]),/* "cast5-cbc" */
+756,    /* "camellia-256-ecb" */
-&(nid_objs[110]),/* "cast5-cfb" */
+768,    /* "camellia-256-ofb" */
-&(nid_objs[109]),/* "cast5-ecb" */
+443,    /* "caseIgnoreIA5StringSyntax" */
-&(nid_objs[111]),/* "cast5-ofb" */
+108,    /* "cast5-cbc" */
-&(nid_objs[152]),/* "certBag" */
+110,    /* "cast5-cfb" */
-&(nid_objs[677]),/* "certicom-arc" */
+109,    /* "cast5-ecb" */
-&(nid_objs[517]),/* "certificate extensions" */
+111,    /* "cast5-ofb" */
-&(nid_objs[54]),/* "challengePassword" */
+152,    /* "certBag" */
-&(nid_objs[407]),/* "characteristic-two-field" */
+677,    /* "certicom-arc" */
-&(nid_objs[395]),/* "clearance" */
+517,    /* "certificate extensions" */
-&(nid_objs[633]),/* "cleartext track 2" */
+883,    /* "certificateRevocationList" */
-&(nid_objs[13]),/* "commonName" */
+54,     /* "challengePassword" */
-&(nid_objs[513]),/* "content types" */
+407,    /* "characteristic-two-field" */
-&(nid_objs[50]),/* "contentType" */
+395,    /* "clearance" */
-&(nid_objs[53]),/* "countersignature" */
+633,    /* "cleartext track 2" */
-&(nid_objs[14]),/* "countryName" */
+13,     /* "commonName" */
-&(nid_objs[153]),/* "crlBag" */
+513,    /* "content types" */
-&(nid_objs[806]),/* "cryptocom" */
+50,     /* "contentType" */
-&(nid_objs[805]),/* "cryptopro" */
+53,     /* "countersignature" */
-&(nid_objs[500]),/* "dITRedirect" */
+14,     /* "countryName" */
-&(nid_objs[451]),/* "dNSDomain" */
+153,    /* "crlBag" */
-&(nid_objs[495]),/* "dSAQuality" */
+884,    /* "crossCertificatePair" */
-&(nid_objs[434]),/* "data" */
+806,    /* "cryptocom" */
-&(nid_objs[390]),/* "dcObject" */
+805,    /* "cryptopro" */
-&(nid_objs[31]),/* "des-cbc" */
+500,    /* "dITRedirect" */
-&(nid_objs[643]),/* "des-cdmf" */
+451,    /* "dNSDomain" */
-&(nid_objs[30]),/* "des-cfb" */
+495,    /* "dSAQuality" */
-&(nid_objs[656]),/* "des-cfb1" */
+434,    /* "data" */
-&(nid_objs[657]),/* "des-cfb8" */
+390,    /* "dcObject" */
-&(nid_objs[29]),/* "des-ecb" */
+891,    /* "deltaRevocationList" */
-&(nid_objs[32]),/* "des-ede" */
+31,     /* "des-cbc" */
-&(nid_objs[43]),/* "des-ede-cbc" */
+643,    /* "des-cdmf" */
-&(nid_objs[60]),/* "des-ede-cfb" */
+30,     /* "des-cfb" */
-&(nid_objs[62]),/* "des-ede-ofb" */
+656,    /* "des-cfb1" */
-&(nid_objs[33]),/* "des-ede3" */
+657,    /* "des-cfb8" */
-&(nid_objs[44]),/* "des-ede3-cbc" */
+29,     /* "des-ecb" */
-&(nid_objs[61]),/* "des-ede3-cfb" */
+32,     /* "des-ede" */
-&(nid_objs[658]),/* "des-ede3-cfb1" */
+43,     /* "des-ede-cbc" */
-&(nid_objs[659]),/* "des-ede3-cfb8" */
+60,     /* "des-ede-cfb" */
-&(nid_objs[63]),/* "des-ede3-ofb" */
+62,     /* "des-ede-ofb" */
-&(nid_objs[45]),/* "des-ofb" */
+33,     /* "des-ede3" */
-&(nid_objs[107]),/* "description" */
+44,     /* "des-ede3-cbc" */
-&(nid_objs[80]),/* "desx-cbc" */
+61,     /* "des-ede3-cfb" */
-&(nid_objs[28]),/* "dhKeyAgreement" */
+658,    /* "des-ede3-cfb1" */
-&(nid_objs[11]),/* "directory services (X.500)" */
+659,    /* "des-ede3-cfb8" */
-&(nid_objs[378]),/* "directory services - algorithms" */
+63,     /* "des-ede3-ofb" */
-&(nid_objs[174]),/* "dnQualifier" */
+45,     /* "des-ofb" */
-&(nid_objs[447]),/* "document" */
+107,    /* "description" */
-&(nid_objs[471]),/* "documentAuthor" */
+871,    /* "destinationIndicator" */
-&(nid_objs[468]),/* "documentIdentifier" */
+80,     /* "desx-cbc" */
-&(nid_objs[472]),/* "documentLocation" */
+28,     /* "dhKeyAgreement" */
-&(nid_objs[502]),/* "documentPublisher" */
+11,     /* "directory services (X.500)" */
-&(nid_objs[449]),/* "documentSeries" */
+378,    /* "directory services - algorithms" */
-&(nid_objs[469]),/* "documentTitle" */
+887,    /* "distinguishedName" */
-&(nid_objs[470]),/* "documentVersion" */
+892,    /* "dmdName" */
-&(nid_objs[380]),/* "dod" */
+174,    /* "dnQualifier" */
-&(nid_objs[391]),/* "domainComponent" */
+447,    /* "document" */
-&(nid_objs[452]),/* "domainRelatedObject" */
+471,    /* "documentAuthor" */
-&(nid_objs[116]),/* "dsaEncryption" */
+468,    /* "documentIdentifier" */
-&(nid_objs[67]),/* "dsaEncryption-old" */
+472,    /* "documentLocation" */
-&(nid_objs[66]),/* "dsaWithSHA" */
+502,    /* "documentPublisher" */
-&(nid_objs[113]),/* "dsaWithSHA1" */
+449,    /* "documentSeries" */
-&(nid_objs[70]),/* "dsaWithSHA1-old" */
+469,    /* "documentTitle" */
-&(nid_objs[802]),/* "dsa_with_SHA224" */
+470,    /* "documentVersion" */
-&(nid_objs[803]),/* "dsa_with_SHA256" */
+380,    /* "dod" */
-&(nid_objs[297]),/* "dvcs" */
+391,    /* "domainComponent" */
-&(nid_objs[791]),/* "ecdsa-with-Recommended" */
+452,    /* "domainRelatedObject" */
-&(nid_objs[416]),/* "ecdsa-with-SHA1" */
+116,    /* "dsaEncryption" */
-&(nid_objs[793]),/* "ecdsa-with-SHA224" */
+67,     /* "dsaEncryption-old" */
-&(nid_objs[794]),/* "ecdsa-with-SHA256" */
+66,     /* "dsaWithSHA" */
-&(nid_objs[795]),/* "ecdsa-with-SHA384" */
+113,    /* "dsaWithSHA1" */
-&(nid_objs[796]),/* "ecdsa-with-SHA512" */
+70,     /* "dsaWithSHA1-old" */
-&(nid_objs[792]),/* "ecdsa-with-Specified" */
+802,    /* "dsa_with_SHA224" */
-&(nid_objs[48]),/* "emailAddress" */
+803,    /* "dsa_with_SHA256" */
-&(nid_objs[632]),/* "encrypted track 2" */
+297,    /* "dvcs" */
-&(nid_objs[56]),/* "extendedCertificateAttributes" */
+791,    /* "ecdsa-with-Recommended" */
-&(nid_objs[462]),/* "favouriteDrink" */
+416,    /* "ecdsa-with-SHA1" */
-&(nid_objs[453]),/* "friendlyCountry" */
+793,    /* "ecdsa-with-SHA224" */
-&(nid_objs[490]),/* "friendlyCountryName" */
+794,    /* "ecdsa-with-SHA256" */
-&(nid_objs[156]),/* "friendlyName" */
+795,    /* "ecdsa-with-SHA384" */
-&(nid_objs[631]),/* "generate cryptogram" */
+796,    /* "ecdsa-with-SHA512" */
-&(nid_objs[509]),/* "generationQualifier" */
+792,    /* "ecdsa-with-Specified" */
-&(nid_objs[601]),/* "generic cryptogram" */
+48,     /* "emailAddress" */
-&(nid_objs[99]),/* "givenName" */
+632,    /* "encrypted track 2" */
-&(nid_objs[814]),/* "gost89-cnt" */
+885,    /* "enhancedSearchGuide" */
-&(nid_objs[855]),/* "hmac" */
+56,     /* "extendedCertificateAttributes" */
-&(nid_objs[780]),/* "hmac-md5" */
+867,    /* "facsimileTelephoneNumber" */
-&(nid_objs[781]),/* "hmac-sha1" */
+462,    /* "favouriteDrink" */
-&(nid_objs[797]),/* "hmacWithMD5" */
+453,    /* "friendlyCountry" */
-&(nid_objs[163]),/* "hmacWithSHA1" */
+490,    /* "friendlyCountryName" */
-&(nid_objs[798]),/* "hmacWithSHA224" */
+156,    /* "friendlyName" */
-&(nid_objs[799]),/* "hmacWithSHA256" */
+631,    /* "generate cryptogram" */
-&(nid_objs[800]),/* "hmacWithSHA384" */
+509,    /* "generationQualifier" */
-&(nid_objs[801]),/* "hmacWithSHA512" */
+601,    /* "generic cryptogram" */
-&(nid_objs[486]),/* "homePostalAddress" */
+99,     /* "givenName" */
-&(nid_objs[473]),/* "homeTelephoneNumber" */
+814,    /* "gost89-cnt" */
-&(nid_objs[466]),/* "host" */
+855,    /* "hmac" */
-&(nid_objs[442]),/* "iA5StringSyntax" */
+780,    /* "hmac-md5" */
-&(nid_objs[381]),/* "iana" */
+781,    /* "hmac-sha1" */
-&(nid_objs[824]),/* "id-Gost28147-89-CryptoPro-A-ParamSet" */
+797,    /* "hmacWithMD5" */
-&(nid_objs[825]),/* "id-Gost28147-89-CryptoPro-B-ParamSet" */
+163,    /* "hmacWithSHA1" */
-&(nid_objs[826]),/* "id-Gost28147-89-CryptoPro-C-ParamSet" */
+798,    /* "hmacWithSHA224" */
-&(nid_objs[827]),/* "id-Gost28147-89-CryptoPro-D-ParamSet" */
+799,    /* "hmacWithSHA256" */
-&(nid_objs[819]),/* "id-Gost28147-89-CryptoPro-KeyMeshing" */
+800,    /* "hmacWithSHA384" */
-&(nid_objs[829]),/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
+801,    /* "hmacWithSHA512" */
-&(nid_objs[828]),/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
+486,    /* "homePostalAddress" */
-&(nid_objs[830]),/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
+473,    /* "homeTelephoneNumber" */
-&(nid_objs[820]),/* "id-Gost28147-89-None-KeyMeshing" */
+466,    /* "host" */
-&(nid_objs[823]),/* "id-Gost28147-89-TestParamSet" */
+889,    /* "houseIdentifier" */
-&(nid_objs[840]),/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
+442,    /* "iA5StringSyntax" */
-&(nid_objs[841]),/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
+381,    /* "iana" */
-&(nid_objs[842]),/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
+824,    /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
-&(nid_objs[843]),/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
+825,    /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
-&(nid_objs[844]),/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
+826,    /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
-&(nid_objs[839]),/* "id-GostR3410-2001-TestParamSet" */
+827,    /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
-&(nid_objs[832]),/* "id-GostR3410-94-CryptoPro-A-ParamSet" */
+819,    /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
-&(nid_objs[833]),/* "id-GostR3410-94-CryptoPro-B-ParamSet" */
+829,    /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
-&(nid_objs[834]),/* "id-GostR3410-94-CryptoPro-C-ParamSet" */
+828,    /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
-&(nid_objs[835]),/* "id-GostR3410-94-CryptoPro-D-ParamSet" */
+830,    /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
-&(nid_objs[836]),/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
+820,    /* "id-Gost28147-89-None-KeyMeshing" */
-&(nid_objs[837]),/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
+823,    /* "id-Gost28147-89-TestParamSet" */
-&(nid_objs[838]),/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
+840,    /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
-&(nid_objs[831]),/* "id-GostR3410-94-TestParamSet" */
+841,    /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
-&(nid_objs[845]),/* "id-GostR3410-94-a" */
+842,    /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
-&(nid_objs[846]),/* "id-GostR3410-94-aBis" */
+843,    /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
-&(nid_objs[847]),/* "id-GostR3410-94-b" */
+844,    /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
-&(nid_objs[848]),/* "id-GostR3410-94-bBis" */
+839,    /* "id-GostR3410-2001-TestParamSet" */
-&(nid_objs[822]),/* "id-GostR3411-94-CryptoProParamSet" */
+832,    /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
-&(nid_objs[821]),/* "id-GostR3411-94-TestParamSet" */
+833,    /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
-&(nid_objs[266]),/* "id-aca" */
+834,    /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
-&(nid_objs[355]),/* "id-aca-accessIdentity" */
+835,    /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
-&(nid_objs[354]),/* "id-aca-authenticationInfo" */
+836,    /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
-&(nid_objs[356]),/* "id-aca-chargingIdentity" */
+837,    /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
-&(nid_objs[399]),/* "id-aca-encAttrs" */
+838,    /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
-&(nid_objs[357]),/* "id-aca-group" */
+831,    /* "id-GostR3410-94-TestParamSet" */
-&(nid_objs[358]),/* "id-aca-role" */
+845,    /* "id-GostR3410-94-a" */
-&(nid_objs[176]),/* "id-ad" */
+846,    /* "id-GostR3410-94-aBis" */
-&(nid_objs[788]),/* "id-aes128-wrap" */
+847,    /* "id-GostR3410-94-b" */
-&(nid_objs[789]),/* "id-aes192-wrap" */
+848,    /* "id-GostR3410-94-bBis" */
-&(nid_objs[790]),/* "id-aes256-wrap" */
+822,    /* "id-GostR3411-94-CryptoProParamSet" */
-&(nid_objs[262]),/* "id-alg" */
+821,    /* "id-GostR3411-94-TestParamSet" */
-&(nid_objs[323]),/* "id-alg-des40" */
+266,    /* "id-aca" */
-&(nid_objs[326]),/* "id-alg-dh-pop" */
+355,    /* "id-aca-accessIdentity" */
-&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */
+354,    /* "id-aca-authenticationInfo" */
-&(nid_objs[324]),/* "id-alg-noSignature" */
+356,    /* "id-aca-chargingIdentity" */
-&(nid_objs[268]),/* "id-cct" */
+399,    /* "id-aca-encAttrs" */
-&(nid_objs[361]),/* "id-cct-PKIData" */
+357,    /* "id-aca-group" */
-&(nid_objs[362]),/* "id-cct-PKIResponse" */
+358,    /* "id-aca-role" */
-&(nid_objs[360]),/* "id-cct-crs" */
+176,    /* "id-ad" */
-&(nid_objs[81]),/* "id-ce" */
+788,    /* "id-aes128-wrap" */
-&(nid_objs[680]),/* "id-characteristic-two-basis" */
+789,    /* "id-aes192-wrap" */
-&(nid_objs[263]),/* "id-cmc" */
+790,    /* "id-aes256-wrap" */
-&(nid_objs[334]),/* "id-cmc-addExtensions" */
+262,    /* "id-alg" */
-&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */
+323,    /* "id-alg-des40" */
-&(nid_objs[330]),/* "id-cmc-dataReturn" */
+326,    /* "id-alg-dh-pop" */
-&(nid_objs[336]),/* "id-cmc-decryptedPOP" */
+325,    /* "id-alg-dh-sig-hmac-sha1" */
-&(nid_objs[335]),/* "id-cmc-encryptedPOP" */
+324,    /* "id-alg-noSignature" */
-&(nid_objs[339]),/* "id-cmc-getCRL" */
+268,    /* "id-cct" */
-&(nid_objs[338]),/* "id-cmc-getCert" */
+361,    /* "id-cct-PKIData" */
-&(nid_objs[328]),/* "id-cmc-identification" */
+362,    /* "id-cct-PKIResponse" */
-&(nid_objs[329]),/* "id-cmc-identityProof" */
+360,    /* "id-cct-crs" */
-&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */
+81,     /* "id-ce" */
-&(nid_objs[344]),/* "id-cmc-popLinkRandom" */
+680,    /* "id-characteristic-two-basis" */
-&(nid_objs[345]),/* "id-cmc-popLinkWitness" */
+263,    /* "id-cmc" */
-&(nid_objs[343]),/* "id-cmc-queryPending" */
+334,    /* "id-cmc-addExtensions" */
-&(nid_objs[333]),/* "id-cmc-recipientNonce" */
+346,    /* "id-cmc-confirmCertAcceptance" */
-&(nid_objs[341]),/* "id-cmc-regInfo" */
+330,    /* "id-cmc-dataReturn" */
-&(nid_objs[342]),/* "id-cmc-responseInfo" */
+336,    /* "id-cmc-decryptedPOP" */
-&(nid_objs[340]),/* "id-cmc-revokeRequest" */
+335,    /* "id-cmc-encryptedPOP" */
-&(nid_objs[332]),/* "id-cmc-senderNonce" */
+339,    /* "id-cmc-getCRL" */
-&(nid_objs[327]),/* "id-cmc-statusInfo" */
+338,    /* "id-cmc-getCert" */
-&(nid_objs[331]),/* "id-cmc-transactionId" */
+328,    /* "id-cmc-identification" */
-&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */
+329,    /* "id-cmc-identityProof" */
-&(nid_objs[408]),/* "id-ecPublicKey" */
+337,    /* "id-cmc-lraPOPWitness" */
-&(nid_objs[508]),/* "id-hex-multipart-message" */
+344,    /* "id-cmc-popLinkRandom" */
-&(nid_objs[507]),/* "id-hex-partial-message" */
+345,    /* "id-cmc-popLinkWitness" */
-&(nid_objs[260]),/* "id-it" */
+343,    /* "id-cmc-queryPending" */
-&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */
+333,    /* "id-cmc-recipientNonce" */
-&(nid_objs[298]),/* "id-it-caProtEncCert" */
+341,    /* "id-cmc-regInfo" */
-&(nid_objs[311]),/* "id-it-confirmWaitTime" */
+342,    /* "id-cmc-responseInfo" */
-&(nid_objs[303]),/* "id-it-currentCRL" */
+340,    /* "id-cmc-revokeRequest" */
-&(nid_objs[300]),/* "id-it-encKeyPairTypes" */
+332,    /* "id-cmc-senderNonce" */
-&(nid_objs[310]),/* "id-it-implicitConfirm" */
+327,    /* "id-cmc-statusInfo" */
-&(nid_objs[308]),/* "id-it-keyPairParamRep" */
+331,    /* "id-cmc-transactionId" */
-&(nid_objs[307]),/* "id-it-keyPairParamReq" */
+787,    /* "id-ct-asciiTextWithCRLF" */
-&(nid_objs[312]),/* "id-it-origPKIMessage" */
+408,    /* "id-ecPublicKey" */
-&(nid_objs[301]),/* "id-it-preferredSymmAlg" */
+508,    /* "id-hex-multipart-message" */
-&(nid_objs[309]),/* "id-it-revPassphrase" */
+507,    /* "id-hex-partial-message" */
-&(nid_objs[299]),/* "id-it-signKeyPairTypes" */
+260,    /* "id-it" */
-&(nid_objs[305]),/* "id-it-subscriptionRequest" */
+302,    /* "id-it-caKeyUpdateInfo" */
-&(nid_objs[306]),/* "id-it-subscriptionResponse" */
+298,    /* "id-it-caProtEncCert" */
-&(nid_objs[784]),/* "id-it-suppLangTags" */
+311,    /* "id-it-confirmWaitTime" */
-&(nid_objs[304]),/* "id-it-unsupportedOIDs" */
+303,    /* "id-it-currentCRL" */
-&(nid_objs[128]),/* "id-kp" */
+300,    /* "id-it-encKeyPairTypes" */
-&(nid_objs[280]),/* "id-mod-attribute-cert" */
+310,    /* "id-it-implicitConfirm" */
-&(nid_objs[274]),/* "id-mod-cmc" */
+308,    /* "id-it-keyPairParamRep" */
-&(nid_objs[277]),/* "id-mod-cmp" */
+307,    /* "id-it-keyPairParamReq" */
-&(nid_objs[284]),/* "id-mod-cmp2000" */
+312,    /* "id-it-origPKIMessage" */
-&(nid_objs[273]),/* "id-mod-crmf" */
+301,    /* "id-it-preferredSymmAlg" */
-&(nid_objs[283]),/* "id-mod-dvcs" */
+309,    /* "id-it-revPassphrase" */
-&(nid_objs[275]),/* "id-mod-kea-profile-88" */
+299,    /* "id-it-signKeyPairTypes" */
-&(nid_objs[276]),/* "id-mod-kea-profile-93" */
+305,    /* "id-it-subscriptionRequest" */
-&(nid_objs[282]),/* "id-mod-ocsp" */
+306,    /* "id-it-subscriptionResponse" */
-&(nid_objs[278]),/* "id-mod-qualified-cert-88" */
+784,    /* "id-it-suppLangTags" */
-&(nid_objs[279]),/* "id-mod-qualified-cert-93" */
+304,    /* "id-it-unsupportedOIDs" */
-&(nid_objs[281]),/* "id-mod-timestamp-protocol" */
+128,    /* "id-kp" */
-&(nid_objs[264]),/* "id-on" */
+280,    /* "id-mod-attribute-cert" */
-&(nid_objs[347]),/* "id-on-personalData" */
+274,    /* "id-mod-cmc" */
-&(nid_objs[265]),/* "id-pda" */
+277,    /* "id-mod-cmp" */
-&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */
+284,    /* "id-mod-cmp2000" */
-&(nid_objs[353]),/* "id-pda-countryOfResidence" */
+273,    /* "id-mod-crmf" */
-&(nid_objs[348]),/* "id-pda-dateOfBirth" */
+283,    /* "id-mod-dvcs" */
-&(nid_objs[351]),/* "id-pda-gender" */
+275,    /* "id-mod-kea-profile-88" */
-&(nid_objs[349]),/* "id-pda-placeOfBirth" */
+276,    /* "id-mod-kea-profile-93" */
-&(nid_objs[175]),/* "id-pe" */
+282,    /* "id-mod-ocsp" */
-&(nid_objs[261]),/* "id-pkip" */
+278,    /* "id-mod-qualified-cert-88" */
-&(nid_objs[258]),/* "id-pkix-mod" */
+279,    /* "id-mod-qualified-cert-93" */
-&(nid_objs[269]),/* "id-pkix1-explicit-88" */
+281,    /* "id-mod-timestamp-protocol" */
-&(nid_objs[271]),/* "id-pkix1-explicit-93" */
+264,    /* "id-on" */
-&(nid_objs[270]),/* "id-pkix1-implicit-88" */
+347,    /* "id-on-personalData" */
-&(nid_objs[272]),/* "id-pkix1-implicit-93" */
+265,    /* "id-pda" */
-&(nid_objs[662]),/* "id-ppl" */
+352,    /* "id-pda-countryOfCitizenship" */
-&(nid_objs[267]),/* "id-qcs" */
+353,    /* "id-pda-countryOfResidence" */
-&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */
+348,    /* "id-pda-dateOfBirth" */
-&(nid_objs[259]),/* "id-qt" */
+351,    /* "id-pda-gender" */
-&(nid_objs[313]),/* "id-regCtrl" */
+349,    /* "id-pda-placeOfBirth" */
-&(nid_objs[316]),/* "id-regCtrl-authenticator" */
+175,    /* "id-pe" */
-&(nid_objs[319]),/* "id-regCtrl-oldCertID" */
+261,    /* "id-pkip" */
-&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */
+258,    /* "id-pkix-mod" */
-&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */
+269,    /* "id-pkix1-explicit-88" */
-&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */
+271,    /* "id-pkix1-explicit-93" */
-&(nid_objs[315]),/* "id-regCtrl-regToken" */
+270,    /* "id-pkix1-implicit-88" */
-&(nid_objs[314]),/* "id-regInfo" */
+272,    /* "id-pkix1-implicit-93" */
-&(nid_objs[322]),/* "id-regInfo-certReq" */
+662,    /* "id-ppl" */
-&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */
+267,    /* "id-qcs" */
-&(nid_objs[191]),/* "id-smime-aa" */
+359,    /* "id-qcs-pkixQCSyntax-v1" */
-&(nid_objs[215]),/* "id-smime-aa-contentHint" */
+259,    /* "id-qt" */
-&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */
+313,    /* "id-regCtrl" */
-&(nid_objs[221]),/* "id-smime-aa-contentReference" */
+316,    /* "id-regCtrl-authenticator" */
-&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */
+319,    /* "id-regCtrl-oldCertID" */
-&(nid_objs[217]),/* "id-smime-aa-encapContentType" */
+318,    /* "id-regCtrl-pkiArchiveOptions" */
-&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */
+317,    /* "id-regCtrl-pkiPublicationInfo" */
-&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */
+320,    /* "id-regCtrl-protocolEncrKey" */
-&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */
+315,    /* "id-regCtrl-regToken" */
-&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */
+314,    /* "id-regInfo" */
-&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */
+322,    /* "id-regInfo-certReq" */
-&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */
+321,    /* "id-regInfo-utf8Pairs" */
-&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */
+191,    /* "id-smime-aa" */
-&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */
+215,    /* "id-smime-aa-contentHint" */
-&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */
+218,    /* "id-smime-aa-contentIdentifier" */
-&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */
+221,    /* "id-smime-aa-contentReference" */
-&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */
+240,    /* "id-smime-aa-dvcs-dvc" */
-&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */
+217,    /* "id-smime-aa-encapContentType" */
-&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */
+222,    /* "id-smime-aa-encrypKeyPref" */
-&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */
+220,    /* "id-smime-aa-equivalentLabels" */
-&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */
+232,    /* "id-smime-aa-ets-CertificateRefs" */
-&(nid_objs[219]),/* "id-smime-aa-macValue" */
+233,    /* "id-smime-aa-ets-RevocationRefs" */
-&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */
+238,    /* "id-smime-aa-ets-archiveTimeStamp" */
-&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */
+237,    /* "id-smime-aa-ets-certCRLTimestamp" */
-&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */
+234,    /* "id-smime-aa-ets-certValues" */
-&(nid_objs[213]),/* "id-smime-aa-securityLabel" */
+227,    /* "id-smime-aa-ets-commitmentType" */
-&(nid_objs[239]),/* "id-smime-aa-signatureType" */
+231,    /* "id-smime-aa-ets-contentTimestamp" */
-&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */
+236,    /* "id-smime-aa-ets-escTimeStamp" */
-&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */
+230,    /* "id-smime-aa-ets-otherSigCert" */
-&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */
+235,    /* "id-smime-aa-ets-revocationValues" */
-&(nid_objs[192]),/* "id-smime-alg" */
+226,    /* "id-smime-aa-ets-sigPolicyId" */
-&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */
+229,    /* "id-smime-aa-ets-signerAttr" */
-&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */
+228,    /* "id-smime-aa-ets-signerLocation" */
-&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */
+219,    /* "id-smime-aa-macValue" */
-&(nid_objs[245]),/* "id-smime-alg-ESDH" */
+214,    /* "id-smime-aa-mlExpandHistory" */
-&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */
+216,    /* "id-smime-aa-msgSigDigest" */
-&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */
+212,    /* "id-smime-aa-receiptRequest" */
-&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */
+213,    /* "id-smime-aa-securityLabel" */
-&(nid_objs[193]),/* "id-smime-cd" */
+239,    /* "id-smime-aa-signatureType" */
-&(nid_objs[248]),/* "id-smime-cd-ldap" */
+223,    /* "id-smime-aa-signingCertificate" */
-&(nid_objs[190]),/* "id-smime-ct" */
+224,    /* "id-smime-aa-smimeEncryptCerts" */
-&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */
+225,    /* "id-smime-aa-timeStampToken" */
-&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */
+192,    /* "id-smime-alg" */
-&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
+243,    /* "id-smime-alg-3DESwrap" */
-&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
+246,    /* "id-smime-alg-CMS3DESwrap" */
-&(nid_objs[205]),/* "id-smime-ct-authData" */
+247,    /* "id-smime-alg-CMSRC2wrap" */
-&(nid_objs[786]),/* "id-smime-ct-compressedData" */
+245,    /* "id-smime-alg-ESDH" */
-&(nid_objs[209]),/* "id-smime-ct-contentInfo" */
+241,    /* "id-smime-alg-ESDHwith3DES" */
-&(nid_objs[206]),/* "id-smime-ct-publishCert" */
+242,    /* "id-smime-alg-ESDHwithRC2" */
-&(nid_objs[204]),/* "id-smime-ct-receipt" */
+244,    /* "id-smime-alg-RC2wrap" */
-&(nid_objs[195]),/* "id-smime-cti" */
+193,    /* "id-smime-cd" */
-&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */
+248,    /* "id-smime-cd-ldap" */
-&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */
+190,    /* "id-smime-ct" */
-&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */
+210,    /* "id-smime-ct-DVCSRequestData" */
-&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */
+211,    /* "id-smime-ct-DVCSResponseData" */
-&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */
+208,    /* "id-smime-ct-TDTInfo" */
-&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */
+207,    /* "id-smime-ct-TSTInfo" */
-&(nid_objs[189]),/* "id-smime-mod" */
+205,    /* "id-smime-ct-authData" */
-&(nid_objs[196]),/* "id-smime-mod-cms" */
+786,    /* "id-smime-ct-compressedData" */
-&(nid_objs[197]),/* "id-smime-mod-ess" */
+209,    /* "id-smime-ct-contentInfo" */
-&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */
+206,    /* "id-smime-ct-publishCert" */
-&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */
+204,    /* "id-smime-ct-receipt" */
-&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */
+195,    /* "id-smime-cti" */
-&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */
+255,    /* "id-smime-cti-ets-proofOfApproval" */
-&(nid_objs[199]),/* "id-smime-mod-msg-v3" */
+256,    /* "id-smime-cti-ets-proofOfCreation" */
-&(nid_objs[198]),/* "id-smime-mod-oid" */
+253,    /* "id-smime-cti-ets-proofOfDelivery" */
-&(nid_objs[194]),/* "id-smime-spq" */
+251,    /* "id-smime-cti-ets-proofOfOrigin" */
-&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */
+252,    /* "id-smime-cti-ets-proofOfReceipt" */
-&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
+254,    /* "id-smime-cti-ets-proofOfSender" */
-&(nid_objs[34]),/* "idea-cbc" */
+189,    /* "id-smime-mod" */
-&(nid_objs[35]),/* "idea-cfb" */
+196,    /* "id-smime-mod-cms" */
-&(nid_objs[36]),/* "idea-ecb" */
+197,    /* "id-smime-mod-ess" */
-&(nid_objs[46]),/* "idea-ofb" */
+202,    /* "id-smime-mod-ets-eSigPolicy-88" */
-&(nid_objs[676]),/* "identified-organization" */
+203,    /* "id-smime-mod-ets-eSigPolicy-97" */
-&(nid_objs[461]),/* "info" */
+200,    /* "id-smime-mod-ets-eSignature-88" */
-&(nid_objs[101]),/* "initials" */
+201,    /* "id-smime-mod-ets-eSignature-97" */
-&(nid_objs[749]),/* "ipsec3" */
+199,    /* "id-smime-mod-msg-v3" */
-&(nid_objs[750]),/* "ipsec4" */
+198,    /* "id-smime-mod-oid" */
-&(nid_objs[181]),/* "iso" */
+194,    /* "id-smime-spq" */
-&(nid_objs[623]),/* "issuer capabilities" */
+250,    /* "id-smime-spq-ets-sqt-unotice" */
-&(nid_objs[645]),/* "itu-t" */
+249,    /* "id-smime-spq-ets-sqt-uri" */
-&(nid_objs[492]),/* "janetMailbox" */
+34,     /* "idea-cbc" */
-&(nid_objs[646]),/* "joint-iso-itu-t" */
+35,     /* "idea-cfb" */
-&(nid_objs[150]),/* "keyBag" */
+36,     /* "idea-ecb" */
-&(nid_objs[773]),/* "kisa" */
+46,     /* "idea-ofb" */
-&(nid_objs[477]),/* "lastModifiedBy" */
+676,    /* "identified-organization" */
-&(nid_objs[476]),/* "lastModifiedTime" */
+461,    /* "info" */
-&(nid_objs[157]),/* "localKeyID" */
+101,    /* "initials" */
-&(nid_objs[15]),/* "localityName" */
+869,    /* "internationaliSDNNumber" */
-&(nid_objs[480]),/* "mXRecord" */
+749,    /* "ipsec3" */
-&(nid_objs[493]),/* "mailPreferenceOption" */
+750,    /* "ipsec4" */
-&(nid_objs[467]),/* "manager" */
+181,    /* "iso" */
-&(nid_objs[ 3]),/* "md2" */
+623,    /* "issuer capabilities" */
-&(nid_objs[ 7]),/* "md2WithRSAEncryption" */
+645,    /* "itu-t" */
-&(nid_objs[257]),/* "md4" */
+492,    /* "janetMailbox" */
-&(nid_objs[396]),/* "md4WithRSAEncryption" */
+646,    /* "joint-iso-itu-t" */
-&(nid_objs[ 4]),/* "md5" */
+150,    /* "keyBag" */
-&(nid_objs[114]),/* "md5-sha1" */
+773,    /* "kisa" */
-&(nid_objs[104]),/* "md5WithRSA" */
+477,    /* "lastModifiedBy" */
-&(nid_objs[ 8]),/* "md5WithRSAEncryption" */
+476,    /* "lastModifiedTime" */
-&(nid_objs[95]),/* "mdc2" */
+157,    /* "localKeyID" */
-&(nid_objs[96]),/* "mdc2WithRSA" */
+15,     /* "localityName" */
-&(nid_objs[602]),/* "merchant initiated auth" */
+480,    /* "mXRecord" */
-&(nid_objs[514]),/* "message extensions" */
+493,    /* "mailPreferenceOption" */
-&(nid_objs[51]),/* "messageDigest" */
+467,    /* "manager" */
-&(nid_objs[506]),/* "mime-mhs-bodies" */
+ 3,     /* "md2" */
-&(nid_objs[505]),/* "mime-mhs-headings" */
+ 7,     /* "md2WithRSAEncryption" */
-&(nid_objs[488]),/* "mobileTelephoneNumber" */
+257,    /* "md4" */
-&(nid_objs[481]),/* "nSRecord" */
+396,    /* "md4WithRSAEncryption" */
-&(nid_objs[173]),/* "name" */
+ 4,     /* "md5" */
-&(nid_objs[681]),/* "onBasis" */
+114,    /* "md5-sha1" */
-&(nid_objs[379]),/* "org" */
+104,    /* "md5WithRSA" */
-&(nid_objs[17]),/* "organizationName" */
+ 8,     /* "md5WithRSAEncryption" */
-&(nid_objs[491]),/* "organizationalStatus" */
+95,     /* "mdc2" */
-&(nid_objs[18]),/* "organizationalUnitName" */
+96,     /* "mdc2WithRSA" */
-&(nid_objs[475]),/* "otherMailbox" */
+875,    /* "member" */
-&(nid_objs[489]),/* "pagerTelephoneNumber" */
+602,    /* "merchant initiated auth" */
-&(nid_objs[782]),/* "password based MAC" */
+514,    /* "message extensions" */
-&(nid_objs[374]),/* "path" */
+51,     /* "messageDigest" */
-&(nid_objs[621]),/* "payment gateway capabilities" */
+506,    /* "mime-mhs-bodies" */
-&(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */
+505,    /* "mime-mhs-headings" */
-&(nid_objs[168]),/* "pbeWithMD2AndRC2-CBC" */
+488,    /* "mobileTelephoneNumber" */
-&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
+481,    /* "nSRecord" */
-&(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */
+173,    /* "name" */
-&(nid_objs[169]),/* "pbeWithMD5AndRC2-CBC" */
+681,    /* "onBasis" */
-&(nid_objs[148]),/* "pbeWithSHA1And128BitRC2-CBC" */
+379,    /* "org" */
-&(nid_objs[144]),/* "pbeWithSHA1And128BitRC4" */
+17,     /* "organizationName" */
-&(nid_objs[147]),/* "pbeWithSHA1And2-KeyTripleDES-CBC" */
+491,    /* "organizationalStatus" */
-&(nid_objs[146]),/* "pbeWithSHA1And3-KeyTripleDES-CBC" */
+18,     /* "organizationalUnitName" */
-&(nid_objs[149]),/* "pbeWithSHA1And40BitRC2-CBC" */
+475,    /* "otherMailbox" */
-&(nid_objs[145]),/* "pbeWithSHA1And40BitRC4" */
+876,    /* "owner" */
-&(nid_objs[170]),/* "pbeWithSHA1AndDES-CBC" */
+489,    /* "pagerTelephoneNumber" */
-&(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */
+782,    /* "password based MAC" */
-&(nid_objs[499]),/* "personalSignature" */
+374,    /* "path" */
-&(nid_objs[487]),/* "personalTitle" */
+621,    /* "payment gateway capabilities" */
-&(nid_objs[464]),/* "photo" */
+ 9,     /* "pbeWithMD2AndDES-CBC" */
-&(nid_objs[437]),/* "pilot" */
+168,    /* "pbeWithMD2AndRC2-CBC" */
-&(nid_objs[439]),/* "pilotAttributeSyntax" */
+112,    /* "pbeWithMD5AndCast5CBC" */
-&(nid_objs[438]),/* "pilotAttributeType" */
+10,     /* "pbeWithMD5AndDES-CBC" */
-&(nid_objs[479]),/* "pilotAttributeType27" */
+169,    /* "pbeWithMD5AndRC2-CBC" */
-&(nid_objs[456]),/* "pilotDSA" */
+148,    /* "pbeWithSHA1And128BitRC2-CBC" */
-&(nid_objs[441]),/* "pilotGroups" */
+144,    /* "pbeWithSHA1And128BitRC4" */
-&(nid_objs[444]),/* "pilotObject" */
+147,    /* "pbeWithSHA1And2-KeyTripleDES-CBC" */
-&(nid_objs[440]),/* "pilotObjectClass" */
+146,    /* "pbeWithSHA1And3-KeyTripleDES-CBC" */
-&(nid_objs[455]),/* "pilotOrganization" */
+149,    /* "pbeWithSHA1And40BitRC2-CBC" */
-&(nid_objs[445]),/* "pilotPerson" */
+145,    /* "pbeWithSHA1And40BitRC4" */
-&(nid_objs[186]),/* "pkcs1" */
+170,    /* "pbeWithSHA1AndDES-CBC" */
-&(nid_objs[27]),/* "pkcs3" */
+68,     /* "pbeWithSHA1AndRC2-CBC" */
-&(nid_objs[187]),/* "pkcs5" */
+499,    /* "personalSignature" */
-&(nid_objs[20]),/* "pkcs7" */
+487,    /* "personalTitle" */
-&(nid_objs[21]),/* "pkcs7-data" */
+464,    /* "photo" */
-&(nid_objs[25]),/* "pkcs7-digestData" */
+863,    /* "physicalDeliveryOfficeName" */
-&(nid_objs[26]),/* "pkcs7-encryptedData" */
+437,    /* "pilot" */
-&(nid_objs[23]),/* "pkcs7-envelopedData" */
+439,    /* "pilotAttributeSyntax" */
-&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
+438,    /* "pilotAttributeType" */
-&(nid_objs[22]),/* "pkcs7-signedData" */
+479,    /* "pilotAttributeType27" */
-&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
+456,    /* "pilotDSA" */
-&(nid_objs[47]),/* "pkcs9" */
+441,    /* "pilotGroups" */
-&(nid_objs[661]),/* "postalCode" */
+444,    /* "pilotObject" */
-&(nid_objs[683]),/* "ppBasis" */
+440,    /* "pilotObjectClass" */
-&(nid_objs[406]),/* "prime-field" */
+455,    /* "pilotOrganization" */
-&(nid_objs[409]),/* "prime192v1" */
+445,    /* "pilotPerson" */
-&(nid_objs[410]),/* "prime192v2" */
+186,    /* "pkcs1" */
-&(nid_objs[411]),/* "prime192v3" */
+27,     /* "pkcs3" */
-&(nid_objs[412]),/* "prime239v1" */
+187,    /* "pkcs5" */
-&(nid_objs[413]),/* "prime239v2" */
+20,     /* "pkcs7" */
-&(nid_objs[414]),/* "prime239v3" */
+21,     /* "pkcs7-data" */
-&(nid_objs[415]),/* "prime256v1" */
+25,     /* "pkcs7-digestData" */
-&(nid_objs[510]),/* "pseudonym" */
+26,     /* "pkcs7-encryptedData" */
-&(nid_objs[435]),/* "pss" */
+23,     /* "pkcs7-envelopedData" */
-&(nid_objs[286]),/* "qcStatements" */
+24,     /* "pkcs7-signedAndEnvelopedData" */
-&(nid_objs[457]),/* "qualityLabelledData" */
+22,     /* "pkcs7-signedData" */
-&(nid_objs[450]),/* "rFC822localPart" */
+151,    /* "pkcs8ShroudedKeyBag" */
-&(nid_objs[98]),/* "rc2-40-cbc" */
+47,     /* "pkcs9" */
-&(nid_objs[166]),/* "rc2-64-cbc" */
+862,    /* "postOfficeBox" */
-&(nid_objs[37]),/* "rc2-cbc" */
+861,    /* "postalAddress" */
-&(nid_objs[39]),/* "rc2-cfb" */
+661,    /* "postalCode" */
-&(nid_objs[38]),/* "rc2-ecb" */
+683,    /* "ppBasis" */
-&(nid_objs[40]),/* "rc2-ofb" */
+872,    /* "preferredDeliveryMethod" */
-&(nid_objs[ 5]),/* "rc4" */
+873,    /* "presentationAddress" */
-&(nid_objs[97]),/* "rc4-40" */
+406,    /* "prime-field" */
-&(nid_objs[120]),/* "rc5-cbc" */
+409,    /* "prime192v1" */
-&(nid_objs[122]),/* "rc5-cfb" */
+410,    /* "prime192v2" */
-&(nid_objs[121]),/* "rc5-ecb" */
+411,    /* "prime192v3" */
-&(nid_objs[123]),/* "rc5-ofb" */
+412,    /* "prime239v1" */
-&(nid_objs[460]),/* "rfc822Mailbox" */
+413,    /* "prime239v2" */
-&(nid_objs[117]),/* "ripemd160" */
+414,    /* "prime239v3" */
-&(nid_objs[119]),/* "ripemd160WithRSA" */
+415,    /* "prime256v1" */
-&(nid_objs[400]),/* "role" */
+886,    /* "protocolInformation" */
-&(nid_objs[448]),/* "room" */
+510,    /* "pseudonym" */
-&(nid_objs[463]),/* "roomNumber" */
+435,    /* "pss" */
-&(nid_objs[19]),/* "rsa" */
+286,    /* "qcStatements" */
-&(nid_objs[ 6]),/* "rsaEncryption" */
+457,    /* "qualityLabelledData" */
-&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */
+450,    /* "rFC822localPart" */
-&(nid_objs[377]),/* "rsaSignature" */
+98,     /* "rc2-40-cbc" */
-&(nid_objs[124]),/* "run length compression" */
+166,    /* "rc2-64-cbc" */
-&(nid_objs[482]),/* "sOARecord" */
+37,     /* "rc2-cbc" */
-&(nid_objs[155]),/* "safeContentsBag" */
+39,     /* "rc2-cfb" */
-&(nid_objs[291]),/* "sbgp-autonomousSysNum" */
+38,     /* "rc2-ecb" */
-&(nid_objs[290]),/* "sbgp-ipAddrBlock" */
+40,     /* "rc2-ofb" */
-&(nid_objs[292]),/* "sbgp-routerIdentifier" */
+ 5,     /* "rc4" */
-&(nid_objs[159]),/* "sdsiCertificate" */
+97,     /* "rc4-40" */
-&(nid_objs[704]),/* "secp112r1" */
+120,    /* "rc5-cbc" */
-&(nid_objs[705]),/* "secp112r2" */
+122,    /* "rc5-cfb" */
-&(nid_objs[706]),/* "secp128r1" */
+121,    /* "rc5-ecb" */
-&(nid_objs[707]),/* "secp128r2" */
+123,    /* "rc5-ofb" */
-&(nid_objs[708]),/* "secp160k1" */
+870,    /* "registeredAddress" */
-&(nid_objs[709]),/* "secp160r1" */
+460,    /* "rfc822Mailbox" */
-&(nid_objs[710]),/* "secp160r2" */
+117,    /* "ripemd160" */
-&(nid_objs[711]),/* "secp192k1" */
+119,    /* "ripemd160WithRSA" */
-&(nid_objs[712]),/* "secp224k1" */
+400,    /* "role" */
-&(nid_objs[713]),/* "secp224r1" */
+877,    /* "roleOccupant" */
-&(nid_objs[714]),/* "secp256k1" */
+448,    /* "room" */
-&(nid_objs[715]),/* "secp384r1" */
+463,    /* "roomNumber" */
-&(nid_objs[716]),/* "secp521r1" */
+19,     /* "rsa" */
-&(nid_objs[154]),/* "secretBag" */
+ 6,     /* "rsaEncryption" */
-&(nid_objs[474]),/* "secretary" */
+644,    /* "rsaOAEPEncryptionSET" */
-&(nid_objs[717]),/* "sect113r1" */
+377,    /* "rsaSignature" */
-&(nid_objs[718]),/* "sect113r2" */
+124,    /* "run length compression" */
-&(nid_objs[719]),/* "sect131r1" */
+482,    /* "sOARecord" */
-&(nid_objs[720]),/* "sect131r2" */
+155,    /* "safeContentsBag" */
-&(nid_objs[721]),/* "sect163k1" */
+291,    /* "sbgp-autonomousSysNum" */
-&(nid_objs[722]),/* "sect163r1" */
+290,    /* "sbgp-ipAddrBlock" */
-&(nid_objs[723]),/* "sect163r2" */
+292,    /* "sbgp-routerIdentifier" */
-&(nid_objs[724]),/* "sect193r1" */
+159,    /* "sdsiCertificate" */
-&(nid_objs[725]),/* "sect193r2" */
+859,    /* "searchGuide" */
-&(nid_objs[726]),/* "sect233k1" */
+704,    /* "secp112r1" */
-&(nid_objs[727]),/* "sect233r1" */
+705,    /* "secp112r2" */
-&(nid_objs[728]),/* "sect239k1" */
+706,    /* "secp128r1" */
-&(nid_objs[729]),/* "sect283k1" */
+707,    /* "secp128r2" */
-&(nid_objs[730]),/* "sect283r1" */
+708,    /* "secp160k1" */
-&(nid_objs[731]),/* "sect409k1" */
+709,    /* "secp160r1" */
-&(nid_objs[732]),/* "sect409r1" */
+710,    /* "secp160r2" */
-&(nid_objs[733]),/* "sect571k1" */
+711,    /* "secp192k1" */
-&(nid_objs[734]),/* "sect571r1" */
+712,    /* "secp224k1" */
-&(nid_objs[635]),/* "secure device signature" */
+713,    /* "secp224r1" */
-&(nid_objs[777]),/* "seed-cbc" */
+714,    /* "secp256k1" */
-&(nid_objs[779]),/* "seed-cfb" */
+715,    /* "secp384r1" */
-&(nid_objs[776]),/* "seed-ecb" */
+716,    /* "secp521r1" */
-&(nid_objs[778]),/* "seed-ofb" */
+154,    /* "secretBag" */
-&(nid_objs[105]),/* "serialNumber" */
+474,    /* "secretary" */
-&(nid_objs[625]),/* "set-addPolicy" */
+717,    /* "sect113r1" */
-&(nid_objs[515]),/* "set-attr" */
+718,    /* "sect113r2" */
-&(nid_objs[518]),/* "set-brand" */
+719,    /* "sect131r1" */
-&(nid_objs[638]),/* "set-brand-AmericanExpress" */
+720,    /* "sect131r2" */
-&(nid_objs[637]),/* "set-brand-Diners" */
+721,    /* "sect163k1" */
-&(nid_objs[636]),/* "set-brand-IATA-ATA" */
+722,    /* "sect163r1" */
-&(nid_objs[639]),/* "set-brand-JCB" */
+723,    /* "sect163r2" */
-&(nid_objs[641]),/* "set-brand-MasterCard" */
+724,    /* "sect193r1" */
-&(nid_objs[642]),/* "set-brand-Novus" */
+725,    /* "sect193r2" */
-&(nid_objs[640]),/* "set-brand-Visa" */
+726,    /* "sect233k1" */
-&(nid_objs[516]),/* "set-policy" */
+727,    /* "sect233r1" */
-&(nid_objs[607]),/* "set-policy-root" */
+728,    /* "sect239k1" */
-&(nid_objs[624]),/* "set-rootKeyThumb" */
+729,    /* "sect283k1" */
-&(nid_objs[620]),/* "setAttr-Cert" */
+730,    /* "sect283r1" */
-&(nid_objs[628]),/* "setAttr-IssCap-CVM" */
+731,    /* "sect409k1" */
-&(nid_objs[630]),/* "setAttr-IssCap-Sig" */
+732,    /* "sect409r1" */
-&(nid_objs[629]),/* "setAttr-IssCap-T2" */
+733,    /* "sect571k1" */
-&(nid_objs[627]),/* "setAttr-Token-B0Prime" */
+734,    /* "sect571r1" */
-&(nid_objs[626]),/* "setAttr-Token-EMV" */
+635,    /* "secure device signature" */
-&(nid_objs[622]),/* "setAttr-TokenType" */
+878,    /* "seeAlso" */
-&(nid_objs[619]),/* "setCext-IssuerCapabilities" */
+777,    /* "seed-cbc" */
-&(nid_objs[615]),/* "setCext-PGWYcapabilities" */
+779,    /* "seed-cfb" */
-&(nid_objs[616]),/* "setCext-TokenIdentifier" */
+776,    /* "seed-ecb" */
-&(nid_objs[618]),/* "setCext-TokenType" */
+778,    /* "seed-ofb" */
-&(nid_objs[617]),/* "setCext-Track2Data" */
+105,    /* "serialNumber" */
-&(nid_objs[611]),/* "setCext-cCertRequired" */
+625,    /* "set-addPolicy" */
-&(nid_objs[609]),/* "setCext-certType" */
+515,    /* "set-attr" */
-&(nid_objs[608]),/* "setCext-hashedRoot" */
+518,    /* "set-brand" */
-&(nid_objs[610]),/* "setCext-merchData" */
+638,    /* "set-brand-AmericanExpress" */
-&(nid_objs[613]),/* "setCext-setExt" */
+637,    /* "set-brand-Diners" */
-&(nid_objs[614]),/* "setCext-setQualf" */
+636,    /* "set-brand-IATA-ATA" */
-&(nid_objs[612]),/* "setCext-tunneling" */
+639,    /* "set-brand-JCB" */
-&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */
+641,    /* "set-brand-MasterCard" */
-&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */
+642,    /* "set-brand-Novus" */
-&(nid_objs[570]),/* "setct-AuthReqTBE" */
+640,    /* "set-brand-Visa" */
-&(nid_objs[534]),/* "setct-AuthReqTBS" */
+516,    /* "set-policy" */
-&(nid_objs[527]),/* "setct-AuthResBaggage" */
+607,    /* "set-policy-root" */
-&(nid_objs[571]),/* "setct-AuthResTBE" */
+624,    /* "set-rootKeyThumb" */
-&(nid_objs[572]),/* "setct-AuthResTBEX" */
+620,    /* "setAttr-Cert" */
-&(nid_objs[535]),/* "setct-AuthResTBS" */
+628,    /* "setAttr-IssCap-CVM" */
-&(nid_objs[536]),/* "setct-AuthResTBSX" */
+630,    /* "setAttr-IssCap-Sig" */
-&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */
+629,    /* "setAttr-IssCap-T2" */
-&(nid_objs[577]),/* "setct-AuthRevReqTBE" */
+627,    /* "setAttr-Token-B0Prime" */
-&(nid_objs[541]),/* "setct-AuthRevReqTBS" */
+626,    /* "setAttr-Token-EMV" */
-&(nid_objs[529]),/* "setct-AuthRevResBaggage" */
+622,    /* "setAttr-TokenType" */
-&(nid_objs[542]),/* "setct-AuthRevResData" */
+619,    /* "setCext-IssuerCapabilities" */
-&(nid_objs[578]),/* "setct-AuthRevResTBE" */
+615,    /* "setCext-PGWYcapabilities" */
-&(nid_objs[579]),/* "setct-AuthRevResTBEB" */
+616,    /* "setCext-TokenIdentifier" */
-&(nid_objs[543]),/* "setct-AuthRevResTBS" */
+618,    /* "setCext-TokenType" */
-&(nid_objs[573]),/* "setct-AuthTokenTBE" */
+617,    /* "setCext-Track2Data" */
-&(nid_objs[537]),/* "setct-AuthTokenTBS" */
+611,    /* "setCext-cCertRequired" */
-&(nid_objs[600]),/* "setct-BCIDistributionTBS" */
+609,    /* "setCext-certType" */
-&(nid_objs[558]),/* "setct-BatchAdminReqData" */
+608,    /* "setCext-hashedRoot" */
-&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */
+610,    /* "setCext-merchData" */
-&(nid_objs[559]),/* "setct-BatchAdminResData" */
+613,    /* "setCext-setExt" */
-&(nid_objs[593]),/* "setct-BatchAdminResTBE" */
+614,    /* "setCext-setQualf" */
-&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */
+612,    /* "setCext-tunneling" */
-&(nid_objs[598]),/* "setct-CRLNotificationTBS" */
+540,    /* "setct-AcqCardCodeMsg" */
-&(nid_objs[580]),/* "setct-CapReqTBE" */
+576,    /* "setct-AcqCardCodeMsgTBE" */
-&(nid_objs[581]),/* "setct-CapReqTBEX" */
+570,    /* "setct-AuthReqTBE" */
-&(nid_objs[544]),/* "setct-CapReqTBS" */
+534,    /* "setct-AuthReqTBS" */
-&(nid_objs[545]),/* "setct-CapReqTBSX" */
+527,    /* "setct-AuthResBaggage" */
-&(nid_objs[546]),/* "setct-CapResData" */
+571,    /* "setct-AuthResTBE" */
-&(nid_objs[582]),/* "setct-CapResTBE" */
+572,    /* "setct-AuthResTBEX" */
-&(nid_objs[583]),/* "setct-CapRevReqTBE" */
+535,    /* "setct-AuthResTBS" */
-&(nid_objs[584]),/* "setct-CapRevReqTBEX" */
+536,    /* "setct-AuthResTBSX" */
-&(nid_objs[547]),/* "setct-CapRevReqTBS" */
+528,    /* "setct-AuthRevReqBaggage" */
-&(nid_objs[548]),/* "setct-CapRevReqTBSX" */
+577,    /* "setct-AuthRevReqTBE" */
-&(nid_objs[549]),/* "setct-CapRevResData" */
+541,    /* "setct-AuthRevReqTBS" */
-&(nid_objs[585]),/* "setct-CapRevResTBE" */
+529,    /* "setct-AuthRevResBaggage" */
-&(nid_objs[538]),/* "setct-CapTokenData" */
+542,    /* "setct-AuthRevResData" */
-&(nid_objs[530]),/* "setct-CapTokenSeq" */
+578,    /* "setct-AuthRevResTBE" */
-&(nid_objs[574]),/* "setct-CapTokenTBE" */
+579,    /* "setct-AuthRevResTBEB" */
-&(nid_objs[575]),/* "setct-CapTokenTBEX" */
+543,    /* "setct-AuthRevResTBS" */
-&(nid_objs[539]),/* "setct-CapTokenTBS" */
+573,    /* "setct-AuthTokenTBE" */
-&(nid_objs[560]),/* "setct-CardCInitResTBS" */
+537,    /* "setct-AuthTokenTBS" */
-&(nid_objs[566]),/* "setct-CertInqReqTBS" */
+600,    /* "setct-BCIDistributionTBS" */
-&(nid_objs[563]),/* "setct-CertReqData" */
+558,    /* "setct-BatchAdminReqData" */
-&(nid_objs[595]),/* "setct-CertReqTBE" */
+592,    /* "setct-BatchAdminReqTBE" */
-&(nid_objs[596]),/* "setct-CertReqTBEX" */
+559,    /* "setct-BatchAdminResData" */
-&(nid_objs[564]),/* "setct-CertReqTBS" */
+593,    /* "setct-BatchAdminResTBE" */
-&(nid_objs[565]),/* "setct-CertResData" */
+599,    /* "setct-CRLNotificationResTBS" */
-&(nid_objs[597]),/* "setct-CertResTBE" */
+598,    /* "setct-CRLNotificationTBS" */
-&(nid_objs[586]),/* "setct-CredReqTBE" */
+580,    /* "setct-CapReqTBE" */
-&(nid_objs[587]),/* "setct-CredReqTBEX" */
+581,    /* "setct-CapReqTBEX" */
-&(nid_objs[550]),/* "setct-CredReqTBS" */
+544,    /* "setct-CapReqTBS" */
-&(nid_objs[551]),/* "setct-CredReqTBSX" */
+545,    /* "setct-CapReqTBSX" */
-&(nid_objs[552]),/* "setct-CredResData" */
+546,    /* "setct-CapResData" */
-&(nid_objs[588]),/* "setct-CredResTBE" */
+582,    /* "setct-CapResTBE" */
-&(nid_objs[589]),/* "setct-CredRevReqTBE" */
+583,    /* "setct-CapRevReqTBE" */
-&(nid_objs[590]),/* "setct-CredRevReqTBEX" */
+584,    /* "setct-CapRevReqTBEX" */
-&(nid_objs[553]),/* "setct-CredRevReqTBS" */
+547,    /* "setct-CapRevReqTBS" */
-&(nid_objs[554]),/* "setct-CredRevReqTBSX" */
+548,    /* "setct-CapRevReqTBSX" */
-&(nid_objs[555]),/* "setct-CredRevResData" */
+549,    /* "setct-CapRevResData" */
-&(nid_objs[591]),/* "setct-CredRevResTBE" */
+585,    /* "setct-CapRevResTBE" */
-&(nid_objs[567]),/* "setct-ErrorTBS" */
+538,    /* "setct-CapTokenData" */
-&(nid_objs[526]),/* "setct-HODInput" */
+530,    /* "setct-CapTokenSeq" */
-&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */
+574,    /* "setct-CapTokenTBE" */
-&(nid_objs[522]),/* "setct-OIData" */
+575,    /* "setct-CapTokenTBEX" */
-&(nid_objs[519]),/* "setct-PANData" */
+539,    /* "setct-CapTokenTBS" */
-&(nid_objs[521]),/* "setct-PANOnly" */
+560,    /* "setct-CardCInitResTBS" */
-&(nid_objs[520]),/* "setct-PANToken" */
+566,    /* "setct-CertInqReqTBS" */
-&(nid_objs[556]),/* "setct-PCertReqData" */
+563,    /* "setct-CertReqData" */
-&(nid_objs[557]),/* "setct-PCertResTBS" */
+595,    /* "setct-CertReqTBE" */
-&(nid_objs[523]),/* "setct-PI" */
+596,    /* "setct-CertReqTBEX" */
-&(nid_objs[532]),/* "setct-PI-TBS" */
+564,    /* "setct-CertReqTBS" */
-&(nid_objs[524]),/* "setct-PIData" */
+565,    /* "setct-CertResData" */
-&(nid_objs[525]),/* "setct-PIDataUnsigned" */
+597,    /* "setct-CertResTBE" */
-&(nid_objs[568]),/* "setct-PIDualSignedTBE" */
+586,    /* "setct-CredReqTBE" */
-&(nid_objs[569]),/* "setct-PIUnsignedTBE" */
+587,    /* "setct-CredReqTBEX" */
-&(nid_objs[531]),/* "setct-PInitResData" */
+550,    /* "setct-CredReqTBS" */
-&(nid_objs[533]),/* "setct-PResData" */
+551,    /* "setct-CredReqTBSX" */
-&(nid_objs[594]),/* "setct-RegFormReqTBE" */
+552,    /* "setct-CredResData" */
-&(nid_objs[562]),/* "setct-RegFormResTBS" */
+588,    /* "setct-CredResTBE" */
-&(nid_objs[604]),/* "setext-pinAny" */
+589,    /* "setct-CredRevReqTBE" */
-&(nid_objs[603]),/* "setext-pinSecure" */
+590,    /* "setct-CredRevReqTBEX" */
-&(nid_objs[605]),/* "setext-track2" */
+553,    /* "setct-CredRevReqTBS" */
-&(nid_objs[41]),/* "sha" */
+554,    /* "setct-CredRevReqTBSX" */
-&(nid_objs[64]),/* "sha1" */
+555,    /* "setct-CredRevResData" */
-&(nid_objs[115]),/* "sha1WithRSA" */
+591,    /* "setct-CredRevResTBE" */
-&(nid_objs[65]),/* "sha1WithRSAEncryption" */
+567,    /* "setct-ErrorTBS" */
-&(nid_objs[675]),/* "sha224" */
+526,    /* "setct-HODInput" */
-&(nid_objs[671]),/* "sha224WithRSAEncryption" */
+561,    /* "setct-MeAqCInitResTBS" */
-&(nid_objs[672]),/* "sha256" */
+522,    /* "setct-OIData" */
-&(nid_objs[668]),/* "sha256WithRSAEncryption" */
+519,    /* "setct-PANData" */
-&(nid_objs[673]),/* "sha384" */
+521,    /* "setct-PANOnly" */
-&(nid_objs[669]),/* "sha384WithRSAEncryption" */
+520,    /* "setct-PANToken" */
-&(nid_objs[674]),/* "sha512" */
+556,    /* "setct-PCertReqData" */
-&(nid_objs[670]),/* "sha512WithRSAEncryption" */
+557,    /* "setct-PCertResTBS" */
-&(nid_objs[42]),/* "shaWithRSAEncryption" */
+523,    /* "setct-PI" */
-&(nid_objs[52]),/* "signingTime" */
+532,    /* "setct-PI-TBS" */
-&(nid_objs[454]),/* "simpleSecurityObject" */
+524,    /* "setct-PIData" */
-&(nid_objs[496]),/* "singleLevelQuality" */
+525,    /* "setct-PIDataUnsigned" */
-&(nid_objs[16]),/* "stateOrProvinceName" */
+568,    /* "setct-PIDualSignedTBE" */
-&(nid_objs[660]),/* "streetAddress" */
+569,    /* "setct-PIUnsignedTBE" */
-&(nid_objs[498]),/* "subtreeMaximumQuality" */
+531,    /* "setct-PInitResData" */
-&(nid_objs[497]),/* "subtreeMinimumQuality" */
+533,    /* "setct-PResData" */
-&(nid_objs[100]),/* "surname" */
+594,    /* "setct-RegFormReqTBE" */
-&(nid_objs[459]),/* "textEncodedORAddress" */
+562,    /* "setct-RegFormResTBS" */
-&(nid_objs[293]),/* "textNotice" */
+604,    /* "setext-pinAny" */
-&(nid_objs[106]),/* "title" */
+603,    /* "setext-pinSecure" */
-&(nid_objs[682]),/* "tpBasis" */
+605,    /* "setext-track2" */
-&(nid_objs[436]),/* "ucl" */
+41,     /* "sha" */
-&(nid_objs[ 0]),/* "undefined" */
+64,     /* "sha1" */
-&(nid_objs[55]),/* "unstructuredAddress" */
+115,    /* "sha1WithRSA" */
-&(nid_objs[49]),/* "unstructuredName" */
+65,     /* "sha1WithRSAEncryption" */
-&(nid_objs[465]),/* "userClass" */
+675,    /* "sha224" */
-&(nid_objs[458]),/* "userId" */
+671,    /* "sha224WithRSAEncryption" */
-&(nid_objs[373]),/* "valid" */
+672,    /* "sha256" */
-&(nid_objs[678]),/* "wap" */
+668,    /* "sha256WithRSAEncryption" */
-&(nid_objs[679]),/* "wap-wsg" */
+673,    /* "sha384" */
-&(nid_objs[735]),/* "wap-wsg-idm-ecid-wtls1" */
+669,    /* "sha384WithRSAEncryption" */
-&(nid_objs[743]),/* "wap-wsg-idm-ecid-wtls10" */
+674,    /* "sha512" */
-&(nid_objs[744]),/* "wap-wsg-idm-ecid-wtls11" */
+670,    /* "sha512WithRSAEncryption" */
-&(nid_objs[745]),/* "wap-wsg-idm-ecid-wtls12" */
+42,     /* "shaWithRSAEncryption" */
-&(nid_objs[736]),/* "wap-wsg-idm-ecid-wtls3" */
+52,     /* "signingTime" */
-&(nid_objs[737]),/* "wap-wsg-idm-ecid-wtls4" */
+454,    /* "simpleSecurityObject" */
-&(nid_objs[738]),/* "wap-wsg-idm-ecid-wtls5" */
+496,    /* "singleLevelQuality" */
-&(nid_objs[739]),/* "wap-wsg-idm-ecid-wtls6" */
+16,     /* "stateOrProvinceName" */
-&(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */
+660,    /* "streetAddress" */
-&(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */
+498,    /* "subtreeMaximumQuality" */
-&(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */
+497,    /* "subtreeMinimumQuality" */
-&(nid_objs[804]),/* "whirlpool" */
+890,    /* "supportedAlgorithms" */
-&(nid_objs[503]),/* "x500UniqueIdentifier" */
+874,    /* "supportedApplicationContext" */
-&(nid_objs[158]),/* "x509Certificate" */
+100,    /* "surname" */
-&(nid_objs[160]),/* "x509Crl" */
+864,    /* "telephoneNumber" */
-&(nid_objs[125]),/* "zlib compression" */
+866,    /* "teletexTerminalIdentifier" */
+865,    /* "telexNumber" */
+459,    /* "textEncodedORAddress" */
+293,    /* "textNotice" */
+106,    /* "title" */
+682,    /* "tpBasis" */
+436,    /* "ucl" */
+ 0,     /* "undefined" */
+888,    /* "uniqueMember" */
+55,     /* "unstructuredAddress" */
+49,     /* "unstructuredName" */
+880,    /* "userCertificate" */
+465,    /* "userClass" */
+458,    /* "userId" */
+879,    /* "userPassword" */
+373,    /* "valid" */
+678,    /* "wap" */
+679,    /* "wap-wsg" */
+735,    /* "wap-wsg-idm-ecid-wtls1" */
+743,    /* "wap-wsg-idm-ecid-wtls10" */
+744,    /* "wap-wsg-idm-ecid-wtls11" */
+745,    /* "wap-wsg-idm-ecid-wtls12" */
+736,    /* "wap-wsg-idm-ecid-wtls3" */
+737,    /* "wap-wsg-idm-ecid-wtls4" */
+738,    /* "wap-wsg-idm-ecid-wtls5" */
+739,    /* "wap-wsg-idm-ecid-wtls6" */
+740,    /* "wap-wsg-idm-ecid-wtls7" */
+741,    /* "wap-wsg-idm-ecid-wtls8" */
+742,    /* "wap-wsg-idm-ecid-wtls9" */
+804,    /* "whirlpool" */
+868,    /* "x121Address" */
+503,    /* "x500UniqueIdentifier" */
+158,    /* "x509Certificate" */
+160,    /* "x509Crl" */
+125,    /* "zlib compression" */
 };
-static ASN1_OBJECT *obj_objs[NUM_OBJ]={
+static const unsigned int obj_objs[NUM_OBJ]={
-&(nid_objs[ 0]),/* OBJ_undef                        0 */
+ 0,     /* OBJ_undef                        0 */
-&(nid_objs[393]),/* OBJ_joint_iso_ccitt              OBJ_joint_iso_itu_t */
+393,    /* OBJ_joint_iso_ccitt              OBJ_joint_iso_itu_t */
-&(nid_objs[404]),/* OBJ_ccitt                        OBJ_itu_t */
+404,    /* OBJ_ccitt                        OBJ_itu_t */
-&(nid_objs[645]),/* OBJ_itu_t                        0 */
+645,    /* OBJ_itu_t                        0 */
-&(nid_objs[434]),/* OBJ_data                         0 9 */
+434,    /* OBJ_data                         0 9 */
-&(nid_objs[181]),/* OBJ_iso                          1 */
+181,    /* OBJ_iso                          1 */
-&(nid_objs[182]),/* OBJ_member_body                  1 2 */
+182,    /* OBJ_member_body                  1 2 */
-&(nid_objs[379]),/* OBJ_org                          1 3 */
+379,    /* OBJ_org                          1 3 */
-&(nid_objs[676]),/* OBJ_identified_organization      1 3 */
+676,    /* OBJ_identified_organization      1 3 */
-&(nid_objs[646]),/* OBJ_joint_iso_itu_t              2 */
+646,    /* OBJ_joint_iso_itu_t              2 */
-&(nid_objs[11]),/* OBJ_X500                         2 5 */
+11,     /* OBJ_X500                         2 5 */
-&(nid_objs[647]),/* OBJ_international_organizations  2 23 */
+647,    /* OBJ_international_organizations  2 23 */
-&(nid_objs[380]),/* OBJ_dod                          1 3 6 */
+380,    /* OBJ_dod                          1 3 6 */
-&(nid_objs[12]),/* OBJ_X509                         2 5 4 */
+12,     /* OBJ_X509                         2 5 4 */
-&(nid_objs[378]),/* OBJ_X500algorithms               2 5 8 */
+378,    /* OBJ_X500algorithms               2 5 8 */
-&(nid_objs[81]),/* OBJ_id_ce                        2 5 29 */
+81,     /* OBJ_id_ce                        2 5 29 */
-&(nid_objs[512]),/* OBJ_id_set                       2 23 42 */
+512,    /* OBJ_id_set                       2 23 42 */
-&(nid_objs[678]),/* OBJ_wap                          2 23 43 */
+678,    /* OBJ_wap                          2 23 43 */
-&(nid_objs[435]),/* OBJ_pss                          0 9 2342 */
+435,    /* OBJ_pss                          0 9 2342 */
-&(nid_objs[183]),/* OBJ_ISO_US                       1 2 840 */
+183,    /* OBJ_ISO_US                       1 2 840 */
-&(nid_objs[381]),/* OBJ_iana                         1 3 6 1 */
+381,    /* OBJ_iana                         1 3 6 1 */
-&(nid_objs[677]),/* OBJ_certicom_arc                 1 3 132 */
+677,    /* OBJ_certicom_arc                 1 3 132 */
-&(nid_objs[394]),/* OBJ_selected_attribute_types     2 5 1 5 */
+394,    /* OBJ_selected_attribute_types     2 5 1 5 */
-&(nid_objs[13]),/* OBJ_commonName                   2 5 4 3 */
+13,     /* OBJ_commonName                   2 5 4 3 */
-&(nid_objs[100]),/* OBJ_surname                      2 5 4 4 */
+100,    /* OBJ_surname                      2 5 4 4 */
-&(nid_objs[105]),/* OBJ_serialNumber                 2 5 4 5 */
+105,    /* OBJ_serialNumber                 2 5 4 5 */
-&(nid_objs[14]),/* OBJ_countryName                  2 5 4 6 */
+14,     /* OBJ_countryName                  2 5 4 6 */
-&(nid_objs[15]),/* OBJ_localityName                 2 5 4 7 */
+15,     /* OBJ_localityName                 2 5 4 7 */
-&(nid_objs[16]),/* OBJ_stateOrProvinceName          2 5 4 8 */
+16,     /* OBJ_stateOrProvinceName          2 5 4 8 */
-&(nid_objs[660]),/* OBJ_streetAddress                2 5 4 9 */
+660,    /* OBJ_streetAddress                2 5 4 9 */
-&(nid_objs[17]),/* OBJ_organizationName             2 5 4 10 */
+17,     /* OBJ_organizationName             2 5 4 10 */
-&(nid_objs[18]),/* OBJ_organizationalUnitName       2 5 4 11 */
+18,     /* OBJ_organizationalUnitName       2 5 4 11 */
-&(nid_objs[106]),/* OBJ_title                        2 5 4 12 */
+106,    /* OBJ_title                        2 5 4 12 */
-&(nid_objs[107]),/* OBJ_description                  2 5 4 13 */
+107,    /* OBJ_description                  2 5 4 13 */
-&(nid_objs[661]),/* OBJ_postalCode                   2 5 4 17 */
+859,    /* OBJ_searchGuide                  2 5 4 14 */
-&(nid_objs[173]),/* OBJ_name                         2 5 4 41 */
+860,    /* OBJ_businessCategory             2 5 4 15 */
-&(nid_objs[99]),/* OBJ_givenName                    2 5 4 42 */
+861,    /* OBJ_postalAddress                2 5 4 16 */
-&(nid_objs[101]),/* OBJ_initials                     2 5 4 43 */
+661,    /* OBJ_postalCode                   2 5 4 17 */
-&(nid_objs[509]),/* OBJ_generationQualifier          2 5 4 44 */
+862,    /* OBJ_postOfficeBox                2 5 4 18 */
-&(nid_objs[503]),/* OBJ_x500UniqueIdentifier         2 5 4 45 */
+863,    /* OBJ_physicalDeliveryOfficeName   2 5 4 19 */
-&(nid_objs[174]),/* OBJ_dnQualifier                  2 5 4 46 */
+864,    /* OBJ_telephoneNumber              2 5 4 20 */
-&(nid_objs[510]),/* OBJ_pseudonym                    2 5 4 65 */
+865,    /* OBJ_telexNumber                  2 5 4 21 */
-&(nid_objs[400]),/* OBJ_role                         2 5 4 72 */
+866,    /* OBJ_teletexTerminalIdentifier    2 5 4 22 */
-&(nid_objs[769]),/* OBJ_subject_directory_attributes 2 5 29 9 */
+867,    /* OBJ_facsimileTelephoneNumber     2 5 4 23 */
-&(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */
+868,    /* OBJ_x121Address                  2 5 4 24 */
-&(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */
+869,    /* OBJ_internationaliSDNNumber      2 5 4 25 */
-&(nid_objs[84]),/* OBJ_private_key_usage_period     2 5 29 16 */
+870,    /* OBJ_registeredAddress            2 5 4 26 */
-&(nid_objs[85]),/* OBJ_subject_alt_name             2 5 29 17 */
+871,    /* OBJ_destinationIndicator         2 5 4 27 */
-&(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */
+872,    /* OBJ_preferredDeliveryMethod      2 5 4 28 */
-&(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */
+873,    /* OBJ_presentationAddress          2 5 4 29 */
-&(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */
+874,    /* OBJ_supportedApplicationContext  2 5 4 30 */
-&(nid_objs[141]),/* OBJ_crl_reason                   2 5 29 21 */
+875,    /* OBJ_member                       2 5 4 31 */
-&(nid_objs[430]),/* OBJ_hold_instruction_code        2 5 29 23 */
+876,    /* OBJ_owner                        2 5 4 32 */
-&(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */
+877,    /* OBJ_roleOccupant                 2 5 4 33 */
-&(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */
+878,    /* OBJ_seeAlso                      2 5 4 34 */
-&(nid_objs[770]),/* OBJ_issuing_distribution_point   2 5 29 28 */
+879,    /* OBJ_userPassword                 2 5 4 35 */
-&(nid_objs[771]),/* OBJ_certificate_issuer           2 5 29 29 */
+880,    /* OBJ_userCertificate              2 5 4 36 */
-&(nid_objs[666]),/* OBJ_name_constraints             2 5 29 30 */
+881,    /* OBJ_cACertificate                2 5 4 37 */
-&(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
+882,    /* OBJ_authorityRevocationList      2 5 4 38 */
-&(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
+883,    /* OBJ_certificateRevocationList    2 5 4 39 */
-&(nid_objs[747]),/* OBJ_policy_mappings              2 5 29 33 */
+884,    /* OBJ_crossCertificatePair         2 5 4 40 */
-&(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
+173,    /* OBJ_name                         2 5 4 41 */
-&(nid_objs[401]),/* OBJ_policy_constraints           2 5 29 36 */
+99,     /* OBJ_givenName                    2 5 4 42 */
-&(nid_objs[126]),/* OBJ_ext_key_usage                2 5 29 37 */
+101,    /* OBJ_initials                     2 5 4 43 */
-&(nid_objs[857]),/* OBJ_freshest_crl                 2 5 29 46 */
+509,    /* OBJ_generationQualifier          2 5 4 44 */
-&(nid_objs[748]),/* OBJ_inhibit_any_policy           2 5 29 54 */
+503,    /* OBJ_x500UniqueIdentifier         2 5 4 45 */
-&(nid_objs[402]),/* OBJ_target_information           2 5 29 55 */
+174,    /* OBJ_dnQualifier                  2 5 4 46 */
-&(nid_objs[403]),/* OBJ_no_rev_avail                 2 5 29 56 */
+885,    /* OBJ_enhancedSearchGuide          2 5 4 47 */
-&(nid_objs[513]),/* OBJ_set_ctype                    2 23 42 0 */
+886,    /* OBJ_protocolInformation          2 5 4 48 */
-&(nid_objs[514]),/* OBJ_set_msgExt                   2 23 42 1 */
+887,    /* OBJ_distinguishedName            2 5 4 49 */
-&(nid_objs[515]),/* OBJ_set_attr                     2 23 42 3 */
+888,    /* OBJ_uniqueMember                 2 5 4 50 */
-&(nid_objs[516]),/* OBJ_set_policy                   2 23 42 5 */
+889,    /* OBJ_houseIdentifier              2 5 4 51 */
-&(nid_objs[517]),/* OBJ_set_certExt                  2 23 42 7 */
+890,    /* OBJ_supportedAlgorithms          2 5 4 52 */
-&(nid_objs[518]),/* OBJ_set_brand                    2 23 42 8 */
+891,    /* OBJ_deltaRevocationList          2 5 4 53 */
-&(nid_objs[679]),/* OBJ_wap_wsg                      2 23 43 13 */
+892,    /* OBJ_dmdName                      2 5 4 54 */
-&(nid_objs[382]),/* OBJ_Directory                    1 3 6 1 1 */
+510,    /* OBJ_pseudonym                    2 5 4 65 */
-&(nid_objs[383]),/* OBJ_Management                   1 3 6 1 2 */
+400,    /* OBJ_role                         2 5 4 72 */
-&(nid_objs[384]),/* OBJ_Experimental                 1 3 6 1 3 */
+769,    /* OBJ_subject_directory_attributes 2 5 29 9 */
-&(nid_objs[385]),/* OBJ_Private                      1 3 6 1 4 */
+82,     /* OBJ_subject_key_identifier       2 5 29 14 */
-&(nid_objs[386]),/* OBJ_Security                     1 3 6 1 5 */
+83,     /* OBJ_key_usage                    2 5 29 15 */
-&(nid_objs[387]),/* OBJ_SNMPv2                       1 3 6 1 6 */
+84,     /* OBJ_private_key_usage_period     2 5 29 16 */
-&(nid_objs[388]),/* OBJ_Mail                         1 3 6 1 7 */
+85,     /* OBJ_subject_alt_name             2 5 29 17 */
-&(nid_objs[376]),/* OBJ_algorithm                    1 3 14 3 2 */
+86,     /* OBJ_issuer_alt_name              2 5 29 18 */
-&(nid_objs[395]),/* OBJ_clearance                    2 5 1 5 55 */
+87,     /* OBJ_basic_constraints            2 5 29 19 */
-&(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
+88,     /* OBJ_crl_number                   2 5 29 20 */
-&(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
+141,    /* OBJ_crl_reason                   2 5 29 21 */
-&(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
+430,    /* OBJ_hold_instruction_code        2 5 29 23 */
-&(nid_objs[746]),/* OBJ_any_policy                   2 5 29 32 0 */
+142,    /* OBJ_invalidity_date              2 5 29 24 */
-&(nid_objs[519]),/* OBJ_setct_PANData                2 23 42 0 0 */
+140,    /* OBJ_delta_crl                    2 5 29 27 */
-&(nid_objs[520]),/* OBJ_setct_PANToken               2 23 42 0 1 */
+770,    /* OBJ_issuing_distribution_point   2 5 29 28 */
-&(nid_objs[521]),/* OBJ_setct_PANOnly                2 23 42 0 2 */
+771,    /* OBJ_certificate_issuer           2 5 29 29 */
-&(nid_objs[522]),/* OBJ_setct_OIData                 2 23 42 0 3 */
+666,    /* OBJ_name_constraints             2 5 29 30 */
-&(nid_objs[523]),/* OBJ_setct_PI                     2 23 42 0 4 */
+103,    /* OBJ_crl_distribution_points      2 5 29 31 */
-&(nid_objs[524]),/* OBJ_setct_PIData                 2 23 42 0 5 */
+89,     /* OBJ_certificate_policies         2 5 29 32 */
-&(nid_objs[525]),/* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */
+747,    /* OBJ_policy_mappings              2 5 29 33 */
-&(nid_objs[526]),/* OBJ_setct_HODInput               2 23 42 0 7 */
+90,     /* OBJ_authority_key_identifier     2 5 29 35 */
-&(nid_objs[527]),/* OBJ_setct_AuthResBaggage         2 23 42 0 8 */
+401,    /* OBJ_policy_constraints           2 5 29 36 */
-&(nid_objs[528]),/* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */
+126,    /* OBJ_ext_key_usage                2 5 29 37 */
-&(nid_objs[529]),/* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */
+857,    /* OBJ_freshest_crl                 2 5 29 46 */
-&(nid_objs[530]),/* OBJ_setct_CapTokenSeq            2 23 42 0 11 */
+748,    /* OBJ_inhibit_any_policy           2 5 29 54 */
-&(nid_objs[531]),/* OBJ_setct_PInitResData           2 23 42 0 12 */
+402,    /* OBJ_target_information           2 5 29 55 */
-&(nid_objs[532]),/* OBJ_setct_PI_TBS                 2 23 42 0 13 */
+403,    /* OBJ_no_rev_avail                 2 5 29 56 */
-&(nid_objs[533]),/* OBJ_setct_PResData               2 23 42 0 14 */
+513,    /* OBJ_set_ctype                    2 23 42 0 */
-&(nid_objs[534]),/* OBJ_setct_AuthReqTBS             2 23 42 0 16 */
+514,    /* OBJ_set_msgExt                   2 23 42 1 */
-&(nid_objs[535]),/* OBJ_setct_AuthResTBS             2 23 42 0 17 */
+515,    /* OBJ_set_attr                     2 23 42 3 */
-&(nid_objs[536]),/* OBJ_setct_AuthResTBSX            2 23 42 0 18 */
+516,    /* OBJ_set_policy                   2 23 42 5 */
-&(nid_objs[537]),/* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */
+517,    /* OBJ_set_certExt                  2 23 42 7 */
-&(nid_objs[538]),/* OBJ_setct_CapTokenData           2 23 42 0 20 */
+518,    /* OBJ_set_brand                    2 23 42 8 */
-&(nid_objs[539]),/* OBJ_setct_CapTokenTBS            2 23 42 0 21 */
+679,    /* OBJ_wap_wsg                      2 23 43 1 */
-&(nid_objs[540]),/* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */
+382,    /* OBJ_Directory                    1 3 6 1 1 */
-&(nid_objs[541]),/* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */
+383,    /* OBJ_Management                   1 3 6 1 2 */
-&(nid_objs[542]),/* OBJ_setct_AuthRevResData         2 23 42 0 24 */
+384,    /* OBJ_Experimental                 1 3 6 1 3 */
-&(nid_objs[543]),/* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */
+385,    /* OBJ_Private                      1 3 6 1 4 */
-&(nid_objs[544]),/* OBJ_setct_CapReqTBS              2 23 42 0 26 */
+386,    /* OBJ_Security                     1 3 6 1 5 */
-&(nid_objs[545]),/* OBJ_setct_CapReqTBSX             2 23 42 0 27 */
+387,    /* OBJ_SNMPv2                       1 3 6 1 6 */
-&(nid_objs[546]),/* OBJ_setct_CapResData             2 23 42 0 28 */
+388,    /* OBJ_Mail                         1 3 6 1 7 */
-&(nid_objs[547]),/* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */
+376,    /* OBJ_algorithm                    1 3 14 3 2 */
-&(nid_objs[548]),/* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */
+395,    /* OBJ_clearance                    2 5 1 5 55 */
-&(nid_objs[549]),/* OBJ_setct_CapRevResData          2 23 42 0 31 */
+19,     /* OBJ_rsa                          2 5 8 1 1 */
-&(nid_objs[550]),/* OBJ_setct_CredReqTBS             2 23 42 0 32 */
+96,     /* OBJ_mdc2WithRSA                  2 5 8 3 100 */
-&(nid_objs[551]),/* OBJ_setct_CredReqTBSX            2 23 42 0 33 */
+95,     /* OBJ_mdc2                         2 5 8 3 101 */
-&(nid_objs[552]),/* OBJ_setct_CredResData            2 23 42 0 34 */
+746,    /* OBJ_any_policy                   2 5 29 32 0 */
-&(nid_objs[553]),/* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */
+519,    /* OBJ_setct_PANData                2 23 42 0 0 */
-&(nid_objs[554]),/* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */
+520,    /* OBJ_setct_PANToken               2 23 42 0 1 */
-&(nid_objs[555]),/* OBJ_setct_CredRevResData         2 23 42 0 37 */
+521,    /* OBJ_setct_PANOnly                2 23 42 0 2 */
-&(nid_objs[556]),/* OBJ_setct_PCertReqData           2 23 42 0 38 */
+522,    /* OBJ_setct_OIData                 2 23 42 0 3 */
-&(nid_objs[557]),/* OBJ_setct_PCertResTBS            2 23 42 0 39 */
+523,    /* OBJ_setct_PI                     2 23 42 0 4 */
-&(nid_objs[558]),/* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */
+524,    /* OBJ_setct_PIData                 2 23 42 0 5 */
-&(nid_objs[559]),/* OBJ_setct_BatchAdminResData      2 23 42 0 41 */
+525,    /* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */
-&(nid_objs[560]),/* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */
+526,    /* OBJ_setct_HODInput               2 23 42 0 7 */
-&(nid_objs[561]),/* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */
+527,    /* OBJ_setct_AuthResBaggage         2 23 42 0 8 */
-&(nid_objs[562]),/* OBJ_setct_RegFormResTBS          2 23 42 0 44 */
+528,    /* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */
-&(nid_objs[563]),/* OBJ_setct_CertReqData            2 23 42 0 45 */
+529,    /* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */
-&(nid_objs[564]),/* OBJ_setct_CertReqTBS             2 23 42 0 46 */
+530,    /* OBJ_setct_CapTokenSeq            2 23 42 0 11 */
-&(nid_objs[565]),/* OBJ_setct_CertResData            2 23 42 0 47 */
+531,    /* OBJ_setct_PInitResData           2 23 42 0 12 */
-&(nid_objs[566]),/* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */
+532,    /* OBJ_setct_PI_TBS                 2 23 42 0 13 */
-&(nid_objs[567]),/* OBJ_setct_ErrorTBS               2 23 42 0 49 */
+533,    /* OBJ_setct_PResData               2 23 42 0 14 */
-&(nid_objs[568]),/* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */
+534,    /* OBJ_setct_AuthReqTBS             2 23 42 0 16 */
-&(nid_objs[569]),/* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */
+535,    /* OBJ_setct_AuthResTBS             2 23 42 0 17 */
-&(nid_objs[570]),/* OBJ_setct_AuthReqTBE             2 23 42 0 52 */
+536,    /* OBJ_setct_AuthResTBSX            2 23 42 0 18 */
-&(nid_objs[571]),/* OBJ_setct_AuthResTBE             2 23 42 0 53 */
+537,    /* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */
-&(nid_objs[572]),/* OBJ_setct_AuthResTBEX            2 23 42 0 54 */
+538,    /* OBJ_setct_CapTokenData           2 23 42 0 20 */
-&(nid_objs[573]),/* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */
+539,    /* OBJ_setct_CapTokenTBS            2 23 42 0 21 */
-&(nid_objs[574]),/* OBJ_setct_CapTokenTBE            2 23 42 0 56 */
+540,    /* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */
-&(nid_objs[575]),/* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */
+541,    /* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */
-&(nid_objs[576]),/* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */
+542,    /* OBJ_setct_AuthRevResData         2 23 42 0 24 */
-&(nid_objs[577]),/* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */
+543,    /* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */
-&(nid_objs[578]),/* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */
+544,    /* OBJ_setct_CapReqTBS              2 23 42 0 26 */
-&(nid_objs[579]),/* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */
+545,    /* OBJ_setct_CapReqTBSX             2 23 42 0 27 */
-&(nid_objs[580]),/* OBJ_setct_CapReqTBE              2 23 42 0 62 */
+546,    /* OBJ_setct_CapResData             2 23 42 0 28 */
-&(nid_objs[581]),/* OBJ_setct_CapReqTBEX             2 23 42 0 63 */
+547,    /* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */
-&(nid_objs[582]),/* OBJ_setct_CapResTBE              2 23 42 0 64 */
+548,    /* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */
-&(nid_objs[583]),/* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */
+549,    /* OBJ_setct_CapRevResData          2 23 42 0 31 */
-&(nid_objs[584]),/* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */
+550,    /* OBJ_setct_CredReqTBS             2 23 42 0 32 */
-&(nid_objs[585]),/* OBJ_setct_CapRevResTBE           2 23 42 0 67 */
+551,    /* OBJ_setct_CredReqTBSX            2 23 42 0 33 */
-&(nid_objs[586]),/* OBJ_setct_CredReqTBE             2 23 42 0 68 */
+552,    /* OBJ_setct_CredResData            2 23 42 0 34 */
-&(nid_objs[587]),/* OBJ_setct_CredReqTBEX            2 23 42 0 69 */
+553,    /* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */
-&(nid_objs[588]),/* OBJ_setct_CredResTBE             2 23 42 0 70 */
+554,    /* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */
-&(nid_objs[589]),/* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */
+555,    /* OBJ_setct_CredRevResData         2 23 42 0 37 */
-&(nid_objs[590]),/* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */
+556,    /* OBJ_setct_PCertReqData           2 23 42 0 38 */
-&(nid_objs[591]),/* OBJ_setct_CredRevResTBE          2 23 42 0 73 */
+557,    /* OBJ_setct_PCertResTBS            2 23 42 0 39 */
-&(nid_objs[592]),/* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */
+558,    /* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */
-&(nid_objs[593]),/* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */
+559,    /* OBJ_setct_BatchAdminResData      2 23 42 0 41 */
-&(nid_objs[594]),/* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */
+560,    /* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */
-&(nid_objs[595]),/* OBJ_setct_CertReqTBE             2 23 42 0 77 */
+561,    /* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */
-&(nid_objs[596]),/* OBJ_setct_CertReqTBEX            2 23 42 0 78 */
+562,    /* OBJ_setct_RegFormResTBS          2 23 42 0 44 */
-&(nid_objs[597]),/* OBJ_setct_CertResTBE             2 23 42 0 79 */
+563,    /* OBJ_setct_CertReqData            2 23 42 0 45 */
-&(nid_objs[598]),/* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */
+564,    /* OBJ_setct_CertReqTBS             2 23 42 0 46 */
-&(nid_objs[599]),/* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */
+565,    /* OBJ_setct_CertResData            2 23 42 0 47 */
-&(nid_objs[600]),/* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */
+566,    /* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */
-&(nid_objs[601]),/* OBJ_setext_genCrypt              2 23 42 1 1 */
+567,    /* OBJ_setct_ErrorTBS               2 23 42 0 49 */
-&(nid_objs[602]),/* OBJ_setext_miAuth                2 23 42 1 3 */
+568,    /* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */
-&(nid_objs[603]),/* OBJ_setext_pinSecure             2 23 42 1 4 */
+569,    /* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */
-&(nid_objs[604]),/* OBJ_setext_pinAny                2 23 42 1 5 */
+570,    /* OBJ_setct_AuthReqTBE             2 23 42 0 52 */
-&(nid_objs[605]),/* OBJ_setext_track2                2 23 42 1 7 */
+571,    /* OBJ_setct_AuthResTBE             2 23 42 0 53 */
-&(nid_objs[606]),/* OBJ_setext_cv                    2 23 42 1 8 */
+572,    /* OBJ_setct_AuthResTBEX            2 23 42 0 54 */
-&(nid_objs[620]),/* OBJ_setAttr_Cert                 2 23 42 3 0 */
+573,    /* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */
-&(nid_objs[621]),/* OBJ_setAttr_PGWYcap              2 23 42 3 1 */
+574,    /* OBJ_setct_CapTokenTBE            2 23 42 0 56 */
-&(nid_objs[622]),/* OBJ_setAttr_TokenType            2 23 42 3 2 */
+575,    /* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */
-&(nid_objs[623]),/* OBJ_setAttr_IssCap               2 23 42 3 3 */
+576,    /* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */
-&(nid_objs[607]),/* OBJ_set_policy_root              2 23 42 5 0 */
+577,    /* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */
-&(nid_objs[608]),/* OBJ_setCext_hashedRoot           2 23 42 7 0 */
+578,    /* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */
-&(nid_objs[609]),/* OBJ_setCext_certType             2 23 42 7 1 */
+579,    /* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */
-&(nid_objs[610]),/* OBJ_setCext_merchData            2 23 42 7 2 */
+580,    /* OBJ_setct_CapReqTBE              2 23 42 0 62 */
-&(nid_objs[611]),/* OBJ_setCext_cCertRequired        2 23 42 7 3 */
+581,    /* OBJ_setct_CapReqTBEX             2 23 42 0 63 */
-&(nid_objs[612]),/* OBJ_setCext_tunneling            2 23 42 7 4 */
+582,    /* OBJ_setct_CapResTBE              2 23 42 0 64 */
-&(nid_objs[613]),/* OBJ_setCext_setExt               2 23 42 7 5 */
+583,    /* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */
-&(nid_objs[614]),/* OBJ_setCext_setQualf             2 23 42 7 6 */
+584,    /* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */
-&(nid_objs[615]),/* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */
+585,    /* OBJ_setct_CapRevResTBE           2 23 42 0 67 */
-&(nid_objs[616]),/* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */
+586,    /* OBJ_setct_CredReqTBE             2 23 42 0 68 */
-&(nid_objs[617]),/* OBJ_setCext_Track2Data           2 23 42 7 9 */
+587,    /* OBJ_setct_CredReqTBEX            2 23 42 0 69 */
-&(nid_objs[618]),/* OBJ_setCext_TokenType            2 23 42 7 10 */
+588,    /* OBJ_setct_CredResTBE             2 23 42 0 70 */
-&(nid_objs[619]),/* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */
+589,    /* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */
-&(nid_objs[636]),/* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */
+590,    /* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */
-&(nid_objs[640]),/* OBJ_set_brand_Visa               2 23 42 8 4 */
+591,    /* OBJ_setct_CredRevResTBE          2 23 42 0 73 */
-&(nid_objs[641]),/* OBJ_set_brand_MasterCard         2 23 42 8 5 */
+592,    /* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */
-&(nid_objs[637]),/* OBJ_set_brand_Diners             2 23 42 8 30 */
+593,    /* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */
-&(nid_objs[638]),/* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
+594,    /* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */
-&(nid_objs[639]),/* OBJ_set_brand_JCB                2 23 42 8 35 */
+595,    /* OBJ_setct_CertReqTBE             2 23 42 0 77 */
-&(nid_objs[805]),/* OBJ_cryptopro                    1 2 643 2 2 */
+596,    /* OBJ_setct_CertReqTBEX            2 23 42 0 78 */
-&(nid_objs[806]),/* OBJ_cryptocom                    1 2 643 2 9 */
+597,    /* OBJ_setct_CertResTBE             2 23 42 0 79 */
-&(nid_objs[184]),/* OBJ_X9_57                        1 2 840 10040 */
+598,    /* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */
-&(nid_objs[405]),/* OBJ_ansi_X9_62                   1 2 840 10045 */
+599,    /* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */
-&(nid_objs[389]),/* OBJ_Enterprises                  1 3 6 1 4 1 */
+600,    /* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */
-&(nid_objs[504]),/* OBJ_mime_mhs                     1 3 6 1 7 1 */
+601,    /* OBJ_setext_genCrypt              2 23 42 1 1 */
-&(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
+602,    /* OBJ_setext_miAuth                2 23 42 1 3 */
-&(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
+603,    /* OBJ_setext_pinSecure             2 23 42 1 4 */
-&(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
+604,    /* OBJ_setext_pinAny                2 23 42 1 5 */
-&(nid_objs[45]),/* OBJ_des_ofb64                    1 3 14 3 2 8 */
+605,    /* OBJ_setext_track2                2 23 42 1 7 */
-&(nid_objs[30]),/* OBJ_des_cfb64                    1 3 14 3 2 9 */
+606,    /* OBJ_setext_cv                    2 23 42 1 8 */
-&(nid_objs[377]),/* OBJ_rsaSignature                 1 3 14 3 2 11 */
+620,    /* OBJ_setAttr_Cert                 2 23 42 3 0 */
-&(nid_objs[67]),/* OBJ_dsa_2                        1 3 14 3 2 12 */
+621,    /* OBJ_setAttr_PGWYcap              2 23 42 3 1 */
-&(nid_objs[66]),/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
+622,    /* OBJ_setAttr_TokenType            2 23 42 3 2 */
-&(nid_objs[42]),/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
+623,    /* OBJ_setAttr_IssCap               2 23 42 3 3 */
-&(nid_objs[32]),/* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
+607,    /* OBJ_set_policy_root              2 23 42 5 0 */
-&(nid_objs[41]),/* OBJ_sha                          1 3 14 3 2 18 */
+608,    /* OBJ_setCext_hashedRoot           2 23 42 7 0 */
-&(nid_objs[64]),/* OBJ_sha1                         1 3 14 3 2 26 */
+609,    /* OBJ_setCext_certType             2 23 42 7 1 */
-&(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
+610,    /* OBJ_setCext_merchData            2 23 42 7 2 */
-&(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
+611,    /* OBJ_setCext_cCertRequired        2 23 42 7 3 */
-&(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */
+612,    /* OBJ_setCext_tunneling            2 23 42 7 4 */
-&(nid_objs[143]),/* OBJ_sxnet                        1 3 101 1 4 1 */
+613,    /* OBJ_setCext_setExt               2 23 42 7 5 */
-&(nid_objs[721]),/* OBJ_sect163k1                    1 3 132 0 1 */
+614,    /* OBJ_setCext_setQualf             2 23 42 7 6 */
-&(nid_objs[722]),/* OBJ_sect163r1                    1 3 132 0 2 */
+615,    /* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */
-&(nid_objs[728]),/* OBJ_sect239k1                    1 3 132 0 3 */
+616,    /* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */
-&(nid_objs[717]),/* OBJ_sect113r1                    1 3 132 0 4 */
+617,    /* OBJ_setCext_Track2Data           2 23 42 7 9 */
-&(nid_objs[718]),/* OBJ_sect113r2                    1 3 132 0 5 */
+618,    /* OBJ_setCext_TokenType            2 23 42 7 10 */
-&(nid_objs[704]),/* OBJ_secp112r1                    1 3 132 0 6 */
+619,    /* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */
-&(nid_objs[705]),/* OBJ_secp112r2                    1 3 132 0 7 */
+636,    /* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */
-&(nid_objs[709]),/* OBJ_secp160r1                    1 3 132 0 8 */
+640,    /* OBJ_set_brand_Visa               2 23 42 8 4 */
-&(nid_objs[708]),/* OBJ_secp160k1                    1 3 132 0 9 */
+641,    /* OBJ_set_brand_MasterCard         2 23 42 8 5 */
-&(nid_objs[714]),/* OBJ_secp256k1                    1 3 132 0 10 */
+637,    /* OBJ_set_brand_Diners             2 23 42 8 30 */
-&(nid_objs[723]),/* OBJ_sect163r2                    1 3 132 0 15 */
+638,    /* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
-&(nid_objs[729]),/* OBJ_sect283k1                    1 3 132 0 16 */
+639,    /* OBJ_set_brand_JCB                2 23 42 8 35 */
-&(nid_objs[730]),/* OBJ_sect283r1                    1 3 132 0 17 */
+805,    /* OBJ_cryptopro                    1 2 643 2 2 */
-&(nid_objs[719]),/* OBJ_sect131r1                    1 3 132 0 22 */
+806,    /* OBJ_cryptocom                    1 2 643 2 9 */
-&(nid_objs[720]),/* OBJ_sect131r2                    1 3 132 0 23 */
+184,    /* OBJ_X9_57                        1 2 840 10040 */
-&(nid_objs[724]),/* OBJ_sect193r1                    1 3 132 0 24 */
+405,    /* OBJ_ansi_X9_62                   1 2 840 10045 */
-&(nid_objs[725]),/* OBJ_sect193r2                    1 3 132 0 25 */
+389,    /* OBJ_Enterprises                  1 3 6 1 4 1 */
-&(nid_objs[726]),/* OBJ_sect233k1                    1 3 132 0 26 */
+504,    /* OBJ_mime_mhs                     1 3 6 1 7 1 */
-&(nid_objs[727]),/* OBJ_sect233r1                    1 3 132 0 27 */
+104,    /* OBJ_md5WithRSA                   1 3 14 3 2 3 */
-&(nid_objs[706]),/* OBJ_secp128r1                    1 3 132 0 28 */
+29,     /* OBJ_des_ecb                      1 3 14 3 2 6 */
-&(nid_objs[707]),/* OBJ_secp128r2                    1 3 132 0 29 */
+31,     /* OBJ_des_cbc                      1 3 14 3 2 7 */
-&(nid_objs[710]),/* OBJ_secp160r2                    1 3 132 0 30 */
+45,     /* OBJ_des_ofb64                    1 3 14 3 2 8 */
-&(nid_objs[711]),/* OBJ_secp192k1                    1 3 132 0 31 */
+30,     /* OBJ_des_cfb64                    1 3 14 3 2 9 */
-&(nid_objs[712]),/* OBJ_secp224k1                    1 3 132 0 32 */
+377,    /* OBJ_rsaSignature                 1 3 14 3 2 11 */
-&(nid_objs[713]),/* OBJ_secp224r1                    1 3 132 0 33 */
+67,     /* OBJ_dsa_2                        1 3 14 3 2 12 */
-&(nid_objs[715]),/* OBJ_secp384r1                    1 3 132 0 34 */
+66,     /* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
-&(nid_objs[716]),/* OBJ_secp521r1                    1 3 132 0 35 */
+42,     /* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
-&(nid_objs[731]),/* OBJ_sect409k1                    1 3 132 0 36 */
+32,     /* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
-&(nid_objs[732]),/* OBJ_sect409r1                    1 3 132 0 37 */
+41,     /* OBJ_sha                          1 3 14 3 2 18 */
-&(nid_objs[733]),/* OBJ_sect571k1                    1 3 132 0 38 */
+64,     /* OBJ_sha1                         1 3 14 3 2 26 */
-&(nid_objs[734]),/* OBJ_sect571r1                    1 3 132 0 39 */
+70,     /* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
-&(nid_objs[624]),/* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */
+115,    /* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
-&(nid_objs[625]),/* OBJ_set_addPolicy                2 23 42 3 0 1 */
+117,    /* OBJ_ripemd160                    1 3 36 3 2 1 */
-&(nid_objs[626]),/* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */
+143,    /* OBJ_sxnet                        1 3 101 1 4 1 */
-&(nid_objs[627]),/* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */
+721,    /* OBJ_sect163k1                    1 3 132 0 1 */
-&(nid_objs[628]),/* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */
+722,    /* OBJ_sect163r1                    1 3 132 0 2 */
-&(nid_objs[629]),/* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */
+728,    /* OBJ_sect239k1                    1 3 132 0 3 */
-&(nid_objs[630]),/* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */
+717,    /* OBJ_sect113r1                    1 3 132 0 4 */
-&(nid_objs[642]),/* OBJ_set_brand_Novus              2 23 42 8 6011 */
+718,    /* OBJ_sect113r2                    1 3 132 0 5 */
-&(nid_objs[735]),/* OBJ_wap_wsg_idm_ecid_wtls1       2 23 43 13 4 1 */
+704,    /* OBJ_secp112r1                    1 3 132 0 6 */
-&(nid_objs[736]),/* OBJ_wap_wsg_idm_ecid_wtls3       2 23 43 13 4 3 */
+705,    /* OBJ_secp112r2                    1 3 132 0 7 */
-&(nid_objs[737]),/* OBJ_wap_wsg_idm_ecid_wtls4       2 23 43 13 4 4 */
+709,    /* OBJ_secp160r1                    1 3 132 0 8 */
-&(nid_objs[738]),/* OBJ_wap_wsg_idm_ecid_wtls5       2 23 43 13 4 5 */
+708,    /* OBJ_secp160k1                    1 3 132 0 9 */
-&(nid_objs[739]),/* OBJ_wap_wsg_idm_ecid_wtls6       2 23 43 13 4 6 */
+714,    /* OBJ_secp256k1                    1 3 132 0 10 */
-&(nid_objs[740]),/* OBJ_wap_wsg_idm_ecid_wtls7       2 23 43 13 4 7 */
+723,    /* OBJ_sect163r2                    1 3 132 0 15 */
-&(nid_objs[741]),/* OBJ_wap_wsg_idm_ecid_wtls8       2 23 43 13 4 8 */
+729,    /* OBJ_sect283k1                    1 3 132 0 16 */
-&(nid_objs[742]),/* OBJ_wap_wsg_idm_ecid_wtls9       2 23 43 13 4 9 */
+730,    /* OBJ_sect283r1                    1 3 132 0 17 */
-&(nid_objs[743]),/* OBJ_wap_wsg_idm_ecid_wtls10      2 23 43 13 4 10 */
+719,    /* OBJ_sect131r1                    1 3 132 0 22 */
-&(nid_objs[744]),/* OBJ_wap_wsg_idm_ecid_wtls11      2 23 43 13 4 11 */
+720,    /* OBJ_sect131r2                    1 3 132 0 23 */
-&(nid_objs[745]),/* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 13 4 12 */
+724,    /* OBJ_sect193r1                    1 3 132 0 24 */
-&(nid_objs[804]),/* OBJ_whirlpool                    1 0 10118 3 0 55 */
+725,    /* OBJ_sect193r2                    1 3 132 0 25 */
-&(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666 1 */
+726,    /* OBJ_sect233k1                    1 3 132 0 26 */
-&(nid_objs[773]),/* OBJ_kisa                         1 2 410 200004 */
+727,    /* OBJ_sect233r1                    1 3 132 0 27 */
-&(nid_objs[807]),/* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
+706,    /* OBJ_secp128r1                    1 3 132 0 28 */
-&(nid_objs[808]),/* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
+707,    /* OBJ_secp128r2                    1 3 132 0 29 */
-&(nid_objs[809]),/* OBJ_id_GostR3411_94              1 2 643 2 2 9 */
+710,    /* OBJ_secp160r2                    1 3 132 0 30 */
-&(nid_objs[810]),/* OBJ_id_HMACGostR3411_94          1 2 643 2 2 10 */
+711,    /* OBJ_secp192k1                    1 3 132 0 31 */
-&(nid_objs[811]),/* OBJ_id_GostR3410_2001            1 2 643 2 2 19 */
+712,    /* OBJ_secp224k1                    1 3 132 0 32 */
-&(nid_objs[812]),/* OBJ_id_GostR3410_94              1 2 643 2 2 20 */
+713,    /* OBJ_secp224r1                    1 3 132 0 33 */
-&(nid_objs[813]),/* OBJ_id_Gost28147_89              1 2 643 2 2 21 */
+715,    /* OBJ_secp384r1                    1 3 132 0 34 */
-&(nid_objs[815]),/* OBJ_id_Gost28147_89_MAC          1 2 643 2 2 22 */
+716,    /* OBJ_secp521r1                    1 3 132 0 35 */
-&(nid_objs[816]),/* OBJ_id_GostR3411_94_prf          1 2 643 2 2 23 */
+731,    /* OBJ_sect409k1                    1 3 132 0 36 */
-&(nid_objs[817]),/* OBJ_id_GostR3410_2001DH          1 2 643 2 2 98 */
+732,    /* OBJ_sect409r1                    1 3 132 0 37 */
-&(nid_objs[818]),/* OBJ_id_GostR3410_94DH            1 2 643 2 2 99 */
+733,    /* OBJ_sect571k1                    1 3 132 0 38 */
-&(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
+734,    /* OBJ_sect571r1                    1 3 132 0 39 */
-&(nid_objs[185]),/* OBJ_X9cm                         1 2 840 10040 4 */
+624,    /* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */
-&(nid_objs[127]),/* OBJ_id_pkix                      1 3 6 1 5 5 7 */
+625,    /* OBJ_set_addPolicy                2 23 42 3 0 1 */
-&(nid_objs[505]),/* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
+626,    /* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */
-&(nid_objs[506]),/* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
+627,    /* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */
-&(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
+628,    /* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */
-&(nid_objs[631]),/* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */
+629,    /* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */
-&(nid_objs[632]),/* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */
+630,    /* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */
-&(nid_objs[633]),/* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */
+642,    /* OBJ_set_brand_Novus              2 23 42 8 6011 */
-&(nid_objs[634]),/* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
+735,    /* OBJ_wap_wsg_idm_ecid_wtls1       2 23 43 1 4 1 */
-&(nid_objs[635]),/* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
+736,    /* OBJ_wap_wsg_idm_ecid_wtls3       2 23 43 1 4 3 */
-&(nid_objs[436]),/* OBJ_ucl                          0 9 2342 19200300 */
+737,    /* OBJ_wap_wsg_idm_ecid_wtls4       2 23 43 1 4 4 */
-&(nid_objs[820]),/* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */
+738,    /* OBJ_wap_wsg_idm_ecid_wtls5       2 23 43 1 4 5 */
-&(nid_objs[819]),/* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */
+739,    /* OBJ_wap_wsg_idm_ecid_wtls6       2 23 43 1 4 6 */
-&(nid_objs[845]),/* OBJ_id_GostR3410_94_a            1 2 643 2 2 20 1 */
+740,    /* OBJ_wap_wsg_idm_ecid_wtls7       2 23 43 1 4 7 */
-&(nid_objs[846]),/* OBJ_id_GostR3410_94_aBis         1 2 643 2 2 20 2 */
+741,    /* OBJ_wap_wsg_idm_ecid_wtls8       2 23 43 1 4 8 */
-&(nid_objs[847]),/* OBJ_id_GostR3410_94_b            1 2 643 2 2 20 3 */
+742,    /* OBJ_wap_wsg_idm_ecid_wtls9       2 23 43 1 4 9 */
-&(nid_objs[848]),/* OBJ_id_GostR3410_94_bBis         1 2 643 2 2 20 4 */
+743,    /* OBJ_wap_wsg_idm_ecid_wtls10      2 23 43 1 4 10 */
-&(nid_objs[821]),/* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */
+744,    /* OBJ_wap_wsg_idm_ecid_wtls11      2 23 43 1 4 11 */
-&(nid_objs[822]),/* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */
+745,    /* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 1 4 12 */
-&(nid_objs[823]),/* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */
+804,    /* OBJ_whirlpool                    1 0 10118 3 0 55 */
-&(nid_objs[824]),/* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */
+124,    /* OBJ_rle_compression              1 1 1 1 666 1 */
-&(nid_objs[825]),/* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */
+773,    /* OBJ_kisa                         1 2 410 200004 */
-&(nid_objs[826]),/* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */
+807,    /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
-&(nid_objs[827]),/* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */
+808,    /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
-&(nid_objs[828]),/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */
+809,    /* OBJ_id_GostR3411_94              1 2 643 2 2 9 */
-&(nid_objs[829]),/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */
+810,    /* OBJ_id_HMACGostR3411_94          1 2 643 2 2 10 */
-&(nid_objs[830]),/* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */
+811,    /* OBJ_id_GostR3410_2001            1 2 643 2 2 19 */
-&(nid_objs[831]),/* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */
+812,    /* OBJ_id_GostR3410_94              1 2 643 2 2 20 */
-&(nid_objs[832]),/* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */
+813,    /* OBJ_id_Gost28147_89              1 2 643 2 2 21 */
-&(nid_objs[833]),/* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */
+815,    /* OBJ_id_Gost28147_89_MAC          1 2 643 2 2 22 */
-&(nid_objs[834]),/* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */
+816,    /* OBJ_id_GostR3411_94_prf          1 2 643 2 2 23 */
-&(nid_objs[835]),/* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */
+817,    /* OBJ_id_GostR3410_2001DH          1 2 643 2 2 98 */
-&(nid_objs[836]),/* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */
+818,    /* OBJ_id_GostR3410_94DH            1 2 643 2 2 99 */
-&(nid_objs[837]),/* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */
+ 1,     /* OBJ_rsadsi                       1 2 840 113549 */
-&(nid_objs[838]),/* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */
+185,    /* OBJ_X9cm                         1 2 840 10040 4 */
-&(nid_objs[839]),/* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */
+127,    /* OBJ_id_pkix                      1 3 6 1 5 5 7 */
-&(nid_objs[840]),/* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */
+505,    /* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
-&(nid_objs[841]),/* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */
+506,    /* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
-&(nid_objs[842]),/* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */
+119,    /* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
-&(nid_objs[843]),/* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */
+631,    /* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */
-&(nid_objs[844]),/* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */
+632,    /* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */
-&(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */
+633,    /* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */
-&(nid_objs[431]),/* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
+634,    /* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
-&(nid_objs[432]),/* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
+635,    /* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
-&(nid_objs[433]),/* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */
+436,    /* OBJ_ucl                          0 9 2342 19200300 */
-&(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */
+820,    /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */
-&(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
+819,    /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */
-&(nid_objs[406]),/* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */
+845,    /* OBJ_id_GostR3410_94_a            1 2 643 2 2 20 1 */
-&(nid_objs[407]),/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
+846,    /* OBJ_id_GostR3410_94_aBis         1 2 643 2 2 20 2 */
-&(nid_objs[408]),/* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
+847,    /* OBJ_id_GostR3410_94_b            1 2 643 2 2 20 3 */
-&(nid_objs[416]),/* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
+848,    /* OBJ_id_GostR3410_94_bBis         1 2 643 2 2 20 4 */
-&(nid_objs[791]),/* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
+821,    /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */
-&(nid_objs[792]),/* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
+822,    /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */
-&(nid_objs[258]),/* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
+823,    /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */
-&(nid_objs[175]),/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
+824,    /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */
-&(nid_objs[259]),/* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
+825,    /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */
-&(nid_objs[128]),/* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
+826,    /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */
-&(nid_objs[260]),/* OBJ_id_it                        1 3 6 1 5 5 7 4 */
+827,    /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */
-&(nid_objs[261]),/* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */
+828,    /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */
-&(nid_objs[262]),/* OBJ_id_alg                       1 3 6 1 5 5 7 6 */
+829,    /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */
-&(nid_objs[263]),/* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */
+830,    /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */
-&(nid_objs[264]),/* OBJ_id_on                        1 3 6 1 5 5 7 8 */
+831,    /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */
-&(nid_objs[265]),/* OBJ_id_pda                       1 3 6 1 5 5 7 9 */
+832,    /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */
-&(nid_objs[266]),/* OBJ_id_aca                       1 3 6 1 5 5 7 10 */
+833,    /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */
-&(nid_objs[267]),/* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
+834,    /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */
-&(nid_objs[268]),/* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
+835,    /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */
-&(nid_objs[662]),/* OBJ_id_ppl                       1 3 6 1 5 5 7 21 */
+836,    /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */
-&(nid_objs[176]),/* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
+837,    /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */
-&(nid_objs[507]),/* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
+838,    /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */
-&(nid_objs[508]),/* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
+839,    /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */
-&(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */
+840,    /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */
-&(nid_objs[754]),/* OBJ_camellia_128_ecb             0 3 4401 5 3 1 9 1 */
+841,    /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */
-&(nid_objs[766]),/* OBJ_camellia_128_ofb128          0 3 4401 5 3 1 9 3 */
+842,    /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */
-&(nid_objs[757]),/* OBJ_camellia_128_cfb128          0 3 4401 5 3 1 9 4 */
+843,    /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */
-&(nid_objs[755]),/* OBJ_camellia_192_ecb             0 3 4401 5 3 1 9 21 */
+844,    /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */
-&(nid_objs[767]),/* OBJ_camellia_192_ofb128          0 3 4401 5 3 1 9 23 */
+ 2,     /* OBJ_pkcs                         1 2 840 113549 1 */
-&(nid_objs[758]),/* OBJ_camellia_192_cfb128          0 3 4401 5 3 1 9 24 */
+431,    /* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
-&(nid_objs[756]),/* OBJ_camellia_256_ecb             0 3 4401 5 3 1 9 41 */
+432,    /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
-&(nid_objs[768]),/* OBJ_camellia_256_ofb128          0 3 4401 5 3 1 9 43 */
+433,    /* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */
-&(nid_objs[759]),/* OBJ_camellia_256_cfb128          0 3 4401 5 3 1 9 44 */
+116,    /* OBJ_dsa                          1 2 840 10040 4 1 */
-&(nid_objs[437]),/* OBJ_pilot                        0 9 2342 19200300 100 */
+113,    /* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
-&(nid_objs[776]),/* OBJ_seed_ecb                     1 2 410 200004 1 3 */
+406,    /* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */
-&(nid_objs[777]),/* OBJ_seed_cbc                     1 2 410 200004 1 4 */
+407,    /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
-&(nid_objs[779]),/* OBJ_seed_cfb128                  1 2 410 200004 1 5 */
+408,    /* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
-&(nid_objs[778]),/* OBJ_seed_ofb128                  1 2 410 200004 1 6 */
+416,    /* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
-&(nid_objs[852]),/* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */
+791,    /* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
-&(nid_objs[853]),/* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */
+792,    /* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
-&(nid_objs[850]),/* OBJ_id_GostR3410_94_cc           1 2 643 2 9 1 5 3 */
+258,    /* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
-&(nid_objs[851]),/* OBJ_id_GostR3410_2001_cc         1 2 643 2 9 1 5 4 */
+175,    /* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
-&(nid_objs[849]),/* OBJ_id_Gost28147_89_cc           1 2 643 2 9 1 6 1 */
+259,    /* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
-&(nid_objs[854]),/* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */
+128,    /* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
-&(nid_objs[186]),/* OBJ_pkcs1                        1 2 840 113549 1 1 */
+260,    /* OBJ_id_it                        1 3 6 1 5 5 7 4 */
-&(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */
+261,    /* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */
-&(nid_objs[187]),/* OBJ_pkcs5                        1 2 840 113549 1 5 */
+262,    /* OBJ_id_alg                       1 3 6 1 5 5 7 6 */
-&(nid_objs[20]),/* OBJ_pkcs7                        1 2 840 113549 1 7 */
+263,    /* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */
-&(nid_objs[47]),/* OBJ_pkcs9                        1 2 840 113549 1 9 */
+264,    /* OBJ_id_on                        1 3 6 1 5 5 7 8 */
-&(nid_objs[ 3]),/* OBJ_md2                          1 2 840 113549 2 2 */
+265,    /* OBJ_id_pda                       1 3 6 1 5 5 7 9 */
-&(nid_objs[257]),/* OBJ_md4                          1 2 840 113549 2 4 */
+266,    /* OBJ_id_aca                       1 3 6 1 5 5 7 10 */
-&(nid_objs[ 4]),/* OBJ_md5                          1 2 840 113549 2 5 */
+267,    /* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
-&(nid_objs[797]),/* OBJ_hmacWithMD5                  1 2 840 113549 2 6 */
+268,    /* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
-&(nid_objs[163]),/* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
+662,    /* OBJ_id_ppl                       1 3 6 1 5 5 7 21 */
-&(nid_objs[798]),/* OBJ_hmacWithSHA224               1 2 840 113549 2 8 */
+176,    /* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
-&(nid_objs[799]),/* OBJ_hmacWithSHA256               1 2 840 113549 2 9 */
+507,    /* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
-&(nid_objs[800]),/* OBJ_hmacWithSHA384               1 2 840 113549 2 10 */
+508,    /* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
-&(nid_objs[801]),/* OBJ_hmacWithSHA512               1 2 840 113549 2 11 */
+57,     /* OBJ_netscape                     2 16 840 1 113730 */
-&(nid_objs[37]),/* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
+754,    /* OBJ_camellia_128_ecb             0 3 4401 5 3 1 9 1 */
-&(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
+766,    /* OBJ_camellia_128_ofb128          0 3 4401 5 3 1 9 3 */
-&(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
+757,    /* OBJ_camellia_128_cfb128          0 3 4401 5 3 1 9 4 */
-&(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
+755,    /* OBJ_camellia_192_ecb             0 3 4401 5 3 1 9 21 */
-&(nid_objs[643]),/* OBJ_des_cdmf                     1 2 840 113549 3 10 */
+767,    /* OBJ_camellia_192_ofb128          0 3 4401 5 3 1 9 23 */
-&(nid_objs[680]),/* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */
+758,    /* OBJ_camellia_192_cfb128          0 3 4401 5 3 1 9 24 */
-&(nid_objs[684]),/* OBJ_X9_62_c2pnb163v1             1 2 840 10045 3 0 1 */
+756,    /* OBJ_camellia_256_ecb             0 3 4401 5 3 1 9 41 */
-&(nid_objs[685]),/* OBJ_X9_62_c2pnb163v2             1 2 840 10045 3 0 2 */
+768,    /* OBJ_camellia_256_ofb128          0 3 4401 5 3 1 9 43 */
-&(nid_objs[686]),/* OBJ_X9_62_c2pnb163v3             1 2 840 10045 3 0 3 */
+759,    /* OBJ_camellia_256_cfb128          0 3 4401 5 3 1 9 44 */
-&(nid_objs[687]),/* OBJ_X9_62_c2pnb176v1             1 2 840 10045 3 0 4 */
+437,    /* OBJ_pilot                        0 9 2342 19200300 100 */
-&(nid_objs[688]),/* OBJ_X9_62_c2tnb191v1             1 2 840 10045 3 0 5 */
+776,    /* OBJ_seed_ecb                     1 2 410 200004 1 3 */
-&(nid_objs[689]),/* OBJ_X9_62_c2tnb191v2             1 2 840 10045 3 0 6 */
+777,    /* OBJ_seed_cbc                     1 2 410 200004 1 4 */
-&(nid_objs[690]),/* OBJ_X9_62_c2tnb191v3             1 2 840 10045 3 0 7 */
+779,    /* OBJ_seed_cfb128                  1 2 410 200004 1 5 */
-&(nid_objs[691]),/* OBJ_X9_62_c2onb191v4             1 2 840 10045 3 0 8 */
+778,    /* OBJ_seed_ofb128                  1 2 410 200004 1 6 */
-&(nid_objs[692]),/* OBJ_X9_62_c2onb191v5             1 2 840 10045 3 0 9 */
+852,    /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */
-&(nid_objs[693]),/* OBJ_X9_62_c2pnb208w1             1 2 840 10045 3 0 10 */
+853,    /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */
-&(nid_objs[694]),/* OBJ_X9_62_c2tnb239v1             1 2 840 10045 3 0 11 */
+850,    /* OBJ_id_GostR3410_94_cc           1 2 643 2 9 1 5 3 */
-&(nid_objs[695]),/* OBJ_X9_62_c2tnb239v2             1 2 840 10045 3 0 12 */
+851,    /* OBJ_id_GostR3410_2001_cc         1 2 643 2 9 1 5 4 */
-&(nid_objs[696]),/* OBJ_X9_62_c2tnb239v3             1 2 840 10045 3 0 13 */
+849,    /* OBJ_id_Gost28147_89_cc           1 2 643 2 9 1 6 1 */
-&(nid_objs[697]),/* OBJ_X9_62_c2onb239v4             1 2 840 10045 3 0 14 */
+854,    /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */
-&(nid_objs[698]),/* OBJ_X9_62_c2onb239v5             1 2 840 10045 3 0 15 */
+186,    /* OBJ_pkcs1                        1 2 840 113549 1 1 */
-&(nid_objs[699]),/* OBJ_X9_62_c2pnb272w1             1 2 840 10045 3 0 16 */
+27,     /* OBJ_pkcs3                        1 2 840 113549 1 3 */
-&(nid_objs[700]),/* OBJ_X9_62_c2pnb304w1             1 2 840 10045 3 0 17 */
+187,    /* OBJ_pkcs5                        1 2 840 113549 1 5 */
-&(nid_objs[701]),/* OBJ_X9_62_c2tnb359v1             1 2 840 10045 3 0 18 */
+20,     /* OBJ_pkcs7                        1 2 840 113549 1 7 */
-&(nid_objs[702]),/* OBJ_X9_62_c2pnb368w1             1 2 840 10045 3 0 19 */
+47,     /* OBJ_pkcs9                        1 2 840 113549 1 9 */
-&(nid_objs[703]),/* OBJ_X9_62_c2tnb431r1             1 2 840 10045 3 0 20 */
+ 3,     /* OBJ_md2                          1 2 840 113549 2 2 */
-&(nid_objs[409]),/* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */
+257,    /* OBJ_md4                          1 2 840 113549 2 4 */
-&(nid_objs[410]),/* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */
+ 4,     /* OBJ_md5                          1 2 840 113549 2 5 */
-&(nid_objs[411]),/* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */
+797,    /* OBJ_hmacWithMD5                  1 2 840 113549 2 6 */
-&(nid_objs[412]),/* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */
+163,    /* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
-&(nid_objs[413]),/* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
+798,    /* OBJ_hmacWithSHA224               1 2 840 113549 2 8 */
-&(nid_objs[414]),/* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
+799,    /* OBJ_hmacWithSHA256               1 2 840 113549 2 9 */
-&(nid_objs[415]),/* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
+800,    /* OBJ_hmacWithSHA384               1 2 840 113549 2 10 */
-&(nid_objs[793]),/* OBJ_ecdsa_with_SHA224            1 2 840 10045 4 3 1 */
+801,    /* OBJ_hmacWithSHA512               1 2 840 113549 2 11 */
-&(nid_objs[794]),/* OBJ_ecdsa_with_SHA256            1 2 840 10045 4 3 2 */
+37,     /* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
-&(nid_objs[795]),/* OBJ_ecdsa_with_SHA384            1 2 840 10045 4 3 3 */
+ 5,     /* OBJ_rc4                          1 2 840 113549 3 4 */
-&(nid_objs[796]),/* OBJ_ecdsa_with_SHA512            1 2 840 10045 4 3 4 */
+44,     /* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
-&(nid_objs[269]),/* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
+120,    /* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
-&(nid_objs[270]),/* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
+643,    /* OBJ_des_cdmf                     1 2 840 113549 3 10 */
-&(nid_objs[271]),/* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
+680,    /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */
-&(nid_objs[272]),/* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */
+684,    /* OBJ_X9_62_c2pnb163v1             1 2 840 10045 3 0 1 */
-&(nid_objs[273]),/* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */
+685,    /* OBJ_X9_62_c2pnb163v2             1 2 840 10045 3 0 2 */
-&(nid_objs[274]),/* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */
+686,    /* OBJ_X9_62_c2pnb163v3             1 2 840 10045 3 0 3 */
-&(nid_objs[275]),/* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */
+687,    /* OBJ_X9_62_c2pnb176v1             1 2 840 10045 3 0 4 */
-&(nid_objs[276]),/* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */
+688,    /* OBJ_X9_62_c2tnb191v1             1 2 840 10045 3 0 5 */
-&(nid_objs[277]),/* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */
+689,    /* OBJ_X9_62_c2tnb191v2             1 2 840 10045 3 0 6 */
-&(nid_objs[278]),/* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */
+690,    /* OBJ_X9_62_c2tnb191v3             1 2 840 10045 3 0 7 */
-&(nid_objs[279]),/* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */
+691,    /* OBJ_X9_62_c2onb191v4             1 2 840 10045 3 0 8 */
-&(nid_objs[280]),/* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */
+692,    /* OBJ_X9_62_c2onb191v5             1 2 840 10045 3 0 9 */
-&(nid_objs[281]),/* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */
+693,    /* OBJ_X9_62_c2pnb208w1             1 2 840 10045 3 0 10 */
-&(nid_objs[282]),/* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */
+694,    /* OBJ_X9_62_c2tnb239v1             1 2 840 10045 3 0 11 */
-&(nid_objs[283]),/* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */
+695,    /* OBJ_X9_62_c2tnb239v2             1 2 840 10045 3 0 12 */
-&(nid_objs[284]),/* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */
+696,    /* OBJ_X9_62_c2tnb239v3             1 2 840 10045 3 0 13 */
-&(nid_objs[177]),/* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
+697,    /* OBJ_X9_62_c2onb239v4             1 2 840 10045 3 0 14 */
-&(nid_objs[285]),/* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */
+698,    /* OBJ_X9_62_c2onb239v5             1 2 840 10045 3 0 15 */
-&(nid_objs[286]),/* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */
+699,    /* OBJ_X9_62_c2pnb272w1             1 2 840 10045 3 0 16 */
-&(nid_objs[287]),/* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
+700,    /* OBJ_X9_62_c2pnb304w1             1 2 840 10045 3 0 17 */
-&(nid_objs[288]),/* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
+701,    /* OBJ_X9_62_c2tnb359v1             1 2 840 10045 3 0 18 */
-&(nid_objs[289]),/* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
+702,    /* OBJ_X9_62_c2pnb368w1             1 2 840 10045 3 0 19 */
-&(nid_objs[290]),/* OBJ_sbgp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
+703,    /* OBJ_X9_62_c2tnb431r1             1 2 840 10045 3 0 20 */
-&(nid_objs[291]),/* OBJ_sbgp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
+409,    /* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */
-&(nid_objs[292]),/* OBJ_sbgp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
+410,    /* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */
-&(nid_objs[397]),/* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
+411,    /* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */
-&(nid_objs[398]),/* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
+412,    /* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */
-&(nid_objs[663]),/* OBJ_proxyCertInfo                1 3 6 1 5 5 7 1 14 */
+413,    /* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
-&(nid_objs[164]),/* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
+414,    /* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
-&(nid_objs[165]),/* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
+415,    /* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
-&(nid_objs[293]),/* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
+793,    /* OBJ_ecdsa_with_SHA224            1 2 840 10045 4 3 1 */
-&(nid_objs[129]),/* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
+794,    /* OBJ_ecdsa_with_SHA256            1 2 840 10045 4 3 2 */
-&(nid_objs[130]),/* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
+795,    /* OBJ_ecdsa_with_SHA384            1 2 840 10045 4 3 3 */
-&(nid_objs[131]),/* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
+796,    /* OBJ_ecdsa_with_SHA512            1 2 840 10045 4 3 4 */
-&(nid_objs[132]),/* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
+269,    /* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
-&(nid_objs[294]),/* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */
+270,    /* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
-&(nid_objs[295]),/* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */
+271,    /* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
-&(nid_objs[296]),/* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */
+272,    /* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */
-&(nid_objs[133]),/* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
+273,    /* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */
-&(nid_objs[180]),/* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
+274,    /* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */
-&(nid_objs[297]),/* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
+275,    /* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */
-&(nid_objs[298]),/* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
+276,    /* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */
-&(nid_objs[299]),/* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
+277,    /* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */
-&(nid_objs[300]),/* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
+278,    /* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */
-&(nid_objs[301]),/* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */
+279,    /* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */
-&(nid_objs[302]),/* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */
+280,    /* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */
-&(nid_objs[303]),/* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */
+281,    /* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */
-&(nid_objs[304]),/* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */
+282,    /* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */
-&(nid_objs[305]),/* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */
+283,    /* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */
-&(nid_objs[306]),/* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */
+284,    /* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */
-&(nid_objs[307]),/* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */
+177,    /* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
-&(nid_objs[308]),/* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */
+285,    /* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */
-&(nid_objs[309]),/* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */
+286,    /* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */
-&(nid_objs[310]),/* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */
+287,    /* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
-&(nid_objs[311]),/* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
+288,    /* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
-&(nid_objs[312]),/* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
+289,    /* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
-&(nid_objs[784]),/* OBJ_id_it_suppLangTags           1 3 6 1 5 5 7 4 16 */
+290,    /* OBJ_sbgp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
-&(nid_objs[313]),/* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
+291,    /* OBJ_sbgp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
-&(nid_objs[314]),/* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
+292,    /* OBJ_sbgp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
-&(nid_objs[323]),/* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
+397,    /* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
-&(nid_objs[324]),/* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */
+398,    /* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
-&(nid_objs[325]),/* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */
+663,    /* OBJ_proxyCertInfo                1 3 6 1 5 5 7 1 14 */
-&(nid_objs[326]),/* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */
+164,    /* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
-&(nid_objs[327]),/* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */
+165,    /* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
-&(nid_objs[328]),/* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */
+293,    /* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
-&(nid_objs[329]),/* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */
+129,    /* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
-&(nid_objs[330]),/* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */
+130,    /* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
-&(nid_objs[331]),/* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */
+131,    /* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
-&(nid_objs[332]),/* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */
+132,    /* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
-&(nid_objs[333]),/* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */
+294,    /* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */
-&(nid_objs[334]),/* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */
+295,    /* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */
-&(nid_objs[335]),/* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */
+296,    /* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */
-&(nid_objs[336]),/* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */
+133,    /* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
-&(nid_objs[337]),/* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */
+180,    /* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
-&(nid_objs[338]),/* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */
+297,    /* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
-&(nid_objs[339]),/* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */
+298,    /* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
-&(nid_objs[340]),/* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */
+299,    /* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
-&(nid_objs[341]),/* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */
+300,    /* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
-&(nid_objs[342]),/* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */
+301,    /* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */
-&(nid_objs[343]),/* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */
+302,    /* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */
-&(nid_objs[344]),/* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */
+303,    /* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */
-&(nid_objs[345]),/* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */
+304,    /* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */
-&(nid_objs[346]),/* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
+305,    /* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */
-&(nid_objs[347]),/* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
+306,    /* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */
-&(nid_objs[858]),/* OBJ_id_on_permanentIdentifier    1 3 6 1 5 5 7 8 3 */
+307,    /* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */
-&(nid_objs[348]),/* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
+308,    /* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */
-&(nid_objs[349]),/* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
+309,    /* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */
-&(nid_objs[351]),/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
+310,    /* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */
-&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
+311,    /* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
-&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
+312,    /* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
-&(nid_objs[354]),/* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
+784,    /* OBJ_id_it_suppLangTags           1 3 6 1 5 5 7 4 16 */
-&(nid_objs[355]),/* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
+313,    /* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
-&(nid_objs[356]),/* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
+314,    /* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
-&(nid_objs[357]),/* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
+323,    /* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
-&(nid_objs[358]),/* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
+324,    /* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */
-&(nid_objs[399]),/* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
+325,    /* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */
-&(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
+326,    /* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */
-&(nid_objs[360]),/* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
+327,    /* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */
-&(nid_objs[361]),/* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
+328,    /* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */
-&(nid_objs[362]),/* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */
+329,    /* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */
-&(nid_objs[664]),/* OBJ_id_ppl_anyLanguage           1 3 6 1 5 5 7 21 0 */
+330,    /* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */
-&(nid_objs[665]),/* OBJ_id_ppl_inheritAll            1 3 6 1 5 5 7 21 1 */
+331,    /* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */
-&(nid_objs[667]),/* OBJ_Independent                  1 3 6 1 5 5 7 21 2 */
+332,    /* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */
-&(nid_objs[178]),/* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
+333,    /* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */
-&(nid_objs[179]),/* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
+334,    /* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */
-&(nid_objs[363]),/* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */
+335,    /* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */
-&(nid_objs[364]),/* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
+336,    /* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */
-&(nid_objs[785]),/* OBJ_caRepository                 1 3 6 1 5 5 7 48 5 */
+337,    /* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */
-&(nid_objs[780]),/* OBJ_hmac_md5                     1 3 6 1 5 5 8 1 1 */
+338,    /* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */
-&(nid_objs[781]),/* OBJ_hmac_sha1                    1 3 6 1 5 5 8 1 2 */
+339,    /* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */
-&(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
+340,    /* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */
-&(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
+341,    /* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */
-&(nid_objs[438]),/* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
+342,    /* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */
-&(nid_objs[439]),/* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
+343,    /* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */
-&(nid_objs[440]),/* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
+344,    /* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */
-&(nid_objs[441]),/* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
+345,    /* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */
-&(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
+346,    /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
-&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
+347,    /* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
-&(nid_objs[782]),/* OBJ_id_PasswordBasedMAC          1 2 840 113533 7 66 13 */
+858,    /* OBJ_id_on_permanentIdentifier    1 3 6 1 5 5 7 8 3 */
-&(nid_objs[783]),/* OBJ_id_DHBasedMac                1 2 840 113533 7 66 30 */
+348,    /* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
-&(nid_objs[ 6]),/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
+349,    /* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
-&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
+351,    /* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
-&(nid_objs[396]),/* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
+352,    /* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
-&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
+353,    /* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
-&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
+354,    /* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
-&(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
+355,    /* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
-&(nid_objs[668]),/* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */
+356,    /* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
-&(nid_objs[669]),/* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */
+357,    /* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
-&(nid_objs[670]),/* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */
+358,    /* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
-&(nid_objs[671]),/* OBJ_sha224WithRSAEncryption      1 2 840 113549 1 1 14 */
+399,    /* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
-&(nid_objs[28]),/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
+359,    /* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
-&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
+360,    /* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
-&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
+361,    /* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
-&(nid_objs[168]),/* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */
+362,    /* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */
-&(nid_objs[169]),/* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */
+664,    /* OBJ_id_ppl_anyLanguage           1 3 6 1 5 5 7 21 0 */
-&(nid_objs[170]),/* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */
+665,    /* OBJ_id_ppl_inheritAll            1 3 6 1 5 5 7 21 1 */
-&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */
+667,    /* OBJ_Independent                  1 3 6 1 5 5 7 21 2 */
-&(nid_objs[69]),/* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */
+178,    /* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
-&(nid_objs[161]),/* OBJ_pbes2                        1 2 840 113549 1 5 13 */
+179,    /* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
-&(nid_objs[162]),/* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
+363,    /* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */
-&(nid_objs[21]),/* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
+364,    /* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
-&(nid_objs[22]),/* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
+785,    /* OBJ_caRepository                 1 3 6 1 5 5 7 48 5 */
-&(nid_objs[23]),/* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
+780,    /* OBJ_hmac_md5                     1 3 6 1 5 5 8 1 1 */
-&(nid_objs[24]),/* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
+781,    /* OBJ_hmac_sha1                    1 3 6 1 5 5 8 1 2 */
-&(nid_objs[25]),/* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
+58,     /* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
-&(nid_objs[26]),/* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
+59,     /* OBJ_netscape_data_type           2 16 840 1 113730 2 */
-&(nid_objs[48]),/* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
+438,    /* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
-&(nid_objs[49]),/* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
+439,    /* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
-&(nid_objs[50]),/* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
+440,    /* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
-&(nid_objs[51]),/* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
+441,    /* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
-&(nid_objs[52]),/* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
+108,    /* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
-&(nid_objs[53]),/* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
+112,    /* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
-&(nid_objs[54]),/* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
+782,    /* OBJ_id_PasswordBasedMAC          1 2 840 113533 7 66 13 */
-&(nid_objs[55]),/* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
+783,    /* OBJ_id_DHBasedMac                1 2 840 113533 7 66 30 */
-&(nid_objs[56]),/* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
+ 6,     /* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
-&(nid_objs[172]),/* OBJ_ext_req                      1 2 840 113549 1 9 14 */
+ 7,     /* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
-&(nid_objs[167]),/* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */
+396,    /* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
-&(nid_objs[188]),/* OBJ_SMIME                        1 2 840 113549 1 9 16 */
+ 8,     /* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
-&(nid_objs[156]),/* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
+65,     /* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
-&(nid_objs[157]),/* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
+644,    /* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
-&(nid_objs[681]),/* OBJ_X9_62_onBasis                1 2 840 10045 1 2 3 1 */
+668,    /* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */
-&(nid_objs[682]),/* OBJ_X9_62_tpBasis                1 2 840 10045 1 2 3 2 */
+669,    /* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */
-&(nid_objs[683]),/* OBJ_X9_62_ppBasis                1 2 840 10045 1 2 3 3 */
+670,    /* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */
-&(nid_objs[417]),/* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
+671,    /* OBJ_sha224WithRSAEncryption      1 2 840 113549 1 1 14 */
-&(nid_objs[856]),/* OBJ_LocalKeySet                  1 3 6 1 4 1 311 17 2 */
+28,     /* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
-&(nid_objs[390]),/* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
+ 9,     /* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
-&(nid_objs[91]),/* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
+10,     /* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
-&(nid_objs[315]),/* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
+168,    /* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */
-&(nid_objs[316]),/* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
+169,    /* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */
-&(nid_objs[317]),/* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
+170,    /* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */
-&(nid_objs[318]),/* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
+68,     /* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */
-&(nid_objs[319]),/* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */
+69,     /* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */
-&(nid_objs[320]),/* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */
+161,    /* OBJ_pbes2                        1 2 840 113549 1 5 13 */
-&(nid_objs[321]),/* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */
+162,    /* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
-&(nid_objs[322]),/* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */
+21,     /* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
-&(nid_objs[365]),/* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */
+22,     /* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
-&(nid_objs[366]),/* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */
+23,     /* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
-&(nid_objs[367]),/* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */
+24,     /* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
-&(nid_objs[368]),/* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
+25,     /* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
-&(nid_objs[369]),/* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */
+26,     /* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
-&(nid_objs[370]),/* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */
+48,     /* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
-&(nid_objs[371]),/* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */
+49,     /* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
-&(nid_objs[372]),/* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */
+50,     /* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
-&(nid_objs[373]),/* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
+51,     /* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
-&(nid_objs[374]),/* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
+52,     /* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
-&(nid_objs[375]),/* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
+53,     /* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
-&(nid_objs[418]),/* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */
+54,     /* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
-&(nid_objs[419]),/* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
+55,     /* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
-&(nid_objs[420]),/* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
+56,     /* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
-&(nid_objs[421]),/* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
+172,    /* OBJ_ext_req                      1 2 840 113549 1 9 14 */
-&(nid_objs[788]),/* OBJ_id_aes128_wrap               2 16 840 1 101 3 4 1 5 */
+167,    /* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */
-&(nid_objs[422]),/* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
+188,    /* OBJ_SMIME                        1 2 840 113549 1 9 16 */
-&(nid_objs[423]),/* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
+156,    /* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
-&(nid_objs[424]),/* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
+157,    /* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
-&(nid_objs[425]),/* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
+681,    /* OBJ_X9_62_onBasis                1 2 840 10045 1 2 3 1 */
-&(nid_objs[789]),/* OBJ_id_aes192_wrap               2 16 840 1 101 3 4 1 25 */
+682,    /* OBJ_X9_62_tpBasis                1 2 840 10045 1 2 3 2 */
-&(nid_objs[426]),/* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
+683,    /* OBJ_X9_62_ppBasis                1 2 840 10045 1 2 3 3 */
-&(nid_objs[427]),/* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
+417,    /* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
-&(nid_objs[428]),/* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
+856,    /* OBJ_LocalKeySet                  1 3 6 1 4 1 311 17 2 */
-&(nid_objs[429]),/* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
+390,    /* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
-&(nid_objs[790]),/* OBJ_id_aes256_wrap               2 16 840 1 101 3 4 1 45 */
+91,     /* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
-&(nid_objs[672]),/* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
+315,    /* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
-&(nid_objs[673]),/* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
+316,    /* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
-&(nid_objs[674]),/* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
+317,    /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
-&(nid_objs[675]),/* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */
+318,    /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
-&(nid_objs[802]),/* OBJ_dsa_with_SHA224              2 16 840 1 101 3 4 3 1 */
+319,    /* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */
-&(nid_objs[803]),/* OBJ_dsa_with_SHA256              2 16 840 1 101 3 4 3 2 */
+320,    /* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */
-&(nid_objs[71]),/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
+321,    /* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */
-&(nid_objs[72]),/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
+322,    /* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */
-&(nid_objs[73]),/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
+365,    /* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */
-&(nid_objs[74]),/* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
+366,    /* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */
-&(nid_objs[75]),/* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
+367,    /* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */
-&(nid_objs[76]),/* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
+368,    /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
-&(nid_objs[77]),/* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
+369,    /* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */
-&(nid_objs[78]),/* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
+370,    /* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */
-&(nid_objs[79]),/* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
+371,    /* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */
-&(nid_objs[139]),/* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
+372,    /* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */
-&(nid_objs[458]),/* OBJ_userId                       0 9 2342 19200300 100 1 1 */
+373,    /* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
-&(nid_objs[459]),/* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */
+374,    /* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
-&(nid_objs[460]),/* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */
+375,    /* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
-&(nid_objs[461]),/* OBJ_info                         0 9 2342 19200300 100 1 4 */
+418,    /* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */
-&(nid_objs[462]),/* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */
+419,    /* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
-&(nid_objs[463]),/* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */
+420,    /* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
-&(nid_objs[464]),/* OBJ_photo                        0 9 2342 19200300 100 1 7 */
+421,    /* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
-&(nid_objs[465]),/* OBJ_userClass                    0 9 2342 19200300 100 1 8 */
+788,    /* OBJ_id_aes128_wrap               2 16 840 1 101 3 4 1 5 */
-&(nid_objs[466]),/* OBJ_host                         0 9 2342 19200300 100 1 9 */
+422,    /* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
-&(nid_objs[467]),/* OBJ_manager                      0 9 2342 19200300 100 1 10 */
+423,    /* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
-&(nid_objs[468]),/* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */
+424,    /* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
-&(nid_objs[469]),/* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */
+425,    /* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
-&(nid_objs[470]),/* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */
+789,    /* OBJ_id_aes192_wrap               2 16 840 1 101 3 4 1 25 */
-&(nid_objs[471]),/* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */
+426,    /* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
-&(nid_objs[472]),/* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */
+427,    /* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
-&(nid_objs[473]),/* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */
+428,    /* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
-&(nid_objs[474]),/* OBJ_secretary                    0 9 2342 19200300 100 1 21 */
+429,    /* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
-&(nid_objs[475]),/* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */
+790,    /* OBJ_id_aes256_wrap               2 16 840 1 101 3 4 1 45 */
-&(nid_objs[476]),/* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */
+672,    /* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
-&(nid_objs[477]),/* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */
+673,    /* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
-&(nid_objs[391]),/* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
+674,    /* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
-&(nid_objs[478]),/* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */
+675,    /* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */
-&(nid_objs[479]),/* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */
+802,    /* OBJ_dsa_with_SHA224              2 16 840 1 101 3 4 3 1 */
-&(nid_objs[480]),/* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */
+803,    /* OBJ_dsa_with_SHA256              2 16 840 1 101 3 4 3 2 */
-&(nid_objs[481]),/* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */
+71,     /* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
-&(nid_objs[482]),/* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */
+72,     /* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
-&(nid_objs[483]),/* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */
+73,     /* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
-&(nid_objs[484]),/* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */
+74,     /* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
-&(nid_objs[485]),/* OBJ_associatedName               0 9 2342 19200300 100 1 38 */
+75,     /* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
-&(nid_objs[486]),/* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */
+76,     /* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
-&(nid_objs[487]),/* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */
+77,     /* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
-&(nid_objs[488]),/* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */
+78,     /* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
-&(nid_objs[489]),/* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */
+79,     /* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
-&(nid_objs[490]),/* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */
+139,    /* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
-&(nid_objs[491]),/* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */
+458,    /* OBJ_userId                       0 9 2342 19200300 100 1 1 */
-&(nid_objs[492]),/* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */
+459,    /* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */
-&(nid_objs[493]),/* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */
+460,    /* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */
-&(nid_objs[494]),/* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */
+461,    /* OBJ_info                         0 9 2342 19200300 100 1 4 */
-&(nid_objs[495]),/* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */
+462,    /* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */
-&(nid_objs[496]),/* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */
+463,    /* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */
-&(nid_objs[497]),/* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */
+464,    /* OBJ_photo                        0 9 2342 19200300 100 1 7 */
-&(nid_objs[498]),/* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */
+465,    /* OBJ_userClass                    0 9 2342 19200300 100 1 8 */
-&(nid_objs[499]),/* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */
+466,    /* OBJ_host                         0 9 2342 19200300 100 1 9 */
-&(nid_objs[500]),/* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */
+467,    /* OBJ_manager                      0 9 2342 19200300 100 1 10 */
-&(nid_objs[501]),/* OBJ_audio                        0 9 2342 19200300 100 1 55 */
+468,    /* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */
-&(nid_objs[502]),/* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */
+469,    /* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */
-&(nid_objs[442]),/* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */
+470,    /* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */
-&(nid_objs[443]),/* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */
+471,    /* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */
-&(nid_objs[444]),/* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */
+472,    /* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */
-&(nid_objs[445]),/* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */
+473,    /* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */
-&(nid_objs[446]),/* OBJ_account                      0 9 2342 19200300 100 4 5 */
+474,    /* OBJ_secretary                    0 9 2342 19200300 100 1 21 */
-&(nid_objs[447]),/* OBJ_document                     0 9 2342 19200300 100 4 6 */
+475,    /* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */
-&(nid_objs[448]),/* OBJ_room                         0 9 2342 19200300 100 4 7 */
+476,    /* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */
-&(nid_objs[449]),/* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */
+477,    /* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */
-&(nid_objs[392]),/* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
+391,    /* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
-&(nid_objs[450]),/* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */
+478,    /* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */
-&(nid_objs[451]),/* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */
+479,    /* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */
-&(nid_objs[452]),/* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */
+480,    /* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */
-&(nid_objs[453]),/* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */
+481,    /* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */
-&(nid_objs[454]),/* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */
+482,    /* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */
-&(nid_objs[455]),/* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
+483,    /* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */
-&(nid_objs[456]),/* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
+484,    /* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */
-&(nid_objs[457]),/* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
+485,    /* OBJ_associatedName               0 9 2342 19200300 100 1 38 */
-&(nid_objs[189]),/* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
+486,    /* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */
-&(nid_objs[190]),/* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
+487,    /* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */
-&(nid_objs[191]),/* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
+488,    /* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */
-&(nid_objs[192]),/* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */
+489,    /* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */
-&(nid_objs[193]),/* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */
+490,    /* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */
-&(nid_objs[194]),/* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */
+491,    /* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */
-&(nid_objs[195]),/* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */
+492,    /* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */
-&(nid_objs[158]),/* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */
+493,    /* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */
-&(nid_objs[159]),/* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */
+494,    /* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */
-&(nid_objs[160]),/* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */
+495,    /* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */
-&(nid_objs[144]),/* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */
+496,    /* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */
-&(nid_objs[145]),/* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */
+497,    /* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */
-&(nid_objs[146]),/* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
+498,    /* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */
-&(nid_objs[147]),/* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
+499,    /* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */
-&(nid_objs[148]),/* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
+500,    /* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */
-&(nid_objs[149]),/* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */
+501,    /* OBJ_audio                        0 9 2342 19200300 100 1 55 */
-&(nid_objs[171]),/* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */
+502,    /* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */
-&(nid_objs[134]),/* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
+442,    /* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */
-&(nid_objs[135]),/* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
+443,    /* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */
-&(nid_objs[136]),/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
+444,    /* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */
-&(nid_objs[137]),/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
+445,    /* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */
-&(nid_objs[138]),/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
+446,    /* OBJ_account                      0 9 2342 19200300 100 4 5 */
-&(nid_objs[648]),/* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
+447,    /* OBJ_document                     0 9 2342 19200300 100 4 6 */
-&(nid_objs[649]),/* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
+448,    /* OBJ_room                         0 9 2342 19200300 100 4 7 */
-&(nid_objs[751]),/* OBJ_camellia_128_cbc             1 2 392 200011 61 1 1 1 2 */
+449,    /* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */
-&(nid_objs[752]),/* OBJ_camellia_192_cbc             1 2 392 200011 61 1 1 1 3 */
+392,    /* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
-&(nid_objs[753]),/* OBJ_camellia_256_cbc             1 2 392 200011 61 1 1 1 4 */
+450,    /* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */
-&(nid_objs[196]),/* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
+451,    /* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */
-&(nid_objs[197]),/* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
+452,    /* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */
-&(nid_objs[198]),/* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
+453,    /* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */
-&(nid_objs[199]),/* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */
+454,    /* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */
-&(nid_objs[200]),/* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
+455,    /* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
-&(nid_objs[201]),/* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
+456,    /* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
-&(nid_objs[202]),/* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
+457,    /* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
-&(nid_objs[203]),/* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
+189,    /* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
-&(nid_objs[204]),/* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */
+190,    /* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
-&(nid_objs[205]),/* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */
+191,    /* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
-&(nid_objs[206]),/* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */
+192,    /* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */
-&(nid_objs[207]),/* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */
+193,    /* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */
-&(nid_objs[208]),/* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */
+194,    /* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */
-&(nid_objs[209]),/* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
+195,    /* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */
-&(nid_objs[210]),/* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
+158,    /* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */
-&(nid_objs[211]),/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
+159,    /* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */
-&(nid_objs[786]),/* OBJ_id_smime_ct_compressedData   1 2 840 113549 1 9 16 1 9 */
+160,    /* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */
-&(nid_objs[787]),/* OBJ_id_ct_asciiTextWithCRLF      1 2 840 113549 1 9 16 1 27 */
+144,    /* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */
-&(nid_objs[212]),/* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
+145,    /* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */
-&(nid_objs[213]),/* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
+146,    /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
-&(nid_objs[214]),/* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
+147,    /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
-&(nid_objs[215]),/* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */
+148,    /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
-&(nid_objs[216]),/* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */
+149,    /* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */
-&(nid_objs[217]),/* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
+171,    /* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */
-&(nid_objs[218]),/* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
+134,    /* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
-&(nid_objs[219]),/* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */
+135,    /* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
-&(nid_objs[220]),/* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
+136,    /* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
-&(nid_objs[221]),/* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
+137,    /* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
-&(nid_objs[222]),/* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */
+138,    /* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
-&(nid_objs[223]),/* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
+648,    /* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
-&(nid_objs[224]),/* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
+649,    /* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
-&(nid_objs[225]),/* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */
+751,    /* OBJ_camellia_128_cbc             1 2 392 200011 61 1 1 1 2 */
-&(nid_objs[226]),/* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */
+752,    /* OBJ_camellia_192_cbc             1 2 392 200011 61 1 1 1 3 */
-&(nid_objs[227]),/* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
+753,    /* OBJ_camellia_256_cbc             1 2 392 200011 61 1 1 1 4 */
-&(nid_objs[228]),/* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
+196,    /* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
-&(nid_objs[229]),/* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */
+197,    /* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
-&(nid_objs[230]),/* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
+198,    /* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
-&(nid_objs[231]),/* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
+199,    /* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */
-&(nid_objs[232]),/* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
+200,    /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
-&(nid_objs[233]),/* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
+201,    /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
-&(nid_objs[234]),/* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */
+202,    /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
-&(nid_objs[235]),/* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
+203,    /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
-&(nid_objs[236]),/* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
+204,    /* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */
-&(nid_objs[237]),/* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
+205,    /* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */
-&(nid_objs[238]),/* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
+206,    /* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */
-&(nid_objs[239]),/* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
+207,    /* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */
-&(nid_objs[240]),/* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
+208,    /* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */
-&(nid_objs[241]),/* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
+209,    /* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
-&(nid_objs[242]),/* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
+210,    /* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
-&(nid_objs[243]),/* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
+211,    /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
-&(nid_objs[244]),/* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */
+786,    /* OBJ_id_smime_ct_compressedData   1 2 840 113549 1 9 16 1 9 */
-&(nid_objs[245]),/* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
+787,    /* OBJ_id_ct_asciiTextWithCRLF      1 2 840 113549 1 9 16 1 27 */
-&(nid_objs[246]),/* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
+212,    /* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
-&(nid_objs[247]),/* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
+213,    /* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
-&(nid_objs[125]),/* OBJ_zlib_compression             1 2 840 113549 1 9 16 3 8 */
+214,    /* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
-&(nid_objs[248]),/* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
+215,    /* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */
-&(nid_objs[249]),/* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
+216,    /* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */
-&(nid_objs[250]),/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
+217,    /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
-&(nid_objs[251]),/* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
+218,    /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
-&(nid_objs[252]),/* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
+219,    /* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */
-&(nid_objs[253]),/* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
+220,    /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
-&(nid_objs[254]),/* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
+221,    /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
-&(nid_objs[255]),/* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
+222,    /* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */
-&(nid_objs[256]),/* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
+223,    /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
-&(nid_objs[150]),/* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */
+224,    /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
-&(nid_objs[151]),/* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */
+225,    /* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */
-&(nid_objs[152]),/* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */
+226,    /* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */
-&(nid_objs[153]),/* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */
+227,    /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
-&(nid_objs[154]),/* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
+228,    /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
-&(nid_objs[155]),/* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
+229,    /* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */
-&(nid_objs[34]),/* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
+230,    /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
+231,    /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
+232,    /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
+233,    /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
+234,    /* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */
+235,    /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
+236,    /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
+237,    /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
+238,    /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
+239,    /* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
+240,    /* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
+241,    /* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
+242,    /* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
+243,    /* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
+244,    /* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */
+245,    /* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
+246,    /* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
+247,    /* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
+125,    /* OBJ_zlib_compression             1 2 840 113549 1 9 16 3 8 */
+248,    /* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
+249,    /* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
+250,    /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
+251,    /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
+252,    /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
+253,    /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
+254,    /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
+255,    /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
+256,    /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
+150,    /* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */
+151,    /* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */
+152,    /* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */
+153,    /* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */
+154,    /* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
+155,    /* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
+34,     /* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
 };
diff --git a/src/lib/libcrypto/objects/obj_mac.h b/src/lib/libcrypto/objects/obj_mac.h
index ad5f7cfc10..282f11a8a8 100644
--- a/src/lib/libcrypto/objects/obj_mac.h
+++ b/src/lib/libcrypto/objects/obj_mac.h
@@ -122,7 +122,7 @@
 #define SN_wap_wsg              "wap-wsg"
 #define NID_wap_wsg             679
-#define OBJ_wap_wsg             OBJ_wap,13L
+#define OBJ_wap_wsg             OBJ_wap,1L
 #define SN_selected_attribute_types             "selected-attribute-types"
 #define LN_selected_attribute_types             "Selected Attribute Types"
@@ -2049,6 +2049,7 @@
 #define NID_stateOrProvinceName         16
 #define OBJ_stateOrProvinceName         OBJ_X509,8L
+#define SN_streetAddress                "street"
 #define LN_streetAddress                "streetAddress"
 #define NID_streetAddress               660
 #define OBJ_streetAddress               OBJ_X509,9L
@@ -2063,6 +2064,7 @@
 #define NID_organizationalUnitName              18
 #define OBJ_organizationalUnitName              OBJ_X509,11L
+#define SN_title                "title"
 #define LN_title                "title"
 #define NID_title               106
 #define OBJ_title               OBJ_X509,12L
@@ -2071,10 +2073,114 @@
 #define NID_description         107
 #define OBJ_description         OBJ_X509,13L
+#define LN_searchGuide          "searchGuide"
+#define NID_searchGuide         859
+#define OBJ_searchGuide         OBJ_X509,14L
+#define LN_businessCategory             "businessCategory"
+#define NID_businessCategory            860
+#define OBJ_businessCategory            OBJ_X509,15L
+#define LN_postalAddress                "postalAddress"
+#define NID_postalAddress               861
+#define OBJ_postalAddress               OBJ_X509,16L
 #define LN_postalCode           "postalCode"
 #define NID_postalCode          661
 #define OBJ_postalCode          OBJ_X509,17L
+#define LN_postOfficeBox                "postOfficeBox"
+#define NID_postOfficeBox               862
+#define OBJ_postOfficeBox               OBJ_X509,18L
+#define LN_physicalDeliveryOfficeName           "physicalDeliveryOfficeName"
+#define NID_physicalDeliveryOfficeName          863
+#define OBJ_physicalDeliveryOfficeName          OBJ_X509,19L
+#define LN_telephoneNumber              "telephoneNumber"
+#define NID_telephoneNumber             864
+#define OBJ_telephoneNumber             OBJ_X509,20L
+#define LN_telexNumber          "telexNumber"
+#define NID_telexNumber         865
+#define OBJ_telexNumber         OBJ_X509,21L
+#define LN_teletexTerminalIdentifier            "teletexTerminalIdentifier"
+#define NID_teletexTerminalIdentifier           866
+#define OBJ_teletexTerminalIdentifier           OBJ_X509,22L
+#define LN_facsimileTelephoneNumber             "facsimileTelephoneNumber"
+#define NID_facsimileTelephoneNumber            867
+#define OBJ_facsimileTelephoneNumber            OBJ_X509,23L
+#define LN_x121Address          "x121Address"
+#define NID_x121Address         868
+#define OBJ_x121Address         OBJ_X509,24L
+#define LN_internationaliSDNNumber              "internationaliSDNNumber"
+#define NID_internationaliSDNNumber             869
+#define OBJ_internationaliSDNNumber             OBJ_X509,25L
+#define LN_registeredAddress            "registeredAddress"
+#define NID_registeredAddress           870
+#define OBJ_registeredAddress           OBJ_X509,26L
+#define LN_destinationIndicator         "destinationIndicator"
+#define NID_destinationIndicator                871
+#define OBJ_destinationIndicator                OBJ_X509,27L
+#define LN_preferredDeliveryMethod              "preferredDeliveryMethod"
+#define NID_preferredDeliveryMethod             872
+#define OBJ_preferredDeliveryMethod             OBJ_X509,28L
+#define LN_presentationAddress          "presentationAddress"
+#define NID_presentationAddress         873
+#define OBJ_presentationAddress         OBJ_X509,29L
+#define LN_supportedApplicationContext          "supportedApplicationContext"
+#define NID_supportedApplicationContext         874
+#define OBJ_supportedApplicationContext         OBJ_X509,30L
+#define SN_member               "member"
+#define NID_member              875
+#define OBJ_member              OBJ_X509,31L
+#define SN_owner                "owner"
+#define NID_owner               876
+#define OBJ_owner               OBJ_X509,32L
+#define LN_roleOccupant         "roleOccupant"
+#define NID_roleOccupant                877
+#define OBJ_roleOccupant                OBJ_X509,33L
+#define SN_seeAlso              "seeAlso"
+#define NID_seeAlso             878
+#define OBJ_seeAlso             OBJ_X509,34L
+#define LN_userPassword         "userPassword"
+#define NID_userPassword                879
+#define OBJ_userPassword                OBJ_X509,35L
+#define LN_userCertificate              "userCertificate"
+#define NID_userCertificate             880
+#define OBJ_userCertificate             OBJ_X509,36L
+#define LN_cACertificate                "cACertificate"
+#define NID_cACertificate               881
+#define OBJ_cACertificate               OBJ_X509,37L
+#define LN_authorityRevocationList              "authorityRevocationList"
+#define NID_authorityRevocationList             882
+#define OBJ_authorityRevocationList             OBJ_X509,38L
+#define LN_certificateRevocationList            "certificateRevocationList"
+#define NID_certificateRevocationList           883
+#define OBJ_certificateRevocationList           OBJ_X509,39L
+#define LN_crossCertificatePair         "crossCertificatePair"
+#define NID_crossCertificatePair                884
+#define OBJ_crossCertificatePair                OBJ_X509,40L
 #define SN_name         "name"
 #define LN_name         "name"
 #define NID_name                173
@@ -2085,6 +2191,7 @@
 #define NID_givenName           99
 #define OBJ_givenName           OBJ_X509,42L
+#define SN_initials             "initials"
 #define LN_initials             "initials"
 #define NID_initials            101
 #define OBJ_initials            OBJ_X509,43L
@@ -2102,6 +2209,38 @@
 #define NID_dnQualifier         174
 #define OBJ_dnQualifier         OBJ_X509,46L
+#define LN_enhancedSearchGuide          "enhancedSearchGuide"
+#define NID_enhancedSearchGuide         885
+#define OBJ_enhancedSearchGuide         OBJ_X509,47L
+#define LN_protocolInformation          "protocolInformation"
+#define NID_protocolInformation         886
+#define OBJ_protocolInformation         OBJ_X509,48L
+#define LN_distinguishedName            "distinguishedName"
+#define NID_distinguishedName           887
+#define OBJ_distinguishedName           OBJ_X509,49L
+#define LN_uniqueMember         "uniqueMember"
+#define NID_uniqueMember                888
+#define OBJ_uniqueMember                OBJ_X509,50L
+#define LN_houseIdentifier              "houseIdentifier"
+#define NID_houseIdentifier             889
+#define OBJ_houseIdentifier             OBJ_X509,51L
+#define LN_supportedAlgorithms          "supportedAlgorithms"
+#define NID_supportedAlgorithms         890
+#define OBJ_supportedAlgorithms         OBJ_X509,52L
+#define LN_deltaRevocationList          "deltaRevocationList"
+#define NID_deltaRevocationList         891
+#define OBJ_deltaRevocationList         OBJ_X509,53L
+#define SN_dmdName              "dmdName"
+#define NID_dmdName             892
+#define OBJ_dmdName             OBJ_X509,54L
 #define LN_pseudonym            "pseudonym"
 #define NID_pseudonym           510
 #define OBJ_pseudonym           OBJ_X509,65L
diff --git a/src/lib/libcrypto/ocsp/Makefile b/src/lib/libcrypto/ocsp/Makefile
index 30a00b3372..60c414cf4d 100644
--- a/src/lib/libcrypto/ocsp/Makefile
+++ b/src/lib/libcrypto/ocsp/Makefile
@@ -36,7 +36,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -82,10 +82,9 @@ ocsp_asn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_asn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-ocsp_asn.o: ../../include/openssl/opensslconf.h
 ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 ocsp_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -98,25 +97,24 @@ ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_cl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_cl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_cl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_cl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_cl.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ocsp_cl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-ocsp_cl.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-ocsp_cl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c
+ocsp_cl.o: ../cryptlib.h ocsp_cl.c
 ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 ocsp_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 ocsp_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_err.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-ocsp_err.o: ../../include/openssl/opensslconf.h
 ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -129,9 +127,9 @@ ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_ext.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_ext.o: ../../include/openssl/opensslconf.h
 ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 ocsp_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -144,22 +142,21 @@ ocsp_ht.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_ht.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_ht.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_ht.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_ht.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_ht.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_ht.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_ht.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ocsp_ht.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-ocsp_ht.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_ht.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ocsp_ht.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_ht.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-ocsp_ht.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ht.o: ../../include/openssl/x509v3.h ocsp_ht.c
-ocsp_ht.o: ocsp_ht.c
 ocsp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-ocsp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ocsp_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ocsp_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-ocsp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 ocsp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 ocsp_lib.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
 ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -174,10 +171,9 @@ ocsp_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 ocsp_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 ocsp_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_prn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-ocsp_prn.o: ../../include/openssl/opensslconf.h
 ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -191,9 +187,9 @@ ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_srv.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_srv.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_srv.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_srv.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_srv.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_srv.o: ../../include/openssl/opensslconf.h
 ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -206,10 +202,9 @@ ocsp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 ocsp_vfy.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 ocsp_vfy.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_vfy.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-ocsp_vfy.o: ../../include/openssl/opensslconf.h
 ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 ocsp_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/src/lib/libcrypto/opensslconf.h b/src/lib/libcrypto/opensslconf.h
index 60505327d3..c21b3913f0 100644
--- a/src/lib/libcrypto/opensslconf.h
+++ b/src/lib/libcrypto/opensslconf.h
@@ -5,15 +5,6 @@
 #ifndef OPENSSL_DOING_MAKEDEPEND
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
 #ifndef OPENSSL_NO_GMP
 # define OPENSSL_NO_GMP
 #endif
@@ -23,8 +14,8 @@
 #ifndef OPENSSL_NO_KRB5
 # define OPENSSL_NO_KRB5
 #endif
-#ifndef OPENSSL_NO_MDC2
+#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MDC2
+# define OPENSSL_NO_MD2
 #endif
 #ifndef OPENSSL_NO_RC5
 # define OPENSSL_NO_RC5
@@ -32,8 +23,8 @@
 #ifndef OPENSSL_NO_RFC3779
 # define OPENSSL_NO_RFC3779
 #endif
-#ifndef OPENSSL_NO_SEED
+#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_SEED
+# define OPENSSL_NO_STORE
 #endif
 #endif /* OPENSSL_DOING_MAKEDEPEND */
@@ -47,15 +38,6 @@
   who haven't had the time to do the appropriate changes in their
   applications.  */
 #ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
-#  define NO_CMS
-# endif
 # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
 #  define NO_GMP
 # endif
@@ -65,8 +47,8 @@
 # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
 #  define NO_KRB5
 # endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MDC2
+#  define NO_MD2
 # endif
 # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
 #  define NO_RC5
@@ -74,28 +56,13 @@
 # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
 #  define NO_RFC3779
 # endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_SEED
+#  define NO_STORE
 # endif
 #endif
 /* crypto/opensslconf.h.in */
-#ifdef OPENSSL_DOING_MAKEDEPEND
-/* Include any symbols here that have to be explicitly set to enable a feature
- * that should be visible to makedepend.
- *
- * [Our "make depend" doesn't actually look at this, we use actual build settings
- * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
- */
-#ifndef OPENSSL_FIPS
-#define OPENSSL_FIPS
-#endif
-#endif
 /* Generate 80386 code? */
 #undef I386_ONLY
@@ -159,14 +126,9 @@
 /* Should we define BN_DIV2W here? */
 /* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
 #undef SIXTY_FOUR_BIT_LONG
 #undef SIXTY_FOUR_BIT
 #define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
 #endif
 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
diff --git a/src/lib/libcrypto/opensslconf.h.in b/src/lib/libcrypto/opensslconf.h.in
index 1c77f03c3d..97e3745563 100644
--- a/src/lib/libcrypto/opensslconf.h.in
+++ b/src/lib/libcrypto/opensslconf.h.in
@@ -1,20 +1,5 @@
 /* crypto/opensslconf.h.in */
-#ifdef OPENSSL_DOING_MAKEDEPEND
-/* Include any symbols here that have to be explicitly set to enable a feature
- * that should be visible to makedepend.
- *
- * [Our "make depend" doesn't actually look at this, we use actual build settings
- * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
- */
-#ifndef OPENSSL_FIPS
-#define OPENSSL_FIPS
-#endif
-#endif
 /* Generate 80386 code? */
 #undef I386_ONLY
@@ -78,14 +63,9 @@
 /* Should we define BN_DIV2W here? */
 /* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
 #undef SIXTY_FOUR_BIT_LONG
 #undef SIXTY_FOUR_BIT
 #define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
 #endif
 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
diff --git a/src/lib/libcrypto/pem/Makefile b/src/lib/libcrypto/pem/Makefile
index 669f36612c..2cc7801529 100644
--- a/src/lib/libcrypto/pem/Makefile
+++ b/src/lib/libcrypto/pem/Makefile
@@ -18,10 +18,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \
-        pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c
+        pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c
 LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \
-        pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o
+        pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o pvkfmt.o
 SRC= $(LIBSRC)
@@ -36,7 +36,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -83,39 +83,36 @@ pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 pem_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c
-pem_all.o: ../cryptlib.h pem_all.c
 pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pem_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pem_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pem_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pem_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-pem_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_err.o: ../../include/openssl/x509_vfy.h pem_err.c
-pem_err.o: pem_err.c
 pem_info.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_info.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 pem_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pem_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pem_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pem_info.o: ../../include/openssl/opensslconf.h
 pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
@@ -128,8 +125,8 @@ pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 pem_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -139,43 +136,43 @@ pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_lib.c
+pem_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+pem_lib.o: pem_lib.c
 pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_oth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_oth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_oth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_oth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_oth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-pem_oth.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-pem_oth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-pem_oth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_oth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_oth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_oth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_oth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_oth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_oth.c
-pem_oth.o: ../cryptlib.h pem_oth.c
 pem_pk8.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_pk8.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_pk8.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_pk8.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_pk8.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_pk8.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_pk8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-pem_pk8.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
-pem_pk8.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-pem_pk8.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+pem_pk8.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pem_pk8.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_pk8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pem_pk8.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_pk8.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pem_pk8.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pk8.c
+pem_pk8.o: ../cryptlib.h pem_pk8.c
 pem_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 pem_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 pem_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -184,15 +181,16 @@ pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 pem_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 pem_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pkey.c
+pem_pkey.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+pem_pkey.o: pem_pkey.c
 pem_seal.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_seal.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_seal.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_seal.o: ../../include/openssl/opensslconf.h
 pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -205,9 +203,9 @@ pem_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_sign.o: ../../include/openssl/opensslconf.h
 pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -220,9 +218,9 @@ pem_x509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_x509.o: ../../include/openssl/opensslconf.h
 pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -234,12 +232,27 @@ pem_xaux.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_xaux.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_xaux.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_xaux.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_xaux.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_xaux.o: ../../include/openssl/opensslconf.h
 pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pem_xaux.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 pem_xaux.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 pem_xaux.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_xaux.c
+pvkfmt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pvkfmt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pvkfmt.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+pvkfmt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pvkfmt.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pvkfmt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pvkfmt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pvkfmt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pvkfmt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pvkfmt.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pvkfmt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pvkfmt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pvkfmt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pvkfmt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pvkfmt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pvkfmt.c
diff --git a/src/lib/libcrypto/perlasm/x86nasm.pl b/src/lib/libcrypto/perlasm/x86nasm.pl
index fa38f89c09..ce2bed9bb2 100644
--- a/src/lib/libcrypto/perlasm/x86nasm.pl
+++ b/src/lib/libcrypto/perlasm/x86nasm.pl
@@ -1,455 +1,166 @@
-#!/usr/local/bin/perl
+#!/usr/bin/env perl
 package x86nasm;
-$label="L000";
+*out=\@::out;
-$under=($main'netware)?'':'_';
-%lb=(   'eax',  'al',
+$::lbdecor="L\$";               # local label decoration
-        'ebx',  'bl',
+$nmdecor=$::netware?"":"_";     # external name decoration
-        'ecx',  'cl',
+$drdecor=$::mwerks?".":"";      # directive decoration
-        'edx',  'dl',
-        'ax',   'al',
-        'bx',   'bl',
-        'cx',   'cl',
-        'dx',   'dl',
-        );
-%hb=(   'eax',  'ah',
+$initseg="";
-        'ebx',  'bh',
-        'ecx',  'ch',
-        'edx',  'dh',
-        'ax',   'ah',
-        'bx',   'bh',
-        'cx',   'ch',
-        'dx',   'dh',
-        );
-sub main'asm_init_output { @out=(); }
+sub ::generic
-sub main'asm_get_output { return(@out); }
+{ my $opcode=shift;
-sub main'get_labels { return(@labels); }
+  my $tmp;
-sub main'external_label
+    if (!$::mwerks)
-{
+    {   if    ($opcode =~ m/^j/o && $#_==0) # optimize jumps
-        push(@labels,@_);
+        {   $_[0] = "NEAR $_[0]";       }
-        foreach (@_) {
+        elsif ($opcode eq "lea" && $#_==1)  # wipe storage qualifier from lea
-                push(@out,".") if ($main'mwerks);
+        {   $_[1] =~ s/^[^\[]*\[/\[/o;  }
-                push(@out, "extern\t${under}$_\n");
+    }
-        }
+    &::emit($opcode,@_);
+  1;
 }
+#
-sub main'LB
+# opcodes not covered by ::generic above, mostly inconsistent namings...
-        {
+#
-        (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+sub ::call      { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
-        return($lb{$_[0]});
+sub ::call_ptr  { &::emit("call",@_);   }
-        }
+sub ::jmp_ptr   { &::emit("jmp",@_);    }
-sub main'HB
-        {
-        (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
-        return($hb{$_[0]});
-        }
-sub main'BP
-        {
-        &get_mem("BYTE",@_);
-        }
-sub main'DWP
-        {
-        &get_mem("DWORD",@_);
-        }
-sub main'QWP
-        {
-        &get_mem("",@_);
-        }
-sub main'BC
-        {
-        return (($main'mwerks)?"":"BYTE ")."@_";
-        }
-sub main'DWC
-        {
-        return (($main'mwerks)?"":"DWORD ")."@_";
-        }
-sub main'stack_push
-        {
-        my($num)=@_;
-        $stack+=$num*4;
-        &main'sub("esp",$num*4);
-        }
-sub main'stack_pop
-        {
-        my($num)=@_;
-        $stack-=$num*4;
-        &main'add("esp",$num*4);
-        }
 sub get_mem
-        {
+{ my($size,$addr,$reg1,$reg2,$idx)=@_;
-        my($size,$addr,$reg1,$reg2,$idx)=@_;
+  my($post,$ret);
-        my($t,$post);
-        my($ret)=$size;
+    if ($size ne "")
-        if ($ret ne "")
+    {   $ret .= "$size";
-                {
+        $ret .= " PTR" if ($::mwerks);
-                $ret .= " PTR" if ($main'mwerks);
+        $ret .= " ";
-                $ret .= " ";
+    }
-                }
+    $ret .= "[";
-        $ret .= "[";
-        $addr =~ s/^\s+//;
+    $addr =~ s/^\s+//;
-        if ($addr =~ /^(.+)\+(.+)$/)
+    # prepend global references with optional underscore
-                {
+    $addr =~ s/^([^\+\-0-9][^\+\-]*)/::islabel($1) or "$nmdecor$1"/ige;
-                $reg2=&conv($1);
+    # put address arithmetic expression in parenthesis
-                $addr="$under$2";
+    $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
-                }
-        elsif ($addr =~ /^[_a-z][_a-z0-9]*$/i)
+    if (($addr ne "") && ($addr ne 0))
-                {
+    {   if ($addr !~ /^-/)      { $ret .= "$addr+"; }
-                $addr="$under$addr";
+        else                    { $post=$addr;      }
-                }
+    }
-        if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; }
+    if ($reg2 ne "")
+    {   $idx!=0 or $idx=1;
-        $reg1="$regs{$reg1}" if defined($regs{$reg1});
+        $ret .= "$reg2*$idx";
-        $reg2="$regs{$reg2}" if defined($regs{$reg2});
+        $ret .= "+$reg1" if ($reg1 ne "");
-        if (($addr ne "") && ($addr ne 0))
+    }
-                {
+    else
-                if ($addr !~ /^-/)
+    {   $ret .= "$reg1";   }
-                        { $ret.="${addr}+"; }
-                else    { $post=$addr; }
+    $ret .= "$post]";
-                }
+    $ret =~ s/\+\]/]/; # in case $addr was the only argument
-        if ($reg2 ne "")
-                {
+  $ret;
-                $t="";
+}
-                $t="*$idx" if ($idx != 0);
+sub ::BP        { &get_mem("BYTE",@_);  }
-                $reg1="+".$reg1 if ("$reg1$post" ne "");
+sub ::DWP       { &get_mem("DWORD",@_); }
-                $ret.="$reg2$t$reg1$post]";
+sub ::QWP       { &get_mem("",@_);      }
-                }
+sub ::BC        { (($::mwerks)?"":"BYTE ")."@_";  }
-        else
+sub ::DWC       { (($::mwerks)?"":"DWORD ")."@_"; }
-                {
-                $ret.="$reg1$post]"
+sub ::file
-                }
+{   if ($::mwerks)      { push(@out,".section\t.text,64\n"); }
-        $ret =~ s/\+\]/]/; # in case $addr was the only argument
+    else
-        return($ret);
+    { my $tmp=<<___;
-        }
+%ifidn __OUTPUT_FORMAT__,obj
+section code    use32 class=code align=64
-sub main'mov    { &out2("mov",@_); }
+%elifidn __OUTPUT_FORMAT__,win32
-sub main'movb   { &out2("mov",@_); }
+\$\@feat.00 equ 1
-sub main'and    { &out2("and",@_); }
+section .text   code align=64
-sub main'or     { &out2("or",@_); }
-sub main'shl    { &out2("shl",@_); }
-sub main'shr    { &out2("shr",@_); }
-sub main'xor    { &out2("xor",@_); }
-sub main'xorb   { &out2("xor",@_); }
-sub main'add    { &out2("add",@_); }
-sub main'adc    { &out2("adc",@_); }
-sub main'sub    { &out2("sub",@_); }
-sub main'sbb    { &out2("sbb",@_); }
-sub main'rotl   { &out2("rol",@_); }
-sub main'rotr   { &out2("ror",@_); }
-sub main'exch   { &out2("xchg",@_); }
-sub main'cmp    { &out2("cmp",@_); }
-sub main'lea    { &out2("lea",@_); }
-sub main'mul    { &out1("mul",@_); }
-sub main'imul   { &out2("imul",@_); }
-sub main'div    { &out1("div",@_); }
-sub main'dec    { &out1("dec",@_); }
-sub main'inc    { &out1("inc",@_); }
-sub main'jmp    { &out1("jmp",@_); }
-sub main'jmp_ptr { &out1p("jmp",@_); }
-# This is a bit of a kludge: declare all branches as NEAR.
-$near=($main'mwerks)?'':'NEAR';
-sub main'je     { &out1("je $near",@_); }
-sub main'jle    { &out1("jle $near",@_); }
-sub main'jz     { &out1("jz $near",@_); }
-sub main'jge    { &out1("jge $near",@_); }
-sub main'jl     { &out1("jl $near",@_); }
-sub main'ja     { &out1("ja $near",@_); }
-sub main'jae    { &out1("jae $near",@_); }
-sub main'jb     { &out1("jb $near",@_); }
-sub main'jbe    { &out1("jbe $near",@_); }
-sub main'jc     { &out1("jc $near",@_); }
-sub main'jnc    { &out1("jnc $near",@_); }
-sub main'jnz    { &out1("jnz $near",@_); }
-sub main'jne    { &out1("jne $near",@_); }
-sub main'jno    { &out1("jno $near",@_); }
-sub main'push   { &out1("push",@_); $stack+=4; }
-sub main'pop    { &out1("pop",@_); $stack-=4; }
-sub main'pushf  { &out0("pushfd"); $stack+=4; }
-sub main'popf   { &out0("popfd"); $stack-=4; }
-sub main'bswap  { &out1("bswap",@_); &using486(); }
-sub main'not    { &out1("not",@_); }
-sub main'call   { &out1("call",($_[0]=~/^\@L/?'':$under).$_[0]); }
-sub main'call_ptr { &out1p("call",@_); }
-sub main'ret    { &out0("ret"); }
-sub main'nop    { &out0("nop"); }
-sub main'test   { &out2("test",@_); }
-sub main'bt     { &out2("bt",@_); }
-sub main'leave  { &out0("leave"); }
-sub main'cpuid  { &out0("cpuid"); }
-sub main'rdtsc  { &out0("rdtsc"); }
-sub main'halt   { &out0("hlt"); }
-sub main'movz   { &out2("movzx",@_); }
-sub main'neg    { &out1("neg",@_); }
-sub main'cld    { &out0("cld"); }
-# SSE2
-sub main'emms   { &out0("emms"); }
-sub main'movd   { &out2("movd",@_); }
-sub main'movq   { &out2("movq",@_); }
-sub main'movdqu { &out2("movdqu",@_); }
-sub main'movdqa { &out2("movdqa",@_); }
-sub main'movdq2q{ &out2("movdq2q",@_); }
-sub main'movq2dq{ &out2("movq2dq",@_); }
-sub main'paddq  { &out2("paddq",@_); }
-sub main'pmuludq{ &out2("pmuludq",@_); }
-sub main'psrlq  { &out2("psrlq",@_); }
-sub main'psllq  { &out2("psllq",@_); }
-sub main'pxor   { &out2("pxor",@_); }
-sub main'por    { &out2("por",@_); }
-sub main'pand   { &out2("pand",@_); }
-sub out2
-        {
-        my($name,$p1,$p2)=@_;
-        my($l,$t);
-        push(@out,"\t$name\t");
-        if (!$main'mwerks and $name eq "lea")
-                {
-                $p1 =~ s/^[^\[]*\[/\[/;
-                $p2 =~ s/^[^\[]*\[/\[/;
-                }
-        $t=&conv($p1).",";
-        $l=length($t);
-        push(@out,$t);
-        $l=4-($l+9)/8;
-        push(@out,"\t" x $l);
-        push(@out,&conv($p2));
-        push(@out,"\n");
-        }
-sub out0
-        {
-        my($name)=@_;
-        push(@out,"\t$name\n");
-        }
-sub out1
-        {
-        my($name,$p1)=@_;
-        my($l,$t);
-        push(@out,"\t$name\t".&conv($p1)."\n");
-        }
-sub conv
-        {
-        my($p)=@_;
-        $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
-        return $p;
-        }
-sub using486
-        {
-        return if $using486;
-        $using486++;
-        grep(s/\.386/\.486/,@out);
-        }
-sub main'file
-        {
-        if ($main'mwerks)       { push(@out,".section\t.text\n"); }
-        else    {
-                local $tmp=<<___;
-%ifdef __omf__
-section code    use32 class=code
 %else
-section .text
+section .text   code
 %endif
 ___
-                push(@out,$tmp);
-                }
-        }
-sub main'function_begin
-        {
-        my($func,$extra)=@_;
-        push(@labels,$func);
-        push(@out,".") if ($main'mwerks);
-        my($tmp)=<<"EOF";
-global  $under$func
-$under$func:
-        push    ebp
-        push    ebx
-        push    esi
-        push    edi
-EOF
-        push(@out,$tmp);
-        $stack=20;
-        }
-sub main'function_begin_B
-        {
-        my($func,$extra)=@_;
-        push(@out,".") if ($main'mwerks);
-        my($tmp)=<<"EOF";
-global  $under$func
-$under$func:
-EOF
-        push(@out,$tmp);
-        $stack=4;
-        }
-sub main'function_end
-        {
-        my($func)=@_;
-        my($tmp)=<<"EOF";
-        pop     edi
-        pop     esi
-        pop     ebx
-        pop     ebp
-        ret
-EOF
        push(@out,$tmp);
-        $stack=0;
+    }
-        %label=();
+}
-        }
-sub main'function_end_B
-        {
-        $stack=0;
-        %label=();
-        }
-sub main'function_end_A
-        {
-        my($func)=@_;
-        my($tmp)=<<"EOF";
-        pop     edi
-        pop     esi
-        pop     ebx
-        pop     ebp
-        ret
-EOF
-        push(@out,$tmp);
-        }
-sub main'file_end
-        {
-        }
-sub main'wparam
-        {
-        my($num)=@_;
-        return(&main'DWP($stack+$num*4,"esp","",0));
-        }
-sub main'swtmp
+sub ::function_begin_B
-        {
+{ my $func=shift;
-        return(&main'DWP($_[0]*4,"esp","",0));
+  my $global=($func !~ /^_/);
-        }
+  my $begin="${::lbdecor}_${func}_begin";
-# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+    $begin =~ s/^\@/./ if ($::mwerks);  # the torture never stops
-#sub main'wtmp
-#       {
-#       my($num)=@_;
-#
-#       return(&main'DWP(-(($num+1)*4),"esp","",0));
-#       }
-sub main'comment
+    &::LABEL($func,$global?"$begin":"$nmdecor$func");
-        {
+    $func=$nmdecor.$func;
-        foreach (@_)
-                {
-                push(@out,"\t; $_\n");
-                }
-        }
-sub main'public_label
+    push(@out,"${drdecor}global $func\n")       if ($global);
-        {
+    push(@out,"${drdecor}align  16\n");
-        $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]}));
+    push(@out,"$func:\n");
-        push(@out,".") if ($main'mwerks);
+    push(@out,"$begin:\n")                      if ($global);
-        push(@out,"global\t$label{$_[0]}\n");
+    $::stack=4;
-        }
+}
-sub main'label
+sub ::function_end_B
-        {
+{   $::stack=0;
-        if (!defined($label{$_[0]}))
+    &::wipe_labels();
-                {
+}
-                $label{$_[0]}="\@${label}${_[0]}";
-                $label++;
-                }
-        return($label{$_[0]});
-        }
-sub main'set_label
+sub ::file_end
-        {
+{   if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
-        if (!defined($label{$_[0]}))
+    {   my $comm=<<___;
-                {
+${drdecor}segment       .bss
-                $label{$_[0]}="\@${label}${_[0]}";
+${drdecor}common        ${nmdecor}OPENSSL_ia32cap_P 4
-                $label++;
+___
-                }
+        # comment out OPENSSL_ia32cap_P declarations
-        if ($_[1]!=0 && $_[1]>1)
+        grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out;
-                {
+        push (@out,$comm)
-                main'align($_[1]);
+    }
-                }
+    push (@out,$initseg) if ($initseg);         
-        push(@out,"$label{$_[0]}:\n");
+}
-        }
-sub main'data_byte
+sub ::comment {   foreach (@_) { push(@out,"\t; $_\n"); }   }
-        {
-        push(@out,(($main'mwerks)?".byte\t":"DB\t").join(',',@_)."\n");
-        }
-sub main'data_word
+sub ::external_label
-        {
+{   foreach(@_)
-        push(@out,(($main'mwerks)?".long\t":"DD\t").join(',',@_)."\n");
+    {   push(@out,"${drdecor}extern\t".&::LABEL($_,$nmdecor.$_)."\n");   }
-        }
+}
-sub main'align
+sub ::public_label
-        {
+{   push(@out,"${drdecor}global\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");  }
-        push(@out,".") if ($main'mwerks);
-        push(@out,"align\t$_[0]\n");
-        }
-sub out1p
+sub ::data_byte
-        {
+{   push(@out,(($::mwerks)?".byte\t":"db\t").join(',',@_)."\n");        }
-        my($name,$p1)=@_;
-        my($l,$t);
-        push(@out,"\t$name\t".&conv($p1)."\n");
+sub ::data_word
-        }
+{   push(@out,(($::mwerks)?".long\t":"dd\t").join(',',@_)."\n");        }
-sub main'picmeup
+sub ::align
-        {
+{   push(@out,"${drdecor}align\t$_[0]\n");      }
-        local($dst,$sym)=@_;
-        &main'lea($dst,&main'DWP($sym));
-        }
-sub main'blindpop { &out1("pop",@_); }
+sub ::picmeup
+{ my($dst,$sym)=@_;
+    &::lea($dst,&::DWP($sym));
+}
-sub main'initseg
+sub ::initseg
-        {
+{ my $f=$nmdecor.shift;
-        local($f)=@_;
+    if ($::win32)
-        if ($main'win32)
+    {   $initseg=<<___;
-                {
+segment .CRT\$XCU data align=4
-                local($tmp)=<<___;
+extern  $f
-segment .CRT\$XCU data
+dd      $f
-extern  $under$f
-DD      $under$f
 ___
-                push(@out,$tmp);
+    }
-                }
+}
-        }
+sub ::dataseg
+{   if ($mwerks)        { push(@out,".section\t.data,4\n");   }
+    else                { push(@out,"section\t.data align=4\n"); }
+}
 1;
diff --git a/src/lib/libcrypto/pkcs12/Makefile b/src/lib/libcrypto/pkcs12/Makefile
index eed226b30d..3a7498fe7a 100644
--- a/src/lib/libcrypto/pkcs12/Makefile
+++ b/src/lib/libcrypto/pkcs12/Makefile
@@ -39,7 +39,7 @@ test:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -85,37 +85,36 @@ p12_add.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_add.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_add.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_add.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_add.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_add.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_add.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_add.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_add.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_add.c
-p12_add.o: ../cryptlib.h p12_add.c
 p12_asn.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p12_asn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p12_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p12_asn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_asn.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_asn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p12_asn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-p12_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_asn.c
+p12_asn.o: ../cryptlib.h p12_asn.c
 p12_attr.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_attr.o: ../../include/openssl/opensslconf.h
 p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -127,9 +126,9 @@ p12_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_crpt.o: ../../include/openssl/opensslconf.h
 p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -141,23 +140,22 @@ p12_crt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_crt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_crt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_crt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_crt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_crt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_crt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_crt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crt.c
-p12_crt.o: ../cryptlib.h p12_crt.c
 p12_decr.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_decr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_decr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_decr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_decr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_decr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_decr.o: ../../include/openssl/opensslconf.h
 p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -169,9 +167,9 @@ p12_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_init.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_init.o: ../../include/openssl/opensslconf.h
 p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -184,22 +182,22 @@ p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p12_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p12_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p12_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p12_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_key.c
+p12_key.o: ../cryptlib.h p12_key.c
 p12_kiss.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_kiss.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_kiss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_kiss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_kiss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_kiss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_kiss.o: ../../include/openssl/opensslconf.h
 p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -211,10 +209,9 @@ p12_mutl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_mutl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_mutl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_mutl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_mutl.o: ../../include/openssl/opensslconf.h
 p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
@@ -226,9 +223,8 @@ p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p12_npas.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_npas.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_npas.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_npas.o: ../../include/openssl/opensslconf.h
 p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
@@ -241,53 +237,50 @@ p12_p8d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_p8d.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_p8d.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_p8d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_p8d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_p8d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_p8d.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_p8d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_p8d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8d.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_p8d.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8d.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8d.c
-p12_p8d.o: ../cryptlib.h p12_p8d.c
 p12_p8e.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_p8e.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_p8e.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_p8e.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_p8e.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_p8e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_p8e.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_p8e.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_p8e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_p8e.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_p8e.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8e.c
-p12_p8e.o: ../cryptlib.h p12_p8e.c
 p12_utl.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_utl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_utl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_utl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_utl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_utl.c
-p12_utl.o: ../cryptlib.h p12_utl.c
 pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk12err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk12err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk12err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pk12err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pk12err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pk12err.o: ../../include/openssl/x509_vfy.h pk12err.c
+pk12err.o: pk12err.c
diff --git a/src/lib/libcrypto/pkcs7/Makefile b/src/lib/libcrypto/pkcs7/Makefile
index 790d8edf36..56dc6823d1 100644
--- a/src/lib/libcrypto/pkcs7/Makefile
+++ b/src/lib/libcrypto/pkcs7/Makefile
@@ -21,9 +21,9 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \
-        pk7_mime.c
+        pk7_mime.c bio_pk7.c
 LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \
-        pk7_mime.o
+        pk7_mime.o bio_pk7.o
 SRC= $(LIBSRC)
@@ -54,7 +54,7 @@ verify: verify.o example.o lib
        $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -95,26 +95,31 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+bio_pk7.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_pk7.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bio_pk7.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_pk7.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+bio_pk7.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_pk7.o: ../../include/openssl/symhacks.h bio_pk7.c
 pk7_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 pk7_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 pk7_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk7_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk7_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pk7_asn1.o: ../../include/openssl/opensslconf.h
 pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 pk7_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 pk7_asn1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_asn1.c
-pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-pk7_attr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk7_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-pk7_attr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk7_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pk7_attr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 pk7_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 pk7_attr.o: ../../include/openssl/opensslconf.h
 pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -129,9 +134,8 @@ pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk7_doit.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_doit.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk7_doit.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pk7_doit.o: ../../include/openssl/opensslconf.h
 pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -143,22 +147,22 @@ pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pk7_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pk7_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pk7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-pk7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c
+pk7_lib.o: ../asn1/asn1_locl.h ../cryptlib.h pk7_lib.c
 pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h
 pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pk7_mime.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pk7_mime.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pk7_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pk7_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_mime.o: ../../include/openssl/opensslconf.h
 pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -171,8 +175,8 @@ pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk7_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_smime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk7_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_smime.o: ../../include/openssl/objects.h
 pk7_smime.o: ../../include/openssl/opensslconf.h
 pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
diff --git a/src/lib/libcrypto/rand/Makefile b/src/lib/libcrypto/rand/Makefile
index 30794305cb..27694aa664 100644
--- a/src/lib/libcrypto/rand/Makefile
+++ b/src/lib/libcrypto/rand/Makefile
@@ -17,9 +17,9 @@ TEST= randtest.c
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC=md_rand.c randfile.c rand_lib.c rand_eng.c rand_err.c rand_egd.c \
+LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
        rand_win.c rand_unix.c rand_os2.c rand_nw.c
-LIBOBJ=md_rand.o randfile.o rand_lib.o rand_eng.o rand_err.o rand_egd.o \
+LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \
        rand_win.o rand_unix.o rand_os2.o rand_nw.o
 SRC= $(LIBSRC)
@@ -35,7 +35,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -79,34 +79,17 @@ clean:
 md_rand.o: ../../e_os.h ../../include/openssl/asn1.h
 md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-md_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+md_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-md_rand.o: ../../include/openssl/symhacks.h md_rand.c rand_lcl.h
+md_rand.o: md_rand.c rand_lcl.h
 rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h
 rand_egd.o: ../../include/openssl/opensslconf.h
 rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
 rand_egd.o: rand_egd.c
-rand_eng.o: ../../e_os.h ../../include/openssl/asn1.h
-rand_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-rand_eng.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-rand_eng.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
-rand_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-rand_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-rand_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_eng.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-rand_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rand_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rand_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-rand_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-rand_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rand_eng.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-rand_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-rand_eng.o: ../cryptlib.h rand_eng.c rand_lcl.h
 rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
@@ -116,39 +99,34 @@ rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rand_err.o: rand_err.c
 rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h
 rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-rand_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 rand_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
 rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rand_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-rand_lib.o: ../cryptlib.h rand_lcl.h rand_lib.c
+rand_lib.o: ../cryptlib.h rand_lib.c
 rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h
 rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_nw.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_nw.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_nw.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rand_nw.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rand_nw.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-rand_nw.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rand_nw.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c
-rand_nw.o: ../cryptlib.h rand_lcl.h rand_nw.c
 rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h
 rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_os2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rand_os2.o: ../../include/openssl/opensslconf.h
 rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -158,8 +136,8 @@ rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h
 rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_unix.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_unix.o: ../../include/openssl/objects.h
 rand_unix.o: ../../include/openssl/opensslconf.h
 rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
@@ -170,9 +148,8 @@ rand_win.o: ../../e_os.h ../../include/openssl/asn1.h
 rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_win.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rand_win.o: ../../include/openssl/opensslconf.h
 rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
index 0f8dd3e00f..88088ce73c 100644
--- a/src/lib/libcrypto/rand/md_rand.c
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -126,10 +126,6 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #ifdef BN_DEBUG
 # define PREDICT
@@ -149,7 +145,7 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
                                           * holds CRYPTO_LOCK_RAND
                                           * (to prevent double locking) */
 /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
-static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
+static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
 #ifdef PREDICT
@@ -217,8 +213,10 @@ static void ssleay_rand_add(const void *buf, int num, double add)
        /* check if we already have the lock */
        if (crypto_lock_rand)
                {
+                CRYPTO_THREADID cur;
+                CRYPTO_THREADID_current(&cur);
                CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-                do_not_lock = (locking_thread == CRYPTO_thread_id());
+                do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
                CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
                }
        else
@@ -274,8 +272,16 @@ static void ssleay_rand_add(const void *buf, int num, double add)
                        }
                else
                        MD_Update(&m,&(state[st_idx]),j);
-                        
+                /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
                MD_Update(&m,buf,j);
+                /* We know that line may cause programs such as
+                   purify and valgrind to complain about use of
+                   uninitialized data.  The problem is not, it's
+                   with the caller.  Removing that line will make
+                   sure you get really bad randomness and thereby
+                   other problems such as very insecure keys. */
                MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
                MD_Final(&m,local_md);
                md_c[1]++;
@@ -336,14 +342,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 #endif
        int do_stir_pool = 0;
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode())
-            {
-            FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
-            return 0;
-            }
-#endif
 #ifdef PREDICT
        if (rand_predictable)
                {
@@ -384,7 +382,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
        /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
        CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-        locking_thread = CRYPTO_thread_id();
+        CRYPTO_THREADID_current(&locking_threadid);
        CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
        crypto_lock_rand = 1;
@@ -476,9 +474,15 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 #endif
                MD_Update(&m,local_md,MD_DIGEST_LENGTH);
                MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-#ifndef PURIFY
-                MD_Update(&m,buf,j); /* purify complains */
+#ifndef PURIFY /* purify complains */
+                /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
+                MD_Update(&m,buf,j);
+                /* We know that line may cause programs such as
+                   purify and valgrind to complain about use of
+                   uninitialized data.  */
 #endif
                k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
                if (k > 0)
                        {
@@ -539,15 +543,17 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
 static int ssleay_rand_status(void)
        {
+        CRYPTO_THREADID cur;
        int ret;
        int do_not_lock;
+        CRYPTO_THREADID_current(&cur);
        /* check if we already have the lock
         * (could happen if a RAND_poll() implementation calls RAND_status()) */
        if (crypto_lock_rand)
                {
                CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-                do_not_lock = (locking_thread == CRYPTO_thread_id());
+                do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
                CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
                }
        else
@@ -559,7 +565,7 @@ static int ssleay_rand_status(void)
                
                /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
                CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-                locking_thread = CRYPTO_thread_id();
+                CRYPTO_THREADID_cpy(&locking_threadid, &cur);
                CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
                crypto_lock_rand = 1;
                }
diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c
index 50bce6caba..d53b916ebe 100644
--- a/src/lib/libcrypto/rand/rand_egd.c
+++ b/src/lib/libcrypto/rand/rand_egd.c
@@ -95,7 +95,7 @@
 *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
 */
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS)
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
        {
        return(-1);
diff --git a/src/lib/libcrypto/rand/rand_lcl.h b/src/lib/libcrypto/rand/rand_lcl.h
index 18cc9b1e4a..618a8ec899 100644
--- a/src/lib/libcrypto/rand/rand_lcl.h
+++ b/src/lib/libcrypto/rand/rand_lcl.h
@@ -154,16 +154,5 @@
 #define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
 #endif
-#ifndef OPENSSL_NO_ENGINE
-void int_RAND_set_callbacks(
-        int (*set_rand_func)(const RAND_METHOD *meth,
-                                                const RAND_METHOD **pmeth),
-        const RAND_METHOD *(*get_rand_func)
-                                                (const RAND_METHOD **pmeth));
-int eng_RAND_set_rand_method(const RAND_METHOD *meth,
-                                const RAND_METHOD **pmeth);
-const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth);
-#endif
 #endif
diff --git a/src/lib/libcrypto/rand/rand_os2.c b/src/lib/libcrypto/rand/rand_os2.c
index c3e36d4e5e..fc1e78b179 100644
--- a/src/lib/libcrypto/rand/rand_os2.c
+++ b/src/lib/libcrypto/rand/rand_os2.c
@@ -78,8 +78,10 @@ typedef struct _CPUUTIL {
    ULONG ulIntrHigh;           /* High 32 bits of interrupt time */
 } CPUUTIL;
+#ifndef __KLIBC__
 APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL;
 APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL;
+#endif
 HMODULE hDoscalls = 0;
 int RAND_poll(void)
@@ -91,6 +93,7 @@ int RAND_poll(void)
    if (hDoscalls == 0) {
        ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls);
+#ifndef __KLIBC__
        if (rc == 0) {
            rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall);
@@ -102,6 +105,7 @@ int RAND_poll(void)
            if (rc)
                DosQuerySysState = NULL;
        }
+#endif
    }
    /* Sample the hi-res timer, runs at around 1.1 MHz */
@@ -122,7 +126,9 @@ int RAND_poll(void)
            RAND_add(&util, sizeof(util), 10);
        }
        else {
+#ifndef __KLIBC__
            DosPerfSysCall = NULL;
+#endif
        }
    }
diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c
index 71b98ec212..e9ead3a529 100644
--- a/src/lib/libcrypto/rand/rand_unix.c
+++ b/src/lib/libcrypto/rand/rand_unix.c
@@ -133,7 +133,50 @@
 # define FD_SETSIZE (8*sizeof(fd_set))
 #endif
-#ifdef __OpenBSD__
+#ifdef __VOS__
+int RAND_poll(void)
+{
+        unsigned char buf[ENTROPY_NEEDED];
+        pid_t curr_pid;
+        uid_t curr_uid;
+        static int first=1;
+        int i;
+        long rnd = 0;
+        struct timespec ts;
+        unsigned seed;
+/* The VOS random() function starts from a static seed so its
+   initial value is predictable.  If random() returns the
+   initial value, reseed it with dynamic data.  The VOS
+   real-time clock has a granularity of 1 nsec so it should be
+   reasonably difficult to predict its exact value.  Do not
+   gratuitously reseed the PRNG because other code in this
+   process or thread may be using it.  */
+        if (first) {
+                first = 0;
+                rnd = random ();
+                if (rnd == 1804289383) {
+                        clock_gettime (CLOCK_REALTIME, &ts);
+                        curr_pid = getpid();
+                        curr_uid = getuid();
+                        seed = ts.tv_sec ^ ts.tv_nsec ^ curr_pid ^ curr_uid;
+                        srandom (seed);
+                }
+        }
+        for (i = 0; i < sizeof(buf); i++) {
+                if (i % 4 == 0)
+                        rnd = random();
+                buf[i] = rnd;
+                rnd >>= 8;
+        }
+        RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
+        memset(buf, 0, sizeof(buf));
+        return 1;
+}
+#elif defined __OpenBSD__
 int RAND_poll(void)
 {
        u_int32_t rnd = 0, i;
@@ -163,7 +206,7 @@ int RAND_poll(void)
        static const char *randomfiles[] = { DEVRANDOM };
        struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
        int fd;
-        size_t i;
+        unsigned int i;
 #endif
 #ifdef DEVRANDOM_EGD
        static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
@@ -176,7 +219,8 @@ int RAND_poll(void)
         * have this. Use /dev/urandom if you can as /dev/random may block
         * if it runs out of random entries.  */
-        for (i=0; i<sizeof(randomfiles)/sizeof(randomfiles[0]) && n < ENTROPY_NEEDED; i++)
+        for (i = 0; (i < sizeof(randomfiles)/sizeof(randomfiles[0])) &&
+                        (n < ENTROPY_NEEDED); i++)
                {
                if ((fd = open(randomfiles[i], O_RDONLY
 #ifdef O_NONBLOCK
@@ -193,7 +237,7 @@ int RAND_poll(void)
                        {
                        int usec = 10*1000; /* spend 10ms on each file */
                        int r;
-                        size_t j;
+                        unsigned int j;
                        struct stat *st=&randomstats[i];
                        /* Avoid using same input... Used to be O_NOFOLLOW
@@ -211,7 +255,12 @@ int RAND_poll(void)
                                {
                                int try_read = 0;
-#if defined(OPENSSL_SYS_LINUX)
+#if defined(OPENSSL_SYS_BEOS_R5)
+                                /* select() is broken in BeOS R5, so we simply
+                                 *  try to read something and snooze if we couldn't */
+                                try_read = 1;
+#elif defined(OPENSSL_SYS_LINUX)
                                /* use poll() */
                                struct pollfd pset;
                                
@@ -258,6 +307,10 @@ int RAND_poll(void)
                                        r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n);
                                        if (r > 0)
                                                n += r;
+#if defined(OPENSSL_SYS_BEOS_R5)
+                                        if (r == 0)
+                                                snooze(t.tv_usec);
+#endif
                                        }
                                else
                                        r = -1;
@@ -311,6 +364,14 @@ int RAND_poll(void)
        l=time(NULL);
        RAND_add(&l,sizeof(l),0.0);
+#if defined(OPENSSL_SYS_BEOS)
+        {
+        system_info sysInfo;
+        get_system_info(&sysInfo);
+        RAND_add(&sysInfo,sizeof(sysInfo),0);
+        }
+#endif
 #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
        return 1;
 #else
diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c
index 00dbe4232c..5d134e186b 100644
--- a/src/lib/libcrypto/rand/rand_win.c
+++ b/src/lib/libcrypto/rand/rand_win.c
@@ -463,7 +463,7 @@ int RAND_poll(void)
                PROCESSENTRY32 p;
                THREADENTRY32 t;
                MODULEENTRY32 m;
-                DWORD stoptime = 0;
+                DWORD starttime = 0;
                snap = (CREATETOOLHELP32SNAPSHOT)
                        GetProcAddress(kernel, "CreateToolhelp32Snapshot");
@@ -494,12 +494,29 @@ int RAND_poll(void)
                         * each entry.  Consider each field a source of 1 byte
                         * of entropy.
                         */
+                        ZeroMemory(&hlist, sizeof(HEAPLIST32));
                        hlist.dwSize = sizeof(HEAPLIST32);              
-                        if (good) stoptime = GetTickCount() + MAXDELAY;
+                        if (good) starttime = GetTickCount();
+#ifdef _MSC_VER
                        if (heaplist_first(handle, &hlist))
+                                {
+                                /*
+                                   following discussion on dev ML, exception on WinCE (or other Win
+                                   platform) is theoretically of unknown origin; prevent infinite
+                                   loop here when this theoretical case occurs; otherwise cope with
+                                   the expected (MSDN documented) exception-throwing behaviour of
+                                   Heap32Next() on WinCE.
+                                   based on patch in original message by Tanguy Fautré (2009/03/02)
+                                   Subject: RAND_poll() and CreateToolhelp32Snapshot() stability
+                             */
+                                int ex_cnt_limit = 42; 
                                do
                                        {
                                        RAND_add(&hlist, hlist.dwSize, 3);
+                                        __try
+                                                {
+                                                ZeroMemory(&hentry, sizeof(HEAPENTRY32));
                                        hentry.dwSize = sizeof(HEAPENTRY32);
                                        if (heap_first(&hentry,
                                                hlist.th32ProcessID,
@@ -510,10 +527,42 @@ int RAND_poll(void)
                                                        RAND_add(&hentry,
                                                                hentry.dwSize, 5);
                                                while (heap_next(&hentry)
+                                                && (!good || (GetTickCount()-starttime)<MAXDELAY)
                                                        && --entrycnt > 0);
                                                }
-                                        } while (heaplist_next(handle,
+                                                }
-                                                &hlist) && GetTickCount() < stoptime);
+                                        __except (EXCEPTION_EXECUTE_HANDLER)
+                                                {
+                                                        /* ignore access violations when walking the heap list */
+                                                        ex_cnt_limit--;
+                                                }
+                                        } while (heaplist_next(handle, &hlist) 
+                                                && (!good || (GetTickCount()-starttime)<MAXDELAY)
+                                                && ex_cnt_limit > 0);
+                                }
+#else
+                        if (heaplist_first(handle, &hlist))
+                                {
+                                do
+                                        {
+                                        RAND_add(&hlist, hlist.dwSize, 3);
+                                        hentry.dwSize = sizeof(HEAPENTRY32);
+                                        if (heap_first(&hentry,
+                                                hlist.th32ProcessID,
+                                                hlist.th32HeapID))
+                                                {
+                                                int entrycnt = 80;
+                                                do
+                                                        RAND_add(&hentry,
+                                                                hentry.dwSize, 5);
+                                                while (heap_next(&hentry)
+                                                        && --entrycnt > 0);
+                                                }
+                                        } while (heaplist_next(handle, &hlist) 
+                                                && (!good || (GetTickCount()-starttime)<MAXDELAY));
+                                }
+#endif
                        /* process walking */
                        /* PROCESSENTRY32 contains 9 fields that will change
@@ -522,11 +571,11 @@ int RAND_poll(void)
                         */
                        p.dwSize = sizeof(PROCESSENTRY32);
                
-                        if (good) stoptime = GetTickCount() + MAXDELAY;
+                        if (good) starttime = GetTickCount();
                        if (process_first(handle, &p))
                                do
                                        RAND_add(&p, p.dwSize, 9);
-                                while (process_next(handle, &p) && GetTickCount() < stoptime);
+                                while (process_next(handle, &p) && (!good || (GetTickCount()-starttime)<MAXDELAY));
                        /* thread walking */
                        /* THREADENTRY32 contains 6 fields that will change
@@ -534,11 +583,11 @@ int RAND_poll(void)
                         * 1 byte of entropy.
                         */
                        t.dwSize = sizeof(THREADENTRY32);
-                        if (good) stoptime = GetTickCount() + MAXDELAY;
+                        if (good) starttime = GetTickCount();
                        if (thread_first(handle, &t))
                                do
                                        RAND_add(&t, t.dwSize, 6);
-                                while (thread_next(handle, &t) && GetTickCount() < stoptime);
+                                while (thread_next(handle, &t) && (!good || (GetTickCount()-starttime)<MAXDELAY));
                        /* module walking */
                        /* MODULEENTRY32 contains 9 fields that will change
@@ -546,12 +595,12 @@ int RAND_poll(void)
                         * 1 byte of entropy.
                         */
                        m.dwSize = sizeof(MODULEENTRY32);
-                        if (good) stoptime = GetTickCount() + MAXDELAY;
+                        if (good) starttime = GetTickCount();
                        if (module_first(handle, &m))
                                do
                                        RAND_add(&m, m.dwSize, 9);
                                while (module_next(handle, &m)
-                                                && (GetTickCount() < stoptime));
+                                                && (!good || (GetTickCount()-starttime)<MAXDELAY));
                        if (close_snap)
                                close_snap(handle);
                        else
@@ -701,7 +750,7 @@ static void readscreen(void)
  int           y;              /* y-coordinate of screen lines to grab */
  int           n = 16;         /* number of screen lines to grab at a time */
-  if (GetVersion() >= 0x80000000 || !OPENSSL_isservice())
+  if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0)
    return;
  /* Create a screen DC and a memory DC compatible to screen DC */
diff --git a/src/lib/libcrypto/rc2/Makefile b/src/lib/libcrypto/rc2/Makefile
index 4b6292b65f..73eac347e7 100644
--- a/src/lib/libcrypto/rc2/Makefile
+++ b/src/lib/libcrypto/rc2/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -78,11 +78,7 @@ rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
 rc2_cbc.o: rc2_cbc.c rc2_locl.h
 rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
-rc2_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
-rc2_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
-rc2_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rc2_skey.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h
-rc2_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rc2_skey.o: rc2_locl.h rc2_skey.c
 rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
 rc2cfb64.o: rc2_locl.h rc2cfb64.c
diff --git a/src/lib/libcrypto/rc4/Makefile b/src/lib/libcrypto/rc4/Makefile
index f0bd7678fc..264451a213 100644
--- a/src/lib/libcrypto/rc4/Makefile
+++ b/src/lib/libcrypto/rc4/Makefile
@@ -21,8 +21,8 @@ TEST=rc4test.c
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC=rc4_skey.c rc4_enc.c rc4_fblk.c
+LIBSRC=rc4_skey.c rc4_enc.c
-LIBOBJ=$(RC4_ENC) rc4_fblk.o
+LIBOBJ=$(RC4_ENC)
 SRC= $(LIBSRC)
@@ -37,26 +37,26 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+rc4-586.s:      asm/rc4-586.pl ../perlasm/x86asm.pl
-rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/rc4-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
-        (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > ../$@)
-# COFF
-rx86-cof.s: asm/rc4-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) rc4-586.pl coff $(CFLAGS) > ../$@)
-# a.out
-rx86-out.s: asm/rc4-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) rc4-586.pl a.out $(CFLAGS) > ../$@)
-rc4-x86_64.s: asm/rc4-x86_64.pl;        $(PERL) asm/rc4-x86_64.pl $@
+rc4-x86_64.s: asm/rc4-x86_64.pl
+        $(PERL) asm/rc4-x86_64.pl $(PERLASM_SCHEME) > $@
-rc4-ia64.s: asm/rc4-ia64.S
+rc4-ia64.S: asm/rc4-ia64.pl
+        $(PERL) asm/rc4-ia64.pl $(CFLAGS) > $@
+rc4-s390x.s:    asm/rc4-s390x.pl
+        $(PERL) asm/rc4-s390x.pl > $@
+rc4-ia64.s: rc4-ia64.S
        @case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \
-        int)    set -x; $(CC) $(CFLAGS) -DSZ=4 -E asm/rc4-ia64.S > $@ ;; \
+        int)    set -x; $(CC) $(CFLAGS) -DSZ=4 -E rc4-ia64.S > $@ ;; \
-        char)   set -x; $(CC) $(CFLAGS) -DSZ=1 -E asm/rc4-ia64.S > $@ ;; \
+        char)   set -x; $(CC) $(CFLAGS) -DSZ=1 -E rc4-ia64.S > $@ ;; \
        *)      exit 1 ;; \
        esac
@@ -105,20 +105,10 @@ rc4_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rc4_enc.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
 rc4_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rc4_enc.o: ../cryptlib.h rc4_enc.c rc4_locl.h
-rc4_fblk.o: ../../e_os.h ../../include/openssl/bio.h
-rc4_fblk.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rc4_fblk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rc4_fblk.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-rc4_fblk.o: ../../include/openssl/opensslconf.h
-rc4_fblk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rc4_fblk.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
-rc4_fblk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rc4_fblk.o: ../cryptlib.h rc4_fblk.c rc4_locl.h
 rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h
 rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rc4_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-rc4_skey.o: ../../include/openssl/opensslconf.h
 rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
 rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/src/lib/libcrypto/rc4/rc4test.c b/src/lib/libcrypto/rc4/rc4test.c
index 54b597fa26..633a79e758 100644
--- a/src/lib/libcrypto/rc4/rc4test.c
+++ b/src/lib/libcrypto/rc4/rc4test.c
@@ -114,8 +114,8 @@ static unsigned char output[7][30]={
 int main(int argc, char *argv[])
        {
-        int err=0;
+        int i,err=0;
-        unsigned int i, j;
+        int j;
        unsigned char *p;
        RC4_KEY key;
        unsigned char obuf[512];
@@ -129,12 +129,12 @@ int main(int argc, char *argv[])
                        {
                        printf("error calculating RC4\n");
                        printf("output:");
-                        for (j=0; j<data_len[i]+1U; j++)
+                        for (j=0; j<data_len[i]+1; j++)
                                printf(" %02x",obuf[j]);
                        printf("\n");
                        printf("expect:");
                        p= &(output[i][0]);
-                        for (j=0; j<data_len[i]+1U; j++)
+                        for (j=0; j<data_len[i]+1; j++)
                                printf(" %02x",*(p++));
                        printf("\n");
                        err++;
@@ -180,12 +180,12 @@ int main(int argc, char *argv[])
                        {
                        printf("error in RC4 multi-call processing\n");
                        printf("output:");
-                        for (j=0; j<data_len[3]+1U; j++)
+                        for (j=0; j<data_len[3]+1; j++)
                                printf(" %02x",obuf[j]);
                        printf("\n");
                        printf("expect:");
                        p= &(output[3][0]);
-                        for (j=0; j<data_len[3]+1U; j++)
+                        for (j=0; j<data_len[3]+1; j++)
                                printf(" %02x",*(p++));
                        err++;
                        }
@@ -216,11 +216,11 @@ int main(int argc, char *argv[])
                if (memcmp(md,expected,sizeof(md))) {
                        printf("error in RC4 bulk test\n");
                        printf("output:");
-                        for (j=0; j<sizeof(md); j++)
+                        for (j=0; j<(int)sizeof(md); j++)
                                printf(" %02x",md[j]);
                        printf("\n");
                        printf("expect:");
-                        for (j=0; j<sizeof(md); j++)
+                        for (j=0; j<(int)sizeof(md); j++)
                                printf(" %02x",expected[j]);
                        printf("\n");
                        err++;
diff --git a/src/lib/libcrypto/rc5/Makefile b/src/lib/libcrypto/rc5/Makefile
index b4e21c9bb2..8a8b00eb89 100644
--- a/src/lib/libcrypto/rc5/Makefile
+++ b/src/lib/libcrypto/rc5/Makefile
@@ -12,8 +12,6 @@ MAKEFILE=	Makefile
 AR=             ar r
 RC5_ENC=                rc5_enc.o
-# or use
-#DES_ENC=       r586-elf.o
 CFLAGS= $(INCLUDES) $(CFLAG)
 ASFLAGS= $(INCLUDES) $(ASFLAG)
@@ -40,19 +38,12 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+rc5-586.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/rc5-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
-        (cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > ../$@)
-# COFF
-r586-cof.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) rc5-586.pl coff $(CFLAGS) > ../$@)
-# a.out
-r586-out.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) rc5-586.pl a.out $(CFLAGS) > ../$@)
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
diff --git a/src/lib/libcrypto/rc5/rc5.h b/src/lib/libcrypto/rc5/rc5.h
index f73a2a02a4..4b3c153b50 100644
--- a/src/lib/libcrypto/rc5/rc5.h
+++ b/src/lib/libcrypto/rc5/rc5.h
@@ -94,10 +94,7 @@ typedef struct rc5_key_st
        RC5_32_INT data[2*(RC5_16_ROUNDS+1)];
        } RC5_32_KEY;
-#ifdef OPENSSL_FIPS 
+ 
-void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
-        int rounds);
-#endif
 void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
        int rounds);
 void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key,
diff --git a/src/lib/libcrypto/ripemd/Makefile b/src/lib/libcrypto/ripemd/Makefile
index 6145f13699..d5b1067dbe 100644
--- a/src/lib/libcrypto/ripemd/Makefile
+++ b/src/lib/libcrypto/ripemd/Makefile
@@ -38,19 +38,12 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+rmd-586.s:      asm/rmd-586.pl ../perlasm/x86asm.pl
-rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/rmd-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
-        (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > ../$@)
-# COFF
-rm86-cof.s: asm/rmd-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) rmd-586.pl coff $(CFLAGS) > ../$@)
-# a.out
-rm86-out.s: asm/rmd-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) rmd-586.pl a.out $(CFLAGS) > ../$@)
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -89,13 +82,8 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
-rmd_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
-rmd_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-rmd_dgst.o: ../../include/openssl/opensslconf.h
-rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rmd_dgst.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
-rmd_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h
 rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
diff --git a/src/lib/libcrypto/rsa/Makefile b/src/lib/libcrypto/rsa/Makefile
index 7b1fd6428c..bb64223e05 100644
--- a/src/lib/libcrypto/rsa/Makefile
+++ b/src/lib/libcrypto/rsa/Makefile
@@ -19,10 +19,12 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
-        rsa_pss.c rsa_x931.c rsa_x931g.c rsa_asn1.c rsa_depr.c rsa_eng.c
+        rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \
+        rsa_pmeth.c
 LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
        rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
-        rsa_pss.o rsa_x931.o rsa_x931g.o rsa_asn1.o rsa_depr.o rsa_eng.o
+        rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o rsa_ameth.o rsa_prn.o \
+        rsa_pmeth.o
 SRC= $(LIBSRC)
@@ -37,7 +39,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -78,6 +80,22 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+rsa_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_ameth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_ameth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_ameth.o: ../../include/openssl/cms.h ../../include/openssl/crypto.h
+rsa_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_ameth.o: ../../include/openssl/objects.h
+rsa_ameth.o: ../../include/openssl/opensslconf.h
+rsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+rsa_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_ameth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_ameth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_ameth.o: ../asn1/asn1_locl.h ../cryptlib.h rsa_ameth.c
 rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -114,21 +132,6 @@ rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
-rsa_eng.o: ../../e_os.h ../../include/openssl/asn1.h
-rsa_eng.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-rsa_eng.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rsa_eng.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-rsa_eng.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-rsa_eng.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-rsa_eng.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-rsa_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rsa_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rsa_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rsa_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-rsa_eng.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_eng.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rsa_eng.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-rsa_eng.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_eng.c
 rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@@ -151,15 +154,15 @@ rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-rsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-rsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-rsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-rsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_lib.c
+rsa_lib.o: ../cryptlib.h rsa_lib.c
 rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -182,9 +185,9 @@ rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-rsa_oaep.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-rsa_oaep.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_oaep.o: ../../include/openssl/opensslconf.h
 rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -199,27 +202,50 @@ rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+rsa_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+rsa_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_pmeth.o: ../../include/openssl/opensslconf.h
+rsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+rsa_pmeth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_pmeth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_pmeth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_pmeth.o: ../cryptlib.h ../evp/evp_locl.h rsa_locl.h rsa_pmeth.c
+rsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_prn.o: ../cryptlib.h rsa_prn.c
 rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_pss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-rsa_pss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-rsa_pss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-rsa_pss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-rsa_pss.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_pss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rsa_pss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pss.c
-rsa_pss.o: ../cryptlib.h rsa_pss.c
 rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_saos.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 rsa_saos.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rsa_saos.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rsa_saos.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rsa_saos.o: ../../include/openssl/opensslconf.h
 rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -232,15 +258,14 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rsa_sign.o: ../../include/openssl/opensslconf.h
 rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-rsa_sign.o: ../cryptlib.h rsa_sign.c
+rsa_sign.o: ../cryptlib.h rsa_locl.h rsa_sign.c
 rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -260,11 +285,3 @@ rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c
-rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rsa_x931g.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-rsa_x931g.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rsa_x931g.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_x931g.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_x931g.o: rsa_x931g.c
diff --git a/src/lib/libcrypto/rsa/rsa_test.c b/src/lib/libcrypto/rsa/rsa_test.c
index 4080de8bcf..c8705a0f6e 100644
--- a/src/lib/libcrypto/rsa/rsa_test.c
+++ b/src/lib/libcrypto/rsa/rsa_test.c
@@ -328,7 +328,7 @@ int main(int argc, char *argv[])
        }
    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_state(0);
+    ERR_remove_thread_state(NULL);
    CRYPTO_mem_leaks_fp(stderr);
diff --git a/src/lib/libcrypto/sha/Makefile b/src/lib/libcrypto/sha/Makefile
index f4741b9ee6..e6eccb05f9 100644
--- a/src/lib/libcrypto/sha/Makefile
+++ b/src/lib/libcrypto/sha/Makefile
@@ -38,25 +38,16 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+sha1-586.s:     asm/sha1-586.pl ../perlasm/x86asm.pl
-sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/sha1-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-        (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
+sha256-586.s:   asm/sha256-586.pl ../perlasm/x86asm.pl
-s512sse2-elf.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl
+        $(PERL) asm/sha256-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-        (cd asm; $(PERL) sha512-sse2.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
+sha512-586.s:   asm/sha512-586.pl ../perlasm/x86asm.pl
-# COFF
+        $(PERL) asm/sha512-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-sx86-cof.s: asm/sha1-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) sha1-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
-s512sse2-cof.s:     asm/sha512-sse2.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) sha512-sse2.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
-# a.out
-sx86-out.s: asm/sha1-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) sha1-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
-s512sse2-out.s:     asm/sha512-sse2.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) sha512-sse2.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
 sha1-ia64.s:   asm/sha1-ia64.pl
        (cd asm; $(PERL) sha1-ia64.pl ../$@ $(CFLAGS))
@@ -65,10 +56,25 @@ sha256-ia64.s: asm/sha512-ia64.pl
 sha512-ia64.s: asm/sha512-ia64.pl
        (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))
+sha256-armv4.s: asm/sha256-armv4.pl
+        $(PERL) $< $@
 # Solaris make has to be explicitly told
-sha1-x86_64.s:  asm/sha1-x86_64.pl;     $(PERL) asm/sha1-x86_64.pl $@
+sha1-x86_64.s:  asm/sha1-x86_64.pl;     $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@
-sha256-x86_64.s:asm/sha512-x86_64.pl;   $(PERL) asm/sha512-x86_64.pl $@
+sha256-x86_64.s:asm/sha512-x86_64.pl;   $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@
-sha512-x86_64.s:asm/sha512-x86_64.pl;   $(PERL) asm/sha512-x86_64.pl $@
+sha512-x86_64.s:asm/sha512-x86_64.pl;   $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@
+sha1-sparcv9.s: asm/sha1-sparcv9.pl;    $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS)
+sha256-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
+sha512-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
+sha1-ppc.s:     asm/sha1-ppc.pl;        $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@
+sha256-ppc.s:   asm/sha512-ppc.pl;      $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@
+sha512-ppc.s:   asm/sha512-ppc.pl;      $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@
+# GNU make "catch all"
+sha1-%.s:       asm/sha1-%.pl;          $(PERL) $< $@
+sha256-%.s:     asm/sha512-%.pl;        $(PERL) $< $@
+sha512-%.s:     asm/sha512-%.pl;        $(PERL) $< $@
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -113,31 +119,24 @@ sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 sha1_one.o: sha1_one.c
-sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-sha1dgst.o: ../../include/openssl/opensslconf.h
 sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
 sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
 sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-sha256.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-sha256.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-sha256.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-sha256.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c
-sha256.o: ../md32_common.h sha256.c
 sha512.o: ../../e_os.h ../../include/openssl/bio.h
 sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-sha512.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-sha512.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-sha512.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-sha512.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-sha512.o: ../../include/openssl/symhacks.h ../cryptlib.h sha512.c
+sha512.o: ../cryptlib.h sha512.c
-sha_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
-sha_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-sha_dgst.o: ../../include/openssl/opensslconf.h
-sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
 sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
diff --git a/src/lib/libcrypto/sha/sha_dgst.c b/src/lib/libcrypto/sha/sha_dgst.c
index 598f4d721a..70eb56032c 100644
--- a/src/lib/libcrypto/sha/sha_dgst.c
+++ b/src/lib/libcrypto/sha/sha_dgst.c
@@ -57,12 +57,6 @@
 */
 #include <openssl/opensslconf.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-#include <openssl/err.h>
 #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
 #undef  SHA_1
diff --git a/src/lib/libcrypto/sha/shatest.c b/src/lib/libcrypto/sha/shatest.c
index ed0fe06a7b..27614646d1 100644
--- a/src/lib/libcrypto/sha/shatest.c
+++ b/src/lib/libcrypto/sha/shatest.c
@@ -123,9 +123,9 @@ int main(int argc, char *argv[])
        i=1;
        while (*P != NULL)
                {
-                EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha(), NULL);
+                EVP_Digest(*P,strlen(*P),md,NULL,EVP_sha(), NULL);
                p=pt(md);
-                if (strcmp(p,(char *)*R) != 0)
+                if (strcmp(p,*R) != 0)
                        {
                        printf("error calculating SHA on '%s'\n",*P);
                        printf("got %s instead of %s\n",p,*R);
diff --git a/src/lib/libcrypto/stack/Makefile b/src/lib/libcrypto/stack/Makefile
index 489a77b93c..5327692ac8 100644
--- a/src/lib/libcrypto/stack/Makefile
+++ b/src/lib/libcrypto/stack/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
diff --git a/src/lib/libcrypto/symhacks.h b/src/lib/libcrypto/symhacks.h
index 8728e6124d..3fd4a81692 100644
--- a/src/lib/libcrypto/symhacks.h
+++ b/src/lib/libcrypto/symhacks.h
@@ -60,12 +60,13 @@
 /* Hacks to solve the problem with linkers incapable of handling very long
   symbol names.  In the case of VMS, the limit is 31 characters on VMS for
   VAX. */
+/* Note that this affects util/libeay.num and util/ssleay.num...  you may
+   change those manually, but that's not recommended, as those files are
+   controlled centrally and updated on Unix, and the central definition
+   may disagree with yours, which in turn may come with shareable library
+   incompatibilities. */
 #ifdef OPENSSL_SYS_VMS
-/* Hack a long name in crypto/cryptlib.c */
-#undef int_CRYPTO_set_do_dynlock_callback
-#define int_CRYPTO_set_do_dynlock_callback      int_CRYPTO_set_do_dynlock_cb
 /* Hack a long name in crypto/ex_data.c */
 #undef CRYPTO_get_ex_data_implementation
 #define CRYPTO_get_ex_data_implementation       CRYPTO_get_ex_data_impl
@@ -137,6 +138,8 @@
 #define X509_policy_node_get0_qualifiers        X509_pcy_node_get0_qualifiers
 #undef X509_STORE_CTX_get_explicit_policy
 #define X509_STORE_CTX_get_explicit_policy      X509_STORE_CTX_get_expl_policy
+#undef X509_STORE_CTX_get0_current_issuer
+#define X509_STORE_CTX_get0_current_issuer      X509_STORE_CTX_get0_cur_issuer
 /* Hack some long CRYPTO names */
 #undef CRYPTO_set_dynlock_destroy_callback
@@ -144,9 +147,9 @@
 #undef CRYPTO_set_dynlock_create_callback
 #define CRYPTO_set_dynlock_create_callback      CRYPTO_set_dynlock_create_cb
 #undef CRYPTO_set_dynlock_lock_callback
-#define CRYPTO_set_dynlock_lock_callback        CRYPTO_set_dynlock_lock_cb
+#define CRYPTO_set_dynlock_lock_callback        CRYPTO_set_dynlock_lock_cb
 #undef CRYPTO_get_dynlock_lock_callback
-#define CRYPTO_get_dynlock_lock_callback        CRYPTO_get_dynlock_lock_cb
+#define CRYPTO_get_dynlock_lock_callback        CRYPTO_get_dynlock_lock_cb
 #undef CRYPTO_get_dynlock_destroy_callback
 #define CRYPTO_get_dynlock_destroy_callback     CRYPTO_get_dynlock_destroy_cb
 #undef CRYPTO_get_dynlock_create_callback
@@ -158,7 +161,7 @@
 /* Hack some long SSL names */
 #undef SSL_CTX_set_default_verify_paths
-#define SSL_CTX_set_default_verify_paths        SSL_CTX_set_def_verify_paths
+#define SSL_CTX_set_default_verify_paths        SSL_CTX_set_def_verify_paths
 #undef SSL_get_ex_data_X509_STORE_CTX_idx
 #define SSL_get_ex_data_X509_STORE_CTX_idx      SSL_get_ex_d_X509_STORE_CTX_idx
 #undef SSL_add_file_cert_subjects_to_stack
@@ -168,21 +171,38 @@
 #undef SSL_CTX_use_certificate_chain_file
 #define SSL_CTX_use_certificate_chain_file      SSL_CTX_use_cert_chain_file
 #undef SSL_CTX_set_cert_verify_callback
-#define SSL_CTX_set_cert_verify_callback        SSL_CTX_set_cert_verify_cb
+#define SSL_CTX_set_cert_verify_callback        SSL_CTX_set_cert_verify_cb
 #undef SSL_CTX_set_default_passwd_cb_userdata
 #define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud
 #undef SSL_COMP_get_compression_methods
 #define SSL_COMP_get_compression_methods        SSL_COMP_get_compress_methods
+#undef ssl_add_clienthello_renegotiate_ext
+#define ssl_add_clienthello_renegotiate_ext     ssl_add_clienthello_reneg_ext
+#undef ssl_add_serverhello_renegotiate_ext
+#define ssl_add_serverhello_renegotiate_ext     ssl_add_serverhello_reneg_ext
+#undef ssl_parse_clienthello_renegotiate_ext
+#define ssl_parse_clienthello_renegotiate_ext   ssl_parse_clienthello_reneg_ext
+#undef ssl_parse_serverhello_renegotiate_ext
+#define ssl_parse_serverhello_renegotiate_ext   ssl_parse_serverhello_reneg_ext
 /* Hack some long ENGINE names */
 #undef ENGINE_get_default_BN_mod_exp_crt
 #define ENGINE_get_default_BN_mod_exp_crt       ENGINE_get_def_BN_mod_exp_crt
 #undef ENGINE_set_default_BN_mod_exp_crt
 #define ENGINE_set_default_BN_mod_exp_crt       ENGINE_set_def_BN_mod_exp_crt
 #undef ENGINE_set_load_privkey_function
-#define ENGINE_set_load_privkey_function        ENGINE_set_load_privkey_fn
+#define ENGINE_set_load_privkey_function        ENGINE_set_load_privkey_fn
 #undef ENGINE_get_load_privkey_function
-#define ENGINE_get_load_privkey_function        ENGINE_get_load_privkey_fn
+#define ENGINE_get_load_privkey_function        ENGINE_get_load_privkey_fn
+#undef ENGINE_unregister_pkey_asn1_meths
+#define ENGINE_unregister_pkey_asn1_meths       ENGINE_unreg_pkey_asn1_meths
+#undef ENGINE_register_all_pkey_asn1_meths
+#define ENGINE_register_all_pkey_asn1_meths     ENGINE_reg_all_pkey_asn1_meths
+#undef ENGINE_set_default_pkey_asn1_meths
+#define ENGINE_set_default_pkey_asn1_meths      ENGINE_set_def_pkey_asn1_meths
+#undef ENGINE_get_pkey_asn1_meth_engine
+#define ENGINE_get_pkey_asn1_meth_engine        ENGINE_get_pkey_asn1_meth_eng
 #undef ENGINE_set_load_ssl_client_cert_function
 #define ENGINE_set_load_ssl_client_cert_function \
                                                ENGINE_set_ld_ssl_clnt_cert_fn
@@ -191,7 +211,7 @@
 /* Hack some long OCSP names */
 #undef OCSP_REQUEST_get_ext_by_critical
-#define OCSP_REQUEST_get_ext_by_critical        OCSP_REQUEST_get_ext_by_crit
+#define OCSP_REQUEST_get_ext_by_critical        OCSP_REQUEST_get_ext_by_crit
 #undef OCSP_BASICRESP_get_ext_by_critical
 #define OCSP_BASICRESP_get_ext_by_critical      OCSP_BASICRESP_get_ext_by_crit
 #undef OCSP_SINGLERESP_get_ext_by_critical
@@ -208,6 +228,8 @@
 #define OPENSSL_add_all_algorithms_noconf       OPENSSL_add_all_algo_noconf
 #undef OPENSSL_add_all_algorithms_conf
 #define OPENSSL_add_all_algorithms_conf         OPENSSL_add_all_algo_conf
+#undef EVP_PKEY_meth_set_verify_recover
+#define EVP_PKEY_meth_set_verify_recover        EVP_PKEY_meth_set_vrfy_recover
 /* Hack some long EC names */
 #undef EC_GROUP_set_point_conversion_form
@@ -236,15 +258,15 @@
 #define EC_POINT_set_compressed_coordinates_GF2m \
                                                EC_POINT_set_compr_coords_GF2m
 #undef ec_GF2m_simple_group_clear_finish
-#define ec_GF2m_simple_group_clear_finish        ec_GF2m_simple_grp_clr_finish
+#define ec_GF2m_simple_group_clear_finish       ec_GF2m_simple_grp_clr_finish
 #undef ec_GF2m_simple_group_check_discriminant
 #define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim
 #undef ec_GF2m_simple_point_clear_finish
-#define ec_GF2m_simple_point_clear_finish        ec_GF2m_simple_pt_clr_finish
+#define ec_GF2m_simple_point_clear_finish       ec_GF2m_simple_pt_clr_finish
 #undef ec_GF2m_simple_point_set_to_infinity
-#define ec_GF2m_simple_point_set_to_infinity     ec_GF2m_simple_pt_set_to_inf
+#define ec_GF2m_simple_point_set_to_infinity    ec_GF2m_simple_pt_set_to_inf
 #undef ec_GF2m_simple_points_make_affine
-#define ec_GF2m_simple_points_make_affine        ec_GF2m_simple_pts_make_affine
+#define ec_GF2m_simple_points_make_affine       ec_GF2m_simple_pts_make_affine
 #undef ec_GF2m_simple_point_set_affine_coordinates
 #define ec_GF2m_simple_point_set_affine_coordinates \
                                                ec_GF2m_smp_pt_set_af_coords
@@ -259,19 +281,19 @@
 #undef ec_GFp_simple_group_get_curve_GFp
 #define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
 #undef ec_GFp_simple_group_clear_finish
-#define ec_GFp_simple_group_clear_finish        ec_GFp_simple_grp_clear_finish
+#define ec_GFp_simple_group_clear_finish        ec_GFp_simple_grp_clear_finish
 #undef ec_GFp_simple_group_set_generator
 #define ec_GFp_simple_group_set_generator       ec_GFp_simple_grp_set_generator
 #undef ec_GFp_simple_group_get0_generator
 #define ec_GFp_simple_group_get0_generator      ec_GFp_simple_grp_gt0_generator
 #undef ec_GFp_simple_group_get_cofactor
-#define ec_GFp_simple_group_get_cofactor        ec_GFp_simple_grp_get_cofactor
+#define ec_GFp_simple_group_get_cofactor        ec_GFp_simple_grp_get_cofactor
 #undef ec_GFp_simple_point_clear_finish
-#define ec_GFp_simple_point_clear_finish        ec_GFp_simple_pt_clear_finish
+#define ec_GFp_simple_point_clear_finish        ec_GFp_simple_pt_clear_finish
 #undef ec_GFp_simple_point_set_to_infinity
 #define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
 #undef ec_GFp_simple_points_make_affine
-#define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
+#define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
 #undef ec_GFp_simple_group_get_curve_GFp
 #define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
 #undef ec_GFp_simple_set_Jprojective_coordinates_GFp
@@ -351,6 +373,14 @@
 #undef STORE_method_get_unlock_store_function
 #define STORE_method_get_unlock_store_function  STORE_meth_get_unlock_store_fn
+/* Hack some long TS names */
+#undef TS_RESP_CTX_set_status_info_cond
+#define TS_RESP_CTX_set_status_info_cond        TS_RESP_CTX_set_stat_info_cond
+#undef TS_RESP_CTX_set_clock_precision_digits
+#define TS_RESP_CTX_set_clock_precision_digits  TS_RESP_CTX_set_clk_prec_digits
+#undef TS_CONF_set_clock_precision_digits
+#define TS_CONF_set_clock_precision_digits      TS_CONF_set_clk_prec_digits
 /* Hack some long CMS names */
 #undef CMS_RecipientInfo_ktri_get0_algs
 #define CMS_RecipientInfo_ktri_get0_algs        CMS_RecipInfo_ktri_get0_algs
@@ -365,24 +395,34 @@
 #undef cms_SignerIdentifier_get0_signer_id
 #define cms_SignerIdentifier_get0_signer_id     cms_SignerId_get0_signer_id
+/* Hack some long DTLS1 names */
+#undef dtls1_retransmit_buffered_messages
+#define dtls1_retransmit_buffered_messages      dtls1_retransmit_buffered_msgs
+/* Hack some long UI names */
+#undef UI_method_get_prompt_constructor
+#define UI_method_get_prompt_constructor        UI_method_get_prompt_constructr
+#undef UI_method_set_prompt_constructor
+#define UI_method_set_prompt_constructor        UI_method_set_prompt_constructr
 #endif /* defined OPENSSL_SYS_VMS */
-/* Case insensiteve linking causes problems.... */
+/* Case insensitive linking causes problems.... */
-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
+#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
 #undef ERR_load_CRYPTO_strings
 #define ERR_load_CRYPTO_strings                 ERR_load_CRYPTOlib_strings
 #undef OCSP_crlID_new
-#define OCSP_crlID_new                          OCSP_crlID2_new
+#define OCSP_crlID_new                          OCSP_crlID2_new
 #undef d2i_ECPARAMETERS
-#define d2i_ECPARAMETERS                        d2i_UC_ECPARAMETERS
+#define d2i_ECPARAMETERS                        d2i_UC_ECPARAMETERS
 #undef i2d_ECPARAMETERS
-#define i2d_ECPARAMETERS                        i2d_UC_ECPARAMETERS
+#define i2d_ECPARAMETERS                        i2d_UC_ECPARAMETERS
 #undef d2i_ECPKPARAMETERS
-#define d2i_ECPKPARAMETERS                      d2i_UC_ECPKPARAMETERS
+#define d2i_ECPKPARAMETERS                      d2i_UC_ECPKPARAMETERS
 #undef i2d_ECPKPARAMETERS
-#define i2d_ECPKPARAMETERS                      i2d_UC_ECPKPARAMETERS
+#define i2d_ECPKPARAMETERS                      i2d_UC_ECPKPARAMETERS
 /* These functions do not seem to exist!  However, I'm paranoid...
   Original command in x509v3.h:
@@ -391,19 +431,19 @@
   hide them a little, by giving them an extra 'o' at the
   beginning of the name... */
 #undef X509v3_cleanup_extensions
-#define X509v3_cleanup_extensions               oX509v3_cleanup_extensions
+#define X509v3_cleanup_extensions               oX509v3_cleanup_extensions
 #undef X509v3_add_extension
-#define X509v3_add_extension                    oX509v3_add_extension
+#define X509v3_add_extension                    oX509v3_add_extension
 #undef X509v3_add_netscape_extensions
-#define X509v3_add_netscape_extensions          oX509v3_add_netscape_extensions
+#define X509v3_add_netscape_extensions          oX509v3_add_netscape_extensions
 #undef X509v3_add_standard_extensions
-#define X509v3_add_standard_extensions          oX509v3_add_standard_extensions
+#define X509v3_add_standard_extensions          oX509v3_add_standard_extensions
+/* This one clashes with CMS_data_create */
+#undef cms_Data_create
+#define cms_Data_create                         priv_cms_Data_create
 #endif
 #endif /* ! defined HEADER_VMS_IDHACKS_H */
-/* This one clashes with CMS_data_create */
-#undef cms_Data_create
-#define cms_Data_create                         priv_cms_Data_create
diff --git a/src/lib/libcrypto/threads/mttest.c b/src/lib/libcrypto/threads/mttest.c
index f6f3df4b6a..eba7aa8a6e 100644
--- a/src/lib/libcrypto/threads/mttest.c
+++ b/src/lib/libcrypto/threads/mttest.c
@@ -117,11 +117,13 @@ void solaris_locking_callback(int mode,int type,char *file,int line);
 void win32_locking_callback(int mode,int type,char *file,int line);
 void pthreads_locking_callback(int mode,int type,char *file,int line);
 void netware_locking_callback(int mode,int type,char *file,int line);
+void beos_locking_callback(int mode,int type,const char *file,int line);
 unsigned long irix_thread_id(void );
 unsigned long solaris_thread_id(void );
 unsigned long pthreads_thread_id(void );
 unsigned long netware_thread_id(void );
+unsigned long beos_thread_id(void );
 #if defined(OPENSSL_SYS_NETWARE)
 static MPKMutex *lock_cs;
@@ -1209,3 +1211,100 @@ unsigned long netware_thread_id(void)
   return(ret);
 }
 #endif /* NETWARE */
+#ifdef BEOS_THREADS
+#include <Locker.h>
+static BLocker** lock_cs;
+static long* lock_count;
+void thread_setup(void)
+        {
+        int i;
+        lock_cs=(BLocker**)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(BLocker*));
+        lock_count=(long*)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_count[i]=0;
+                lock_cs[i] = new BLocker(CRYPTO_get_lock_name(i));
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())beos_thread_id);
+        CRYPTO_set_locking_callback(beos_locking_callback);
+        }
+void thread_cleanup(void)
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        fprintf(stderr,"cleanup\n");
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                delete lock_cs[i];
+                fprintf(stderr,"%8ld:%s\n",lock_count[i],
+                        CRYPTO_get_lock_name(i));
+                }
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
+        fprintf(stderr,"done cleanup\n");
+        }
+void beos_locking_callback(int mode, int type, const char *file, int line)
+    {
+#if 0
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+        if (mode & CRYPTO_LOCK)
+                {
+                lock_cs[type]->Lock();
+                lock_count[type]++;
+                }
+        else
+                {
+                lock_cs[type]->Unlock();
+                }
+        }
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+        {
+        SSL_CTX *ssl_ctx[2];
+        thread_id thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+        for (i=0; i<thread_number; i++)
+                {
+                thread_ctx[i] = spawn_thread((thread_func)ndoit,
+                        NULL, B_NORMAL_PRIORITY, (void *)ssl_ctx);
+                resume_thread(thread_ctx[i]);
+                }
+        printf("waiting...\n");
+        for (i=0; i<thread_number; i++)
+                {
+                status_t result;
+                wait_for_thread(thread_ctx[i], &result);
+                }
+        printf("beos threads done (%d,%d)\n",
+                s_ctx->references,c_ctx->references);
+        }
+unsigned long beos_thread_id(void)
+        {
+        unsigned long ret;
+        ret=(unsigned long)find_thread(NULL);
+        return(ret);
+        }
+#endif /* BEOS_THREADS */
diff --git a/src/lib/libcrypto/threads/pthreads-vms.com b/src/lib/libcrypto/threads/pthreads-vms.com
index 63f5b8cc2e..1cf92bdf57 100644
--- a/src/lib/libcrypto/threads/pthreads-vms.com
+++ b/src/lib/libcrypto/threads/pthreads-vms.com
@@ -2,8 +2,13 @@ $! To compile mttest on VMS.
 $!
 $! WARNING: only tested with DEC C so far.
 $
-$ arch := vax
+$ if (f$getsyi("cpu").lt.128)
-$ if f$getsyi("CPU") .ge. 128 then arch := axp
+$ then
+$     arch := VAX
+$ else
+$     arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$     if (arch .eqs. "") then arch = "UNK"
+$ endif
 $ define/user openssl [--.include.openssl]
 $ cc/def=PTHREADS mttest.c
 $ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib
diff --git a/src/lib/libcrypto/txt_db/Makefile b/src/lib/libcrypto/txt_db/Makefile
index 87e57b49f6..e6f30331d8 100644
--- a/src/lib/libcrypto/txt_db/Makefile
+++ b/src/lib/libcrypto/txt_db/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
diff --git a/src/lib/libcrypto/ui/Makefile b/src/lib/libcrypto/ui/Makefile
index 4755e206f6..a685659fb4 100644
--- a/src/lib/libcrypto/ui/Makefile
+++ b/src/lib/libcrypto/ui/Makefile
@@ -37,7 +37,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
diff --git a/src/lib/libcrypto/util/ck_errf.pl b/src/lib/libcrypto/util/ck_errf.pl
index 344b422c34..f13af5c50b 100644
--- a/src/lib/libcrypto/util/ck_errf.pl
+++ b/src/lib/libcrypto/util/ck_errf.pl
@@ -7,8 +7,16 @@
 # perl util/ck_errf.pl */*.c */*/*.c
 #
+my $err_strict = 0;
+my $bad = 0;
 foreach $file (@ARGV)
        {
+        if ($file eq "-strict")
+                {
+                $err_strict = 1;
+                next;
+                }
        open(IN,"<$file") || die "unable to open $file\n";
        $func="";
        while (<IN>)
@@ -20,13 +28,13 @@ foreach $file (@ARGV)
                        $func = $1;
                        $func =~ tr/A-Z/a-z/;
                        }
-                if (/([A-Z0-9]+)err\(([^,]+)/)
+                if (/([A-Z0-9]+)err\(([^,]+)/ && ! /ckerr_ignore/)
                        {
                        $errlib=$1;
                        $n=$2;
                        if ($func eq "")
-                                { print "$file:$.:???:$n\n"; next; }
+                                { print "$file:$.:???:$n\n"; $bad = 1; next; }
                        if ($n !~ /([^_]+)_F_(.+)$/)
                                {
@@ -37,14 +45,20 @@ foreach $file (@ARGV)
                        $n=$2;
                        if ($lib ne $errlib)
-                                { print "$file:$.:$func:$n [${errlib}err]\n"; next; }
+                                { print "$file:$.:$func:$n [${errlib}err]\n"; $bad = 1; next; }
                        $n =~ tr/A-Z/a-z/;
                        if (($n ne $func) && ($errlib ne "SYS"))
-                                { print "$file:$.:$func:$n\n"; next; }
+                                { print "$file:$.:$func:$n\n"; $bad = 1; next; }
        #               print "$func:$1\n";
                        }
                }
        close(IN);
        }
+if ($bad && $err_strict)
+        {
+        print STDERR "FATAL: error discrepancy\n";
+        exit 1;
+        }
diff --git a/src/lib/libcrypto/util/clean-depend.pl b/src/lib/libcrypto/util/clean-depend.pl
index 2b2bdb4048..d3525b0ed0 100644
--- a/src/lib/libcrypto/util/clean-depend.pl
+++ b/src/lib/libcrypto/util/clean-depend.pl
@@ -42,6 +42,7 @@ foreach $file (sort keys %files) {
    my @deps = map { $_ =~ s/^\.\///; $_ } @{$files{$file}};
    foreach $dep (sort @deps) {
+        $dep=~s/^\.\///;
        next if $prevdep eq $dep; # to exterminate duplicates...
        $prevdep = $dep;
        $len=0 if $len+length($dep)+1 >= 80;
diff --git a/src/lib/libcrypto/util/cygwin.sh b/src/lib/libcrypto/util/cygwin.sh
index 89d1dda95b..a4f2e740b4 100644
--- a/src/lib/libcrypto/util/cygwin.sh
+++ b/src/lib/libcrypto/util/cygwin.sh
@@ -7,7 +7,7 @@
 # Uncomment when debugging
 #set -x
-CONFIG_OPTIONS="--prefix=/usr shared no-idea no-rc5 no-mdc2"
+CONFIG_OPTIONS="--prefix=/usr shared zlib no-idea no-rc5"
 INSTALL_PREFIX=/tmp/install
 VERSION=
@@ -66,7 +66,7 @@ function create_cygwin_readme()
          ./config ${CONFIG_OPTIONS}
-        The IDEA, RC5 and MDC2 algorithms are disabled due to patent and/or
+        The IDEA and RC5 algorithms are disabled due to patent and/or
        licensing issues.
        EOF
 }
diff --git a/src/lib/libcrypto/util/deltree.com b/src/lib/libcrypto/util/deltree.com
new file mode 100644
index 0000000000..9f36b1a5e9
--- /dev/null
+++ b/src/lib/libcrypto/util/deltree.com
@@ -0,0 +1,34 @@
+$! DELTREE.COM
+$
+$ call deltree 'p1'
+$ exit $status
+$
+$ deltree: subroutine ! P1 is a name of a directory
+$       on control_y then goto dt_STOP
+$       on warning then goto dt_exit
+$       _dt_def = f$trnlnm("SYS$DISK")+f$directory()
+$       if f$parse(p1) .eqs. "" then exit
+$       set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")'
+$       p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE")
+$       _fp = f$parse(".DIR",p1)
+$ dt_loop:
+$       _f = f$search(_fp)
+$       if _f .eqs. "" then goto dt_loopend
+$       call deltree [.'f$parse(_f,,,"NAME")']*.*
+$       goto dt_loop
+$ dt_loopend:
+$       _fp = f$parse(p1,".;*")
+$       if f$search(_fp) .eqs. "" then goto dt_exit
+$       set noon
+$       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp'
+$       set on
+$       delete/nolog '_fp'
+$ dt_exit:
+$       set default '_dt_def'
+$       goto dt_end
+$ dt_STOP:
+$       set default '_dt_def'
+$       stop/id=""
+$       exit
+$ dt_end:
+$       endsubroutine
diff --git a/src/lib/libcrypto/util/domd b/src/lib/libcrypto/util/domd
index 560ebeaf82..bab48cb7a2 100644
--- a/src/lib/libcrypto/util/domd
+++ b/src/lib/libcrypto/util/domd
@@ -14,7 +14,7 @@ if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi
 cp Makefile Makefile.save
 # fake the presence of Kerberos
 touch $TOP/krb5.h
-if [ "$MAKEDEPEND" = "gcc" ]; then
+if expr "$MAKEDEPEND" : '.*gcc$' > /dev/null; then
    args=""
    while [ $# -gt 0 ]; do
        if [ "$1" != "--" ]; then args="$args $1"; fi
@@ -22,13 +22,17 @@ if [ "$MAKEDEPEND" = "gcc" ]; then
    done
    sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp
    echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
-    ${CC:-gcc} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
+    ${MAKEDEPEND} -Werror -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp || exit 1
    ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
+    RC=$?
    rm -f Makefile.tmp
 else
-    ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@
+    ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ && \
    ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new
+    RC=$?
 fi
 mv Makefile.new Makefile
 # unfake the presence of Kerberos
 rm $TOP/krb5.h
+exit $RC
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
index 74eb337227..6f3067ae2b 100644
--- a/src/lib/libcrypto/util/libeay.num
+++ b/src/lib/libcrypto/util/libeay.num
@@ -1,9 +1,9 @@
 SSLeay                                  1       EXIST::FUNCTION:
 SSLeay_version                          2       EXIST::FUNCTION:
-ASN1_BIT_STRING_asn1_meth               3       EXIST::FUNCTION:
+ASN1_BIT_STRING_asn1_meth               3       NOEXIST::FUNCTION:
-ASN1_HEADER_free                        4       EXIST::FUNCTION:
+ASN1_HEADER_free                        4       NOEXIST::FUNCTION:
-ASN1_HEADER_new                         5       EXIST::FUNCTION:
+ASN1_HEADER_new                         5       NOEXIST::FUNCTION:
-ASN1_IA5STRING_asn1_meth                6       EXIST::FUNCTION:
+ASN1_IA5STRING_asn1_meth                6       NOEXIST::FUNCTION:
 ASN1_INTEGER_get                        7       EXIST::FUNCTION:
 ASN1_INTEGER_set                        8       EXIST::FUNCTION:
 ASN1_INTEGER_to_BN                      9       EXIST::FUNCTION:
@@ -75,8 +75,8 @@ BIO_new                                 78	EXIST::FUNCTION:
 BIO_new_accept                          79      EXIST::FUNCTION:
 BIO_new_connect                         80      EXIST::FUNCTION:
 BIO_new_fd                              81      EXIST::FUNCTION:
-BIO_new_file                            82      EXIST:!WIN16:FUNCTION:FP_API
+BIO_new_file                            82      EXIST::FUNCTION:FP_API
-BIO_new_fp                              83      EXIST:!WIN16:FUNCTION:FP_API
+BIO_new_fp                              83      EXIST::FUNCTION:FP_API
 BIO_new_socket                          84      EXIST::FUNCTION:
 BIO_pop                                 85      EXIST::FUNCTION:
 BIO_printf                              86      EXIST::FUNCTION:
@@ -86,7 +86,7 @@ BIO_read                                89	EXIST::FUNCTION:
 BIO_s_accept                            90      EXIST::FUNCTION:
 BIO_s_connect                           91      EXIST::FUNCTION:
 BIO_s_fd                                92      EXIST::FUNCTION:
-BIO_s_file                              93      EXIST:!WIN16:FUNCTION:FP_API
+BIO_s_file                              93      EXIST::FUNCTION:FP_API
 BIO_s_mem                               95      EXIST::FUNCTION:
 BIO_s_null                              96      EXIST::FUNCTION:
 BIO_s_proxy_client                      97      NOEXIST::FUNCTION:
@@ -172,7 +172,7 @@ CRYPTO_dbg_realloc                      179	EXIST::FUNCTION:
 CRYPTO_dbg_remalloc                     180     NOEXIST::FUNCTION:
 CRYPTO_free                             181     EXIST::FUNCTION:
 CRYPTO_get_add_lock_callback            182     EXIST::FUNCTION:
-CRYPTO_get_id_callback                  183     EXIST::FUNCTION:
+CRYPTO_get_id_callback                  183     EXIST::FUNCTION:DEPRECATED
 CRYPTO_get_lock_name                    184     EXIST::FUNCTION:
 CRYPTO_get_locking_callback             185     EXIST::FUNCTION:
 CRYPTO_get_mem_functions                186     EXIST::FUNCTION:
@@ -185,10 +185,10 @@ CRYPTO_mem_leaks_fp                     192	EXIST::FUNCTION:FP_API
 CRYPTO_realloc                          193     EXIST::FUNCTION:
 CRYPTO_remalloc                         194     EXIST::FUNCTION:
 CRYPTO_set_add_lock_callback            195     EXIST::FUNCTION:
-CRYPTO_set_id_callback                  196     EXIST::FUNCTION:
+CRYPTO_set_id_callback                  196     EXIST::FUNCTION:DEPRECATED
 CRYPTO_set_locking_callback             197     EXIST::FUNCTION:
 CRYPTO_set_mem_functions                198     EXIST::FUNCTION:
-CRYPTO_thread_id                        199     EXIST::FUNCTION:
+CRYPTO_thread_id                        199     EXIST::FUNCTION:DEPRECATED
 DH_check                                200     EXIST::FUNCTION:DH
 DH_compute_key                          201     EXIST::FUNCTION:DH
 DH_free                                 202     EXIST::FUNCTION:DH
@@ -243,7 +243,7 @@ ERR_print_errors                        250	EXIST::FUNCTION:BIO
 ERR_print_errors_fp                     251     EXIST::FUNCTION:FP_API
 ERR_put_error                           252     EXIST::FUNCTION:
 ERR_reason_error_string                 253     EXIST::FUNCTION:
-ERR_remove_state                        254     EXIST::FUNCTION:
+ERR_remove_state                        254     EXIST::FUNCTION:DEPRECATED
 EVP_BytesToKey                          255     EXIST::FUNCTION:
 EVP_CIPHER_CTX_cleanup                  256     EXIST::FUNCTION:
 EVP_CipherFinal                         257     EXIST::FUNCTION:
@@ -343,7 +343,7 @@ NETSCAPE_SPKI_new                       350	EXIST::FUNCTION:
 NETSCAPE_SPKI_sign                      351     EXIST::FUNCTION:EVP
 NETSCAPE_SPKI_verify                    352     EXIST::FUNCTION:EVP
 OBJ_add_object                          353     EXIST::FUNCTION:
-OBJ_bsearch                             354     EXIST::FUNCTION:
+OBJ_bsearch                             354     NOEXIST::FUNCTION:
 OBJ_cleanup                             355     EXIST::FUNCTION:
 OBJ_cmp                                 356     EXIST::FUNCTION:
 OBJ_create                              357     EXIST::FUNCTION:
@@ -356,9 +356,9 @@ OBJ_nid2sn                              363	EXIST::FUNCTION:
 OBJ_obj2nid                             364     EXIST::FUNCTION:
 OBJ_sn2nid                              365     EXIST::FUNCTION:
 OBJ_txt2nid                             366     EXIST::FUNCTION:
-PEM_ASN1_read                           367     EXIST:!WIN16:FUNCTION:
+PEM_ASN1_read                           367     EXIST::FUNCTION:
 PEM_ASN1_read_bio                       368     EXIST::FUNCTION:BIO
-PEM_ASN1_write                          369     EXIST:!WIN16:FUNCTION:
+PEM_ASN1_write                          369     EXIST::FUNCTION:
 PEM_ASN1_write_bio                      370     EXIST::FUNCTION:BIO
 PEM_SealFinal                           371     EXIST::FUNCTION:RSA
 PEM_SealInit                            372     EXIST::FUNCTION:RSA
@@ -366,14 +366,14 @@ PEM_SealUpdate                          373	EXIST::FUNCTION:RSA
 PEM_SignFinal                           374     EXIST::FUNCTION:
 PEM_SignInit                            375     EXIST::FUNCTION:
 PEM_SignUpdate                          376     EXIST::FUNCTION:
-PEM_X509_INFO_read                      377     EXIST:!WIN16:FUNCTION:
+PEM_X509_INFO_read                      377     EXIST::FUNCTION:
 PEM_X509_INFO_read_bio                  378     EXIST::FUNCTION:BIO
 PEM_X509_INFO_write_bio                 379     EXIST::FUNCTION:BIO
 PEM_dek_info                            380     EXIST::FUNCTION:
 PEM_do_header                           381     EXIST::FUNCTION:
 PEM_get_EVP_CIPHER_INFO                 382     EXIST::FUNCTION:
 PEM_proc_type                           383     EXIST::FUNCTION:
-PEM_read                                384     EXIST:!WIN16:FUNCTION:
+PEM_read                                384     EXIST::FUNCTION:
 PEM_read_DHparams                       385     EXIST:!WIN16:FUNCTION:DH
 PEM_read_DSAPrivateKey                  386     EXIST:!WIN16:FUNCTION:DSA
 PEM_read_DSAparams                      387     EXIST:!WIN16:FUNCTION:DSA
@@ -393,7 +393,7 @@ PEM_read_bio_RSAPrivateKey              400	EXIST::FUNCTION:RSA
 PEM_read_bio_X509                       401     EXIST::FUNCTION:
 PEM_read_bio_X509_CRL                   402     EXIST::FUNCTION:
 PEM_read_bio_X509_REQ                   403     EXIST::FUNCTION:
-PEM_write                               404     EXIST:!WIN16:FUNCTION:
+PEM_write                               404     EXIST::FUNCTION:
 PEM_write_DHparams                      405     EXIST:!WIN16:FUNCTION:DH
 PEM_write_DSAPrivateKey                 406     EXIST:!WIN16:FUNCTION:DSA
 PEM_write_DSAparams                     407     EXIST:!WIN16:FUNCTION:DSA
@@ -469,7 +469,7 @@ RC2_set_key                             476	EXIST::FUNCTION:RC2
 RC4                                     477     EXIST::FUNCTION:RC4
 RC4_options                             478     EXIST::FUNCTION:RC4
 RC4_set_key                             479     EXIST::FUNCTION:RC4
-RSAPrivateKey_asn1_meth                 480     EXIST::FUNCTION:RSA
+RSAPrivateKey_asn1_meth                 480     NOEXIST::FUNCTION:
 RSAPrivateKey_dup                       481     EXIST::FUNCTION:RSA
 RSAPublicKey_dup                        482     EXIST::FUNCTION:RSA
 RSA_PKCS1_SSLeay                        483     EXIST::FUNCTION:RSA
@@ -624,7 +624,7 @@ X509_STORE_set_default_paths            630	EXIST::FUNCTION:STDIO
 X509_VAL_free                           631     EXIST::FUNCTION:
 X509_VAL_new                            632     EXIST::FUNCTION:
 X509_add_ext                            633     EXIST::FUNCTION:
-X509_asn1_meth                          634     EXIST::FUNCTION:
+X509_asn1_meth                          634     NOEXIST::FUNCTION:
 X509_certificate_type                   635     EXIST::FUNCTION:
 X509_check_private_key                  636     EXIST::FUNCTION:
 X509_cmp_current_time                   637     EXIST::FUNCTION:
@@ -704,7 +704,7 @@ bn_sqr_words                            710	EXIST::FUNCTION:
 _ossl_old_crypt                         711     EXIST:!NeXT,!PERL5:FUNCTION:DES
 d2i_ASN1_BIT_STRING                     712     EXIST::FUNCTION:
 d2i_ASN1_BOOLEAN                        713     EXIST::FUNCTION:
-d2i_ASN1_HEADER                         714     EXIST::FUNCTION:
+d2i_ASN1_HEADER                         714     NOEXIST::FUNCTION:
 d2i_ASN1_IA5STRING                      715     EXIST::FUNCTION:
 d2i_ASN1_INTEGER                        716     EXIST::FUNCTION:
 d2i_ASN1_OBJECT                         717     EXIST::FUNCTION:
@@ -809,7 +809,7 @@ i2a_ASN1_OBJECT                         816	EXIST::FUNCTION:BIO
 i2a_ASN1_STRING                         817     EXIST::FUNCTION:BIO
 i2d_ASN1_BIT_STRING                     818     EXIST::FUNCTION:
 i2d_ASN1_BOOLEAN                        819     EXIST::FUNCTION:
-i2d_ASN1_HEADER                         820     EXIST::FUNCTION:
+i2d_ASN1_HEADER                         820     NOEXIST::FUNCTION:
 i2d_ASN1_IA5STRING                      821     EXIST::FUNCTION:
 i2d_ASN1_INTEGER                        822     EXIST::FUNCTION:
 i2d_ASN1_OBJECT                         823     EXIST::FUNCTION:
@@ -950,9 +950,9 @@ ERR_get_next_error_library              966	EXIST::FUNCTION:
 EVP_PKEY_cmp_parameters                 967     EXIST::FUNCTION:
 HMAC_cleanup                            968     NOEXIST::FUNCTION:
 BIO_ptr_ctrl                            969     EXIST::FUNCTION:
-BIO_new_file_internal                   970     EXIST:WIN16:FUNCTION:FP_API
+BIO_new_file_internal                   970     NOEXIST::FUNCTION:
-BIO_new_fp_internal                     971     EXIST:WIN16:FUNCTION:FP_API
+BIO_new_fp_internal                     971     NOEXIST::FUNCTION:
-BIO_s_file_internal                     972     EXIST:WIN16:FUNCTION:FP_API
+BIO_s_file_internal                     972     NOEXIST::FUNCTION:
 BN_BLINDING_convert                     973     EXIST::FUNCTION:
 BN_BLINDING_invert                      974     EXIST::FUNCTION:
 BN_BLINDING_update                      975     EXIST::FUNCTION:
@@ -984,8 +984,8 @@ BIO_ghbn_ctrl                           1003	NOEXIST::FUNCTION:
 CRYPTO_free_ex_data                     1004    EXIST::FUNCTION:
 CRYPTO_get_ex_data                      1005    EXIST::FUNCTION:
 CRYPTO_set_ex_data                      1007    EXIST::FUNCTION:
-ERR_load_CRYPTO_strings                 1009    EXIST:!OS2,!VMS,!WIN16:FUNCTION:
+ERR_load_CRYPTO_strings                 1009    EXIST:!OS2,!VMS:FUNCTION:
-ERR_load_CRYPTOlib_strings              1009    EXIST:OS2,VMS,WIN16:FUNCTION:
+ERR_load_CRYPTOlib_strings              1009    EXIST:OS2,VMS:FUNCTION:
 EVP_PKEY_bits                           1010    EXIST::FUNCTION:
 MD5_Transform                           1011    EXIST::FUNCTION:MD5
 SHA1_Transform                          1012    EXIST::FUNCTION:SHA,SHA1
@@ -1117,11 +1117,11 @@ COMP_compress_block                     1144	EXIST::FUNCTION:
 COMP_expand_block                       1145    EXIST::FUNCTION:
 COMP_rle                                1146    EXIST::FUNCTION:
 COMP_zlib                               1147    EXIST::FUNCTION:
-ms_time_diff                            1148    EXIST::FUNCTION:
+ms_time_diff                            1148    NOEXIST::FUNCTION:
-ms_time_new                             1149    EXIST::FUNCTION:
+ms_time_new                             1149    NOEXIST::FUNCTION:
-ms_time_free                            1150    EXIST::FUNCTION:
+ms_time_free                            1150    NOEXIST::FUNCTION:
-ms_time_cmp                             1151    EXIST::FUNCTION:
+ms_time_cmp                             1151    NOEXIST::FUNCTION:
-ms_time_get                             1152    EXIST::FUNCTION:
+ms_time_get                             1152    NOEXIST::FUNCTION:
 PKCS7_set_attributes                    1153    EXIST::FUNCTION:
 PKCS7_set_signed_attributes             1154    EXIST::FUNCTION:
 X509_ATTRIBUTE_create                   1155    EXIST::FUNCTION:
@@ -1255,8 +1255,8 @@ PKCS12_gen_mac                          1278	EXIST::FUNCTION:
 PKCS12_verify_mac                       1279    EXIST::FUNCTION:
 PKCS12_set_mac                          1280    EXIST::FUNCTION:
 PKCS12_setup_mac                        1281    EXIST::FUNCTION:
-asc2uni                                 1282    EXIST::FUNCTION:
+OPENSSL_asc2uni                         1282    EXIST::FUNCTION:
-uni2asc                                 1283    EXIST::FUNCTION:
+OPENSSL_uni2asc                         1283    EXIST::FUNCTION:
 i2d_PKCS12_BAGS                         1284    EXIST::FUNCTION:
 PKCS12_BAGS_new                         1285    EXIST::FUNCTION:
 d2i_PKCS12_BAGS                         1286    EXIST::FUNCTION:
@@ -2081,7 +2081,7 @@ NETSCAPE_SPKAC_it                       2641	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
 NETSCAPE_SPKAC_it                       2641    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 X509_REVOKED_it                         2642    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 X509_REVOKED_it                         2642    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_STRING_encode                      2643    EXIST::FUNCTION:
+ASN1_STRING_encode                      2643    NOEXIST::FUNCTION:
 EVP_aes_128_ecb                         2644    EXIST::FUNCTION:AES
 KRB5_AUTHENT_free                       2645    EXIST::FUNCTION:
 OCSP_BASICRESP_get_ext_by_critical      2646    EXIST:!VMS:FUNCTION:
@@ -2732,8 +2732,8 @@ EC_POINT_point2oct                      3178	EXIST::FUNCTION:EC
 KRB5_APREQ_free                         3179    EXIST::FUNCTION:
 ASN1_OBJECT_it                          3180    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 ASN1_OBJECT_it                          3180    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_crlID_new                          3181    EXIST:!OS2,!VMS,!WIN16:FUNCTION:
+OCSP_crlID_new                          3181    EXIST:!OS2,!VMS:FUNCTION:
-OCSP_crlID2_new                         3181    EXIST:OS2,VMS,WIN16:FUNCTION:
+OCSP_crlID2_new                         3181    EXIST:OS2,VMS:FUNCTION:
 CONF_modules_load_file                  3182    EXIST::FUNCTION:
 CONF_imodule_set_usr_data               3183    EXIST::FUNCTION:
 ENGINE_set_default_string               3184    EXIST::FUNCTION:ENGINE
@@ -2804,57 +2804,57 @@ OPENSSL_cleanse                         3245	EXIST::FUNCTION:
 ENGINE_setup_bsd_cryptodev              3246    EXIST:__FreeBSD__:FUNCTION:ENGINE
 ERR_release_err_state_table             3247    EXIST::FUNCTION:LHASH
 EVP_aes_128_cfb8                        3248    EXIST::FUNCTION:AES
-FIPS_corrupt_rsa                        3249    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_rsa                        3249    NOEXIST::FUNCTION:
-FIPS_selftest_des                       3250    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_des                       3250    NOEXIST::FUNCTION:
 EVP_aes_128_cfb1                        3251    EXIST::FUNCTION:AES
 EVP_aes_192_cfb8                        3252    EXIST::FUNCTION:AES
-FIPS_mode_set                           3253    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_mode_set                           3253    NOEXIST::FUNCTION:
-FIPS_selftest_dsa                       3254    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_dsa                       3254    NOEXIST::FUNCTION:
 EVP_aes_256_cfb8                        3255    EXIST::FUNCTION:AES
 FIPS_allow_md5                          3256    NOEXIST::FUNCTION:
 DES_ede3_cfb_encrypt                    3257    EXIST::FUNCTION:DES
 EVP_des_ede3_cfb8                       3258    EXIST::FUNCTION:DES
 FIPS_rand_seeded                        3259    NOEXIST::FUNCTION:
-AES_cfbr_encrypt_block                  3260    EXIST::FUNCTION:AES
+AES_cfbr_encrypt_block                  3260    NOEXIST::FUNCTION:
 AES_cfb8_encrypt                        3261    EXIST::FUNCTION:AES
-FIPS_rand_seed                          3262    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_seed                          3262    NOEXIST::FUNCTION:
-FIPS_corrupt_des                        3263    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_des                        3263    NOEXIST::FUNCTION:
 EVP_aes_192_cfb1                        3264    EXIST::FUNCTION:AES
-FIPS_selftest_aes                       3265    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_aes                       3265    NOEXIST::FUNCTION:
 FIPS_set_prng_key                       3266    NOEXIST::FUNCTION:
 EVP_des_cfb8                            3267    EXIST::FUNCTION:DES
-FIPS_corrupt_dsa                        3268    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_dsa                        3268    NOEXIST::FUNCTION:
 FIPS_test_mode                          3269    NOEXIST::FUNCTION:
-FIPS_rand_method                        3270    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_method                        3270    NOEXIST::FUNCTION:
 EVP_aes_256_cfb1                        3271    EXIST::FUNCTION:AES
-ERR_load_FIPS_strings                   3272    EXIST:OPENSSL_FIPS:FUNCTION:
+ERR_load_FIPS_strings                   3272    NOEXIST::FUNCTION:
-FIPS_corrupt_aes                        3273    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_aes                        3273    NOEXIST::FUNCTION:
-FIPS_selftest_sha1                      3274    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_sha1                      3274    NOEXIST::FUNCTION:
-FIPS_selftest_rsa                       3275    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_rsa                       3275    NOEXIST::FUNCTION:
-FIPS_corrupt_sha1                       3276    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_sha1                       3276    NOEXIST::FUNCTION:
 EVP_des_cfb1                            3277    EXIST::FUNCTION:DES
 FIPS_dsa_check                          3278    NOEXIST::FUNCTION:
 AES_cfb1_encrypt                        3279    EXIST::FUNCTION:AES
 EVP_des_ede3_cfb1                       3280    EXIST::FUNCTION:DES
-FIPS_rand_check                         3281    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_check                         3281    NOEXIST::FUNCTION:
 FIPS_md5_allowed                        3282    NOEXIST::FUNCTION:
-FIPS_mode                               3283    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_mode                               3283    NOEXIST::FUNCTION:
-FIPS_selftest_failed                    3284    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_failed                    3284    NOEXIST::FUNCTION:
 sk_is_sorted                            3285    EXIST::FUNCTION:
 X509_check_ca                           3286    EXIST::FUNCTION:
-private_idea_set_encrypt_key            3287    EXIST:OPENSSL_FIPS:FUNCTION:IDEA
+private_idea_set_encrypt_key            3287    NOEXIST::FUNCTION:
 HMAC_CTX_set_flags                      3288    EXIST::FUNCTION:HMAC
-private_SHA_Init                        3289    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0
+private_SHA_Init                        3289    NOEXIST::FUNCTION:
-private_CAST_set_key                    3290    EXIST:OPENSSL_FIPS:FUNCTION:CAST
+private_CAST_set_key                    3290    NOEXIST::FUNCTION:
-private_RIPEMD160_Init                  3291    EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD
+private_RIPEMD160_Init                  3291    NOEXIST::FUNCTION:
-private_RC5_32_set_key                  3292    EXIST:OPENSSL_FIPS:FUNCTION:RC5
+private_RC5_32_set_key                  3292    NOEXIST::FUNCTION:
-private_MD5_Init                        3293    EXIST:OPENSSL_FIPS:FUNCTION:MD5
+private_MD5_Init                        3293    NOEXIST::FUNCTION:
-private_RC4_set_key                     3294    EXIST:OPENSSL_FIPS:FUNCTION:RC4
+private_RC4_set_key                     3294    NOEXIST::FUNCTION:
-private_MDC2_Init                       3295    EXIST:OPENSSL_FIPS:FUNCTION:MDC2
+private_MDC2_Init                       3295    NOEXIST::FUNCTION:
-private_RC2_set_key                     3296    EXIST:OPENSSL_FIPS:FUNCTION:RC2
+private_RC2_set_key                     3296    NOEXIST::FUNCTION:
-private_MD4_Init                        3297    EXIST:OPENSSL_FIPS:FUNCTION:MD4
+private_MD4_Init                        3297    NOEXIST::FUNCTION:
-private_BF_set_key                      3298    EXIST:OPENSSL_FIPS:FUNCTION:BF
+private_BF_set_key                      3298    NOEXIST::FUNCTION:
-private_MD2_Init                        3299    EXIST:OPENSSL_FIPS:FUNCTION:MD2
+private_MD2_Init                        3299    NOEXIST::FUNCTION:
 d2i_PROXY_CERT_INFO_EXTENSION           3300    EXIST::FUNCTION:
 PROXY_POLICY_it                         3301    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 PROXY_POLICY_it                         3301    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2868,13 +2868,13 @@ PROXY_CERT_INFO_EXTENSION_it            3307	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
 PROXY_POLICY_free                       3308    EXIST::FUNCTION:
 PROXY_POLICY_new                        3309    EXIST::FUNCTION:
 BN_MONT_CTX_set_locked                  3310    EXIST::FUNCTION:
-FIPS_selftest_rng                       3311    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_rng                       3311    NOEXIST::FUNCTION:
-EVP_sha384                              3312    EXIST::FUNCTION:SHA,SHA512
+EVP_sha384                              3312    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-EVP_sha512                              3313    EXIST::FUNCTION:SHA,SHA512
+EVP_sha512                              3313    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 EVP_sha224                              3314    EXIST::FUNCTION:SHA,SHA256
 EVP_sha256                              3315    EXIST::FUNCTION:SHA,SHA256
-FIPS_selftest_hmac                      3316    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_hmac                      3316    NOEXIST::FUNCTION:
-FIPS_corrupt_rng                        3317    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_rng                        3317    NOEXIST::FUNCTION:
 BN_mod_exp_mont_consttime               3318    EXIST::FUNCTION:
 RSA_X931_hash_id                        3319    EXIST::FUNCTION:RSA
 RSA_padding_check_X931                  3320    EXIST::FUNCTION:RSA
@@ -2882,7 +2882,7 @@ RSA_verify_PKCS1_PSS                    3321	EXIST::FUNCTION:RSA
 RSA_padding_add_X931                    3322    EXIST::FUNCTION:RSA
 RSA_padding_add_PKCS1_PSS               3323    EXIST::FUNCTION:RSA
 PKCS1_MGF1                              3324    EXIST::FUNCTION:RSA
-BN_X931_generate_Xpq                    3325    EXIST::FUNCTION:
+BN_X931_generate_Xpq                    3325    NOEXIST::FUNCTION:
 RSA_X931_generate_key                   3326    NOEXIST::FUNCTION:
 BN_X931_derive_prime                    3327    NOEXIST::FUNCTION:
 BN_X931_generate_prime                  3328    NOEXIST::FUNCTION:
@@ -2893,43 +2893,43 @@ ERR_set_mark                            3332	EXIST::FUNCTION:
 X509_STORE_CTX_set0_crls                3333    EXIST::FUNCTION:
 ENGINE_set_STORE                        3334    EXIST::FUNCTION:ENGINE
 ENGINE_register_ECDSA                   3335    EXIST::FUNCTION:ENGINE
-STORE_method_set_list_start_function    3336    EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_start_fn            3336    NOEXIST::FUNCTION:
-STORE_meth_set_list_start_fn            3336    EXIST:VMS:FUNCTION:
+STORE_method_set_list_start_function    3336    NOEXIST::FUNCTION:
 BN_BLINDING_invert_ex                   3337    EXIST::FUNCTION:
 NAME_CONSTRAINTS_free                   3338    EXIST::FUNCTION:
-STORE_ATTR_INFO_set_number              3339    EXIST::FUNCTION:
+STORE_ATTR_INFO_set_number              3339    NOEXIST::FUNCTION:
-BN_BLINDING_get_thread_id               3340    EXIST::FUNCTION:
+BN_BLINDING_get_thread_id               3340    EXIST::FUNCTION:DEPRECATED
 X509_STORE_CTX_set0_param               3341    EXIST::FUNCTION:
 POLICY_MAPPING_it                       3342    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 POLICY_MAPPING_it                       3342    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_parse_attrs_start                 3343    EXIST::FUNCTION:
+STORE_parse_attrs_start                 3343    NOEXIST::FUNCTION:
 POLICY_CONSTRAINTS_free                 3344    EXIST::FUNCTION:
 EVP_PKEY_add1_attr_by_NID               3345    EXIST::FUNCTION:
 BN_nist_mod_192                         3346    EXIST::FUNCTION:
 EC_GROUP_get_trinomial_basis            3347    EXIST::FUNCTION:EC
-STORE_set_method                        3348    EXIST::FUNCTION:
+STORE_set_method                        3348    NOEXIST::FUNCTION:
 GENERAL_SUBTREE_free                    3349    EXIST::FUNCTION:
 NAME_CONSTRAINTS_it                     3350    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 NAME_CONSTRAINTS_it                     3350    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 ECDH_get_default_method                 3351    EXIST::FUNCTION:ECDH
 PKCS12_add_safe                         3352    EXIST::FUNCTION:
 EC_KEY_new_by_curve_name                3353    EXIST::FUNCTION:EC
-STORE_method_get_update_store_function  3354    EXIST:!VMS:FUNCTION:
+STORE_meth_get_update_store_fn          3354    NOEXIST::FUNCTION:
-STORE_meth_get_update_store_fn          3354    EXIST:VMS:FUNCTION:
+STORE_method_get_update_store_function  3354    NOEXIST::FUNCTION:
 ENGINE_register_ECDH                    3355    EXIST::FUNCTION:ENGINE
-SHA512_Update                           3356    EXIST::FUNCTION:SHA,SHA512
+SHA512_Update                           3356    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 i2d_ECPrivateKey                        3357    EXIST::FUNCTION:EC
 BN_get0_nist_prime_192                  3358    EXIST::FUNCTION:
-STORE_modify_certificate                3359    EXIST::FUNCTION:
+STORE_modify_certificate                3359    NOEXIST::FUNCTION:
 EC_POINT_set_affine_coordinates_GF2m    3360    EXIST:!VMS:FUNCTION:EC
 EC_POINT_set_affine_coords_GF2m         3360    EXIST:VMS:FUNCTION:EC
 BN_GF2m_mod_exp_arr                     3361    EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_number           3362    EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_number           3362    NOEXIST::FUNCTION:
 X509_keyid_get0                         3363    EXIST::FUNCTION:
 ENGINE_load_gmp                         3364    EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE
 pitem_new                               3365    EXIST::FUNCTION:
 BN_GF2m_mod_mul_arr                     3366    EXIST::FUNCTION:
-STORE_list_public_key_endp              3367    EXIST::FUNCTION:
+STORE_list_public_key_endp              3367    NOEXIST::FUNCTION:
 o2i_ECPublicKey                         3368    EXIST::FUNCTION:EC
 EC_KEY_copy                             3369    EXIST::FUNCTION:EC
 BIO_dump_fp                             3370    EXIST::FUNCTION:FP_API
@@ -2938,25 +2938,25 @@ EC_GROUP_check_discriminant             3372	EXIST::FUNCTION:EC
 i2o_ECPublicKey                         3373    EXIST::FUNCTION:EC
 EC_KEY_precompute_mult                  3374    EXIST::FUNCTION:EC
 a2i_IPADDRESS                           3375    EXIST::FUNCTION:
-STORE_method_set_initialise_function    3376    EXIST:!VMS:FUNCTION:
+STORE_meth_set_initialise_fn            3376    NOEXIST::FUNCTION:
-STORE_meth_set_initialise_fn            3376    EXIST:VMS:FUNCTION:
+STORE_method_set_initialise_function    3376    NOEXIST::FUNCTION:
 X509_STORE_CTX_set_depth                3377    EXIST::FUNCTION:
 X509_VERIFY_PARAM_inherit               3378    EXIST::FUNCTION:
 EC_POINT_point2bn                       3379    EXIST::FUNCTION:EC
-STORE_ATTR_INFO_set_dn                  3380    EXIST::FUNCTION:
+STORE_ATTR_INFO_set_dn                  3380    NOEXIST::FUNCTION:
 X509_policy_tree_get0_policies          3381    EXIST::FUNCTION:
 EC_GROUP_new_curve_GF2m                 3382    EXIST::FUNCTION:EC
-STORE_destroy_method                    3383    EXIST::FUNCTION:
+STORE_destroy_method                    3383    NOEXIST::FUNCTION:
 ENGINE_unregister_STORE                 3384    EXIST::FUNCTION:ENGINE
 EVP_PKEY_get1_EC_KEY                    3385    EXIST::FUNCTION:EC
-STORE_ATTR_INFO_get0_number             3386    EXIST::FUNCTION:
+STORE_ATTR_INFO_get0_number             3386    NOEXIST::FUNCTION:
 ENGINE_get_default_ECDH                 3387    EXIST::FUNCTION:ENGINE
 EC_KEY_get_conv_form                    3388    EXIST::FUNCTION:EC
 ASN1_OCTET_STRING_NDEF_it               3389    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 ASN1_OCTET_STRING_NDEF_it               3389    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_delete_public_key                 3390    EXIST::FUNCTION:
+STORE_delete_public_key                 3390    NOEXIST::FUNCTION:
-STORE_get_public_key                    3391    EXIST::FUNCTION:
+STORE_get_public_key                    3391    NOEXIST::FUNCTION:
-STORE_modify_arbitrary                  3392    EXIST::FUNCTION:
+STORE_modify_arbitrary                  3392    NOEXIST::FUNCTION:
 ENGINE_get_static_state                 3393    EXIST::FUNCTION:ENGINE
 pqueue_iterator                         3394    EXIST::FUNCTION:
 ECDSA_SIG_new                           3395    EXIST::FUNCTION:ECDSA
@@ -2965,14 +2965,14 @@ BN_GF2m_mod_sqr                         3397	EXIST::FUNCTION:
 EC_POINT_bn2point                       3398    EXIST::FUNCTION:EC
 X509_VERIFY_PARAM_set_depth             3399    EXIST::FUNCTION:
 EC_KEY_set_asn1_flag                    3400    EXIST::FUNCTION:EC
-STORE_get_method                        3401    EXIST::FUNCTION:
+STORE_get_method                        3401    NOEXIST::FUNCTION:
 EC_KEY_get_key_method_data              3402    EXIST::FUNCTION:EC
 ECDSA_sign_ex                           3403    EXIST::FUNCTION:ECDSA
-STORE_parse_attrs_end                   3404    EXIST::FUNCTION:
+STORE_parse_attrs_end                   3404    NOEXIST::FUNCTION:
 EC_GROUP_get_point_conversion_form      3405    EXIST:!VMS:FUNCTION:EC
 EC_GROUP_get_point_conv_form            3405    EXIST:VMS:FUNCTION:EC
-STORE_method_set_store_function         3406    EXIST::FUNCTION:
+STORE_method_set_store_function         3406    NOEXIST::FUNCTION:
-STORE_ATTR_INFO_in                      3407    EXIST::FUNCTION:
+STORE_ATTR_INFO_in                      3407    NOEXIST::FUNCTION:
 PEM_read_bio_ECPKParameters             3408    EXIST::FUNCTION:EC
 EC_GROUP_get_pentanomial_basis          3409    EXIST::FUNCTION:EC
 EVP_PKEY_add1_attr_by_txt               3410    EXIST::FUNCTION:
@@ -2980,7 +2980,7 @@ BN_BLINDING_set_flags                   3411	EXIST::FUNCTION:
 X509_VERIFY_PARAM_set1_policies         3412    EXIST::FUNCTION:
 X509_VERIFY_PARAM_set1_name             3413    EXIST::FUNCTION:
 X509_VERIFY_PARAM_set_purpose           3414    EXIST::FUNCTION:
-STORE_get_number                        3415    EXIST::FUNCTION:
+STORE_get_number                        3415    NOEXIST::FUNCTION:
 ECDSA_sign_setup                        3416    EXIST::FUNCTION:ECDSA
 BN_GF2m_mod_solve_quad_arr              3417    EXIST::FUNCTION:
 EC_KEY_up_ref                           3418    EXIST::FUNCTION:EC
@@ -2988,14 +2988,14 @@ POLICY_MAPPING_free                     3419	EXIST::FUNCTION:
 BN_GF2m_mod_div                         3420    EXIST::FUNCTION:
 X509_VERIFY_PARAM_set_flags             3421    EXIST::FUNCTION:
 EC_KEY_free                             3422    EXIST::FUNCTION:EC
-STORE_method_set_list_next_function     3423    EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_next_fn             3423    NOEXIST::FUNCTION:
-STORE_meth_set_list_next_fn             3423    EXIST:VMS:FUNCTION:
+STORE_method_set_list_next_function     3423    NOEXIST::FUNCTION:
 PEM_write_bio_ECPrivateKey              3424    EXIST::FUNCTION:EC
 d2i_EC_PUBKEY                           3425    EXIST::FUNCTION:EC
-STORE_method_get_generate_function      3426    EXIST:!VMS:FUNCTION:
+STORE_meth_get_generate_fn              3426    NOEXIST::FUNCTION:
-STORE_meth_get_generate_fn              3426    EXIST:VMS:FUNCTION:
+STORE_method_get_generate_function      3426    NOEXIST::FUNCTION:
-STORE_method_set_list_end_function      3427    EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_end_fn              3427    NOEXIST::FUNCTION:
-STORE_meth_set_list_end_fn              3427    EXIST:VMS:FUNCTION:
+STORE_method_set_list_end_function      3427    NOEXIST::FUNCTION:
 pqueue_print                            3428    EXIST::FUNCTION:
 EC_GROUP_have_precompute_mult           3429    EXIST::FUNCTION:EC
 EC_KEY_print_fp                         3430    EXIST::FUNCTION:EC,FP_API
@@ -3003,8 +3003,8 @@ BN_GF2m_mod_arr                         3431	EXIST::FUNCTION:
 PEM_write_bio_X509_CERT_PAIR            3432    EXIST::FUNCTION:
 EVP_PKEY_cmp                            3433    EXIST::FUNCTION:
 X509_policy_level_node_count            3434    EXIST::FUNCTION:
-STORE_new_engine                        3435    EXIST::FUNCTION:
+STORE_new_engine                        3435    NOEXIST::FUNCTION:
-STORE_list_public_key_start             3436    EXIST::FUNCTION:
+STORE_list_public_key_start             3436    NOEXIST::FUNCTION:
 X509_VERIFY_PARAM_new                   3437    EXIST::FUNCTION:
 ECDH_get_ex_data                        3438    EXIST::FUNCTION:ECDH
 EVP_PKEY_get_attr                       3439    EXIST::FUNCTION:
@@ -3014,11 +3014,11 @@ ECDH_OpenSSL                            3442	EXIST::FUNCTION:ECDH
 EC_KEY_set_conv_form                    3443    EXIST::FUNCTION:EC
 EC_POINT_dup                            3444    EXIST::FUNCTION:EC
 GENERAL_SUBTREE_new                     3445    EXIST::FUNCTION:
-STORE_list_crl_endp                     3446    EXIST::FUNCTION:
+STORE_list_crl_endp                     3446    NOEXIST::FUNCTION:
 EC_get_builtin_curves                   3447    EXIST::FUNCTION:EC
 X509_policy_node_get0_qualifiers        3448    EXIST:!VMS:FUNCTION:
 X509_pcy_node_get0_qualifiers           3448    EXIST:VMS:FUNCTION:
-STORE_list_crl_end                      3449    EXIST::FUNCTION:
+STORE_list_crl_end                      3449    NOEXIST::FUNCTION:
 EVP_PKEY_set1_EC_KEY                    3450    EXIST::FUNCTION:EC
 BN_GF2m_mod_sqrt_arr                    3451    EXIST::FUNCTION:
 i2d_ECPrivateKey_bio                    3452    EXIST::FUNCTION:BIO,EC
@@ -3026,60 +3026,60 @@ ECPKParameters_print_fp                 3453	EXIST::FUNCTION:EC,FP_API
 pqueue_find                             3454    EXIST::FUNCTION:
 ECDSA_SIG_free                          3455    EXIST::FUNCTION:ECDSA
 PEM_write_bio_ECPKParameters            3456    EXIST::FUNCTION:EC
-STORE_method_set_ctrl_function          3457    EXIST::FUNCTION:
+STORE_method_set_ctrl_function          3457    NOEXIST::FUNCTION:
-STORE_list_public_key_end               3458    EXIST::FUNCTION:
+STORE_list_public_key_end               3458    NOEXIST::FUNCTION:
 EC_KEY_set_private_key                  3459    EXIST::FUNCTION:EC
 pqueue_peek                             3460    EXIST::FUNCTION:
-STORE_get_arbitrary                     3461    EXIST::FUNCTION:
+STORE_get_arbitrary                     3461    NOEXIST::FUNCTION:
-STORE_store_crl                         3462    EXIST::FUNCTION:
+STORE_store_crl                         3462    NOEXIST::FUNCTION:
 X509_policy_node_get0_policy            3463    EXIST::FUNCTION:
 PKCS12_add_safes                        3464    EXIST::FUNCTION:
 BN_BLINDING_convert_ex                  3465    EXIST::FUNCTION:
 X509_policy_tree_free                   3466    EXIST::FUNCTION:
 OPENSSL_ia32cap_loc                     3467    EXIST::FUNCTION:
 BN_GF2m_poly2arr                        3468    EXIST::FUNCTION:
-STORE_ctrl                              3469    EXIST::FUNCTION:
+STORE_ctrl                              3469    NOEXIST::FUNCTION:
-STORE_ATTR_INFO_compare                 3470    EXIST::FUNCTION:
+STORE_ATTR_INFO_compare                 3470    NOEXIST::FUNCTION:
 BN_get0_nist_prime_224                  3471    EXIST::FUNCTION:
 i2d_ECParameters                        3472    EXIST::FUNCTION:EC
 i2d_ECPKParameters                      3473    EXIST::FUNCTION:EC
 BN_GENCB_call                           3474    EXIST::FUNCTION:
 d2i_ECPKParameters                      3475    EXIST::FUNCTION:EC
-STORE_method_set_generate_function      3476    EXIST:!VMS:FUNCTION:
+STORE_meth_set_generate_fn              3476    NOEXIST::FUNCTION:
-STORE_meth_set_generate_fn              3476    EXIST:VMS:FUNCTION:
+STORE_method_set_generate_function      3476    NOEXIST::FUNCTION:
 ENGINE_set_ECDH                         3477    EXIST::FUNCTION:ENGINE
 NAME_CONSTRAINTS_new                    3478    EXIST::FUNCTION:
 SHA256_Init                             3479    EXIST::FUNCTION:SHA,SHA256
 EC_KEY_get0_public_key                  3480    EXIST::FUNCTION:EC
 PEM_write_bio_EC_PUBKEY                 3481    EXIST::FUNCTION:EC
-STORE_ATTR_INFO_set_cstr                3482    EXIST::FUNCTION:
+STORE_ATTR_INFO_set_cstr                3482    NOEXIST::FUNCTION:
-STORE_list_crl_next                     3483    EXIST::FUNCTION:
+STORE_list_crl_next                     3483    NOEXIST::FUNCTION:
-STORE_ATTR_INFO_in_range                3484    EXIST::FUNCTION:
+STORE_ATTR_INFO_in_range                3484    NOEXIST::FUNCTION:
 ECParameters_print                      3485    EXIST::FUNCTION:BIO,EC
-STORE_method_set_delete_function        3486    EXIST:!VMS:FUNCTION:
+STORE_meth_set_delete_fn                3486    NOEXIST::FUNCTION:
-STORE_meth_set_delete_fn                3486    EXIST:VMS:FUNCTION:
+STORE_method_set_delete_function        3486    NOEXIST::FUNCTION:
-STORE_list_certificate_next             3487    EXIST::FUNCTION:
+STORE_list_certificate_next             3487    NOEXIST::FUNCTION:
 ASN1_generate_nconf                     3488    EXIST::FUNCTION:
 BUF_memdup                              3489    EXIST::FUNCTION:
 BN_GF2m_mod_mul                         3490    EXIST::FUNCTION:
-STORE_method_get_list_next_function     3491    EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_next_fn             3491    NOEXIST::FUNCTION:
-STORE_meth_get_list_next_fn             3491    EXIST:VMS:FUNCTION:
+STORE_method_get_list_next_function     3491    NOEXIST::FUNCTION:
-STORE_ATTR_INFO_get0_dn                 3492    EXIST::FUNCTION:
+STORE_ATTR_INFO_get0_dn                 3492    NOEXIST::FUNCTION:
-STORE_list_private_key_next             3493    EXIST::FUNCTION:
+STORE_list_private_key_next             3493    NOEXIST::FUNCTION:
 EC_GROUP_set_seed                       3494    EXIST::FUNCTION:EC
 X509_VERIFY_PARAM_set_trust             3495    EXIST::FUNCTION:
-STORE_ATTR_INFO_free                    3496    EXIST::FUNCTION:
+STORE_ATTR_INFO_free                    3496    NOEXIST::FUNCTION:
-STORE_get_private_key                   3497    EXIST::FUNCTION:
+STORE_get_private_key                   3497    NOEXIST::FUNCTION:
 EVP_PKEY_get_attr_count                 3498    EXIST::FUNCTION:
-STORE_ATTR_INFO_new                     3499    EXIST::FUNCTION:
+STORE_ATTR_INFO_new                     3499    NOEXIST::FUNCTION:
 EC_GROUP_get_curve_GF2m                 3500    EXIST::FUNCTION:EC
-STORE_method_set_revoke_function        3501    EXIST:!VMS:FUNCTION:
+STORE_meth_set_revoke_fn                3501    NOEXIST::FUNCTION:
-STORE_meth_set_revoke_fn                3501    EXIST:VMS:FUNCTION:
+STORE_method_set_revoke_function        3501    NOEXIST::FUNCTION:
-STORE_store_number                      3502    EXIST::FUNCTION:
+STORE_store_number                      3502    NOEXIST::FUNCTION:
 BN_is_prime_ex                          3503    EXIST::FUNCTION:
-STORE_revoke_public_key                 3504    EXIST::FUNCTION:
+STORE_revoke_public_key                 3504    NOEXIST::FUNCTION:
 X509_STORE_CTX_get0_param               3505    EXIST::FUNCTION:
-STORE_delete_arbitrary                  3506    EXIST::FUNCTION:
+STORE_delete_arbitrary                  3506    NOEXIST::FUNCTION:
 PEM_read_X509_CERT_PAIR                 3507    EXIST:!WIN16:FUNCTION:
 X509_STORE_set_depth                    3508    EXIST::FUNCTION:
 ECDSA_get_ex_data                       3509    EXIST::FUNCTION:ECDSA
@@ -3087,40 +3087,40 @@ SHA224                                  3510	EXIST::FUNCTION:SHA,SHA256
 BIO_dump_indent_fp                      3511    EXIST::FUNCTION:FP_API
 EC_KEY_set_group                        3512    EXIST::FUNCTION:EC
 BUF_strndup                             3513    EXIST::FUNCTION:
-STORE_list_certificate_start            3514    EXIST::FUNCTION:
+STORE_list_certificate_start            3514    NOEXIST::FUNCTION:
 BN_GF2m_mod                             3515    EXIST::FUNCTION:
 X509_REQ_check_private_key              3516    EXIST::FUNCTION:
 EC_GROUP_get_seed_len                   3517    EXIST::FUNCTION:EC
-ERR_load_STORE_strings                  3518    EXIST::FUNCTION:
+ERR_load_STORE_strings                  3518    NOEXIST::FUNCTION:
 PEM_read_bio_EC_PUBKEY                  3519    EXIST::FUNCTION:EC
-STORE_list_private_key_end              3520    EXIST::FUNCTION:
+STORE_list_private_key_end              3520    NOEXIST::FUNCTION:
 i2d_EC_PUBKEY                           3521    EXIST::FUNCTION:EC
 ECDSA_get_default_method                3522    EXIST::FUNCTION:ECDSA
 ASN1_put_eoc                            3523    EXIST::FUNCTION:
 X509_STORE_CTX_get_explicit_policy      3524    EXIST:!VMS:FUNCTION:
 X509_STORE_CTX_get_expl_policy          3524    EXIST:VMS:FUNCTION:
 X509_VERIFY_PARAM_table_cleanup         3525    EXIST::FUNCTION:
-STORE_modify_private_key                3526    EXIST::FUNCTION:
+STORE_modify_private_key                3526    NOEXIST::FUNCTION:
 X509_VERIFY_PARAM_free                  3527    EXIST::FUNCTION:
 EC_METHOD_get_field_type                3528    EXIST::FUNCTION:EC
 EC_GFp_nist_method                      3529    EXIST::FUNCTION:EC
-STORE_method_set_modify_function        3530    EXIST:!VMS:FUNCTION:
+STORE_meth_set_modify_fn                3530    NOEXIST::FUNCTION:
-STORE_meth_set_modify_fn                3530    EXIST:VMS:FUNCTION:
+STORE_method_set_modify_function        3530    NOEXIST::FUNCTION:
-STORE_parse_attrs_next                  3531    EXIST::FUNCTION:
+STORE_parse_attrs_next                  3531    NOEXIST::FUNCTION:
-ENGINE_load_padlock                     3532    EXIST::FUNCTION:ENGINE
+ENGINE_load_padlock                     3532    EXIST::FUNCTION:ENGINE,STATIC_ENGINE
 EC_GROUP_set_curve_name                 3533    EXIST::FUNCTION:EC
 X509_CERT_PAIR_it                       3534    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 X509_CERT_PAIR_it                       3534    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_method_get_revoke_function        3535    EXIST:!VMS:FUNCTION:
+STORE_meth_get_revoke_fn                3535    NOEXIST::FUNCTION:
-STORE_meth_get_revoke_fn                3535    EXIST:VMS:FUNCTION:
+STORE_method_get_revoke_function        3535    NOEXIST::FUNCTION:
-STORE_method_set_get_function           3536    EXIST::FUNCTION:
+STORE_method_set_get_function           3536    NOEXIST::FUNCTION:
-STORE_modify_number                     3537    EXIST::FUNCTION:
+STORE_modify_number                     3537    NOEXIST::FUNCTION:
-STORE_method_get_store_function         3538    EXIST::FUNCTION:
+STORE_method_get_store_function         3538    NOEXIST::FUNCTION:
-STORE_store_private_key                 3539    EXIST::FUNCTION:
+STORE_store_private_key                 3539    NOEXIST::FUNCTION:
 BN_GF2m_mod_sqr_arr                     3540    EXIST::FUNCTION:
 RSA_setup_blinding                      3541    EXIST::FUNCTION:RSA
 BIO_s_datagram                          3542    EXIST::FUNCTION:DGRAM
-STORE_Memory                            3543    EXIST::FUNCTION:
+STORE_Memory                            3543    NOEXIST::FUNCTION:
 sk_find_ex                              3544    EXIST::FUNCTION:
 EC_GROUP_set_curve_GF2m                 3545    EXIST::FUNCTION:EC
 ENGINE_set_default_ECDSA                3546    EXIST::FUNCTION:ENGINE
@@ -3128,69 +3128,69 @@ POLICY_CONSTRAINTS_new                  3547	EXIST::FUNCTION:
 BN_GF2m_mod_sqrt                        3548    EXIST::FUNCTION:
 ECDH_set_default_method                 3549    EXIST::FUNCTION:ECDH
 EC_KEY_generate_key                     3550    EXIST::FUNCTION:EC
-SHA384_Update                           3551    EXIST::FUNCTION:SHA,SHA512
+SHA384_Update                           3551    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 BN_GF2m_arr2poly                        3552    EXIST::FUNCTION:
-STORE_method_get_get_function           3553    EXIST::FUNCTION:
+STORE_method_get_get_function           3553    NOEXIST::FUNCTION:
-STORE_method_set_cleanup_function       3554    EXIST:!VMS:FUNCTION:
+STORE_meth_set_cleanup_fn               3554    NOEXIST::FUNCTION:
-STORE_meth_set_cleanup_fn               3554    EXIST:VMS:FUNCTION:
+STORE_method_set_cleanup_function       3554    NOEXIST::FUNCTION:
 EC_GROUP_check                          3555    EXIST::FUNCTION:EC
 d2i_ECPrivateKey_bio                    3556    EXIST::FUNCTION:BIO,EC
 EC_KEY_insert_key_method_data           3557    EXIST::FUNCTION:EC
-STORE_method_get_lock_store_function    3558    EXIST:!VMS:FUNCTION:
+STORE_meth_get_lock_store_fn            3558    NOEXIST::FUNCTION:
-STORE_meth_get_lock_store_fn            3558    EXIST:VMS:FUNCTION:
+STORE_method_get_lock_store_function    3558    NOEXIST::FUNCTION:
 X509_VERIFY_PARAM_get_depth             3559    EXIST::FUNCTION:
 SHA224_Final                            3560    EXIST::FUNCTION:SHA,SHA256
-STORE_method_set_update_store_function  3561    EXIST:!VMS:FUNCTION:
+STORE_meth_set_update_store_fn          3561    NOEXIST::FUNCTION:
-STORE_meth_set_update_store_fn          3561    EXIST:VMS:FUNCTION:
+STORE_method_set_update_store_function  3561    NOEXIST::FUNCTION:
 SHA224_Update                           3562    EXIST::FUNCTION:SHA,SHA256
 d2i_ECPrivateKey                        3563    EXIST::FUNCTION:EC
 ASN1_item_ndef_i2d                      3564    EXIST::FUNCTION:
-STORE_delete_private_key                3565    EXIST::FUNCTION:
+STORE_delete_private_key                3565    NOEXIST::FUNCTION:
 ERR_pop_to_mark                         3566    EXIST::FUNCTION:
 ENGINE_register_all_STORE               3567    EXIST::FUNCTION:ENGINE
 X509_policy_level_get0_node             3568    EXIST::FUNCTION:
 i2d_PKCS7_NDEF                          3569    EXIST::FUNCTION:
 EC_GROUP_get_degree                     3570    EXIST::FUNCTION:EC
 ASN1_generate_v3                        3571    EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_cstr             3572    EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_cstr             3572    NOEXIST::FUNCTION:
 X509_policy_tree_level_count            3573    EXIST::FUNCTION:
 BN_GF2m_add                             3574    EXIST::FUNCTION:
 EC_KEY_get0_group                       3575    EXIST::FUNCTION:EC
-STORE_generate_crl                      3576    EXIST::FUNCTION:
+STORE_generate_crl                      3576    NOEXIST::FUNCTION:
-STORE_store_public_key                  3577    EXIST::FUNCTION:
+STORE_store_public_key                  3577    NOEXIST::FUNCTION:
 X509_CERT_PAIR_free                     3578    EXIST::FUNCTION:
-STORE_revoke_private_key                3579    EXIST::FUNCTION:
+STORE_revoke_private_key                3579    NOEXIST::FUNCTION:
 BN_nist_mod_224                         3580    EXIST::FUNCTION:
-SHA512_Final                            3581    EXIST::FUNCTION:SHA,SHA512
+SHA512_Final                            3581    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-STORE_ATTR_INFO_modify_dn               3582    EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_dn               3582    NOEXIST::FUNCTION:
-STORE_method_get_initialise_function    3583    EXIST:!VMS:FUNCTION:
+STORE_meth_get_initialise_fn            3583    NOEXIST::FUNCTION:
-STORE_meth_get_initialise_fn            3583    EXIST:VMS:FUNCTION:
+STORE_method_get_initialise_function    3583    NOEXIST::FUNCTION:
-STORE_delete_number                     3584    EXIST::FUNCTION:
+STORE_delete_number                     3584    NOEXIST::FUNCTION:
 i2d_EC_PUBKEY_bio                       3585    EXIST::FUNCTION:BIO,EC
 BIO_dgram_non_fatal_error               3586    EXIST::FUNCTION:
 EC_GROUP_get_asn1_flag                  3587    EXIST::FUNCTION:EC
-STORE_ATTR_INFO_in_ex                   3588    EXIST::FUNCTION:
+STORE_ATTR_INFO_in_ex                   3588    NOEXIST::FUNCTION:
-STORE_list_crl_start                    3589    EXIST::FUNCTION:
+STORE_list_crl_start                    3589    NOEXIST::FUNCTION:
 ECDH_get_ex_new_index                   3590    EXIST::FUNCTION:ECDH
-STORE_method_get_modify_function        3591    EXIST:!VMS:FUNCTION:
+STORE_meth_get_modify_fn                3591    NOEXIST::FUNCTION:
-STORE_meth_get_modify_fn                3591    EXIST:VMS:FUNCTION:
+STORE_method_get_modify_function        3591    NOEXIST::FUNCTION:
 v2i_ASN1_BIT_STRING                     3592    EXIST::FUNCTION:
-STORE_store_certificate                 3593    EXIST::FUNCTION:
+STORE_store_certificate                 3593    NOEXIST::FUNCTION:
-OBJ_bsearch_ex                          3594    EXIST::FUNCTION:
+OBJ_bsearch_ex                          3594    NOEXIST::FUNCTION:
 X509_STORE_CTX_set_default              3595    EXIST::FUNCTION:
-STORE_ATTR_INFO_set_sha1str             3596    EXIST::FUNCTION:
+STORE_ATTR_INFO_set_sha1str             3596    NOEXIST::FUNCTION:
 BN_GF2m_mod_inv                         3597    EXIST::FUNCTION:
 BN_GF2m_mod_exp                         3598    EXIST::FUNCTION:
-STORE_modify_public_key                 3599    EXIST::FUNCTION:
+STORE_modify_public_key                 3599    NOEXIST::FUNCTION:
-STORE_method_get_list_start_function    3600    EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_start_fn            3600    NOEXIST::FUNCTION:
-STORE_meth_get_list_start_fn            3600    EXIST:VMS:FUNCTION:
+STORE_method_get_list_start_function    3600    NOEXIST::FUNCTION:
 EC_GROUP_get0_seed                      3601    EXIST::FUNCTION:EC
-STORE_store_arbitrary                   3602    EXIST::FUNCTION:
+STORE_store_arbitrary                   3602    NOEXIST::FUNCTION:
-STORE_method_set_unlock_store_function  3603    EXIST:!VMS:FUNCTION:
+STORE_meth_set_unlock_store_fn          3603    NOEXIST::FUNCTION:
-STORE_meth_set_unlock_store_fn          3603    EXIST:VMS:FUNCTION:
+STORE_method_set_unlock_store_function  3603    NOEXIST::FUNCTION:
 BN_GF2m_mod_div_arr                     3604    EXIST::FUNCTION:
 ENGINE_set_ECDSA                        3605    EXIST::FUNCTION:ENGINE
-STORE_create_method                     3606    EXIST::FUNCTION:
+STORE_create_method                     3606    NOEXIST::FUNCTION:
 ECPKParameters_print                    3607    EXIST::FUNCTION:BIO,EC
 EC_KEY_get0_private_key                 3608    EXIST::FUNCTION:EC
 PEM_write_EC_PUBKEY                     3609    EXIST:!WIN16:FUNCTION:EC
@@ -3198,7 +3198,7 @@ X509_VERIFY_PARAM_set1                  3610	EXIST::FUNCTION:
 ECDH_set_method                         3611    EXIST::FUNCTION:ECDH
 v2i_GENERAL_NAME_ex                     3612    EXIST::FUNCTION:
 ECDH_set_ex_data                        3613    EXIST::FUNCTION:ECDH
-STORE_generate_key                      3614    EXIST::FUNCTION:
+STORE_generate_key                      3614    NOEXIST::FUNCTION:
 BN_nist_mod_521                         3615    EXIST::FUNCTION:
 X509_policy_tree_get0_level             3616    EXIST::FUNCTION:
 EC_GROUP_set_point_conversion_form      3617    EXIST:!VMS:FUNCTION:EC
@@ -3206,7 +3206,7 @@ EC_GROUP_set_point_conv_form            3617	EXIST:VMS:FUNCTION:EC
 PEM_read_EC_PUBKEY                      3618    EXIST:!WIN16:FUNCTION:EC
 i2d_ECDSA_SIG                           3619    EXIST::FUNCTION:ECDSA
 ECDSA_OpenSSL                           3620    EXIST::FUNCTION:ECDSA
-STORE_delete_crl                        3621    EXIST::FUNCTION:
+STORE_delete_crl                        3621    NOEXIST::FUNCTION:
 EC_KEY_get_enc_flags                    3622    EXIST::FUNCTION:EC
 ASN1_const_check_infinite_end           3623    EXIST::FUNCTION:
 EVP_PKEY_delete_attr                    3624    EXIST::FUNCTION:
@@ -3214,31 +3214,31 @@ ECDSA_set_default_method                3625	EXIST::FUNCTION:ECDSA
 EC_POINT_set_compressed_coordinates_GF2m 3626   EXIST:!VMS:FUNCTION:EC
 EC_POINT_set_compr_coords_GF2m          3626    EXIST:VMS:FUNCTION:EC
 EC_GROUP_cmp                            3627    EXIST::FUNCTION:EC
-STORE_revoke_certificate                3628    EXIST::FUNCTION:
+STORE_revoke_certificate                3628    NOEXIST::FUNCTION:
 BN_get0_nist_prime_256                  3629    EXIST::FUNCTION:
-STORE_method_get_delete_function        3630    EXIST:!VMS:FUNCTION:
+STORE_meth_get_delete_fn                3630    NOEXIST::FUNCTION:
-STORE_meth_get_delete_fn                3630    EXIST:VMS:FUNCTION:
+STORE_method_get_delete_function        3630    NOEXIST::FUNCTION:
 SHA224_Init                             3631    EXIST::FUNCTION:SHA,SHA256
 PEM_read_ECPrivateKey                   3632    EXIST:!WIN16:FUNCTION:EC
-SHA512_Init                             3633    EXIST::FUNCTION:SHA,SHA512
+SHA512_Init                             3633    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-STORE_parse_attrs_endp                  3634    EXIST::FUNCTION:
+STORE_parse_attrs_endp                  3634    NOEXIST::FUNCTION:
 BN_set_negative                         3635    EXIST::FUNCTION:
 ERR_load_ECDSA_strings                  3636    EXIST::FUNCTION:ECDSA
 EC_GROUP_get_basis_type                 3637    EXIST::FUNCTION:EC
-STORE_list_public_key_next              3638    EXIST::FUNCTION:
+STORE_list_public_key_next              3638    NOEXIST::FUNCTION:
 i2v_ASN1_BIT_STRING                     3639    EXIST::FUNCTION:
-STORE_OBJECT_free                       3640    EXIST::FUNCTION:
+STORE_OBJECT_free                       3640    NOEXIST::FUNCTION:
 BN_nist_mod_384                         3641    EXIST::FUNCTION:
 i2d_X509_CERT_PAIR                      3642    EXIST::FUNCTION:
 PEM_write_ECPKParameters                3643    EXIST:!WIN16:FUNCTION:EC
 ECDH_compute_key                        3644    EXIST::FUNCTION:ECDH
-STORE_ATTR_INFO_get0_sha1str            3645    EXIST::FUNCTION:
+STORE_ATTR_INFO_get0_sha1str            3645    NOEXIST::FUNCTION:
 ENGINE_register_all_ECDH                3646    EXIST::FUNCTION:ENGINE
 pqueue_pop                              3647    EXIST::FUNCTION:
-STORE_ATTR_INFO_get0_cstr               3648    EXIST::FUNCTION:
+STORE_ATTR_INFO_get0_cstr               3648    NOEXIST::FUNCTION:
 POLICY_CONSTRAINTS_it                   3649    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 POLICY_CONSTRAINTS_it                   3649    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_get_ex_new_index                  3650    EXIST::FUNCTION:
+STORE_get_ex_new_index                  3650    NOEXIST::FUNCTION:
 EVP_PKEY_get_attr_by_OBJ                3651    EXIST::FUNCTION:
 X509_VERIFY_PARAM_add0_policy           3652    EXIST::FUNCTION:
 BN_GF2m_mod_solve_quad                  3653    EXIST::FUNCTION:
@@ -3259,20 +3259,20 @@ EC_KEY_set_enc_flags                    3665	EXIST::FUNCTION:EC
 ECDSA_verify                            3666    EXIST::FUNCTION:ECDSA
 EC_POINT_point2hex                      3667    EXIST::FUNCTION:EC
 ENGINE_get_STORE                        3668    EXIST::FUNCTION:ENGINE
-SHA512                                  3669    EXIST::FUNCTION:SHA,SHA512
+SHA512                                  3669    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-STORE_get_certificate                   3670    EXIST::FUNCTION:
+STORE_get_certificate                   3670    NOEXIST::FUNCTION:
 ECDSA_do_sign_ex                        3671    EXIST::FUNCTION:ECDSA
 ECDSA_do_verify                         3672    EXIST::FUNCTION:ECDSA
 d2i_ECPrivateKey_fp                     3673    EXIST::FUNCTION:EC,FP_API
-STORE_delete_certificate                3674    EXIST::FUNCTION:
+STORE_delete_certificate                3674    NOEXIST::FUNCTION:
-SHA512_Transform                        3675    EXIST::FUNCTION:SHA,SHA512
+SHA512_Transform                        3675    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 X509_STORE_set1_param                   3676    EXIST::FUNCTION:
-STORE_method_get_ctrl_function          3677    EXIST::FUNCTION:
+STORE_method_get_ctrl_function          3677    NOEXIST::FUNCTION:
-STORE_free                              3678    EXIST::FUNCTION:
+STORE_free                              3678    NOEXIST::FUNCTION:
 PEM_write_ECPrivateKey                  3679    EXIST:!WIN16:FUNCTION:EC
-STORE_method_get_unlock_store_function  3680    EXIST:!VMS:FUNCTION:
+STORE_meth_get_unlock_store_fn          3680    NOEXIST::FUNCTION:
-STORE_meth_get_unlock_store_fn          3680    EXIST:VMS:FUNCTION:
+STORE_method_get_unlock_store_function  3680    NOEXIST::FUNCTION:
-STORE_get_ex_data                       3681    EXIST::FUNCTION:
+STORE_get_ex_data                       3681    NOEXIST::FUNCTION:
 EC_KEY_set_public_key                   3682    EXIST::FUNCTION:EC
 PEM_read_ECPKParameters                 3683    EXIST:!WIN16:FUNCTION:EC
 X509_CERT_PAIR_new                      3684    EXIST::FUNCTION:
@@ -3282,8 +3282,8 @@ DSA_generate_parameters_ex              3687	EXIST::FUNCTION:DSA
 ECParameters_print_fp                   3688    EXIST::FUNCTION:EC,FP_API
 X509V3_NAME_from_section                3689    EXIST::FUNCTION:
 EVP_PKEY_add1_attr                      3690    EXIST::FUNCTION:
-STORE_modify_crl                        3691    EXIST::FUNCTION:
+STORE_modify_crl                        3691    NOEXIST::FUNCTION:
-STORE_list_private_key_start            3692    EXIST::FUNCTION:
+STORE_list_private_key_start            3692    NOEXIST::FUNCTION:
 POLICY_MAPPINGS_it                      3693    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 POLICY_MAPPINGS_it                      3693    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 GENERAL_SUBTREE_it                      3694    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -3292,7 +3292,7 @@ EC_GROUP_get_curve_name                 3695	EXIST::FUNCTION:EC
 PEM_write_X509_CERT_PAIR                3696    EXIST:!WIN16:FUNCTION:
 BIO_dump_indent_cb                      3697    EXIST::FUNCTION:
 d2i_X509_CERT_PAIR                      3698    EXIST::FUNCTION:
-STORE_list_private_key_endp             3699    EXIST::FUNCTION:
+STORE_list_private_key_endp             3699    NOEXIST::FUNCTION:
 asn1_const_Finish                       3700    EXIST::FUNCTION:
 i2d_EC_PUBKEY_fp                        3701    EXIST::FUNCTION:EC,FP_API
 BN_nist_mod_256                         3702    EXIST::FUNCTION:
@@ -3302,47 +3302,47 @@ BN_BLINDING_create_param                3705	EXIST::FUNCTION:
 ECDSA_size                              3706    EXIST::FUNCTION:ECDSA
 d2i_EC_PUBKEY_bio                       3707    EXIST::FUNCTION:BIO,EC
 BN_get0_nist_prime_521                  3708    EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_sha1str          3709    EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_sha1str          3709    NOEXIST::FUNCTION:
 BN_generate_prime_ex                    3710    EXIST::FUNCTION:
 EC_GROUP_new_by_curve_name              3711    EXIST::FUNCTION:EC
 SHA256_Final                            3712    EXIST::FUNCTION:SHA,SHA256
 DH_generate_parameters_ex               3713    EXIST::FUNCTION:DH
 PEM_read_bio_ECPrivateKey               3714    EXIST::FUNCTION:EC
-STORE_method_get_cleanup_function       3715    EXIST:!VMS:FUNCTION:
+STORE_meth_get_cleanup_fn               3715    NOEXIST::FUNCTION:
-STORE_meth_get_cleanup_fn               3715    EXIST:VMS:FUNCTION:
+STORE_method_get_cleanup_function       3715    NOEXIST::FUNCTION:
 ENGINE_get_ECDH                         3716    EXIST::FUNCTION:ENGINE
 d2i_ECDSA_SIG                           3717    EXIST::FUNCTION:ECDSA
 BN_is_prime_fasttest_ex                 3718    EXIST::FUNCTION:
 ECDSA_sign                              3719    EXIST::FUNCTION:ECDSA
 X509_policy_check                       3720    EXIST::FUNCTION:
 EVP_PKEY_get_attr_by_NID                3721    EXIST::FUNCTION:
-STORE_set_ex_data                       3722    EXIST::FUNCTION:
+STORE_set_ex_data                       3722    NOEXIST::FUNCTION:
 ENGINE_get_ECDSA                        3723    EXIST::FUNCTION:ENGINE
 EVP_ecdsa                               3724    EXIST::FUNCTION:SHA
 BN_BLINDING_get_flags                   3725    EXIST::FUNCTION:
 PKCS12_add_cert                         3726    EXIST::FUNCTION:
-STORE_OBJECT_new                        3727    EXIST::FUNCTION:
+STORE_OBJECT_new                        3727    NOEXIST::FUNCTION:
 ERR_load_ECDH_strings                   3728    EXIST::FUNCTION:ECDH
 EC_KEY_dup                              3729    EXIST::FUNCTION:EC
 EVP_CIPHER_CTX_rand_key                 3730    EXIST::FUNCTION:
 ECDSA_set_method                        3731    EXIST::FUNCTION:ECDSA
 a2i_IPADDRESS_NC                        3732    EXIST::FUNCTION:
 d2i_ECParameters                        3733    EXIST::FUNCTION:EC
-STORE_list_certificate_end              3734    EXIST::FUNCTION:
+STORE_list_certificate_end              3734    NOEXIST::FUNCTION:
-STORE_get_crl                           3735    EXIST::FUNCTION:
+STORE_get_crl                           3735    NOEXIST::FUNCTION:
 X509_POLICY_NODE_print                  3736    EXIST::FUNCTION:
-SHA384_Init                             3737    EXIST::FUNCTION:SHA,SHA512
+SHA384_Init                             3737    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 EC_GF2m_simple_method                   3738    EXIST::FUNCTION:EC
 ECDSA_set_ex_data                       3739    EXIST::FUNCTION:ECDSA
-SHA384_Final                            3740    EXIST::FUNCTION:SHA,SHA512
+SHA384_Final                            3740    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 PKCS7_set_digest                        3741    EXIST::FUNCTION:
 EC_KEY_print                            3742    EXIST::FUNCTION:BIO,EC
-STORE_method_set_lock_store_function    3743    EXIST:!VMS:FUNCTION:
+STORE_meth_set_lock_store_fn            3743    NOEXIST::FUNCTION:
-STORE_meth_set_lock_store_fn            3743    EXIST:VMS:FUNCTION:
+STORE_method_set_lock_store_function    3743    NOEXIST::FUNCTION:
 ECDSA_get_ex_new_index                  3744    EXIST::FUNCTION:ECDSA
-SHA384                                  3745    EXIST::FUNCTION:SHA,SHA512
+SHA384                                  3745    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 POLICY_MAPPING_new                      3746    EXIST::FUNCTION:
-STORE_list_certificate_endp             3747    EXIST::FUNCTION:
+STORE_list_certificate_endp             3747    NOEXIST::FUNCTION:
 X509_STORE_CTX_get0_policy_tree         3748    EXIST::FUNCTION:
 EC_GROUP_set_asn1_flag                  3749    EXIST::FUNCTION:EC
 EC_KEY_check_key                        3750    EXIST::FUNCTION:EC
@@ -3350,13 +3350,13 @@ d2i_EC_PUBKEY_fp                        3751	EXIST::FUNCTION:EC,FP_API
 PKCS7_set0_type_other                   3752    EXIST::FUNCTION:
 PEM_read_bio_X509_CERT_PAIR             3753    EXIST::FUNCTION:
 pqueue_next                             3754    EXIST::FUNCTION:
-STORE_method_get_list_end_function      3755    EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_end_fn              3755    NOEXIST::FUNCTION:
-STORE_meth_get_list_end_fn              3755    EXIST:VMS:FUNCTION:
+STORE_method_get_list_end_function      3755    NOEXIST::FUNCTION:
 EVP_PKEY_add1_attr_by_OBJ               3756    EXIST::FUNCTION:
 X509_VERIFY_PARAM_set_time              3757    EXIST::FUNCTION:
 pqueue_new                              3758    EXIST::FUNCTION:
 ENGINE_set_default_ECDH                 3759    EXIST::FUNCTION:ENGINE
-STORE_new_method                        3760    EXIST::FUNCTION:
+STORE_new_method                        3760    NOEXIST::FUNCTION:
 PKCS12_add_key                          3761    EXIST::FUNCTION:
 DSO_merge                               3762    EXIST::FUNCTION:
 EC_POINT_hex2point                      3763    EXIST::FUNCTION:EC
@@ -3366,7 +3366,7 @@ pqueue_insert                           3766	EXIST::FUNCTION:
 pitem_free                              3767    EXIST::FUNCTION:
 BN_GF2m_mod_inv_arr                     3768    EXIST::FUNCTION:
 ENGINE_unregister_ECDSA                 3769    EXIST::FUNCTION:ENGINE
-BN_BLINDING_set_thread_id               3770    EXIST::FUNCTION:
+BN_BLINDING_set_thread_id               3770    EXIST::FUNCTION:DEPRECATED
 get_rfc3526_prime_8192                  3771    EXIST::FUNCTION:
 X509_VERIFY_PARAM_clear_flags           3772    EXIST::FUNCTION:
 get_rfc2409_prime_1024                  3773    EXIST::FUNCTION:
@@ -3385,7 +3385,7 @@ Camellia_cfb128_encrypt                 3785	EXIST::FUNCTION:CAMELLIA
 Camellia_cfb1_encrypt                   3786    EXIST::FUNCTION:CAMELLIA
 Camellia_cfb8_encrypt                   3787    EXIST::FUNCTION:CAMELLIA
 Camellia_ctr128_encrypt                 3788    EXIST::FUNCTION:CAMELLIA
-Camellia_cfbr_encrypt_block             3789    EXIST::FUNCTION:CAMELLIA
+Camellia_cfbr_encrypt_block             3789    NOEXIST::FUNCTION:
 Camellia_decrypt                        3790    EXIST::FUNCTION:CAMELLIA
 Camellia_ecb_encrypt                    3791    EXIST::FUNCTION:CAMELLIA
 Camellia_encrypt                        3792    EXIST::FUNCTION:CAMELLIA
@@ -3585,7 +3585,7 @@ CMS_data_create                         3975	EXIST::FUNCTION:CMS
 i2d_CMS_bio                             3976    EXIST::FUNCTION:CMS
 CMS_EncryptedData_set1_key              3977    EXIST::FUNCTION:CMS
 CMS_decrypt                             3978    EXIST::FUNCTION:CMS
-int_smime_write_ASN1                    3979    EXIST::FUNCTION:
+int_smime_write_ASN1                    3979    NOEXIST::FUNCTION:
 CMS_unsigned_delete_attr                3980    EXIST::FUNCTION:CMS
 CMS_unsigned_get_attr_count             3981    EXIST::FUNCTION:CMS
 CMS_add_smimecap                        3982    EXIST::FUNCTION:CMS
@@ -3657,53 +3657,52 @@ ENGINE_set_ld_ssl_clnt_cert_fn          4044	EXIST:VMS:FUNCTION:ENGINE
 ENGINE_get_ssl_client_cert_function     4045    EXIST:!VMS:FUNCTION:ENGINE
 ENGINE_get_ssl_client_cert_fn           4045    EXIST:VMS:FUNCTION:ENGINE
 ENGINE_load_ssl_client_cert             4046    EXIST::FUNCTION:ENGINE
-ENGINE_load_capi                        4047    EXIST::FUNCTION:CAPIENG,ENGINE
+ENGINE_load_capi                        4047    EXIST::FUNCTION:ENGINE,STATIC_ENGINE
 OPENSSL_isservice                       4048    EXIST::FUNCTION:
-FIPS_dsa_sig_decode                     4049    EXIST:OPENSSL_FIPS:FUNCTION:DSA
+FIPS_dsa_sig_decode                     4049    NOEXIST::FUNCTION:
 EVP_CIPHER_CTX_clear_flags              4050    EXIST::FUNCTION:
-FIPS_rand_status                        4051    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_status                        4051    NOEXIST::FUNCTION:
-FIPS_rand_set_key                       4052    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_set_key                       4052    NOEXIST::FUNCTION:
-CRYPTO_set_mem_info_functions           4053    EXIST::FUNCTION:
+CRYPTO_set_mem_info_functions           4053    NOEXIST::FUNCTION:
-RSA_X931_generate_key_ex                4054    EXIST::FUNCTION:RSA
+RSA_X931_generate_key_ex                4054    NOEXIST::FUNCTION:
-int_ERR_set_state_func                  4055    EXIST:OPENSSL_FIPS:FUNCTION:
+int_ERR_set_state_func                  4055    NOEXIST::FUNCTION:
-int_EVP_MD_set_engine_callbacks         4056    EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_EVP_MD_set_engine_callbacks         4056    NOEXIST::FUNCTION:
-int_CRYPTO_set_do_dynlock_callback      4057    EXIST:!VMS:FUNCTION:
+int_CRYPTO_set_do_dynlock_callback      4057    NOEXIST::FUNCTION:
-int_CRYPTO_set_do_dynlock_cb            4057    EXIST:VMS:FUNCTION:
+FIPS_rng_stick                          4058    NOEXIST::FUNCTION:
-FIPS_rng_stick                          4058    EXIST:OPENSSL_FIPS:FUNCTION:
 EVP_CIPHER_CTX_set_flags                4059    EXIST::FUNCTION:
-BN_X931_generate_prime_ex               4060    EXIST::FUNCTION:
+BN_X931_generate_prime_ex               4060    NOEXIST::FUNCTION:
-FIPS_selftest_check                     4061    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_check                     4061    NOEXIST::FUNCTION:
-FIPS_rand_set_dt                        4062    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_set_dt                        4062    NOEXIST::FUNCTION:
-CRYPTO_dbg_pop_info                     4063    EXIST::FUNCTION:
+CRYPTO_dbg_pop_info                     4063    NOEXIST::FUNCTION:
-FIPS_dsa_free                           4064    EXIST:OPENSSL_FIPS:FUNCTION:DSA
+FIPS_dsa_free                           4064    NOEXIST::FUNCTION:
-RSA_X931_derive_ex                      4065    EXIST::FUNCTION:RSA
+RSA_X931_derive_ex                      4065    NOEXIST::FUNCTION:
-FIPS_rsa_new                            4066    EXIST:OPENSSL_FIPS:FUNCTION:RSA
+FIPS_rsa_new                            4066    NOEXIST::FUNCTION:
-FIPS_rand_bytes                         4067    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_bytes                         4067    NOEXIST::FUNCTION:
-fips_cipher_test                        4068    EXIST:OPENSSL_FIPS:FUNCTION:
+fips_cipher_test                        4068    NOEXIST::FUNCTION:
 EVP_CIPHER_CTX_test_flags               4069    EXIST::FUNCTION:
-CRYPTO_malloc_debug_init                4070    EXIST::FUNCTION:
+CRYPTO_malloc_debug_init                4070    NOEXIST::FUNCTION:
-CRYPTO_dbg_push_info                    4071    EXIST::FUNCTION:
+CRYPTO_dbg_push_info                    4071    NOEXIST::FUNCTION:
-FIPS_corrupt_rsa_keygen                 4072    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_rsa_keygen                 4072    NOEXIST::FUNCTION:
-FIPS_dh_new                             4073    EXIST:OPENSSL_FIPS:FUNCTION:DH
+FIPS_dh_new                             4073    NOEXIST::FUNCTION:
-FIPS_corrupt_dsa_keygen                 4074    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_dsa_keygen                 4074    NOEXIST::FUNCTION:
-FIPS_dh_free                            4075    EXIST:OPENSSL_FIPS:FUNCTION:DH
+FIPS_dh_free                            4075    NOEXIST::FUNCTION:
-fips_pkey_signature_test                4076    EXIST:OPENSSL_FIPS:FUNCTION:
+fips_pkey_signature_test                4076    NOEXIST::FUNCTION:
-EVP_add_alg_module                      4077    EXIST::FUNCTION:
+EVP_add_alg_module                      4077    NOEXIST::FUNCTION:
-int_RAND_init_engine_callbacks          4078    EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_RAND_init_engine_callbacks          4078    NOEXIST::FUNCTION:
-int_EVP_CIPHER_set_engine_callbacks     4079    EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_EVP_CIPHER_set_engine_callbacks     4079    NOEXIST::FUNCTION:
-int_EVP_MD_init_engine_callbacks        4080    EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_EVP_MD_init_engine_callbacks        4080    NOEXIST::FUNCTION:
-FIPS_rand_test_mode                     4081    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_test_mode                     4081    NOEXIST::FUNCTION:
-FIPS_rand_reset                         4082    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_reset                         4082    NOEXIST::FUNCTION:
-FIPS_dsa_new                            4083    EXIST:OPENSSL_FIPS:FUNCTION:DSA
+FIPS_dsa_new                            4083    NOEXIST::FUNCTION:
-int_RAND_set_callbacks                  4084    EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_RAND_set_callbacks                  4084    NOEXIST::FUNCTION:
-BN_X931_derive_prime_ex                 4085    EXIST::FUNCTION:
+BN_X931_derive_prime_ex                 4085    NOEXIST::FUNCTION:
-int_ERR_lib_init                        4086    EXIST:OPENSSL_FIPS:FUNCTION:
+int_ERR_lib_init                        4086    NOEXIST::FUNCTION:
-int_EVP_CIPHER_init_engine_callbacks    4087    EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_EVP_CIPHER_init_engine_callbacks    4087    NOEXIST::FUNCTION:
-FIPS_rsa_free                           4088    EXIST:OPENSSL_FIPS:FUNCTION:RSA
+FIPS_rsa_free                           4088    NOEXIST::FUNCTION:
-FIPS_dsa_sig_encode                     4089    EXIST:OPENSSL_FIPS:FUNCTION:DSA
+FIPS_dsa_sig_encode                     4089    NOEXIST::FUNCTION:
-CRYPTO_dbg_remove_all_info              4090    EXIST::FUNCTION:
+CRYPTO_dbg_remove_all_info              4090    NOEXIST::FUNCTION:
-OPENSSL_init                            4091    EXIST::FUNCTION:
+OPENSSL_init                            4091    NOEXIST::FUNCTION:
-private_Camellia_set_key                4092    EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA
+private_Camellia_set_key                4092    NOEXIST::FUNCTION:
 CRYPTO_strdup                           4093    EXIST::FUNCTION:
 JPAKE_STEP3A_process                    4094    EXIST::FUNCTION:JPAKE
 JPAKE_STEP1_release                     4095    EXIST::FUNCTION:JPAKE
@@ -3725,3 +3724,457 @@ JPAKE_STEP2_release                     4110	EXIST::FUNCTION:JPAKE
 JPAKE_STEP3A_init                       4111    EXIST::FUNCTION:JPAKE
 ERR_load_JPAKE_strings                  4112    EXIST::FUNCTION:JPAKE
 JPAKE_STEP2_init                        4113    EXIST::FUNCTION:JPAKE
+pqueue_size                             4114    EXIST::FUNCTION:
+i2d_TS_ACCURACY                         4115    EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT_fp                   4116    EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT                      4117    EXIST::FUNCTION:
+EVP_PKEY_print_public                   4118    EXIST::FUNCTION:
+EVP_PKEY_CTX_new                        4119    EXIST::FUNCTION:
+i2d_TS_TST_INFO                         4120    EXIST::FUNCTION:
+EVP_PKEY_asn1_find                      4121    EXIST::FUNCTION:
+DSO_METHOD_beos                         4122    EXIST::FUNCTION:
+TS_CONF_load_cert                       4123    EXIST::FUNCTION:
+TS_REQ_get_ext                          4124    EXIST::FUNCTION:
+EVP_PKEY_sign_init                      4125    EXIST::FUNCTION:
+ASN1_item_print                         4126    EXIST::FUNCTION:
+TS_TST_INFO_set_nonce                   4127    EXIST::FUNCTION:
+TS_RESP_dup                             4128    EXIST::FUNCTION:
+ENGINE_register_pkey_meths              4129    EXIST::FUNCTION:ENGINE
+EVP_PKEY_asn1_add0                      4130    EXIST::FUNCTION:
+PKCS7_add0_attrib_signing_time          4131    EXIST::FUNCTION:
+i2d_TS_TST_INFO_fp                      4132    EXIST::FUNCTION:
+BIO_asn1_get_prefix                     4133    EXIST::FUNCTION:
+TS_TST_INFO_set_time                    4134    EXIST::FUNCTION:
+EVP_PKEY_meth_set_decrypt               4135    EXIST::FUNCTION:
+EVP_PKEY_set_type_str                   4136    EXIST::FUNCTION:
+EVP_PKEY_CTX_get_keygen_info            4137    EXIST::FUNCTION:
+TS_REQ_set_policy_id                    4138    EXIST::FUNCTION:
+d2i_TS_RESP_fp                          4139    EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth_engine        4140    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_get_pkey_asn1_meth_eng           4140    EXIST:VMS:FUNCTION:ENGINE
+WHIRLPOOL_Init                          4141    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+TS_RESP_set_status_info                 4142    EXIST::FUNCTION:
+EVP_PKEY_keygen                         4143    EXIST::FUNCTION:
+EVP_DigestSignInit                      4144    EXIST::FUNCTION:
+TS_ACCURACY_set_millis                  4145    EXIST::FUNCTION:
+TS_REQ_dup                              4146    EXIST::FUNCTION:
+GENERAL_NAME_dup                        4147    EXIST::FUNCTION:
+ASN1_SEQUENCE_ANY_it                    4148    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SEQUENCE_ANY_it                    4148    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+WHIRLPOOL                               4149    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+X509_STORE_get1_crls                    4150    EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth               4151    EXIST::FUNCTION:ENGINE
+EVP_PKEY_asn1_new                       4152    EXIST::FUNCTION:
+BIO_new_NDEF                            4153    EXIST::FUNCTION:
+ENGINE_get_pkey_meth                    4154    EXIST::FUNCTION:ENGINE
+TS_MSG_IMPRINT_set_algo                 4155    EXIST::FUNCTION:
+i2d_TS_TST_INFO_bio                     4156    EXIST::FUNCTION:
+TS_TST_INFO_set_ordering                4157    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_by_OBJ              4158    EXIST::FUNCTION:
+CRYPTO_THREADID_set_pointer             4159    EXIST::FUNCTION:
+TS_CONF_get_tsa_section                 4160    EXIST::FUNCTION:
+SMIME_write_ASN1                        4161    EXIST::FUNCTION:
+TS_RESP_CTX_set_signer_key              4162    EXIST::FUNCTION:
+EVP_PKEY_encrypt_old                    4163    EXIST::FUNCTION:
+EVP_PKEY_encrypt_init                   4164    EXIST::FUNCTION:
+CRYPTO_THREADID_cpy                     4165    EXIST::FUNCTION:
+ASN1_PCTX_get_cert_flags                4166    EXIST::FUNCTION:
+i2d_ESS_SIGNING_CERT                    4167    EXIST::FUNCTION:
+TS_CONF_load_key                        4168    EXIST::FUNCTION:
+i2d_ASN1_SEQUENCE_ANY                   4169    EXIST::FUNCTION:
+d2i_TS_MSG_IMPRINT_bio                  4170    EXIST::FUNCTION:
+EVP_PKEY_asn1_set_public                4171    EXIST::FUNCTION:
+b2i_PublicKey_bio                       4172    EXIST::FUNCTION:
+BIO_asn1_set_prefix                     4173    EXIST::FUNCTION:
+EVP_PKEY_new_mac_key                    4174    EXIST::FUNCTION:
+BIO_new_CMS                             4175    EXIST::FUNCTION:CMS
+CRYPTO_THREADID_cmp                     4176    EXIST::FUNCTION:
+TS_REQ_ext_free                         4177    EXIST::FUNCTION:
+EVP_PKEY_asn1_set_free                  4178    EXIST::FUNCTION:
+EVP_PKEY_get0_asn1                      4179    EXIST::FUNCTION:
+d2i_NETSCAPE_X509                       4180    EXIST::FUNCTION:
+EVP_PKEY_verify_recover_init            4181    EXIST::FUNCTION:
+EVP_PKEY_CTX_set_data                   4182    EXIST::FUNCTION:
+EVP_PKEY_keygen_init                    4183    EXIST::FUNCTION:
+TS_RESP_CTX_set_status_info             4184    EXIST::FUNCTION:
+TS_MSG_IMPRINT_get_algo                 4185    EXIST::FUNCTION:
+TS_REQ_print_bio                        4186    EXIST::FUNCTION:
+EVP_PKEY_CTX_ctrl_str                   4187    EXIST::FUNCTION:
+EVP_PKEY_get_default_digest_nid         4188    EXIST::FUNCTION:
+PEM_write_bio_PKCS7_stream              4189    EXIST::FUNCTION:
+TS_MSG_IMPRINT_print_bio                4190    EXIST::FUNCTION:
+BN_asc2bn                               4191    EXIST::FUNCTION:
+TS_REQ_get_policy_id                    4192    EXIST::FUNCTION:
+ENGINE_set_default_pkey_asn1_meths      4193    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_set_def_pkey_asn1_meths          4193    EXIST:VMS:FUNCTION:ENGINE
+d2i_TS_ACCURACY                         4194    EXIST::FUNCTION:
+DSO_global_lookup                       4195    EXIST::FUNCTION:
+TS_CONF_set_tsa_name                    4196    EXIST::FUNCTION:
+i2d_ASN1_SET_ANY                        4197    EXIST::FUNCTION:
+ENGINE_load_gost                        4198    EXIST::FUNCTION:ENGINE,GOST,STATIC_ENGINE
+WHIRLPOOL_BitUpdate                     4199    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+ASN1_PCTX_get_flags                     4200    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_by_NID              4201    EXIST::FUNCTION:
+TS_RESP_new                             4202    EXIST::FUNCTION:
+ESS_CERT_ID_dup                         4203    EXIST::FUNCTION:
+TS_STATUS_INFO_dup                      4204    EXIST::FUNCTION:
+TS_REQ_delete_ext                       4205    EXIST::FUNCTION:
+EVP_DigestVerifyFinal                   4206    EXIST::FUNCTION:
+EVP_PKEY_print_params                   4207    EXIST::FUNCTION:
+i2d_CMS_bio_stream                      4208    EXIST::FUNCTION:CMS
+TS_REQ_get_msg_imprint                  4209    EXIST::FUNCTION:
+OBJ_find_sigid_by_algs                  4210    EXIST::FUNCTION:
+TS_TST_INFO_get_serial                  4211    EXIST::FUNCTION:
+TS_REQ_get_nonce                        4212    EXIST::FUNCTION:
+X509_PUBKEY_set0_param                  4213    EXIST::FUNCTION:
+EVP_PKEY_CTX_set0_keygen_info           4214    EXIST::FUNCTION:
+DIST_POINT_set_dpname                   4215    EXIST::FUNCTION:
+i2d_ISSUING_DIST_POINT                  4216    EXIST::FUNCTION:
+ASN1_SET_ANY_it                         4217    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SET_ANY_it                         4217    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_PKEY_CTX_get_data                   4218    EXIST::FUNCTION:
+TS_STATUS_INFO_print_bio                4219    EXIST::FUNCTION:
+EVP_PKEY_derive_init                    4220    EXIST::FUNCTION:
+d2i_TS_TST_INFO                         4221    EXIST::FUNCTION:
+EVP_PKEY_asn1_add_alias                 4222    EXIST::FUNCTION:
+d2i_TS_RESP_bio                         4223    EXIST::FUNCTION:
+OTHERNAME_cmp                           4224    EXIST::FUNCTION:
+GENERAL_NAME_set0_value                 4225    EXIST::FUNCTION:
+PKCS7_RECIP_INFO_get0_alg               4226    EXIST::FUNCTION:
+TS_RESP_CTX_new                         4227    EXIST::FUNCTION:
+TS_RESP_set_tst_info                    4228    EXIST::FUNCTION:
+PKCS7_final                             4229    EXIST::FUNCTION:
+EVP_PKEY_base_id                        4230    EXIST::FUNCTION:
+TS_RESP_CTX_set_signer_cert             4231    EXIST::FUNCTION:
+TS_REQ_set_msg_imprint                  4232    EXIST::FUNCTION:
+EVP_PKEY_CTX_ctrl                       4233    EXIST::FUNCTION:
+TS_CONF_set_digests                     4234    EXIST::FUNCTION:
+d2i_TS_MSG_IMPRINT                      4235    EXIST::FUNCTION:
+EVP_PKEY_meth_set_ctrl                  4236    EXIST::FUNCTION:
+TS_REQ_get_ext_by_NID                   4237    EXIST::FUNCTION:
+PKCS5_pbe_set0_algor                    4238    EXIST::FUNCTION:
+BN_BLINDING_thread_id                   4239    EXIST::FUNCTION:
+TS_ACCURACY_new                         4240    EXIST::FUNCTION:
+X509_CRL_METHOD_free                    4241    EXIST::FUNCTION:
+ASN1_PCTX_get_nm_flags                  4242    EXIST::FUNCTION:
+EVP_PKEY_meth_set_sign                  4243    EXIST::FUNCTION:
+CRYPTO_THREADID_current                 4244    EXIST::FUNCTION:
+EVP_PKEY_decrypt_init                   4245    EXIST::FUNCTION:
+NETSCAPE_X509_free                      4246    EXIST::FUNCTION:
+i2b_PVK_bio                             4247    EXIST::FUNCTION:RC4
+EVP_PKEY_print_private                  4248    EXIST::FUNCTION:
+GENERAL_NAME_get0_value                 4249    EXIST::FUNCTION:
+b2i_PVK_bio                             4250    EXIST::FUNCTION:RC4
+ASN1_UTCTIME_adj                        4251    EXIST::FUNCTION:
+TS_TST_INFO_new                         4252    EXIST::FUNCTION:
+EVP_MD_do_all_sorted                    4253    EXIST::FUNCTION:
+TS_CONF_set_default_engine              4254    EXIST::FUNCTION:
+TS_ACCURACY_set_seconds                 4255    EXIST::FUNCTION:
+TS_TST_INFO_get_time                    4256    EXIST::FUNCTION:
+PKCS8_pkey_get0                         4257    EXIST::FUNCTION:
+EVP_PKEY_asn1_get0                      4258    EXIST::FUNCTION:
+OBJ_add_sigid                           4259    EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_sign                  4260    EXIST::FUNCTION:
+EVP_PKEY_paramgen_init                  4261    EXIST::FUNCTION:
+EVP_PKEY_sign                           4262    EXIST::FUNCTION:
+OBJ_sigid_free                          4263    EXIST::FUNCTION:
+EVP_PKEY_meth_set_init                  4264    EXIST::FUNCTION:
+d2i_ESS_ISSUER_SERIAL                   4265    EXIST::FUNCTION:
+ISSUING_DIST_POINT_new                  4266    EXIST::FUNCTION:
+ASN1_TIME_adj                           4267    EXIST::FUNCTION:
+TS_OBJ_print_bio                        4268    EXIST::FUNCTION:
+EVP_PKEY_meth_set_verify_recover        4269    EXIST:!VMS:FUNCTION:
+EVP_PKEY_meth_set_vrfy_recover          4269    EXIST:VMS:FUNCTION:
+TS_RESP_get_status_info                 4270    EXIST::FUNCTION:
+CMS_stream                              4271    EXIST::FUNCTION:CMS
+EVP_PKEY_CTX_set_cb                     4272    EXIST::FUNCTION:
+PKCS7_to_TS_TST_INFO                    4273    EXIST::FUNCTION:
+ASN1_PCTX_get_oid_flags                 4274    EXIST::FUNCTION:
+TS_TST_INFO_add_ext                     4275    EXIST::FUNCTION:
+EVP_PKEY_meth_set_derive                4276    EXIST::FUNCTION:
+i2d_TS_RESP_fp                          4277    EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT_bio                  4278    EXIST::FUNCTION:
+TS_RESP_CTX_set_accuracy                4279    EXIST::FUNCTION:
+TS_REQ_set_nonce                        4280    EXIST::FUNCTION:
+ESS_CERT_ID_new                         4281    EXIST::FUNCTION:
+ENGINE_pkey_asn1_find_str               4282    EXIST::FUNCTION:ENGINE
+TS_REQ_get_ext_count                    4283    EXIST::FUNCTION:
+BUF_reverse                             4284    EXIST::FUNCTION:
+TS_TST_INFO_print_bio                   4285    EXIST::FUNCTION:
+d2i_ISSUING_DIST_POINT                  4286    EXIST::FUNCTION:
+ENGINE_get_pkey_meths                   4287    EXIST::FUNCTION:ENGINE
+i2b_PrivateKey_bio                      4288    EXIST::FUNCTION:
+i2d_TS_RESP                             4289    EXIST::FUNCTION:
+b2i_PublicKey                           4290    EXIST::FUNCTION:
+TS_VERIFY_CTX_cleanup                   4291    EXIST::FUNCTION:
+TS_STATUS_INFO_free                     4292    EXIST::FUNCTION:
+TS_RESP_verify_token                    4293    EXIST::FUNCTION:
+OBJ_bsearch_ex_                         4294    EXIST::FUNCTION:
+ASN1_bn_print                           4295    EXIST::FUNCTION:BIO
+EVP_PKEY_asn1_get_count                 4296    EXIST::FUNCTION:
+ENGINE_register_pkey_asn1_meths         4297    EXIST::FUNCTION:ENGINE
+ASN1_PCTX_set_nm_flags                  4298    EXIST::FUNCTION:
+EVP_DigestVerifyInit                    4299    EXIST::FUNCTION:
+ENGINE_set_default_pkey_meths           4300    EXIST::FUNCTION:ENGINE
+TS_TST_INFO_get_policy_id               4301    EXIST::FUNCTION:
+TS_REQ_get_cert_req                     4302    EXIST::FUNCTION:
+X509_CRL_set_meth_data                  4303    EXIST::FUNCTION:
+PKCS8_pkey_set0                         4304    EXIST::FUNCTION:
+ASN1_STRING_copy                        4305    EXIST::FUNCTION:
+d2i_TS_TST_INFO_fp                      4306    EXIST::FUNCTION:
+X509_CRL_match                          4307    EXIST::FUNCTION:
+EVP_PKEY_asn1_set_private               4308    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_d2i                 4309    EXIST::FUNCTION:
+TS_RESP_CTX_add_policy                  4310    EXIST::FUNCTION:
+d2i_TS_RESP                             4311    EXIST::FUNCTION:
+TS_CONF_load_certs                      4312    EXIST::FUNCTION:
+TS_TST_INFO_get_msg_imprint             4313    EXIST::FUNCTION:
+ERR_load_TS_strings                     4314    EXIST::FUNCTION:
+TS_TST_INFO_get_version                 4315    EXIST::FUNCTION:
+EVP_PKEY_CTX_dup                        4316    EXIST::FUNCTION:
+EVP_PKEY_meth_set_verify                4317    EXIST::FUNCTION:
+i2b_PublicKey_bio                       4318    EXIST::FUNCTION:
+TS_CONF_set_certs                       4319    EXIST::FUNCTION:
+EVP_PKEY_asn1_get0_info                 4320    EXIST::FUNCTION:
+TS_VERIFY_CTX_free                      4321    EXIST::FUNCTION:
+TS_REQ_get_ext_by_critical              4322    EXIST::FUNCTION:
+TS_RESP_CTX_set_serial_cb               4323    EXIST::FUNCTION:
+X509_CRL_get_meth_data                  4324    EXIST::FUNCTION:
+TS_RESP_CTX_set_time_cb                 4325    EXIST::FUNCTION:
+TS_MSG_IMPRINT_get_msg                  4326    EXIST::FUNCTION:
+TS_TST_INFO_ext_free                    4327    EXIST::FUNCTION:
+TS_REQ_get_version                      4328    EXIST::FUNCTION:
+TS_REQ_add_ext                          4329    EXIST::FUNCTION:
+EVP_PKEY_CTX_set_app_data               4330    EXIST::FUNCTION:
+OBJ_bsearch_                            4331    EXIST::FUNCTION:
+EVP_PKEY_meth_set_verifyctx             4332    EXIST::FUNCTION:
+i2d_PKCS7_bio_stream                    4333    EXIST::FUNCTION:
+CRYPTO_THREADID_set_numeric             4334    EXIST::FUNCTION:
+PKCS7_sign_add_signer                   4335    EXIST::FUNCTION:
+d2i_TS_TST_INFO_bio                     4336    EXIST::FUNCTION:
+TS_TST_INFO_get_ordering                4337    EXIST::FUNCTION:
+TS_RESP_print_bio                       4338    EXIST::FUNCTION:
+TS_TST_INFO_get_exts                    4339    EXIST::FUNCTION:
+HMAC_CTX_copy                           4340    EXIST::FUNCTION:HMAC
+PKCS5_pbe2_set_iv                       4341    EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meths              4342    EXIST::FUNCTION:ENGINE
+b2i_PrivateKey                          4343    EXIST::FUNCTION:
+EVP_PKEY_CTX_get_app_data               4344    EXIST::FUNCTION:
+TS_REQ_set_cert_req                     4345    EXIST::FUNCTION:
+CRYPTO_THREADID_set_callback            4346    EXIST::FUNCTION:
+TS_CONF_set_serial                      4347    EXIST::FUNCTION:
+TS_TST_INFO_free                        4348    EXIST::FUNCTION:
+d2i_TS_REQ_fp                           4349    EXIST::FUNCTION:
+TS_RESP_verify_response                 4350    EXIST::FUNCTION:
+i2d_ESS_ISSUER_SERIAL                   4351    EXIST::FUNCTION:
+TS_ACCURACY_get_seconds                 4352    EXIST::FUNCTION:
+EVP_CIPHER_do_all                       4353    EXIST::FUNCTION:
+b2i_PrivateKey_bio                      4354    EXIST::FUNCTION:
+OCSP_CERTID_dup                         4355    EXIST::FUNCTION:
+X509_PUBKEY_get0_param                  4356    EXIST::FUNCTION:
+TS_MSG_IMPRINT_dup                      4357    EXIST::FUNCTION:
+PKCS7_print_ctx                         4358    EXIST::FUNCTION:
+i2d_TS_REQ_bio                          4359    EXIST::FUNCTION:
+EVP_whirlpool                           4360    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+EVP_PKEY_asn1_set_param                 4361    EXIST::FUNCTION:
+EVP_PKEY_meth_set_encrypt               4362    EXIST::FUNCTION:
+ASN1_PCTX_set_flags                     4363    EXIST::FUNCTION:
+i2d_ESS_CERT_ID                         4364    EXIST::FUNCTION:
+TS_VERIFY_CTX_new                       4365    EXIST::FUNCTION:
+TS_RESP_CTX_set_extension_cb            4366    EXIST::FUNCTION:
+ENGINE_register_all_pkey_meths          4367    EXIST::FUNCTION:ENGINE
+TS_RESP_CTX_set_status_info_cond        4368    EXIST:!VMS:FUNCTION:
+TS_RESP_CTX_set_stat_info_cond          4368    EXIST:VMS:FUNCTION:
+EVP_PKEY_verify                         4369    EXIST::FUNCTION:
+WHIRLPOOL_Final                         4370    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+X509_CRL_METHOD_new                     4371    EXIST::FUNCTION:
+EVP_DigestSignFinal                     4372    EXIST::FUNCTION:
+TS_RESP_CTX_set_def_policy              4373    EXIST::FUNCTION:
+NETSCAPE_X509_it                        4374    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_X509_it                        4374    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_RESP_create_response                 4375    EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_get0_algs             4376    EXIST::FUNCTION:
+TS_TST_INFO_get_nonce                   4377    EXIST::FUNCTION:
+EVP_PKEY_decrypt_old                    4378    EXIST::FUNCTION:
+TS_TST_INFO_set_policy_id               4379    EXIST::FUNCTION:
+TS_CONF_set_ess_cert_id_chain           4380    EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_pkey                  4381    EXIST::FUNCTION:
+d2i_TS_REQ                              4382    EXIST::FUNCTION:
+EVP_PKEY_asn1_find_str                  4383    EXIST::FUNCTION:
+BIO_f_asn1                              4384    EXIST::FUNCTION:
+ESS_SIGNING_CERT_new                    4385    EXIST::FUNCTION:
+EVP_PBE_find                            4386    EXIST::FUNCTION:
+X509_CRL_get0_by_cert                   4387    EXIST::FUNCTION:
+EVP_PKEY_derive                         4388    EXIST::FUNCTION:
+i2d_TS_REQ                              4389    EXIST::FUNCTION:
+TS_TST_INFO_delete_ext                  4390    EXIST::FUNCTION:
+ESS_ISSUER_SERIAL_free                  4391    EXIST::FUNCTION:
+ASN1_PCTX_set_str_flags                 4392    EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth_str           4393    EXIST::FUNCTION:ENGINE
+TS_CONF_set_signer_key                  4394    EXIST::FUNCTION:
+TS_ACCURACY_get_millis                  4395    EXIST::FUNCTION:
+TS_RESP_get_token                       4396    EXIST::FUNCTION:
+TS_ACCURACY_dup                         4397    EXIST::FUNCTION:
+ENGINE_register_all_pkey_asn1_meths     4398    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_reg_all_pkey_asn1_meths          4398    EXIST:VMS:FUNCTION:ENGINE
+X509_CRL_set_default_method             4399    EXIST::FUNCTION:
+CRYPTO_THREADID_hash                    4400    EXIST::FUNCTION:
+CMS_ContentInfo_print_ctx               4401    EXIST::FUNCTION:CMS
+TS_RESP_free                            4402    EXIST::FUNCTION:
+ISSUING_DIST_POINT_free                 4403    EXIST::FUNCTION:
+ESS_ISSUER_SERIAL_new                   4404    EXIST::FUNCTION:
+CMS_add1_crl                            4405    EXIST::FUNCTION:CMS
+PKCS7_add1_attrib_digest                4406    EXIST::FUNCTION:
+TS_RESP_CTX_add_md                      4407    EXIST::FUNCTION:
+TS_TST_INFO_dup                         4408    EXIST::FUNCTION:
+ENGINE_set_pkey_asn1_meths              4409    EXIST::FUNCTION:ENGINE
+PEM_write_bio_Parameters                4410    EXIST::FUNCTION:
+TS_TST_INFO_get_accuracy                4411    EXIST::FUNCTION:
+X509_CRL_get0_by_serial                 4412    EXIST::FUNCTION:
+TS_TST_INFO_set_version                 4413    EXIST::FUNCTION:
+TS_RESP_CTX_get_tst_info                4414    EXIST::FUNCTION:
+TS_RESP_verify_signature                4415    EXIST::FUNCTION:
+CRYPTO_THREADID_get_callback            4416    EXIST::FUNCTION:
+TS_TST_INFO_get_tsa                     4417    EXIST::FUNCTION:
+TS_STATUS_INFO_new                      4418    EXIST::FUNCTION:
+EVP_PKEY_CTX_get_cb                     4419    EXIST::FUNCTION:
+TS_REQ_get_ext_d2i                      4420    EXIST::FUNCTION:
+GENERAL_NAME_set0_othername             4421    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_count               4422    EXIST::FUNCTION:
+TS_RESP_CTX_get_request                 4423    EXIST::FUNCTION:
+i2d_NETSCAPE_X509                       4424    EXIST::FUNCTION:
+ENGINE_get_pkey_meth_engine             4425    EXIST::FUNCTION:ENGINE
+EVP_PKEY_meth_set_signctx               4426    EXIST::FUNCTION:
+EVP_PKEY_asn1_copy                      4427    EXIST::FUNCTION:
+ASN1_TYPE_cmp                           4428    EXIST::FUNCTION:
+EVP_CIPHER_do_all_sorted                4429    EXIST::FUNCTION:
+EVP_PKEY_CTX_free                       4430    EXIST::FUNCTION:
+ISSUING_DIST_POINT_it                   4431    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ISSUING_DIST_POINT_it                   4431    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_TS_MSG_IMPRINT_fp                   4432    EXIST::FUNCTION:
+X509_STORE_get1_certs                   4433    EXIST::FUNCTION:
+EVP_PKEY_CTX_get_operation              4434    EXIST::FUNCTION:
+d2i_ESS_SIGNING_CERT                    4435    EXIST::FUNCTION:
+TS_CONF_set_ordering                    4436    EXIST::FUNCTION:
+EVP_PBE_alg_add_type                    4437    EXIST::FUNCTION:
+TS_REQ_set_version                      4438    EXIST::FUNCTION:
+EVP_PKEY_get0                           4439    EXIST::FUNCTION:
+BIO_asn1_set_suffix                     4440    EXIST::FUNCTION:
+i2d_TS_STATUS_INFO                      4441    EXIST::FUNCTION:
+EVP_MD_do_all                           4442    EXIST::FUNCTION:
+TS_TST_INFO_set_accuracy                4443    EXIST::FUNCTION:
+PKCS7_add_attrib_content_type           4444    EXIST::FUNCTION:
+ERR_remove_thread_state                 4445    EXIST::FUNCTION:
+EVP_PKEY_meth_add0                      4446    EXIST::FUNCTION:
+TS_TST_INFO_set_tsa                     4447    EXIST::FUNCTION:
+EVP_PKEY_meth_new                       4448    EXIST::FUNCTION:
+WHIRLPOOL_Update                        4449    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+TS_CONF_set_accuracy                    4450    EXIST::FUNCTION:
+ASN1_PCTX_set_oid_flags                 4451    EXIST::FUNCTION:
+ESS_SIGNING_CERT_dup                    4452    EXIST::FUNCTION:
+d2i_TS_REQ_bio                          4453    EXIST::FUNCTION:
+X509_time_adj_ex                        4454    EXIST::FUNCTION:
+TS_RESP_CTX_add_flags                   4455    EXIST::FUNCTION:
+d2i_TS_STATUS_INFO                      4456    EXIST::FUNCTION:
+TS_MSG_IMPRINT_set_msg                  4457    EXIST::FUNCTION:
+BIO_asn1_get_suffix                     4458    EXIST::FUNCTION:
+TS_REQ_free                             4459    EXIST::FUNCTION:
+EVP_PKEY_meth_free                      4460    EXIST::FUNCTION:
+TS_REQ_get_exts                         4461    EXIST::FUNCTION:
+TS_RESP_CTX_set_clock_precision_digits  4462    EXIST:!VMS:FUNCTION:
+TS_RESP_CTX_set_clk_prec_digits         4462    EXIST:VMS:FUNCTION:
+TS_RESP_CTX_add_failure_info            4463    EXIST::FUNCTION:
+i2d_TS_RESP_bio                         4464    EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_peerkey               4465    EXIST::FUNCTION:
+PEM_write_bio_CMS_stream                4466    EXIST::FUNCTION:CMS
+TS_REQ_new                              4467    EXIST::FUNCTION:
+TS_MSG_IMPRINT_new                      4468    EXIST::FUNCTION:
+EVP_PKEY_meth_find                      4469    EXIST::FUNCTION:
+EVP_PKEY_id                             4470    EXIST::FUNCTION:
+TS_TST_INFO_set_serial                  4471    EXIST::FUNCTION:
+a2i_GENERAL_NAME                        4472    EXIST::FUNCTION:
+TS_CONF_set_crypto_device               4473    EXIST::FUNCTION:
+EVP_PKEY_verify_init                    4474    EXIST::FUNCTION:
+TS_CONF_set_policies                    4475    EXIST::FUNCTION:
+ASN1_PCTX_new                           4476    EXIST::FUNCTION:
+ESS_CERT_ID_free                        4477    EXIST::FUNCTION:
+ENGINE_unregister_pkey_meths            4478    EXIST::FUNCTION:ENGINE
+TS_MSG_IMPRINT_free                     4479    EXIST::FUNCTION:
+TS_VERIFY_CTX_init                      4480    EXIST::FUNCTION:
+PKCS7_stream                            4481    EXIST::FUNCTION:
+TS_RESP_CTX_set_certs                   4482    EXIST::FUNCTION:
+TS_CONF_set_def_policy                  4483    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_adj                4484    EXIST::FUNCTION:
+NETSCAPE_X509_new                       4485    EXIST::FUNCTION:
+TS_ACCURACY_free                        4486    EXIST::FUNCTION:
+TS_RESP_get_tst_info                    4487    EXIST::FUNCTION:
+EVP_PKEY_derive_set_peer                4488    EXIST::FUNCTION:
+PEM_read_bio_Parameters                 4489    EXIST::FUNCTION:
+TS_CONF_set_clock_precision_digits      4490    EXIST:!VMS:FUNCTION:
+TS_CONF_set_clk_prec_digits             4490    EXIST:VMS:FUNCTION:
+ESS_ISSUER_SERIAL_dup                   4491    EXIST::FUNCTION:
+TS_ACCURACY_get_micros                  4492    EXIST::FUNCTION:
+ASN1_PCTX_get_str_flags                 4493    EXIST::FUNCTION:
+NAME_CONSTRAINTS_check                  4494    EXIST::FUNCTION:
+ASN1_BIT_STRING_check                   4495    EXIST::FUNCTION:
+X509_check_akid                         4496    EXIST::FUNCTION:
+ENGINE_unregister_pkey_asn1_meths       4497    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_unreg_pkey_asn1_meths            4497    EXIST:VMS:FUNCTION:ENGINE
+ASN1_PCTX_free                          4498    EXIST::FUNCTION:
+PEM_write_bio_ASN1_stream               4499    EXIST::FUNCTION:
+i2d_ASN1_bio_stream                     4500    EXIST::FUNCTION:
+TS_X509_ALGOR_print_bio                 4501    EXIST::FUNCTION:
+EVP_PKEY_meth_set_cleanup               4502    EXIST::FUNCTION:
+EVP_PKEY_asn1_free                      4503    EXIST::FUNCTION:
+ESS_SIGNING_CERT_free                   4504    EXIST::FUNCTION:
+TS_TST_INFO_set_msg_imprint             4505    EXIST::FUNCTION:
+GENERAL_NAME_cmp                        4506    EXIST::FUNCTION:
+d2i_ASN1_SET_ANY                        4507    EXIST::FUNCTION:
+ENGINE_set_pkey_meths                   4508    EXIST::FUNCTION:ENGINE
+i2d_TS_REQ_fp                           4509    EXIST::FUNCTION:
+d2i_ASN1_SEQUENCE_ANY                   4510    EXIST::FUNCTION:
+GENERAL_NAME_get0_otherName             4511    EXIST::FUNCTION:
+d2i_ESS_CERT_ID                         4512    EXIST::FUNCTION:
+OBJ_find_sigid_algs                     4513    EXIST::FUNCTION:
+EVP_PKEY_meth_set_keygen                4514    EXIST::FUNCTION:
+PKCS5_PBKDF2_HMAC                       4515    EXIST::FUNCTION:
+EVP_PKEY_paramgen                       4516    EXIST::FUNCTION:
+EVP_PKEY_meth_set_paramgen              4517    EXIST::FUNCTION:
+BIO_new_PKCS7                           4518    EXIST::FUNCTION:
+EVP_PKEY_verify_recover                 4519    EXIST::FUNCTION:
+TS_ext_print_bio                        4520    EXIST::FUNCTION:
+TS_ASN1_INTEGER_print_bio               4521    EXIST::FUNCTION:
+check_defer                             4522    EXIST::FUNCTION:
+DSO_pathbyaddr                          4523    EXIST::FUNCTION:
+EVP_PKEY_set_type                       4524    EXIST::FUNCTION:
+TS_ACCURACY_set_micros                  4525    EXIST::FUNCTION:
+TS_REQ_to_TS_VERIFY_CTX                 4526    EXIST::FUNCTION:
+EVP_PKEY_meth_set_copy                  4527    EXIST::FUNCTION:
+ASN1_PCTX_set_cert_flags                4528    EXIST::FUNCTION:
+TS_TST_INFO_get_ext                     4529    EXIST::FUNCTION:
+EVP_PKEY_asn1_set_ctrl                  4530    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_by_critical         4531    EXIST::FUNCTION:
+EVP_PKEY_CTX_new_id                     4532    EXIST::FUNCTION:
+TS_REQ_get_ext_by_OBJ                   4533    EXIST::FUNCTION:
+TS_CONF_set_signer_cert                 4534    EXIST::FUNCTION:
+X509_NAME_hash_old                      4535    EXIST::FUNCTION:
+ASN1_TIME_set_string                    4536    EXIST::FUNCTION:
+EVP_MD_flags                            4537    EXIST::FUNCTION:
+TS_RESP_CTX_free                        4538    EXIST::FUNCTION:
+DSAparams_dup                           4539    EXIST::FUNCTION:DSA
+DHparams_dup                            4540    EXIST::FUNCTION:DH
+OCSP_REQ_CTX_add1_header                4541    EXIST::FUNCTION:
+OCSP_REQ_CTX_set1_req                   4542    EXIST::FUNCTION:
+X509_STORE_set_verify_cb                4543    EXIST::FUNCTION:
+X509_STORE_CTX_get0_current_crl         4544    EXIST::FUNCTION:
+X509_STORE_CTX_get0_parent_ctx          4545    EXIST::FUNCTION:
+X509_STORE_CTX_get0_current_issuer      4546    EXIST:!VMS:FUNCTION:
+X509_STORE_CTX_get0_cur_issuer          4546    EXIST:VMS:FUNCTION:
+X509_issuer_name_hash_old               4547    EXIST::FUNCTION:MD5
+X509_subject_name_hash_old              4548    EXIST::FUNCTION:MD5
+EVP_CIPHER_CTX_copy                     4549    EXIST::FUNCTION:
+UI_method_get_prompt_constructor        4550    EXIST:!VMS:FUNCTION:
+UI_method_get_prompt_constructr         4550    EXIST:VMS:FUNCTION:
+UI_method_set_prompt_constructor        4551    EXIST:!VMS:FUNCTION:
+UI_method_set_prompt_constructr         4551    EXIST:VMS:FUNCTION:
+EVP_read_pw_string_min                  4552    EXIST::FUNCTION:
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl
index f2b92b2b25..280e9de1ad 100644
--- a/src/lib/libcrypto/util/mk1mf.pl
+++ b/src/lib/libcrypto/util/mk1mf.pl
@@ -6,36 +6,56 @@
 #
 $INSTALLTOP="/usr/local/ssl";
+$OPENSSLDIR="/usr/local/ssl";
 $OPTIONS="";
 $ssl_version="";
 $banner="\t\@echo Building OpenSSL";
-my $no_static_engine = 0;
+my $no_static_engine = 1;
 my $engines = "";
 local $zlib_opt = 0;    # 0 = no zlib, 1 = static, 2 = dynamic
 local $zlib_lib = "";
+local $perl_asm = 0;    # 1 to autobuild asm files from perl scripts
+# Options to import from top level Makefile
+my %mf_import = (
+        VERSION        => \$ssl_version,
+        OPTIONS        => \$OPTIONS,
+        INSTALLTOP     => \$INSTALLTOP,
+        OPENSSLDIR     => \$OPENSSLDIR,
+        PLATFORM       => \$mf_platform,
+        CFLAG          => \$mf_cflag,
+        DEPFLAG        => \$mf_depflag,
+        CPUID_OBJ      => \$mf_cpuid_asm,
+        BN_ASM         => \$mf_bn_asm,
+        DES_ENC        => \$mf_des_asm,
+        AES_ENC        => \$mf_aes_asm,
+        BF_ENC         => \$mf_bf_asm,
+        CAST_ENC       => \$mf_cast_asm,
+        RC4_ENC        => \$mf_rc4_asm,
+        RC5_ENC        => \$mf_rc5_asm,
+        MD5_ASM_OBJ    => \$mf_md5_asm,
+        SHA1_ASM_OBJ   => \$mf_sha_asm,
+        RMD160_ASM_OBJ => \$mf_rmd_asm,
+        WP_ASM_OBJ     => \$mf_wp_asm,
+        CMLL_ENC       => \$mf_cm_asm
+);
-local $fips_canister_path = "";
-my $fips_premain_dso_exe_path = "";
-my $fips_premain_c_path = "";
-my $fips_sha1_exe_path = "";
-local $fipscanisterbuild = 0;
-local $fipsdso = 0;
-my $fipslibdir = "";
-my $baseaddr = "";
-my $ex_l_libs = "";
 open(IN,"<Makefile") || die "unable to open Makefile!\n";
 while(<IN>) {
-    $ssl_version=$1 if (/^VERSION=(.*)$/);
+    my ($mf_opt, $mf_ref);
-    $OPTIONS=$1 if (/^OPTIONS=(.*)$/);
+    while (($mf_opt, $mf_ref) = each %mf_import) {
-    $INSTALLTOP=$1 if (/^INSTALLTOP=(.*$)/);
+        if (/^$mf_opt\s*=\s*(.*)$/) {
+           $$mf_ref = $1;
+        }
+    }
 }
 close(IN);
+$debug = 1 if $mf_platform =~ /^debug-/;
 die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq "";
 $infile="MINFO";
@@ -58,6 +78,7 @@ $infile="MINFO";
        "netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets",
        "netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets",
        "default","cc under unix",
+        "auto", "auto detect from top level Makefile"
        );
 $platform="";
@@ -144,6 +165,12 @@ $bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
 $NT=0;
 push(@INC,"util/pl","pl");
+if ($platform eq "auto") {
+        $platform = $mf_platform;
+        print STDERR "Imported platform $mf_platform\n";
+}
 if (($platform =~ /VC-(.+)/))
        {
        $FLAVOR=$1;
@@ -228,13 +255,12 @@ $cflags.=" -DOPENSSL_NO_DES"  if $no_des;
 $cflags.=" -DOPENSSL_NO_RSA"  if $no_rsa;
 $cflags.=" -DOPENSSL_NO_DSA"  if $no_dsa;
 $cflags.=" -DOPENSSL_NO_DH"   if $no_dh;
+$cflags.=" -DOPENSSL_NO_WHIRLPOOL"   if $no_whirlpool;
 $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
 $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
 $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
 $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
 $cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
-$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
-$cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng;
 $cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
 $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
 $cflags.=" -DOPENSSL_NO_EC"   if $no_ec;
@@ -242,7 +268,7 @@ $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
 $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
 $cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
 $cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
-$cflags.=" -DOPENSSL_FIPS"    if $fips;
+$cflags.=" -DOPENSSL_NO_JPAKE"    if $no_jpake;
 $cflags.= " -DZLIB" if $zlib_opt;
 $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
@@ -264,9 +290,9 @@ else
 $ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
 %shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
-                  "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO",
+                  "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
-                  "FIPS" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
 if ($msdos)
        {
@@ -280,6 +306,7 @@ if ($msdos)
 $link="$bin_dir$link" if ($link !~ /^\$/);
 $INSTALLTOP =~ s|/|$o|g;
+$OPENSSLDIR =~ s|/|$o|g;
 #############################################
 # We parse in input file and 'store' info for later printing.
@@ -294,21 +321,11 @@ for (;;)
                {
                if ($lib ne "")
                        {
-                        if ($fips && $dir =~ /^fips/)
+                        $uc=$lib;
-                                {
+                        $uc =~ s/^lib(.*)\.a/$1/;
-                                $uc = "FIPS";
+                        $uc =~ tr/a-z/A-Z/;
-                                }
+                        $lib_nam{$uc}=$uc;
-                        else
+                        $lib_obj{$uc}.=$libobj." ";
-                                {
-                                $uc=$lib;
-                                $uc =~ s/^lib(.*)\.a/$1/;
-                                $uc =~ tr/a-z/A-Z/;
-                                }
-                        if (($uc ne "FIPS") || $fipscanisterbuild)
-                                {
-                                $lib_nam{$uc}=$uc;
-                                $lib_obj{$uc}.=$libobj." ";
-                                }
                        }
                last if ($val eq "FINISHED");
                $lib="";
@@ -351,130 +368,11 @@ for (;;)
        if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine)
                { $engines.=$val }
-        if ($key eq "FIPS_EX_OBJ")
-                { 
-                $fips_ex_obj=&var_add("crypto",$val,0);
-                }
-        if ($key eq "FIPSLIBDIR")
-                {
-                $fipslibdir=$val;
-                $fipslibdir =~ s/\/$//;
-                $fipslibdir =~ s/\//$o/g;
-                }
-        if ($key eq "BASEADDR")
-                { $baseaddr=$val;}
        if (!($_=<IN>))
                { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
        }
 close(IN);
-if ($fips)
-        {
-         
-        foreach (split " ", $fips_ex_obj)
-                {
-                $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/);
-                }
-        $fips_exclude_obj{"cpu_win32"} = 1;
-        $fips_exclude_obj{"bn_asm"} = 1;
-        $fips_exclude_obj{"des_enc"} = 1;
-        $fips_exclude_obj{"fcrypt_b"} = 1;
-        $fips_exclude_obj{"aes_core"} = 1;
-        $fips_exclude_obj{"aes_cbc"} = 1;
-        my @ltmp = split " ", $lib_obj{"CRYPTO"};
-        $lib_obj{"CRYPTO"} = "";
-        foreach(@ltmp)
-                {
-                if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1})
-                        {
-                        if ($fipscanisterbuild)
-                                {
-                                $lib_obj{"FIPS"} .= "$_ ";
-                                }
-                        }
-                else
-                        {
-                        $lib_obj{"CRYPTO"} .= "$_ ";
-                        }
-                }
-        }
-if ($fipscanisterbuild)
-        {
-        $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq "";
-        $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c";
-        }
-else
-        {
-        if ($fips_canister_path eq "")
-                {
-                $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib";
-                }
-        if ($fips_premain_c_path eq "")
-                {
-                $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
-                }
-        }
-if ($fips)
-        {
-        if ($fips_sha1_exe_path eq "")
-                {
-                $fips_sha1_exe_path =
-                        "\$(BIN_D)${o}fips_standalone_sha1$exep";
-                }
-        }
-        else
-        {
-        $fips_sha1_exe_path = "";
-        }
-if ($fips_premain_dso_exe_path eq "")
-        {
-        $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
-        }
-#       $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
-#$ex_l_libs .= " \$(L_FIPS)" if $fipsdso;
-if ($fips)
-        {
-        if (!$shlib)
-                {
-                $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
-                $ex_l_libs .= " \$(O_FIPSCANISTER)";
-                $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild;
-                }
-        if ($fipscanisterbuild)
-                {
-                $fipslibdir = "\$(LIB_D)";
-                }
-        else
-                {
-                if ($fipslibdir eq "")
-                        {
-                        open (IN, "util/fipslib_path.txt") || fipslib_error();
-                        $fipslibdir = <IN>;
-                        chomp $fipslibdir;
-                        close IN;
-                        }
-                fips_check_files($fipslibdir,
-                                "fipscanister.lib", "fipscanister.lib.sha1",
-                                "fips_premain.c", "fips_premain.c.sha1");
-                }
-        }
 if ($shlib)
        {
        $extra_install= <<"EOF";
@@ -520,6 +418,7 @@ $defs .= $preamble if defined $preamble;
 $defs.= <<"EOF";
 INSTALLTOP=$INSTALLTOP
+OPENSSLDIR=$OPENSSLDIR
 # Set your compiler options
 PLATFORM=$platform
@@ -540,32 +439,6 @@ SRC_D=$src_dir
 LINK=$link
 LFLAGS=$lflags
 RSC=$rsc
-FIPSLINK=\$(PERL) util${o}fipslink.pl
-AES_ASM_OBJ=$aes_asm_obj
-AES_ASM_SRC=$aes_asm_src
-BN_ASM_OBJ=$bn_asm_obj
-BN_ASM_SRC=$bn_asm_src
-BNCO_ASM_OBJ=$bnco_asm_obj
-BNCO_ASM_SRC=$bnco_asm_src
-DES_ENC_OBJ=$des_enc_obj
-DES_ENC_SRC=$des_enc_src
-BF_ENC_OBJ=$bf_enc_obj
-BF_ENC_SRC=$bf_enc_src
-CAST_ENC_OBJ=$cast_enc_obj
-CAST_ENC_SRC=$cast_enc_src
-RC4_ENC_OBJ=$rc4_enc_obj
-RC4_ENC_SRC=$rc4_enc_src
-RC5_ENC_OBJ=$rc5_enc_obj
-RC5_ENC_SRC=$rc5_enc_src
-MD5_ASM_OBJ=$md5_asm_obj
-MD5_ASM_SRC=$md5_asm_src
-SHA1_ASM_OBJ=$sha1_asm_obj
-SHA1_ASM_SRC=$sha1_asm_src
-RMD160_ASM_OBJ=$rmd160_asm_obj
-RMD160_ASM_SRC=$rmd160_asm_src
-CPUID_ASM_OBJ=$cpuid_asm_obj
-CPUID_ASM_SRC=$cpuid_asm_src
 # The output directory for everything intersting
 OUT_D=$out_dir
@@ -584,17 +457,6 @@ MKLIB=$bin_dir$mklib
 MLFLAGS=$mlflags
 ASM=$bin_dir$asm
-# FIPS validated module and support file locations
-E_PREMAIN_DSO=fips_premain_dso
-FIPSLIB_D=$fipslibdir
-BASEADDR=$baseaddr
-FIPS_PREMAIN_SRC=$fips_premain_c_path
-O_FIPSCANISTER=$fips_canister_path
-FIPS_SHA1_EXE=$fips_sha1_exe_path
-PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
 ######################################################
 # You should not need to touch anything below this point
 ######################################################
@@ -602,7 +464,6 @@ PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
 E_EXE=openssl
 SSL=$ssl
 CRYPTO=$crypto
-LIBFIPS=libosslfips
 # BIN_D  - Binary output directory
 # TEST_D - Binary test file output directory
@@ -623,14 +484,12 @@ INCL_D=\$(TMP_D)
 O_SSL=     \$(LIB_D)$o$plib\$(SSL)$shlibp
 O_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
-O_FIPS=    \$(LIB_D)$o$plib\$(LIBFIPS)$shlibp
 SO_SSL=    $plib\$(SSL)$so_shlibp
 SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
 L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
 L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
-L_FIPS=    \$(LIB_D)$o$plib\$(LIBFIPS)$libp
-L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
+L_LIBS= \$(L_SSL) \$(L_CRYPTO)
 ######################################################
 # Don't touch anything below this point
@@ -640,13 +499,13 @@ INC=-I\$(INC_D) -I\$(INCL_D)
 APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
 LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
 SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
-LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
 #############################################
 EOF
 $rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
 banner:
 $banner
@@ -683,8 +542,9 @@ install: all
        \$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\"
        \$(MKDIR) \"\$(INSTALLTOP)${o}lib\"
        \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\"
-        \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep\" \"\$(INSTALLTOP)${o}bin\"
+        \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\"
-        \$(CP) \"apps${o}openssl.cnf\" \"\$(INSTALLTOP)\"
+        \$(MKDIR) \"\$(OPENSSLDIR)\"
+        \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\"
 $extra_install
@@ -761,26 +621,6 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
 $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
 $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
-# Special case rules for fips_start and fips_end fips_premain_dso
-if ($fips)
-        {
-        if ($fipscanisterbuild)
-                {
-                $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
-                        "fips${o}fips_canister.c",
-                        "-DFIPS_START \$(SHLIB_CFLAGS)");
-                $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
-                        "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
-                }
-        $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
-                "fips${o}sha${o}fips_standalone_sha1.c",
-                "\$(SHLIB_CFLAGS)");
-        $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
-                "fips${o}fips_premain.c",
-                "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
-        }
 foreach (values %lib_nam)
        {
        $lib_obj=$lib_obj{$_};
@@ -792,78 +632,14 @@ foreach (values %lib_nam)
                next;
                }
-        if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS")))
-                {
-                if ($cpuid_asm_obj ne "")
-                        {
-                        $lib_obj =~ s/(\S*\/cryptlib\S*)/$1 \$(CPUID_ASM_OBJ)/;
-                        $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src);
-                        }
-                if ($aes_asm_obj ne "")
-                        {
-                        $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/;
-                        $lib_obj =~ s/\s\S*\/aes_cbc\S*//;
-                        $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src);
-                        }
-                if ($sha1_asm_obj ne "")
-                        {
-                        $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
-                        $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
-                        }
-                if ($bn_asm_obj ne "")
-                        {
-                        $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
-                        $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
-                        }
-                if ($bnco_asm_obj ne "")
-                        {
-                        $lib_obj .= "\$(BNCO_ASM_OBJ)";
-                        $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src);
-                        }
-                if ($des_enc_obj ne "")
-                        {
-                        $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
-                        $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
-                        $rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
-                        }
-                }
-        if (($bf_enc_obj ne "") && ($_ eq "CRYPTO"))
-                {
-                $lib_obj =~ s/\s\S*\/bf_enc\S*/ \$(BF_ENC_OBJ)/;
-                $rules.=&do_asm_rule($bf_enc_obj,$bf_enc_src);
-                }
-        if (($cast_enc_obj ne "") && ($_ eq "CRYPTO"))
-                {
-                $lib_obj =~ s/(\s\S*\/c_enc\S*)/ \$(CAST_ENC_OBJ)/;
-                $rules.=&do_asm_rule($cast_enc_obj,$cast_enc_src);
-                }
-        if (($rc4_enc_obj ne "") && ($_ eq "CRYPTO"))
-                {
-                $lib_obj =~ s/\s\S*\/rc4_enc\S*/ \$(RC4_ENC_OBJ)/;
-                $rules.=&do_asm_rule($rc4_enc_obj,$rc4_enc_src);
-                }
-        if (($rc5_enc_obj ne "") && ($_ eq "CRYPTO"))
-                {
-                $lib_obj =~ s/\s\S*\/rc5_enc\S*/ \$(RC5_ENC_OBJ)/;
-                $rules.=&do_asm_rule($rc5_enc_obj,$rc5_enc_src);
-                }
-        if (($md5_asm_obj ne "") && ($_ eq "CRYPTO"))
-                {
-                $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/;
-                $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src);
-                }
-        if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO"))
-                {
-                $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/;
-                $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src);
-                }
        $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
        $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
        $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
        }
 # hack to add version info on MSVC
-if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) {
+if (($platform eq "VC-WIN32") || ($platform eq "VC-WIN64A")
+        || ($platform eq "VC-WIN64I") || ($platform eq "VC-NT")) {
    $rules.= <<"EOF";
 \$(OBJ_D)\\\$(CRYPTO).res: ms\\version32.rc
        \$(RSC) /fo"\$(OBJ_D)\\\$(CRYPTO).res" /d CRYPTO ms\\version32.rc
@@ -871,43 +647,15 @@ if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) {
 \$(OBJ_D)\\\$(SSL).res: ms\\version32.rc
        \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc
-\$(OBJ_D)\\\$(LIBFIPS).res: ms\\version32.rc
-        \$(RSC) /fo"\$(OBJ_D)\\\$(LIBFIPS).res" /d FIPS ms\\version32.rc
 EOF
 }
 $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
 foreach (split(/\s+/,$test))
        {
-        my $t_libs;
        $t=&bname($_);
-        my $ltype;
-        # Check to see if test program is FIPS
-        if ($fips && /fips/)
-                {
-                # If fipsdso link to libosslfips.dll 
-                # otherwise perform static link to 
-                # $(O_FIPSCANISTER)
-                if ($fipsdso)
-                        {
-                        $t_libs = "\$(L_FIPS)";
-                        $ltype = 0;
-                        }
-                else
-                        {
-                        $t_libs = "\$(O_FIPSCANISTER)";
-                        $ltype = 2;
-                        }
-                }
-        else
-                {
-                $t_libs = "\$(L_LIBS)";
-                $ltype = 0;
-                }
        $tt="\$(OBJ_D)${o}$t${obj}";
-        $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype);
+        $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
        }
 $defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp);
@@ -921,69 +669,9 @@ foreach (split(/\s+/,$engines))
 $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
+$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
-if ($fips)
+$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
-        {
-        if ($shlib)
-                {
-                if ($fipsdso)
-                        {
-                        $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
-                                        "\$(O_CRYPTO)", "$crypto",
-                                        $shlib, "", "");
-                        $rules.= &do_lib_rule(
-                                "\$(O_FIPSCANISTER)",
-                                "\$(O_FIPS)", "\$(LIBFIPS)",
-                                $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
-                        $rules.= &do_sdef_rule();
-                        }
-                else
-                        {
-                        $rules.= &do_lib_rule(
-                                "\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
-                                "\$(O_CRYPTO)", "$crypto",
-                                $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
-                        }
-                }
-        else
-                {
-                $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
-                        "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
-                $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)",
-                        "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
-                }
-        }
-        else
-        {
-        $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
-                                                        "\$(SO_CRYPTO)");
-        }
-if ($fips)
-        {
-        if ($fipscanisterbuild)
-                {
-                $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)",
-                                        "\$(OBJ_D)${o}fips_start$obj",
-                                        "\$(FIPSOBJ)",
-                                        "\$(OBJ_D)${o}fips_end$obj",
-                                        "\$(FIPS_SHA1_EXE)", "");
-                $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
-                                        "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj \$(SHA1_ASM_OBJ)",
-                                        "","\$(EX_LIBS)", 1);
-                }
-        else
-                {
-                $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
-                                        "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)",
-                                        "","", 1);
-                }
-        $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
-        
-        }
-$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0);
 print $defs;
@@ -1022,7 +710,6 @@ sub var_add
        return("") if $no_ec   && $dir =~ /\/ec/;
        return("") if $no_cms  && $dir =~ /\/cms/;
        return("") if $no_jpake  && $dir =~ /\/jpake/;
-        return("") if !$fips   && $dir =~ /^fips/;
        if ($no_des && $dir =~ /\/des/)
                {
                if ($val =~ /read_pwd/)
@@ -1034,6 +721,7 @@ sub var_add
        return("") if $no_sock && $dir =~ /\/proxy/;
        return("") if $no_bf   && $dir =~ /\/bf/;
        return("") if $no_cast && $dir =~ /\/cast/;
+        return("") if $no_whirlpool && $dir =~ /\/whrlpool/;
        $val =~ s/^\s*(.*)\s*$/$1/;
        @a=split(/\s+/,$val);
@@ -1051,8 +739,8 @@ sub var_add
        @a=grep(!/^e_camellia$/,@a) if $no_camellia;
        @a=grep(!/^e_seed$/,@a) if $no_seed;
-        @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
+        #@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
-        @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
+        #@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
        @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
@@ -1126,6 +814,7 @@ sub do_defs
                else    { $pf=$postfix; }
                if ($_ =~ /BN_ASM/)     { $t="$_ "; }
                elsif ($_ =~ /BNCO_ASM/){ $t="$_ "; }
+                elsif ($_ =~ /AES_ASM/){ $t="$_ "; }
                elsif ($_ =~ /DES_ENC/) { $t="$_ "; }
                elsif ($_ =~ /BF_ENC/)  { $t="$_ "; }
                elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
@@ -1133,8 +822,8 @@ sub do_defs
                elsif ($_ =~ /RC5_ENC/) { $t="$_ "; }
                elsif ($_ =~ /MD5_ASM/) { $t="$_ "; }
                elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; }
-                elsif ($_ =~ /AES_ASM/){ $t="$_ "; }
                elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; }
+                elsif ($_ =~ /WHIRLPOOL_ASM/){ $t="$_ "; }
                elsif ($_ =~ /CPUID_ASM/){ $t="$_ "; }
                else    { $t="$location${o}$_$pf "; }
@@ -1142,7 +831,7 @@ sub do_defs
                $ret.=$t;
                }
        # hack to add version info on MSVC
-        if ($shlib && (($platform eq "VC-WIN32") || ($platform eq "VC-NT")))
+        if ($shlib && (($platform eq "VC-WIN32") || ($platfrom eq "VC-WIN64I") || ($platform eq "VC-WIN64A") || ($platform eq "VC-NT")))
                {
                if ($var eq "CRYPTOOBJ")
                        { $ret.="\$(OBJ_D)\\\$(CRYPTO).res "; }
@@ -1162,6 +851,13 @@ sub bname
        return($ret);
        }
+# return the leading path
+sub dname
+        {
+        my $ret=shift;
+        $ret =~ s/(^.*)[\\\/][^\\\/]+$/$1/;
+        return($ret);
+        }
 ##############################################################
 # do a rule for each file that says 'compile' to new direcory
@@ -1169,19 +865,61 @@ sub bname
 sub do_compile_rule
        {
        local($to,$files,$ex)=@_;
-        local($ret,$_,$n);
+        local($ret,$_,$n,$d,$s);
-        
        $files =~ s/\//$o/g if $o ne '/';
        foreach (split(/\s+/,$files))
                {
                $n=&bname($_);
-                $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex)
+                $d=&dname($_);
+                if (-f "${_}.c")
+                        {
+                        $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex)
+                        }
+                elsif (-f ($s="${d}${o}asm${o}${n}.pl") or
+                       ($s=~s/sha256/sha512/ and -f $s) or
+                       -f ($s="${d}${o}${n}.pl"))
+                        {
+                        $ret.=&perlasm_compile_target("$to${o}$n$obj",$s,$n);
+                        }
+                elsif (-f ($s="${d}${o}asm${o}${n}.S") or
+                       -f ($s="${d}${o}${n}.S"))
+                        {
+                        $ret.=&Sasm_compile_target("$to${o}$n$obj",$s,$n);
+                        }
+                else    { die "no rule for $_"; }
                }
        return($ret);
        }
 ##############################################################
 # do a rule for each file that says 'compile' to new direcory
+sub perlasm_compile_target
+        {
+        my($target,$source,$bname)=@_;
+        my($ret);
+        $bname =~ s/(.*)\.[^\.]$/$1/;
+        $ret ="\$(TMP_D)$o$bname.asm: $source\n";
+        $ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n\n";
+        $ret.="$target: \$(TMP_D)$o$bname.asm\n";
+        $ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n";
+        return($ret);
+        }
+sub Sasm_compile_target
+        {
+        my($target,$source,$bname)=@_;
+        my($ret);
+        $bname =~ s/(.*)\.[^\.]$/$1/;
+        $ret ="\$(TMP_D)$o$bname.asm: $source\n";
+        $ret.="\t\$(CC) -E \$(CFLAG) $source >\$\@\n\n";
+        $ret.="$target: \$(TMP_D)$o$bname.asm\n";
+        $ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n";
+        return($ret);
+        }
 sub cc_compile_target
        {
        local($target,$source,$ex_flags)=@_;
@@ -1204,13 +942,25 @@ sub do_asm_rule
        $target =~ s/\//$o/g if $o ne "/";
        $src =~ s/\//$o/g if $o ne "/";
-        @s=split(/\s+/,$src);
        @t=split(/\s+/,$target);
+        @s=split(/\s+/,$src);
        for ($i=0; $i<=$#s; $i++)
                {
-                $ret.="$t[$i]: $s[$i]\n";
+                my $objfile = $t[$i];
-                $ret.="\t\$(ASM) $afile$t[$i] \$(SRC_D)$o$s[$i]\n\n";
+                my $srcfile = $s[$i];
+                if ($perl_asm == 1)
+                        {
+                        my $plasm = $objfile;
+                        $plasm =~ s/${obj}/.pl/;
+                        $ret.="$srcfile: $plasm\n";
+                        $ret.="\t\$(PERL) $plasm $asmtype \$(CFLAG) >$srcfile\n\n";
+                        }
+                $ret.="$objfile: $srcfile\n";
+                $ret.="\t\$(ASM) $afile$objfile \$(SRC_D)$o$srcfile\n\n";
                }
        return($ret);
        }
@@ -1274,6 +1024,7 @@ sub read_options
                "no-sha1" => \$no_sha1,
                "no-ripemd" => \$no_ripemd,
                "no-mdc2" => \$no_mdc2,
+                "no-whirlpool" => \$no_whirlpool,
                "no-patents" => 
                        [\$no_rc2, \$no_rc4, \$no_rc5, \$no_idea, \$no_rsa],
                "no-rsa" => \$no_rsa,
@@ -1282,7 +1033,6 @@ sub read_options
                "no-hmac" => \$no_hmac,
                "no-asm" => \$no_asm,
                "nasm" => \$nasm,
-                "ml64" => \$ml64,
                "nw-nasm" => \$nw_nasm,
                "nw-mwasm" => \$nw_mwasm,
                "gaswin" => \$gaswin,
@@ -1291,7 +1041,6 @@ sub read_options
                "no-tlsext" => \$no_tlsext,
                "no-cms" => \$no_cms,
                "no-jpake" => \$no_jpake,
-                "no-capieng" => \$no_capieng,
                "no-err" => \$no_err,
                "no-sock" => \$no_sock,
                "no-krb5" => \$no_krb5,
@@ -1316,11 +1065,9 @@ sub read_options
                "no-rfc3779" => 0,
                "no-montasm" => 0,
                "no-shared" => 0,
+                "no-store" => 0,
                "no-zlib" => 0,
                "no-zlib-dynamic" => 0,
-                "fips" => \$fips,
-                "fipscanisterbuild" => [\$fips, \$fipscanisterbuild],
-                "fipsdso" => [\$fips, \$fipscanisterbuild, \$fipsdso],
                );
        if (exists $valid_options{$_})
@@ -1397,31 +1144,3 @@ sub read_options
        else { return(0); }
        return(1);
        }
-sub fipslib_error
-        {
-        print STDERR "***FIPS module directory sanity check failed***\n";
-        print STDERR "FIPS module build failed, or was deleted\n";
-        print STDERR "Please rebuild FIPS module.\n"; 
-        exit 1;
-        }
-sub fips_check_files
-        {
-        my $dir = shift @_;
-        my $ret = 1;
-        if (!-d $dir)
-                {
-                print STDERR "FIPS module directory $dir does not exist\n";
-                fipslib_error();
-                }
-        foreach (@_)
-                {
-                if (!-f "$dir${o}$_")
-                        {
-                        print STDERR "FIPS module file $_ does not exist!\n";
-                        $ret = 0;
-                        }
-                }
-        fipslib_error() if ($ret == 0);
-        }
diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl
index 5ae9ebb619..a4a17e3ae9 100644
--- a/src/lib/libcrypto/util/mkdef.pl
+++ b/src/lib/libcrypto/util/mkdef.pl
@@ -69,7 +69,7 @@ my $do_ctestall = 0;
 my $do_checkexist = 0;
 my $VMSVAX=0;
-my $VMSAlpha=0;
+my $VMSNonVAX=0;
 my $VMS=0;
 my $W32=0;
 my $W16=0;
@@ -79,12 +79,13 @@ my $OS2=0;
 my $safe_stack_def = 0;
 my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
-                        "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS"); 
+                        "EXPORT_VAR_AS_FUNCTION", "ZLIB" );
 my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
 my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
                         "SHA256", "SHA512", "RIPEMD",
-                         "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES", "CAMELLIA", "SEED",
+                         "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA",
+                         "HMAC", "AES", "CAMELLIA", "SEED", "GOST",
                         # Envelope "algorithms"
                         "EVP", "X509", "ASN1_TYPEDEFS",
                         # Helper "algorithms"
@@ -94,14 +95,16 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
                         # Engines
                         "STATIC_ENGINE", "ENGINE", "HW", "GMP",
-                         # RFC3779 support 
+                         # RFC3779
                         "RFC3779",
-                         # TLS extension support
+                         # TLS
-                         "TLSEXT",
+                         "TLSEXT", "PSK",
                         # CMS
                         "CMS",
                         # CryptoAPI Engine
                         "CAPIENG",
+                         # SSL v2
+                         "SSL2",
                         # JPAKE
                         "JPAKE",
                         # Deprecated functions
@@ -118,14 +121,15 @@ close(IN);
 # defined with ifndef(NO_XXX) are not included in the .def file, and everything
 # in directory xxx is ignored.
 my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
-my $no_cast;
+my $no_cast; my $no_whirlpool; my $no_camellia; my $no_seed;
 my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
 my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
-my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia;
+my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
-my $no_seed;
+my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated;
+my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
-my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake;
+my $no_jpake; my $no_ssl2;
-my $fips;
+my $zlib;
 foreach (@ARGV, split(/ /, $options))
@@ -141,17 +145,15 @@ foreach (@ARGV, split(/ /, $options))
                $VMS=1;
                $VMSVAX=1;
        }
-        if ($_ eq "VMS-Alpha") {
+        if ($_ eq "VMS-NonVAX") {
                $VMS=1;
-                $VMSAlpha=1;
+                $VMSNonVAX=1;
        }
        $VMS=1 if $_ eq "VMS";
        $OS2=1 if $_ eq "OS2";
-        $fips=1 if /^fips/;
+        if ($_ eq "zlib" || $_ eq "enable-zlib" || $_ eq "zlib-dynamic"
+                         || $_ eq "enable-zlib-dynamic") {
-        if ($_ eq "zlib" || $_ eq "zlib-dynamic"
+                $zlib = 1;
-                         || $_ eq "enable-zlib-dynamic") {
-                $zlib = 1;
        }
        $do_ssl=1 if $_ eq "ssleay";
@@ -180,6 +182,7 @@ foreach (@ARGV, split(/ /, $options))
        elsif (/^no-des$/)      { $no_des=1; $no_mdc2=1; }
        elsif (/^no-bf$/)       { $no_bf=1; }
        elsif (/^no-cast$/)     { $no_cast=1; }
+        elsif (/^no-whirlpool$/)     { $no_whirlpool=1; }
        elsif (/^no-md2$/)      { $no_md2=1; }
        elsif (/^no-md4$/)      { $no_md4=1; }
        elsif (/^no-md5$/)      { $no_md5=1; }
@@ -212,6 +215,7 @@ foreach (@ARGV, split(/ /, $options))
        elsif (/^no-rfc3779$/)  { $no_rfc3779=1; }
        elsif (/^no-tlsext$/)   { $no_tlsext=1; }
        elsif (/^no-cms$/)      { $no_cms=1; }
+        elsif (/^no-ssl2$/)     { $no_ssl2=1; }
        elsif (/^no-capieng$/)  { $no_capieng=1; }
        elsif (/^no-jpake$/)    { $no_jpake=1; }
        }
@@ -260,6 +264,7 @@ $crypto.=" crypto/rc5/rc5.h" ; # unless $no_rc5;
 $crypto.=" crypto/rc2/rc2.h" ; # unless $no_rc2;
 $crypto.=" crypto/bf/blowfish.h" ; # unless $no_bf;
 $crypto.=" crypto/cast/cast.h" ; # unless $no_cast;
+$crypto.=" crypto/whrlpool/whrlpool.h" ;
 $crypto.=" crypto/md2/md2.h" ; # unless $no_md2;
 $crypto.=" crypto/md4/md4.h" ; # unless $no_md4;
 $crypto.=" crypto/md5/md5.h" ; # unless $no_md5;
@@ -301,17 +306,16 @@ $crypto.=" crypto/pkcs12/pkcs12.h";
 $crypto.=" crypto/x509/x509.h";
 $crypto.=" crypto/x509/x509_vfy.h";
 $crypto.=" crypto/x509v3/x509v3.h";
+$crypto.=" crypto/ts/ts.h";
 $crypto.=" crypto/rand/rand.h";
 $crypto.=" crypto/comp/comp.h" ; # unless $no_comp;
 $crypto.=" crypto/ocsp/ocsp.h";
 $crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
 $crypto.=" crypto/krb5/krb5_asn.h";
-$crypto.=" crypto/tmdiff.h";
+#$crypto.=" crypto/store/store.h";
-$crypto.=" crypto/store/store.h";
 $crypto.=" crypto/pqueue/pqueue.h";
 $crypto.=" crypto/cms/cms.h";
 $crypto.=" crypto/jpake/jpake.h";
-$crypto.=" fips/fips.h fips/rand/fips_rand.h";
 my $symhacks="crypto/symhacks.h";
@@ -885,6 +889,7 @@ sub do_defs
                        s/\{\}/\(\)/gs;
                        s/STACK_OF\(\)/void/gs;
+                        s/LHASH_OF\(\)/void/gs;
                        print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug;
                        if (/^\#INFO:([^:]*):(.*)$/) {
@@ -961,6 +966,25 @@ sub do_defs
        $platform{"PEM_write_NS_CERT_SEQ"} = "VMS";
        $platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS";
        $platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS";
+        $platform{"EVP_sha384"} = "!VMSVAX";
+        $platform{"EVP_sha512"} = "!VMSVAX";
+        $platform{"SHA384_Init"} = "!VMSVAX";
+        $platform{"SHA384_Transform"} = "!VMSVAX";
+        $platform{"SHA384_Update"} = "!VMSVAX";
+        $platform{"SHA384_Final"} = "!VMSVAX";
+        $platform{"SHA384"} = "!VMSVAX";
+        $platform{"SHA512_Init"} = "!VMSVAX";
+        $platform{"SHA512_Transform"} = "!VMSVAX";
+        $platform{"SHA512_Update"} = "!VMSVAX";
+        $platform{"SHA512_Final"} = "!VMSVAX";
+        $platform{"SHA512"} = "!VMSVAX";
+        $platform{"WHIRLPOOL_Init"} = "!VMSVAX";
+        $platform{"WHIRLPOOL"} = "!VMSVAX";
+        $platform{"WHIRLPOOL_BitUpdate"} = "!VMSVAX";
+        $platform{"EVP_whirlpool"} = "!VMSVAX";
+        $platform{"WHIRLPOOL_Final"} = "!VMSVAX";
+        $platform{"WHIRLPOOL_Update"} = "!VMSVAX";
        # Info we know about
@@ -1085,6 +1109,8 @@ sub is_valid
                if ($platforms) {
                        # platforms
+                        if ($keyword eq "VMSVAX" && $VMSVAX) { return 1; }
+                        if ($keyword eq "VMSNonVAX" && $VMSNonVAX) { return 1; }
                        if ($keyword eq "VMS" && $VMS) { return 1; }
                        if ($keyword eq "WIN32" && $W32) { return 1; }
                        if ($keyword eq "WIN16" && $W16) { return 1; }
@@ -1097,9 +1123,6 @@ sub is_valid
                        if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) {
                                return 1;
                        }
-                        if ($keyword eq "OPENSSL_FIPS" && $fips) {
-                                return 1;
-                        }
                        if ($keyword eq "ZLIB" && $zlib) { return 1; }
                        return 0;
                } else {
@@ -1117,6 +1140,7 @@ sub is_valid
                        if ($keyword eq "SHA" && $no_sha) { return 0; }
                        if ($keyword eq "RIPEMD" && $no_ripemd) { return 0; }
                        if ($keyword eq "MDC2" && $no_mdc2) { return 0; }
+                        if ($keyword eq "WHIRLPOOL" && $no_whirlpool) { return 0; }
                        if ($keyword eq "RSA" && $no_rsa) { return 0; }
                        if ($keyword eq "DSA" && $no_dsa) { return 0; }
                        if ($keyword eq "DH" && $no_dh) { return 0; }
@@ -1143,7 +1167,9 @@ sub is_valid
                        if ($keyword eq "GMP" && $no_gmp) { return 0; }
                        if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
                        if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
+                        if ($keyword eq "PSK" && $no_psk) { return 0; }
                        if ($keyword eq "CMS" && $no_cms) { return 0; }
+                        if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
                        if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
                        if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
                        if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
diff --git a/src/lib/libcrypto/util/mkfiles.pl b/src/lib/libcrypto/util/mkfiles.pl
index 67fb8694c8..6d15831450 100644
--- a/src/lib/libcrypto/util/mkfiles.pl
+++ b/src/lib/libcrypto/util/mkfiles.pl
@@ -26,6 +26,7 @@ my @dirs = (
 "crypto/aes",
 "crypto/camellia",
 "crypto/seed",
+"crypto/modes",
 "crypto/bn",
 "crypto/rsa",
 "crypto/dsa",
@@ -46,6 +47,7 @@ my @dirs = (
 "crypto/pem",
 "crypto/x509",
 "crypto/x509v3",
+"crypto/cms",
 "crypto/conf",
 "crypto/jpake",
 "crypto/txt_db",
@@ -56,25 +58,20 @@ my @dirs = (
 "crypto/ocsp",
 "crypto/ui",
 "crypto/krb5",
-"crypto/store",
+#"crypto/store",
 "crypto/pqueue",
-"crypto/cms",
+"crypto/whrlpool",
-"fips",
+"crypto/ts",
-"fips/aes",
-"fips/des",
-"fips/dsa",
-"fips/dh",
-"fips/hmac",
-"fips/rand",
-"fips/rsa",
-"fips/sha",
 "ssl",
 "apps",
 "engines",
+"engines/ccgost",
 "test",
 "tools"
 );
+%top;
 foreach (@dirs) {
        &files_dir ($_, "Makefile");
 }
@@ -118,8 +115,8 @@ while (<IN>)
                $o =~ s/\s+$//;
                $o =~ s/\s+/ /g;
-                $o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g;
+                $o =~ s/\$[({]([^)}]+)[)}]/$top{$1} or $sym{$1}/ge;
-                $sym{$s}=$o;
+                $sym{$s}=($top{$s} or $o);
                }
        }
@@ -129,6 +126,15 @@ foreach (sort keys %sym)
        {
        print "$_=$sym{$_}\n";
        }
+if ($dir eq "." && defined($sym{"BUILDENV"}))
+        {
+        foreach (split(' ',$sym{"BUILDENV"}))
+                {
+                /^(.+)=/;
+                $top{$1}=$sym{$1};
+                }
+        }
 print "RELATIVE_DIRECTORY=\n";
 close (IN);
diff --git a/src/lib/libcrypto/util/mklink.pl b/src/lib/libcrypto/util/mklink.pl
index eacc327882..61db12c68f 100644
--- a/src/lib/libcrypto/util/mklink.pl
+++ b/src/lib/libcrypto/util/mklink.pl
@@ -15,21 +15,13 @@
 # Apart from this, this script should be able to handle even the most
 # pathological cases.
-my $pwd;
+use Cwd;
-eval 'use Cwd;';
-if ($@)
-        {
-        $pwd = `pwd`;
-        }
-else
-        {
-        $pwd = getcwd();
-        }
 my $from = shift;
 my @files = @ARGV;
 my @from_path = split(/[\\\/]/, $from);
+my $pwd = getcwd();
 chomp($pwd);
 my @pwd_path = split(/[\\\/]/, $pwd);
@@ -59,6 +51,7 @@ my $to = join('/', @to_path);
 my $file;
 $symlink_exists=eval {symlink("",""); 1};
+if ($^O eq "msys") { $symlink_exists=0 };
 foreach $file (@files) {
    my $err = "";
    if ($symlink_exists) {
diff --git a/src/lib/libcrypto/util/pl/BC-32.pl b/src/lib/libcrypto/util/pl/BC-32.pl
index 99b8c058d2..1f1e13fb40 100644
--- a/src/lib/libcrypto/util/pl/BC-32.pl
+++ b/src/lib/libcrypto/util/pl/BC-32.pl
@@ -117,7 +117,7 @@ ___
        else
                {
                local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
-                $ex.=' wsock32.lib gdi32.lib';
+                $ex.=' ws2_32.lib gdi32.lib';
                $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
                }
        $ret.="\n";
diff --git a/src/lib/libcrypto/util/pl/Mingw32.pl b/src/lib/libcrypto/util/pl/Mingw32.pl
index 8f0483fb93..fe3fb27a78 100644
--- a/src/lib/libcrypto/util/pl/Mingw32.pl
+++ b/src/lib/libcrypto/util/pl/Mingw32.pl
@@ -19,7 +19,7 @@ $cc='gcc';
 if ($debug)
        { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; }
 else
-        { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -march=i486 -Wall"; }
+        { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -mcpu=i486 -Wall"; }
 if ($gaswin and !$no_asm)
        {
@@ -43,8 +43,6 @@ if ($gaswin and !$no_asm)
        $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s';
        $sha1_asm_obj='$(OBJ_D)\s1-win32.o';
        $sha1_asm_src='crypto/sha/asm/s1-win32.s';
-        $cpuid_asm_obj='$(OBJ_D)\cpu-win32.o';
-        $cpuid_asm_src='crypto/cpu-win32.s';
        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
        }
@@ -57,7 +55,7 @@ $link='${CC}';
 $lflags='${CFLAGS}';
 $efile='-o ';
 $exep='';
-$ex_libs="-lwsock32 -lgdi32";
+$ex_libs="-lws2_32 -lgdi32";
 # static library stuff
 $mklib='ar r';
diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl
index 85121c8ed1..c3e29fda96 100644
--- a/src/lib/libcrypto/util/pl/VC-32.pl
+++ b/src/lib/libcrypto/util/pl/VC-32.pl
@@ -4,21 +4,7 @@
 #
 $ssl=   "ssleay32";
+$crypto="libeay32";
-if ($fips && !$shlib)
-        {
-        $crypto="libeayfips32";
-        $crypto_compat = "libeaycompat32.lib";
-        }
-else
-        {
-        $crypto="libeay32";
-        }
-if ($fipscanisterbuild)
-        {
-        $fips_canister_path = "\$(LIB_D)\\fipscanister.lib";
-        }
 $o='\\';
 $cp='$(PERL) util/copy.pl';
@@ -27,6 +13,10 @@ $rm='del /Q';
 $zlib_lib="zlib1.lib";
+# Santize -L options for ms link
+$l_flags =~ s/-L("\[^"]+")/\/libpath:$1/g;
+$l_flags =~ s/-L(\S+)/\/libpath:$1/g;
 # C compiler stuff
 $cc='cl';
 if ($FLAVOR =~ /WIN64/)
@@ -42,14 +32,28 @@ if ($FLAVOR =~ /WIN64/)
    # per 0.9.8 release remaining warnings were explicitly examined and
    # considered safe to ignore.
    # 
-    $base_cflags=' /W3 /Gs0 /GF /Gy /nologo -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DOPENSSL_SYSNAME_WIN32 -DOPENSSL_SYSNAME_WINNT -DUNICODE -D_UNICODE';
+    $base_cflags= " $mf_cflag";
-    $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE';        # shut up VC8
-    $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE';       # shut up VC8
    my $f = $shlib?' /MD':' /MT';
    $lib_cflag='/Zl' if (!$shlib);      # remove /DEFAULTLIBs from static lib
    $opt_cflags=$f.' /Ox';
    $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
    $lflags="/nologo /subsystem:console /opt:ref";
+    *::perlasm_compile_target = sub {
+        my ($target,$source,$bname)=@_;
+        my $ret;
+        $bname =~ s/(.*)\.[^\.]$/$1/;
+        $ret=<<___;
+\$(TMP_D)$o$bname.asm: $source
+        set ASM=\$(ASM)
+        \$(PERL) $source \$\@
+$target: \$(TMP_D)$o$bname.asm
+        \$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm
+___
+        }
    }
 elsif ($FLAVOR =~ /CE/)
    {
@@ -99,18 +103,18 @@ elsif ($FLAVOR =~ /CE/)
    }
    $cc='$(CC)';
-    $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include -DOPENSSL_SMALL_FOOTPRINT';
+    $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -DOPENSSL_SMALL_FOOTPRINT';
    $base_cflags.=" $wcecdefs";
+    $base_cflags.=' -I$(WCECOMPAT)/include'             if (defined($ENV{'WCECOMPAT'}));
+    $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include' if (defined($ENV{'PORTSDK_LIBPATH'}));
    $opt_cflags=' /MC /O1i';    # optimize for space, but with intrinsics...
    $dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG';
    $lflags="/nologo /opt:ref $wcelflag";
    }
 else    # Win32
    {
-    $base_cflags=' /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+    $base_cflags= " $mf_cflag";
-    $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE';        # shut up VC8
+    my $f = $shlib?' /MD':' /MT';
-    $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE';       # shut up VC8
-    my $f = $shlib || $fips ?' /MD':' /MT';
    $lib_cflag='/Zl' if (!$shlib);      # remove /DEFAULTLIBs from static lib
    $opt_cflags=$f.' /Ox /O2 /Ob2';
    $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
@@ -118,22 +122,28 @@ else	# Win32
    }
 $mlflags='';
-$out_def="out32"; $out_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/);
+$out_def ="out32";      $out_def.="dll"                 if ($shlib);
-$tmp_def="tmp32"; $tmp_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/);
+                        $out_def.='_$(TARGETCPU)'       if ($FLAVOR =~ /CE/);
+$tmp_def ="tmp32";      $tmp_def.="dll"                 if ($shlib);
+                        $tmp_def.='_$(TARGETCPU)'       if ($FLAVOR =~ /CE/);
 $inc_def="inc32";
 if ($debug)
        {
        $cflags=$dbg_cflags.$base_cflags;
-        $lflags.=" /debug";
-        $mlflags.=' /debug';
        }
 else
        {
        $cflags=$opt_cflags.$base_cflags;
        }
+# generate symbols.pdb unconditionally
+$app_cflag.=" /Zi /Fd$tmp_def/app";
+$lib_cflag.=" /Zi /Fd$tmp_def/lib";
+$lflags.=" /debug";
 $obj='.obj';
+$asm_suffix='.asm';
 $ofile="/Fo";
 # EXE linking stuff
@@ -143,26 +153,23 @@ $efile="/out:";
 $exep='.exe';
 if ($no_sock)           { $ex_libs=''; }
 elsif ($FLAVOR =~ /CE/) { $ex_libs='winsock.lib'; }
-else                    { $ex_libs='wsock32.lib'; }
+else                    { $ex_libs='ws2_32.lib'; }
 if ($FLAVOR =~ /CE/)
        {
-        $ex_libs.=' $(WCECOMPAT)/lib/wcecompatex.lib';
+        $ex_libs.=' $(WCECOMPAT)/lib/wcecompatex.lib'   if (defined($ENV{'WCECOMPAT'}));
+        $ex_libs.=' $(PORTSDK_LIBPATH)/portlib.lib'     if (defined($ENV{'PORTSDK_LIBPATH'}));
        $ex_libs.=' /nodefaultlib:oldnames.lib coredll.lib corelibc.lib' if ($ENV{'TARGETCPU'} eq "X86");
        }
 else
        {
-        $ex_libs.=' gdi32.lib crypt32.lib advapi32.lib user32.lib';
+        $ex_libs.=' gdi32.lib advapi32.lib crypt32.lib user32.lib';
-        $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);
+        $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/ and `cl 2>&1` =~ /14\.00\.4[0-9]{4}\./);
+        # WIN32 UNICODE build gets linked with unicows.lib for
+        # backward compatibility with Win9x.
+        $ex_libs="unicows.lib $ex_libs" if ($FLAVOR =~ /WIN32/ and $cflags =~ /\-DUNICODE/);
        }
-# As native NT API is pure UNICODE, our WIN-NT build defaults to UNICODE,
-# but gets linked with unicows.lib to ensure backward compatibility.
-if ($FLAVOR =~ /NT/)
-        {
-        $cflags.=" -DOPENSSL_SYSNAME_WINNT -DUNICODE -D_UNICODE";
-        $ex_libs="unicows.lib $ex_libs";
-        }
 # static library stuff
 $mklib='lib /nologo';
 $ranlib='';
@@ -173,23 +180,30 @@ $lfile='/out:';
 $shlib_ex_obj="";
 $app_ex_obj="setargv.obj" if ($FLAVOR !~ /CE/);
-if ($nasm) {
+if ($FLAVOR =~ /WIN64A/) {
+        if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) {
+                $asm='nasm -f win64 -DNEAR -Ox -g';
+                $afile='-o ';
+        } else {
+                $asm='ml64 /c /Cp /Cx /Zi';
+                $afile='/Fo';
+        }
+} elsif ($FLAVOR =~ /WIN64I/) {
+        $asm='ias -d debug';
+        $afile="-o ";
+} elsif ($nasm) {
        my $ver=`nasm -v 2>NUL`;
        my $vew=`nasmw -v 2>NUL`;
        # pick newest version
        $asm=($ver gt $vew?"nasm":"nasmw")." -f win32";
+        $asmtype="win32n";
        $afile='-o ';
-} elsif ($ml64) {
-        $asm='ml64 /c /Cp /Cx';
-        $asm.=' /Zi' if $debug;
-        $afile='/Fo';
 } else {
-        $asm='ml /nologo /Cp /coff /c /Cx';
+        $asm='ml /nologo /Cp /coff /c /Cx /Zi';
-        $asm.=" /Zi" if $debug;
        $afile='/Fo';
+        $asmtype="win32";
 }
-$aes_asm_obj='';
 $bn_asm_obj='';
 $bn_asm_src='';
 $des_enc_obj='';
@@ -198,56 +212,26 @@ $bf_enc_obj='';
 $bf_enc_src='';
 if (!$no_asm)
-    {
-    if ($FLAVOR =~ "WIN32")
-        {
-        $aes_asm_obj='crypto\aes\asm\a_win32.obj';
-        $aes_asm_src='crypto\aes\asm\a_win32.asm';
-        $bn_asm_obj='crypto\bn\asm\bn_win32.obj crypto\bn\asm\mt_win32.obj';
-        $bn_asm_src='crypto\bn\asm\bn_win32.asm crypto\bn\asm\mt_win32.asm';
-        $bnco_asm_obj='crypto\bn\asm\co_win32.obj';
-        $bnco_asm_src='crypto\bn\asm\co_win32.asm';
-        $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
-        $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
-        $bf_enc_obj='crypto\bf\asm\b_win32.obj';
-        $bf_enc_src='crypto\bf\asm\b_win32.asm';
-        $cast_enc_obj='crypto\cast\asm\c_win32.obj';
-        $cast_enc_src='crypto\cast\asm\c_win32.asm';
-        $rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
-        $rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
-        $rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
-        $rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
-        $md5_asm_obj='crypto\md5\asm\m5_win32.obj';
-        $md5_asm_src='crypto\md5\asm\m5_win32.asm';
-        $sha1_asm_obj='crypto\sha\asm\s1_win32.obj crypto\sha\asm\sha512-sse2.obj';
-        $sha1_asm_src='crypto\sha\asm\s1_win32.asm crypto\sha\asm\sha512-sse2.asm';
-        $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
-        $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
-        $cpuid_asm_obj='crypto\cpu_win32.obj';
-        $cpuid_asm_src='crypto\cpu_win32.asm';
-        $cflags.=" -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
-        }
-    elsif ($FLAVOR =~ "WIN64A")
        {
-        $aes_asm_obj='$(OBJ_D)\aes-x86_64.obj';
+        win32_import_asm($mf_bn_asm, "bn", \$bn_asm_obj, \$bn_asm_src);
-        $aes_asm_src='crypto\aes\asm\aes-x86_64.asm';
+        win32_import_asm($mf_aes_asm, "aes", \$aes_asm_obj, \$aes_asm_src);
-        $bn_asm_obj='$(OBJ_D)\x86_64-mont.obj $(OBJ_D)\bn_asm.obj';
+        win32_import_asm($mf_des_asm, "des", \$des_enc_obj, \$des_enc_src);
-        $bn_asm_src='crypto\bn\asm\x86_64-mont.asm';
+        win32_import_asm($mf_bf_asm, "bf", \$bf_enc_obj, \$bf_enc_src);
-        $sha1_asm_obj='$(OBJ_D)\sha1-x86_64.obj $(OBJ_D)\sha256-x86_64.obj $(OBJ_D)\sha512-x86_64.obj';
+        win32_import_asm($mf_cast_asm, "cast", \$cast_enc_obj, \$cast_enc_src);
-        $sha1_asm_src='crypto\sha\asm\sha1-x86_64.asm crypto\sha\asm\sha256-x86_64.asm crypto\sha\asm\sha512-x86_64.asm';
+        win32_import_asm($mf_rc4_asm, "rc4", \$rc4_enc_obj, \$rc4_enc_src);
-        $cpuid_asm_obj='$(OBJ_D)\cpuid-x86_64.obj';
+        win32_import_asm($mf_rc5_asm, "rc5", \$rc5_enc_obj, \$rc5_enc_src);
-        $cpuid_asm_src='crypto\cpuid-x86_64.asm';
+        win32_import_asm($mf_md5_asm, "md5", \$md5_asm_obj, \$md5_asm_src);
-        $cflags.=" -DOPENSSL_CPUID_OBJ -DAES_ASM -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM";
+        win32_import_asm($mf_sha_asm, "sha", \$sha1_asm_obj, \$sha1_asm_src);
+        win32_import_asm($mf_rmd_asm, "ripemd", \$rmd160_asm_obj, \$rmd160_asm_src);
+        win32_import_asm($mf_wp_asm, "whrlpool", \$whirlpool_asm_obj, \$whirlpool_asm_src);
+        win32_import_asm($mf_cpuid_asm, "", \$cpuid_asm_obj, \$cpuid_asm_src);
+        $perl_asm = 1;
        }
-    }
 if ($shlib && $FLAVOR !~ /CE/)
        {
        $mlflags.=" $lflags /dll";
-#       $cflags =~ s| /MD| /MT|;
+        $lib_cflag.=" -D_WINDLL";
-        $lib_cflag=" -D_WINDLL";
-        $out_def="out32dll";
-        $tmp_def="tmp32dll";
        #
        # Engage Applink...
        #
@@ -267,8 +251,8 @@ $(INCO_D)\applink.c:	ms\applink.c
 EXHEADER= $(EXHEADER) $(INCO_D)\applink.c
 LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj
+CRYPTOOBJ=$(OBJ_D)\uplink.obj $(CRYPTOOBJ)
 ___
-$banner .= "CRYPTOOBJ=\$(OBJ_D)\\uplink.obj \$(CRYPTOOBJ)\n";
        $banner.=<<'___' if ($FLAVOR =~ /WIN64/);
 CRYPTOOBJ=ms\uptable.obj $(CRYPTOOBJ)
 ___
@@ -276,120 +260,35 @@ ___
 elsif ($shlib && $FLAVOR =~ /CE/)
        {
        $mlflags.=" $lflags /dll";
-        $lib_cflag=" -D_WINDLL -D_DLL";
+        $lflags.=' /entry:mainCRTstartup' if(defined($ENV{'PORTSDK_LIBPATH'}));
-        $out_def='out32dll_$(TARGETCPU)';
+        $lib_cflag.=" -D_WINDLL -D_DLL";
-        $tmp_def='tmp32dll_$(TARGETCPU)';
        }
-$cflags.=" /Fd$out_def";
 sub do_lib_rule
        {
-        my($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
+        local($objs,$target,$name,$shlib)=@_;
        local($ret);
        $taget =~ s/\//$o/g if $o ne '/';
-        my $base_arg;
+        if ($name ne "")
-        if ($base_addr ne "")
-                {
-                $base_arg= " /base:$base_addr";
-                }
-        else
-                {
-                $base_arg = "";
-                }
-        if ($target =~ /O_CRYPTO/ && $fipsdso)
-                {
-                $name = "/def:ms/libeayfips.def";
-                }
-        elsif ($name ne "")
                {
                $name =~ tr/a-z/A-Z/;
                $name = "/def:ms/${name}.def";
                }
 #       $target="\$(LIB_D)$o$target";
-#       $ret.="$target: $objs\n";
+        $ret.="$target: $objs\n";
        if (!$shlib)
                {
 #               $ret.="\t\$(RM) \$(O_$Name)\n";
-                $ex =' ';
+                $ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs\n<<\n";
-                $ret.="$target: $objs\n";
-                $ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs $ex\n<<\n";
                }
        else
                {
-                my $ex = "";            
+                local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)';
-                if ($target =~ /O_SSL/)
-                        {
-                        $ex .= " \$(L_CRYPTO)";
-                        #$ex .= " \$(L_FIPS)" if $fipsdso;
-                        }
-                my $fipstarget;
-                if ($fipsdso)
-                        {
-                        $fipstarget = "O_FIPS";
-                        }
-                else
-                        {
-                        $fipstarget = "O_CRYPTO";
-                        }
-                if ($name eq "")
-                        {
-                        $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);
-                        if ($target =~ /capi/)
-                                {
-                                $ex.=' crypt32.lib advapi32.lib';
-                                }
-                        }
-                elsif ($FLAVOR =~ /CE/)
-                        {
-                        $ex.=' winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib';
-                        }
-                else
-                        {
-                        $ex.=' unicows.lib' if ($FLAVOR =~ /NT/);
-                        $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
-                        $ex.=' crypt32.lib';
-                        $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);
-                        }
                $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
+                $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n  \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n";
-                if ($fips && $target =~ /$fipstarget/)
+                $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n";
-                        {
-                        $ex.= $mwex unless $fipscanisterbuild;
-                        $ret.="$target: $objs \$(PREMAIN_DSO_EXE)";
-                        if ($fipsdso)
-                                {
-                                $ex.=" \$(OBJ_D)\\\$(LIBFIPS).res";
-                                $ret.=" \$(OBJ_D)\\\$(LIBFIPS).res";
-                                $ret.=" ms/\$(LIBFIPS).def";
-                                }
-                        $ret.="\n\tSET FIPS_LINK=\$(LINK)\n";
-                        $ret.="\tSET FIPS_CC=\$(CC)\n";
-                        $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
-                        $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
-                        $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
-                        $ret.="\tSET FIPS_TARGET=$target\n";
-                        $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
-                        $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target ";
-                        $ret.="$name @<<\n  \$(SHLIB_EX_OBJ) $objs ";
-                        $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
-                        }
-                else
-                        {
-                        $ret.="$target: $objs";
-                        if ($target =~ /O_CRYPTO/ && $fipsdso)
-                                {
-                                $ret .= " \$(O_FIPS)";
-                                $ex .= " \$(L_FIPS)";
-                                }
-                        $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
-                        }
-        $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n";
                }
        $ret.="\n";
        return($ret);
@@ -397,64 +296,43 @@ sub do_lib_rule
 sub do_link_rule
        {
-        my($target,$files,$dep_libs,$libs,$standalone)=@_;
+        local($target,$files,$dep_libs,$libs)=@_;
        local($ret,$_);
+        
        $file =~ s/\//$o/g if $o ne '/';
        $n=&bname($targer);
        $ret.="$target: $files $dep_libs\n";
-        if ($standalone == 1)
+        $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
-                {
+        $ret.="  \$(APP_EX_OBJ) $files $libs\n<<\n";
-                $ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
+        $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n";
-                $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild);
+        return($ret);
-                $ret.="$files $libs\n<<\n";
+        }
-                }
-        elsif ($standalone == 2)
+sub win32_import_asm
+        {
+        my ($mf_var, $asm_name, $oref, $sref) = @_;
+        my $asm_dir;
+        if ($asm_name eq "")
                {
-                $ret.="\tSET FIPS_LINK=\$(LINK)\n";
+                $asm_dir = "crypto\\";
-                $ret.="\tSET FIPS_CC=\$(CC)\n";
-                $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
-                $ret.="\tSET PREMAIN_DSO_EXE=\n";
-                $ret.="\tSET FIPS_TARGET=$target\n";
-                $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
-                $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
-                $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n";
-                $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
                }
        else
                {
-                $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
+                $asm_dir = "crypto\\$asm_name\\asm\\";
-                $ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n";
                }
-        $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n";
-        return($ret);
-        }
-sub do_rlink_rule
+        $$oref = "";
-        {
+        $mf_var =~ s/\.o$/.obj/g;
-        local($target,$rl_start, $rl_mid, $rl_end,$dep_libs,$libs)=@_;
-        local($ret,$_);
-        my $files = "$rl_start $rl_mid $rl_end";
-        $file =~ s/\//$o/g if $o ne '/';
+        foreach (split(/ /, $mf_var))
-        $n=&bname($targer);
+                {
-        $ret.="$target: $files $dep_libs \$(FIPS_SHA1_EXE)\n";
+                $$oref .= $asm_dir . $_ . " ";
-        $ret.="\t\$(PERL) ms\\segrenam.pl \$\$a $rl_start\n";
+                }
-        $ret.="\t\$(PERL) ms\\segrenam.pl \$\$b $rl_mid\n";
+        $$oref =~ s/ $//;
-        $ret.="\t\$(PERL) ms\\segrenam.pl \$\$c $rl_end\n";
+        $$sref = $$oref;
-        $ret.="\t\$(MKLIB) $lfile$target @<<\n\t$files\n<<\n";
+        $$sref =~ s/\.obj/.asm/g;
-        $ret.="\t\$(FIPS_SHA1_EXE) $target > ${target}.sha1\n";
-        $ret.="\t\$(PERL) util${o}copy.pl -stripcr fips${o}fips_premain.c \$(LIB_D)${o}fips_premain.c\n";
-        $ret.="\t\$(CP) fips${o}fips_premain.c.sha1 \$(LIB_D)${o}fips_premain.c.sha1\n";
-        $ret.="\n";
-        return($ret);
-        }
-sub do_sdef_rule
-        {
-        my $ret = "ms/\$(LIBFIPS).def: \$(O_FIPSCANISTER)\n";
-        $ret.="\t\$(PERL) util/mksdef.pl \$(MLFLAGS) /out:dummy.dll /def:ms/libeay32.def @<<\n  \$(O_FIPSCANISTER)\n<<\n";
-        $ret.="\n";
-        return $ret;
        }
 1;
diff --git a/src/lib/libcrypto/util/pod2man.pl b/src/lib/libcrypto/util/pod2man.pl
index 546d1ec186..025d914f2e 100644
--- a/src/lib/libcrypto/util/pod2man.pl
+++ b/src/lib/libcrypto/util/pod2man.pl
@@ -425,7 +425,7 @@ if ($name ne 'something') {
            }
            next if /^=cut\b/;  # DB_File and Net::Ping have =cut before NAME
            next if /^=pod\b/;  # It is OK to have =pod before NAME
-            next if /^=for\s+comment\b/;  # It is OK to have =for comment before NAME
+            next if /^=(for|begin|end)\s+comment\b/;  # It is OK to have =for =begin or =end comment before NAME
            die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;
        }
        die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;
diff --git a/src/lib/libcrypto/util/point.sh b/src/lib/libcrypto/util/point.sh
index 4790e08f8a..da39899cb1 100644
--- a/src/lib/libcrypto/util/point.sh
+++ b/src/lib/libcrypto/util/point.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 rm -f "$2"
-if test "$OSTYPE" = msdosdjgpp; then
+if test "$OSTYPE" = msdosdjgpp || test "x$PLATFORM" = xmingw ; then
    cp "$1" "$2"
 else
    ln -s "$1" "$2"
diff --git a/src/lib/libcrypto/util/selftest.pl b/src/lib/libcrypto/util/selftest.pl
index 4778c5ab01..7b32e9f4ff 100644
--- a/src/lib/libcrypto/util/selftest.pl
+++ b/src/lib/libcrypto/util/selftest.pl
@@ -78,7 +78,7 @@ print OUT "\n";
 print "Checking compiler...\n";
 if (open(TEST,">cctest.c")) {
-    print TEST "#include <stdio.h>\n#include <errno.h>\nmain(){printf(\"Hello world\\n\");}\n";
+    print TEST "#include <stdio.h>\n#include <stdlib.h>\n#include <errno.h>\nmain(){printf(\"Hello world\\n\");}\n";
    close(TEST);
    system("$cc -o cctest cctest.c");
    if (`./cctest` !~ /Hello world/) {
@@ -96,7 +96,7 @@ if (open(TEST,">cctest.c")) {
    print OUT "Can't create cctest.c\n";
 }
 if (open(TEST,">cctest.c")) {
-    print TEST "#include <openssl/opensslv.h>\nmain(){printf(OPENSSL_VERSION_TEXT);}\n";
+    print TEST "#include <stdio.h>\n#include <stdlib.h>\n#include <openssl/opensslv.h>\nmain(){printf(OPENSSL_VERSION_TEXT);}\n";
    close(TEST);
    system("$cc -o cctest -Iinclude cctest.c");
    $cctest = `./cctest`;
diff --git a/src/lib/libcrypto/util/shlib_wrap.sh b/src/lib/libcrypto/util/shlib_wrap.sh
index a2f62d696f..9416d593d2 100755
--- a/src/lib/libcrypto/util/shlib_wrap.sh
+++ b/src/lib/libcrypto/util/shlib_wrap.sh
@@ -80,7 +80,7 @@ if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then
        # it into a script makes it possible to do so on multi-ABI
        # platforms.
        case "$SYSNAME" in
-        *BSD)   LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;;  # *BSD
+        *BSD|QNX)       LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;;  # *BSD, QNX
        *)      LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" ;;  # SunOS, Linux, ELF HP-UX
        esac
        _RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"      # Tru64, o32 IRIX
@@ -88,4 +88,6 @@ if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then
        export LD_PRELOAD _RLD_LIST DYLD_INSERT_LIBRARIES
 fi
-exec "$@"
+cmd="$1${EXE_EXT}"
+shift
+exec "$cmd" "$@"
diff --git a/src/lib/libcrypto/util/ssleay.num b/src/lib/libcrypto/util/ssleay.num
index 2055cc1597..15a58e7b13 100644
--- a/src/lib/libcrypto/util/ssleay.num
+++ b/src/lib/libcrypto/util/ssleay.num
@@ -98,9 +98,9 @@ SSLeay_add_ssl_algorithms               109	NOEXIST::FUNCTION:
 SSLv23_client_method                    110     EXIST::FUNCTION:RSA
 SSLv23_method                           111     EXIST::FUNCTION:RSA
 SSLv23_server_method                    112     EXIST::FUNCTION:RSA
-SSLv2_client_method                     113     EXIST::FUNCTION:RSA
+SSLv2_client_method                     113     EXIST::FUNCTION:RSA,SSL2
-SSLv2_method                            114     EXIST::FUNCTION:RSA
+SSLv2_method                            114     EXIST::FUNCTION:RSA,SSL2
-SSLv2_server_method                     115     EXIST::FUNCTION:RSA
+SSLv2_server_method                     115     EXIST::FUNCTION:RSA,SSL2
 SSLv3_client_method                     116     EXIST::FUNCTION:
 SSLv3_method                            117     EXIST::FUNCTION:
 SSLv3_server_method                     118     EXIST::FUNCTION:
@@ -117,8 +117,8 @@ SSL_CIPHER_get_bits                     128	EXIST::FUNCTION:
 SSL_CIPHER_get_version                  129     EXIST::FUNCTION:
 SSL_CIPHER_get_name                     130     EXIST::FUNCTION:
 BIO_ssl_shutdown                        131     EXIST::FUNCTION:BIO
-SSL_SESSION_cmp                         132     EXIST::FUNCTION:
+SSL_SESSION_cmp                         132     NOEXIST::FUNCTION:
-SSL_SESSION_hash                        133     EXIST::FUNCTION:
+SSL_SESSION_hash                        133     NOEXIST::FUNCTION:
 SSL_SESSION_get_time                    134     EXIST::FUNCTION:
 SSL_SESSION_set_time                    135     EXIST::FUNCTION:
 SSL_SESSION_get_timeout                 136     EXIST::FUNCTION:
@@ -242,3 +242,20 @@ SSL_set_SSL_CTX                         290	EXIST::FUNCTION:
 SSL_get_servername                      291     EXIST::FUNCTION:TLSEXT
 SSL_get_servername_type                 292     EXIST::FUNCTION:TLSEXT
 SSL_CTX_set_client_cert_engine          293     EXIST::FUNCTION:ENGINE
+SSL_CTX_use_psk_identity_hint           294     EXIST::FUNCTION:PSK
+SSL_CTX_set_psk_client_callback         295     EXIST::FUNCTION:PSK
+PEM_write_bio_SSL_SESSION               296     EXIST::FUNCTION:
+SSL_get_psk_identity_hint               297     EXIST::FUNCTION:PSK
+SSL_set_psk_server_callback             298     EXIST::FUNCTION:PSK
+SSL_use_psk_identity_hint               299     EXIST::FUNCTION:PSK
+SSL_set_psk_client_callback             300     EXIST::FUNCTION:PSK
+PEM_read_SSL_SESSION                    301     EXIST:!WIN16:FUNCTION:
+PEM_read_bio_SSL_SESSION                302     EXIST::FUNCTION:
+SSL_CTX_set_psk_server_callback         303     EXIST::FUNCTION:PSK
+SSL_get_psk_identity                    304     EXIST::FUNCTION:PSK
+PEM_write_SSL_SESSION                   305     EXIST:!WIN16:FUNCTION:
+SSL_set_session_ticket_ext              306     EXIST::FUNCTION:
+SSL_set_session_secret_cb               307     EXIST::FUNCTION:
+SSL_set_session_ticket_ext_cb           308     EXIST::FUNCTION:
+SSL_set1_param                          309     EXIST::FUNCTION:
+SSL_CTX_set1_param                      310     EXIST::FUNCTION:
diff --git a/src/lib/libcrypto/x509/Makefile b/src/lib/libcrypto/x509/Makefile
index 464752b159..72c82278f4 100644
--- a/src/lib/libcrypto/x509/Makefile
+++ b/src/lib/libcrypto/x509/Makefile
@@ -43,12 +43,12 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
 files:
-        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
 links:
        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@@ -89,37 +89,35 @@ by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 by_dir.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-by_dir.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-by_dir.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_dir.c
-by_dir.o: ../cryptlib.h by_dir.c
 by_file.o: ../../e_os.h ../../include/openssl/asn1.h
 by_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 by_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 by_file.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 by_file.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-by_file.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+by_file.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-by_file.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-by_file.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-by_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c
+by_file.o: ../cryptlib.h by_file.c
 x509_att.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_att.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_att.o: ../../include/openssl/opensslconf.h
 x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -132,9 +130,8 @@ x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_cmp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_cmp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_cmp.o: ../../include/openssl/opensslconf.h
 x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -146,22 +143,22 @@ x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_d2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_d2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_d2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c
+x509_d2.o: ../cryptlib.h x509_d2.c
 x509_def.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_def.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_def.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_def.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_def.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_def.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_def.o: ../../include/openssl/opensslconf.h
 x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -172,9 +169,8 @@ x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_err.o: ../../include/openssl/opensslconf.h
 x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -186,9 +182,8 @@ x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_ext.o: ../../include/openssl/opensslconf.h
 x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -201,22 +196,22 @@ x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_lu.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_lu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_lu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c
+x509_lu.o: ../cryptlib.h x509_lu.c
 x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_obj.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_obj.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_obj.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_obj.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_obj.o: ../../include/openssl/opensslconf.h
 x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -228,21 +223,20 @@ x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x509_r2x.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_r2x.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_r2x.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_r2x.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_r2x.o: ../../include/openssl/opensslconf.h
 x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_r2x.c
 x509_req.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_req.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+x509_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x509_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x509_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-x509_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_req.o: ../../include/openssl/opensslconf.h
 x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -256,9 +250,9 @@ x509_set.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_set.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_set.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_set.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_set.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_set.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_set.o: ../../include/openssl/opensslconf.h
 x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -270,9 +264,8 @@ x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_trs.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_trs.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_trs.o: ../../include/openssl/opensslconf.h
 x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -284,9 +277,9 @@ x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_txt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_txt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_txt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_txt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_txt.o: ../../include/openssl/opensslconf.h
 x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -298,23 +291,22 @@ x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_v3.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_v3.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_v3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c
+x509_v3.o: ../cryptlib.h x509_v3.c
 x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_vfy.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_vfy.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_vfy.o: ../../include/openssl/opensslconf.h
 x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -327,9 +319,8 @@ x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_vpm.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_vpm.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_vpm.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_vpm.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_vpm.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_vpm.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_vpm.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_vpm.o: ../../include/openssl/opensslconf.h
 x509_vpm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_vpm.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_vpm.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -341,9 +332,9 @@ x509cset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509cset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509cset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509cset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509cset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509cset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509cset.o: ../../include/openssl/opensslconf.h
 x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -354,9 +345,9 @@ x509name.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509name.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509name.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509name.o: ../../include/openssl/opensslconf.h
 x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -367,9 +358,9 @@ x509rset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509rset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509rset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509rset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509rset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509rset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509rset.o: ../../include/openssl/opensslconf.h
 x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -380,9 +371,9 @@ x509spki.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509spki.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509spki.o: ../../include/openssl/opensslconf.h
 x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -393,9 +384,9 @@ x509type.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509type.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509type.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509type.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509type.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509type.o: ../../include/openssl/opensslconf.h
 x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -406,12 +397,11 @@ x_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.c
-x_all.o: ../cryptlib.h x_all.c
diff --git a/src/lib/libcrypto/x509v3/Makefile b/src/lib/libcrypto/x509v3/Makefile
index e71dc42f9f..556ef351bf 100644
--- a/src/lib/libcrypto/x509v3/Makefile
+++ b/src/lib/libcrypto/x509v3/Makefile
@@ -43,7 +43,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -90,8 +90,8 @@ pcy_cache.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_cache.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_cache.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_cache.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_cache.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_cache.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_cache.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_cache.o: ../../include/openssl/objects.h
 pcy_cache.o: ../../include/openssl/opensslconf.h
 pcy_cache.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_cache.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -105,9 +105,8 @@ pcy_data.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_data.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_data.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_data.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_data.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_data.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_data.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_data.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pcy_data.o: ../../include/openssl/opensslconf.h
 pcy_data.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_data.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pcy_data.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -120,36 +119,35 @@ pcy_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pcy_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pcy_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pcy_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+pcy_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-pcy_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pcy_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pcy_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcy_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pcy_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pcy_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-pcy_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_lib.c
+pcy_lib.o: ../cryptlib.h pcy_int.h pcy_lib.c
 pcy_map.o: ../../e_os.h ../../include/openssl/asn1.h
 pcy_map.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pcy_map.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_map.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_map.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_map.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_map.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_map.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_map.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_map.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pcy_map.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pcy_map.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pcy_map.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+pcy_map.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-pcy_map.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pcy_map.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pcy_map.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcy_map.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pcy_map.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pcy_map.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-pcy_map.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_map.c
+pcy_map.o: ../cryptlib.h pcy_int.h pcy_map.c
 pcy_node.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pcy_node.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 pcy_node.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pcy_node.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pcy_node.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-pcy_node.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_node.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_node.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_node.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pcy_node.o: ../../include/openssl/opensslconf.h
 pcy_node.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_node.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pcy_node.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -162,9 +160,8 @@ pcy_tree.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_tree.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_tree.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_tree.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_tree.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_tree.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_tree.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_tree.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pcy_tree.o: ../../include/openssl/opensslconf.h
 pcy_tree.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_tree.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pcy_tree.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -177,39 +174,37 @@ v3_addr.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_addr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_addr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_addr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_addr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_addr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_addr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_addr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_addr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_addr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_addr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_addr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_addr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_addr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_addr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_addr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_addr.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_addr.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_addr.c
-v3_addr.o: ../cryptlib.h v3_addr.c
 v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_akey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_akey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_akey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_akey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_akey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c
-v3_akey.o: ../cryptlib.h v3_akey.c
 v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_akeya.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_akeya.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_akeya.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_akeya.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_akeya.o: ../../include/openssl/opensslconf.h
 v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -221,15 +216,14 @@ v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_alt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_alt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_alt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c
-v3_alt.o: ../cryptlib.h v3_alt.c
 v3_asid.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_asid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_asid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -237,23 +231,23 @@ v3_asid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_asid.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_asid.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_asid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_asid.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_asid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_asid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_asid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_asid.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_asid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_asid.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_asid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_asid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_asid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_asid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_asid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_asid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_asid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_asid.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_asid.c
+v3_asid.o: ../cryptlib.h v3_asid.c
 v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_bcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_bcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_bcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_bcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_bcons.o: ../../include/openssl/opensslconf.h
 v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -266,9 +260,8 @@ v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_bitst.o: ../../include/openssl/opensslconf.h
 v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -281,23 +274,23 @@ v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_conf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_conf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c
+v3_conf.o: ../cryptlib.h v3_conf.c
 v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_cpols.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_cpols.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_cpols.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_cpols.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_cpols.o: ../../include/openssl/opensslconf.h
 v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -310,38 +303,37 @@ v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_crld.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_crld.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_crld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_crld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_crld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c
-v3_crld.o: ../cryptlib.h v3_crld.c
 v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_enum.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_enum.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_enum.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c
+v3_enum.o: ../cryptlib.h v3_enum.c
 v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_extku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_extku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_extku.o: ../../include/openssl/opensslconf.h
 v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -354,81 +346,76 @@ v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_genn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_genn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_genn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_genn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_genn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c
-v3_genn.o: ../cryptlib.h v3_genn.c
 v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_ia5.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_ia5.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_ia5.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c
-v3_ia5.o: ../cryptlib.h v3_ia5.c
 v3_info.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_info.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c
-v3_info.o: ../cryptlib.h v3_info.c
 v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_int.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_int.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_int.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_int.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c
-v3_int.o: ../cryptlib.h v3_int.c
 v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c
-v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c
 v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_ncons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_ncons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_ncons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_ncons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_ncons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_ncons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_ncons.o: ../../include/openssl/opensslconf.h
 v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -441,52 +428,49 @@ v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_ocsp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_ocsp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-v3_ocsp.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_ocsp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_ocsp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c
-v3_ocsp.o: ../cryptlib.h v3_ocsp.c
 v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pci.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pci.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pci.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pci.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pci.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pci.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_pci.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_pci.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_pci.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_pci.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_pci.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c
-v3_pci.o: ../cryptlib.h v3_pci.c
 v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_pcia.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_pcia.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pcia.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pcia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pcia.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pcia.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_pcia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_pcia.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_pcia.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_pcia.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_pcia.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c
-v3_pcia.o: v3_pcia.c
 v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pcons.o: ../../include/openssl/opensslconf.h
 v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -499,24 +483,23 @@ v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_pku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c
-v3_pku.o: ../cryptlib.h v3_pku.c
 v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pmaps.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pmaps.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pmaps.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pmaps.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pmaps.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pmaps.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pmaps.o: ../../include/openssl/opensslconf.h
 v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -528,52 +511,51 @@ v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c
-v3_prn.o: ../cryptlib.h v3_prn.c
 v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_purp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_purp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_purp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_purp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_purp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c
+v3_purp.o: ../cryptlib.h v3_purp.c
 v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_skey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_skey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c
+v3_skey.o: ../cryptlib.h v3_skey.c
 v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_sxnet.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_sxnet.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_sxnet.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_sxnet.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_sxnet.o: ../../include/openssl/opensslconf.h
 v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -586,25 +568,24 @@ v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_utl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_utl.c
+v3_utl.o: ../cryptlib.h v3_utl.c
 v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3err.o: ../../include/openssl/x509v3.h v3err.c
-v3err.o: v3err.c
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES
index 04d332e338..b139cf6244 100644
--- a/src/lib/libssl/src/CHANGES
+++ b/src/lib/libssl/src/CHANGES
@@ -2,6 +2,1049 @@
 OpenSSL CHANGES
 _______________
+ Changes between 1.0.0 and 1.0.0a  [01 Jun 2010]
+  *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover 
+     (CVE-2010-1633)
+     [Steve Henson, Peter-Michael Hager <hager@dortmund.net>]
+ Changes between 0.9.8n and 1.0.0  [29 Mar 2010]
+  *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher
+     context. The operation can be customised via the ctrl mechanism in
+     case ENGINEs want to include additional functionality.
+     [Steve Henson]
+  *) Tolerate yet another broken PKCS#8 key format: private key value negative.
+     [Steve Henson]
+  *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to
+     output hashes compatible with older versions of OpenSSL.
+     [Willy Weisz <weisz@vcpc.univie.ac.at>]
+  *) Fix compression algorithm handling: if resuming a session use the
+     compression algorithm of the resumed session instead of determining
+     it from client hello again. Don't allow server to change algorithm.
+     [Steve Henson]
+  *) Add load_crls() function to apps tidying load_certs() too. Add option
+     to verify utility to allow additional CRLs to be included.
+     [Steve Henson]
+  *) Update OCSP request code to permit adding custom headers to the request:
+     some responders need this.
+     [Steve Henson]
+  *) The function EVP_PKEY_sign() returns <=0 on error: check return code
+     correctly.
+     [Julia Lawall <julia@diku.dk>]
+  *) Update verify callback code in apps/s_cb.c and apps/verify.c, it
+     needlessly dereferenced structures, used obsolete functions and
+     didn't handle all updated verify codes correctly.
+     [Steve Henson]
+  *) Disable MD2 in the default configuration.
+     [Steve Henson]
+  *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
+     indicate the initial BIO being pushed or popped. This makes it possible
+     to determine whether the BIO is the one explicitly called or as a result
+     of the ctrl being passed down the chain. Fix BIO_pop() and SSL BIOs so
+     it handles reference counts correctly and doesn't zero out the I/O bio
+     when it is not being explicitly popped. WARNING: applications which
+     included workarounds for the old buggy behaviour will need to be modified
+     or they could free up already freed BIOs.
+     [Steve Henson]
+  *) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni
+     renaming to all platforms (within the 0.9.8 branch, this was
+     done conditionally on Netware platforms to avoid a name clash).
+     [Guenter <lists@gknw.net>]
+  *) Add ECDHE and PSK support to DTLS.
+     [Michael Tuexen <tuexen@fh-muenster.de>]
+  *) Add CHECKED_STACK_OF macro to safestack.h, otherwise safestack can't
+     be used on C++.
+     [Steve Henson]
+  *) Add "missing" function EVP_MD_flags() (without this the only way to
+     retrieve a digest flags is by accessing the structure directly. Update
+     EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest
+     or cipher is registered as in the "from" argument. Print out all
+     registered digests in the dgst usage message instead of manually 
+     attempting to work them out.
+     [Steve Henson]
+  *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello:
+     this allows the use of compression and extensions. Change default cipher
+     string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
+     by default unless an application cipher string requests it.
+     [Steve Henson]
+  *) Alter match criteria in PKCS12_parse(). It used to try to use local
+     key ids to find matching certificates and keys but some PKCS#12 files
+     don't follow the (somewhat unwritten) rules and this strategy fails.
+     Now just gather all certificates together and the first private key
+     then look for the first certificate that matches the key.
+     [Steve Henson]
+  *) Support use of registered digest and cipher names for dgst and cipher
+     commands instead of having to add each one as a special case. So now
+     you can do:
+        openssl sha256 foo
+     as well as:
+        openssl dgst -sha256 foo
+     and this works for ENGINE based algorithms too.
+     [Steve Henson]
+  *) Update Gost ENGINE to support parameter files.
+     [Victor B. Wagner <vitus@cryptocom.ru>]
+  *) Support GeneralizedTime in ca utility. 
+     [Oliver Martin <oliver@volatilevoid.net>, Steve Henson]
+  *) Enhance the hash format used for certificate directory links. The new
+     form uses the canonical encoding (meaning equivalent names will work
+     even if they aren't identical) and uses SHA1 instead of MD5. This form
+     is incompatible with the older format and as a result c_rehash should
+     be used to rebuild symbolic links.
+     [Steve Henson]
+  *) Make PKCS#8 the default write format for private keys, replacing the
+     traditional format. This form is standardised, more secure and doesn't
+     include an implicit MD5 dependency.
+     [Steve Henson]
+  *) Add a $gcc_devteam_warn option to Configure. The idea is that any code
+     committed to OpenSSL should pass this lot as a minimum.
+     [Steve Henson]
+  *) Add session ticket override functionality for use by EAP-FAST.
+     [Jouni Malinen <j@w1.fi>]
+  *) Modify HMAC functions to return a value. Since these can be implemented
+     in an ENGINE errors can occur.
+     [Steve Henson]
+  *) Type-checked OBJ_bsearch_ex.
+     [Ben Laurie]
+  *) Type-checked OBJ_bsearch. Also some constification necessitated
+     by type-checking.  Still to come: TXT_DB, bsearch(?),
+     OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING,
+     CONF_VALUE.
+     [Ben Laurie]
+  *) New function OPENSSL_gmtime_adj() to add a specific number of days and
+     seconds to a tm structure directly, instead of going through OS
+     specific date routines. This avoids any issues with OS routines such
+     as the year 2038 bug. New *_adj() functions for ASN1 time structures
+     and X509_time_adj_ex() to cover the extended range. The existing
+     X509_time_adj() is still usable and will no longer have any date issues.
+     [Steve Henson]
+  *) Delta CRL support. New use deltas option which will attempt to locate
+     and search any appropriate delta CRLs available.
+     This work was sponsored by Google.
+     [Steve Henson]
+  *) Support for CRLs partitioned by reason code. Reorganise CRL processing
+     code and add additional score elements. Validate alternate CRL paths
+     as part of the CRL checking and indicate a new error "CRL path validation
+     error" in this case. Applications wanting additional details can use
+     the verify callback and check the new "parent" field. If this is not
+     NULL CRL path validation is taking place. Existing applications wont
+     see this because it requires extended CRL support which is off by
+     default.
+     This work was sponsored by Google.
+     [Steve Henson]
+  *) Support for freshest CRL extension.
+     This work was sponsored by Google.
+     [Steve Henson]
+  *) Initial indirect CRL support. Currently only supported in the CRLs
+     passed directly and not via lookup. Process certificate issuer
+     CRL entry extension and lookup CRL entries by bother issuer name
+     and serial number. Check and process CRL issuer entry in IDP extension.
+     This work was sponsored by Google.
+     [Steve Henson]
+  *) Add support for distinct certificate and CRL paths. The CRL issuer
+     certificate is validated separately in this case. Only enabled if
+     an extended CRL support flag is set: this flag will enable additional
+     CRL functionality in future.
+     This work was sponsored by Google.
+     [Steve Henson]
+  *) Add support for policy mappings extension.
+     This work was sponsored by Google.
+     [Steve Henson]
+  *) Fixes to pathlength constraint, self issued certificate handling,
+     policy processing to align with RFC3280 and PKITS tests.
+     This work was sponsored by Google.
+     [Steve Henson]
+  *) Support for name constraints certificate extension. DN, email, DNS
+     and URI types are currently supported.
+     This work was sponsored by Google.
+     [Steve Henson]
+  *) To cater for systems that provide a pointer-based thread ID rather
+     than numeric, deprecate the current numeric thread ID mechanism and
+     replace it with a structure and associated callback type. This
+     mechanism allows a numeric "hash" to be extracted from a thread ID in
+     either case, and on platforms where pointers are larger than 'long',
+     mixing is done to help ensure the numeric 'hash' is usable even if it
+     can't be guaranteed unique. The default mechanism is to use "&errno"
+     as a pointer-based thread ID to distinguish between threads.
+     Applications that want to provide their own thread IDs should now use
+     CRYPTO_THREADID_set_callback() to register a callback that will call
+     either CRYPTO_THREADID_set_numeric() or CRYPTO_THREADID_set_pointer().
+     Note that ERR_remove_state() is now deprecated, because it is tied
+     to the assumption that thread IDs are numeric.  ERR_remove_state(0)
+     to free the current thread's error state should be replaced by
+     ERR_remove_thread_state(NULL).
+     (This new approach replaces the functions CRYPTO_set_idptr_callback(),
+     CRYPTO_get_idptr_callback(), and CRYPTO_thread_idptr() that existed in
+     OpenSSL 0.9.9-dev between June 2006 and August 2008. Also, if an
+     application was previously providing a numeric thread callback that
+     was inappropriate for distinguishing threads, then uniqueness might
+     have been obtained with &errno that happened immediately in the
+     intermediate development versions of OpenSSL; this is no longer the
+     case, the numeric thread callback will now override the automatic use
+     of &errno.)
+     [Geoff Thorpe, with help from Bodo Moeller]
+  *) Initial support for different CRL issuing certificates. This covers a
+     simple case where the self issued certificates in the chain exist and
+     the real CRL issuer is higher in the existing chain.
+     This work was sponsored by Google.
+     [Steve Henson]
+  *) Removed effectively defunct crypto/store from the build.
+     [Ben Laurie]
+  *) Revamp of STACK to provide stronger type-checking. Still to come:
+     TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE,
+     ASN1_STRING, CONF_VALUE.
+     [Ben Laurie]
+  *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
+     RAM on SSL connections.  This option can save about 34k per idle SSL.
+     [Nick Mathewson]
+  *) Revamp of LHASH to provide stronger type-checking. Still to come:
+     STACK, TXT_DB, bsearch, qsort.
+     [Ben Laurie]
+  *) Initial support for Cryptographic Message Syntax (aka CMS) based
+     on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
+     support for data, signedData, compressedData, digestedData and
+     encryptedData, envelopedData types included. Scripts to check against
+     RFC4134 examples draft and interop and consistency checks of many
+     content types and variants.
+     [Steve Henson]
+  *) Add options to enc utility to support use of zlib compression BIO.
+     [Steve Henson]
+  *) Extend mk1mf to support importing of options and assembly language
+     files from Configure script, currently only included in VC-WIN32.
+     The assembly language rules can now optionally generate the source
+     files from the associated perl scripts.
+     [Steve Henson]
+  *) Implement remaining functionality needed to support GOST ciphersuites.
+     Interop testing has been performed using CryptoPro implementations.
+     [Victor B. Wagner <vitus@cryptocom.ru>]
+  *) s390x assembler pack.
+     [Andy Polyakov]
+  *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU
+     "family."
+     [Andy Polyakov]
+  *) Implement Opaque PRF Input TLS extension as specified in
+     draft-rescorla-tls-opaque-prf-input-00.txt.  Since this is not an
+     official specification yet and no extension type assignment by
+     IANA exists, this extension (for now) will have to be explicitly
+     enabled when building OpenSSL by providing the extension number
+     to use.  For example, specify an option
+         -DTLSEXT_TYPE_opaque_prf_input=0x9527
+     to the "config" or "Configure" script to enable the extension,
+     assuming extension number 0x9527 (which is a completely arbitrary
+     and unofficial assignment based on the MD5 hash of the Internet
+     Draft).  Note that by doing so, you potentially lose
+     interoperability with other TLS implementations since these might
+     be using the same extension number for other purposes.
+     SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the
+     opaque PRF input value to use in the handshake.  This will create
+     an interal copy of the length-'len' string at 'src', and will
+     return non-zero for success.
+     To get more control and flexibility, provide a callback function
+     by using
+          SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb)
+          SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg)
+     where
+          int (*cb)(SSL *, void *peerinput, size_t len, void *arg);
+          void *arg;
+     Callback function 'cb' will be called in handshakes, and is
+     expected to use SSL_set_tlsext_opaque_prf_input() as appropriate.
+     Argument 'arg' is for application purposes (the value as given to
+     SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly
+     be provided to the callback function).  The callback function
+     has to return non-zero to report success: usually 1 to use opaque
+     PRF input just if possible, or 2 to enforce use of the opaque PRF
+     input.  In the latter case, the library will abort the handshake
+     if opaque PRF input is not successfully negotiated.
+     Arguments 'peerinput' and 'len' given to the callback function
+     will always be NULL and 0 in the case of a client.  A server will
+     see the client's opaque PRF input through these variables if
+     available (NULL and 0 otherwise).  Note that if the server
+     provides an opaque PRF input, the length must be the same as the
+     length of the client's opaque PRF input.
+     Note that the callback function will only be called when creating
+     a new session (session resumption can resume whatever was
+     previously negotiated), and will not be called in SSL 2.0
+     handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or
+     SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended
+     for applications that need to enforce opaque PRF input.
+     [Bodo Moeller]
+  *) Update ssl code to support digests other than SHA1+MD5 for handshake
+     MAC. 
+     [Victor B. Wagner <vitus@cryptocom.ru>]
+  *) Add RFC4507 support to OpenSSL. This includes the corrections in
+     RFC4507bis. The encrypted ticket format is an encrypted encoded
+     SSL_SESSION structure, that way new session features are automatically
+     supported.
+     If a client application caches session in an SSL_SESSION structure
+     support is transparent because tickets are now stored in the encoded
+     SSL_SESSION.
+     
+     The SSL_CTX structure automatically generates keys for ticket
+     protection in servers so again support should be possible
+     with no application modification.
+     If a client or server wishes to disable RFC4507 support then the option
+     SSL_OP_NO_TICKET can be set.
+     Add a TLS extension debugging callback to allow the contents of any client
+     or server extensions to be examined.
+     This work was sponsored by Google.
+     [Steve Henson]
+  *) Final changes to avoid use of pointer pointer casts in OpenSSL.
+     OpenSSL should now compile cleanly on gcc 4.2
+     [Peter Hartley <pdh@utter.chaos.org.uk>, Steve Henson]
+  *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC
+     support including streaming MAC support: this is required for GOST
+     ciphersuite support.
+     [Victor B. Wagner <vitus@cryptocom.ru>, Steve Henson]
+  *) Add option -stream to use PKCS#7 streaming in smime utility. New
+     function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
+     to output in BER and PEM format.
+     [Steve Henson]
+  *) Experimental support for use of HMAC via EVP_PKEY interface. This
+     allows HMAC to be handled via the EVP_DigestSign*() interface. The
+     EVP_PKEY "key" in this case is the HMAC key, potentially allowing
+     ENGINE support for HMAC keys which are unextractable. New -mac and
+     -macopt options to dgst utility.
+     [Steve Henson]
+  *) New option -sigopt to dgst utility. Update dgst to use
+     EVP_Digest{Sign,Verify}*. These two changes make it possible to use
+     alternative signing paramaters such as X9.31 or PSS in the dgst 
+     utility.
+     [Steve Henson]
+  *) Change ssl_cipher_apply_rule(), the internal function that does
+     the work each time a ciphersuite string requests enabling
+     ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or
+     removing ("!foo+bar") a class of ciphersuites: Now it maintains
+     the order of disabled ciphersuites such that those ciphersuites
+     that most recently went from enabled to disabled not only stay
+     in order with respect to each other, but also have higher priority
+     than other disabled ciphersuites the next time ciphersuites are
+     enabled again.
+     This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable
+     the same ciphersuites as with "HIGH" alone, but in a specific
+     order where the PSK ciphersuites come first (since they are the
+     most recently disabled ciphersuites when "HIGH" is parsed).
+     Also, change ssl_create_cipher_list() (using this new
+     funcionality) such that between otherwise identical
+     cihpersuites, ephemeral ECDH is preferred over ephemeral DH in
+     the default order.
+     [Bodo Moeller]
+  *) Change ssl_create_cipher_list() so that it automatically
+     arranges the ciphersuites in reasonable order before starting
+     to process the rule string.  Thus, the definition for "DEFAULT"
+     (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but
+     remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH".
+     This makes it much easier to arrive at a reasonable default order
+     in applications for which anonymous ciphers are OK (meaning
+     that you can't actually use DEFAULT).
+     [Bodo Moeller; suggested by Victor Duchovni]
+  *) Split the SSL/TLS algorithm mask (as used for ciphersuite string
+     processing) into multiple integers instead of setting
+     "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK",
+     "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer.
+     (These masks as well as the individual bit definitions are hidden
+     away into the non-exported interface ssl/ssl_locl.h, so this
+     change to the definition of the SSL_CIPHER structure shouldn't
+     affect applications.)  This give us more bits for each of these
+     categories, so there is no longer a need to coagulate AES128 and
+     AES256 into a single algorithm bit, and to coagulate Camellia128
+     and Camellia256 into a single algorithm bit, which has led to all
+     kinds of kludges.
+     Thus, among other things, the kludge introduced in 0.9.7m and
+     0.9.8e for masking out AES256 independently of AES128 or masking
+     out Camellia256 independently of AES256 is not needed here in 0.9.9.
+     With the change, we also introduce new ciphersuite aliases that
+     so far were missing: "AES128", "AES256", "CAMELLIA128", and
+     "CAMELLIA256".
+     [Bodo Moeller]
+  *) Add support for dsa-with-SHA224 and dsa-with-SHA256.
+     Use the leftmost N bytes of the signature input if the input is
+     larger than the prime q (with N being the size in bytes of q).
+     [Nils Larsch]
+  *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses
+     it yet and it is largely untested.
+     [Steve Henson]
+  *) Add support for the ecdsa-with-SHA224/256/384/512 signature types.
+     [Nils Larsch]
+  *) Initial incomplete changes to avoid need for function casts in OpenSSL
+     some compilers (gcc 4.2 and later) reject their use. Safestack is
+     reimplemented.  Update ASN1 to avoid use of legacy functions. 
+     [Steve Henson]
+  *) Win32/64 targets are linked with Winsock2.
+     [Andy Polyakov]
+  *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected
+     to external functions. This can be used to increase CRL handling 
+     efficiency especially when CRLs are very large by (for example) storing
+     the CRL revoked certificates in a database.
+     [Steve Henson]
+  *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so
+     new CRLs added to a directory can be used. New command line option
+     -verify_return_error to s_client and s_server. This causes real errors
+     to be returned by the verify callback instead of carrying on no matter
+     what. This reflects the way a "real world" verify callback would behave.
+     [Steve Henson]
+  *) GOST engine, supporting several GOST algorithms and public key formats.
+     Kindly donated by Cryptocom.
+     [Cryptocom]
+  *) Partial support for Issuing Distribution Point CRL extension. CRLs
+     partitioned by DP are handled but no indirect CRL or reason partitioning
+     (yet). Complete overhaul of CRL handling: now the most suitable CRL is
+     selected via a scoring technique which handles IDP and AKID in CRLs.
+     [Steve Henson]
+  *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which
+     will ultimately be used for all verify operations: this will remove the
+     X509_STORE dependency on certificate verification and allow alternative
+     lookup methods.  X509_STORE based implementations of these two callbacks.
+     [Steve Henson]
+  *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names.
+     Modify get_crl() to find a valid (unexpired) CRL if possible.
+     [Steve Henson]
+  *) New function X509_CRL_match() to check if two CRLs are identical. Normally
+     this would be called X509_CRL_cmp() but that name is already used by
+     a function that just compares CRL issuer names. Cache several CRL 
+     extensions in X509_CRL structure and cache CRLDP in X509.
+     [Steve Henson]
+  *) Store a "canonical" representation of X509_NAME structure (ASN1 Name)
+     this maps equivalent X509_NAME structures into a consistent structure.
+     Name comparison can then be performed rapidly using memcmp().
+     [Steve Henson]
+  *) Non-blocking OCSP request processing. Add -timeout option to ocsp 
+     utility.
+     [Steve Henson]
+  *) Allow digests to supply their own micalg string for S/MIME type using
+     the ctrl EVP_MD_CTRL_MICALG.
+     [Steve Henson]
+  *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the
+     EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN
+     ctrl. It can then customise the structure before and/or after signing
+     if necessary.
+     [Steve Henson]
+  *) New function OBJ_add_sigid() to allow application defined signature OIDs
+     to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
+     to free up any added signature OIDs.
+     [Steve Henson]
+  *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
+     EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
+     digest and cipher tables. New options added to openssl utility:
+     list-message-digest-algorithms and list-cipher-algorithms.
+     [Steve Henson]
+  *) Change the array representation of binary polynomials: the list
+     of degrees of non-zero coefficients is now terminated with -1.
+     Previously it was terminated with 0, which was also part of the
+     value; thus, the array representation was not applicable to
+     polynomials where t^0 has coefficient zero.  This change makes
+     the array representation useful in a more general context.
+     [Douglas Stebila]
+  *) Various modifications and fixes to SSL/TLS cipher string
+     handling.  For ECC, the code now distinguishes between fixed ECDH
+     with RSA certificates on the one hand and with ECDSA certificates
+     on the other hand, since these are separate ciphersuites.  The
+     unused code for Fortezza ciphersuites has been removed.
+     For consistency with EDH, ephemeral ECDH is now called "EECDH"
+     (not "ECDHE").  For consistency with the code for DH
+     certificates, use of ECDH certificates is now considered ECDH
+     authentication, not RSA or ECDSA authentication (the latter is
+     merely the CA's signing algorithm and not actively used in the
+     protocol).
+     The temporary ciphersuite alias "ECCdraft" is no longer
+     available, and ECC ciphersuites are no longer excluded from "ALL"
+     and "DEFAULT".  The following aliases now exist for RFC 4492
+     ciphersuites, most of these by analogy with the DH case:
+         kECDHr   - ECDH cert, signed with RSA
+         kECDHe   - ECDH cert, signed with ECDSA
+         kECDH    - ECDH cert (signed with either RSA or ECDSA)
+         kEECDH   - ephemeral ECDH
+         ECDH     - ECDH cert or ephemeral ECDH
+         aECDH    - ECDH cert
+         aECDSA   - ECDSA cert
+         ECDSA    - ECDSA cert
+         AECDH    - anonymous ECDH
+         EECDH    - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")
+     [Bodo Moeller]
+  *) Add additional S/MIME capabilities for AES and GOST ciphers if supported.
+     Use correct micalg parameters depending on digest(s) in signed message.
+     [Steve Henson]
+  *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process
+     an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code.
+     [Steve Henson]
+  *) Initial engine support for EVP_PKEY_METHOD. New functions to permit
+     an engine to register a method. Add ENGINE lookups for methods and
+     functional reference processing.
+     [Steve Henson]
+  *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of
+     EVP_{Sign,Verify}* which allow an application to customise the signature
+     process.
+     [Steve Henson]
+  *) New -resign option to smime utility. This adds one or more signers
+     to an existing PKCS#7 signedData structure. Also -md option to use an
+     alternative message digest algorithm for signing.
+     [Steve Henson]
+  *) Tidy up PKCS#7 routines and add new functions to make it easier to
+     create PKCS7 structures containing multiple signers. Update smime
+     application to support multiple signers.
+     [Steve Henson]
+  *) New -macalg option to pkcs12 utility to allow setting of an alternative
+     digest MAC.
+     [Steve Henson]
+  *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC.
+     Reorganize PBE internals to lookup from a static table using NIDs,
+     add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl:
+     EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative
+     PRF which will be automatically used with PBES2.
+     [Steve Henson]
+  *) Replace the algorithm specific calls to generate keys in "req" with the
+     new API.
+     [Steve Henson]
+  *) Update PKCS#7 enveloped data routines to use new API. This is now
+     supported by any public key method supporting the encrypt operation. A
+     ctrl is added to allow the public key algorithm to examine or modify
+     the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
+     a no op.
+     [Steve Henson]
+  *) Add a ctrl to asn1 method to allow a public key algorithm to express
+     a default digest type to use. In most cases this will be SHA1 but some
+     algorithms (such as GOST) need to specify an alternative digest. The
+     return value indicates how strong the prefernce is 1 means optional and
+     2 is mandatory (that is it is the only supported type). Modify
+     ASN1_item_sign() to accept a NULL digest argument to indicate it should
+     use the default md. Update openssl utilities to use the default digest
+     type for signing if it is not explicitly indicated.
+     [Steve Henson]
+  *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New 
+     EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant
+     signing method from the key type. This effectively removes the link
+     between digests and public key types.
+     [Steve Henson]
+  *) Add an OID cross reference table and utility functions. Its purpose is to
+     translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
+     rsaEncryption. This will allow some of the algorithm specific hackery
+     needed to use the correct OID to be removed. 
+     [Steve Henson]
+  *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
+     structures for PKCS7_sign(). They are now set up by the relevant public
+     key ASN1 method.
+     [Steve Henson]
+  *) Add provisional EC pkey method with support for ECDSA and ECDH.
+     [Steve Henson]
+  *) Add support for key derivation (agreement) in the API, DH method and
+     pkeyutl.
+     [Steve Henson]
+  *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
+     public and private key formats. As a side effect these add additional 
+     command line functionality not previously available: DSA signatures can be
+     generated and verified using pkeyutl and DH key support and generation in
+     pkey, genpkey.
+     [Steve Henson]
+  *) BeOS support.
+     [Oliver Tappe <zooey@hirschkaefer.de>]
+  *) New make target "install_html_docs" installs HTML renditions of the
+     manual pages.
+     [Oliver Tappe <zooey@hirschkaefer.de>]
+  *) New utility "genpkey" this is analagous to "genrsa" etc except it can
+     generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
+     support key and parameter generation and add initial key generation
+     functionality for RSA.
+     [Steve Henson]
+  *) Add functions for main EVP_PKEY_method operations. The undocumented
+     functions EVP_PKEY_{encrypt,decrypt} have been renamed to
+     EVP_PKEY_{encrypt,decrypt}_old. 
+     [Steve Henson]
+  *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
+     key API, doesn't do much yet.
+     [Steve Henson]
+  *) New function EVP_PKEY_asn1_get0_info() to retrieve information about
+     public key algorithms. New option to openssl utility:
+     "list-public-key-algorithms" to print out info.
+     [Steve Henson]
+  *) Implement the Supported Elliptic Curves Extension for
+     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
+     [Douglas Stebila]
+  *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
+     EVP_CIPHER structures to avoid later problems in EVP_cleanup().
+     [Steve Henson]
+  *) New utilities pkey and pkeyparam. These are similar to algorithm specific
+     utilities such as rsa, dsa, dsaparam etc except they process any key
+     type.
+     [Steve Henson]
+  *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New 
+     functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
+     EVP_PKEY_print_param() to print public key data from an EVP_PKEY
+     structure.
+     [Steve Henson]
+  *) Initial support for pluggable public key ASN1.
+     De-spaghettify the public key ASN1 handling. Move public and private
+     key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
+     algorithm specific handling to a single module within the relevant
+     algorithm directory. Add functions to allow (near) opaque processing
+     of public and private key structures.
+     [Steve Henson]
+  *) Implement the Supported Point Formats Extension for
+     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
+     [Douglas Stebila]
+  *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
+     for the psk identity [hint] and the psk callback functions to the
+     SSL_SESSION, SSL and SSL_CTX structure.
+     
+     New ciphersuites:
+         PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
+         PSK-AES256-CBC-SHA
+ 
+     New functions:
+         SSL_CTX_use_psk_identity_hint
+         SSL_get_psk_identity_hint
+         SSL_get_psk_identity
+         SSL_use_psk_identity_hint
+     [Mika Kousa and Pasi Eronen of Nokia Corporation]
+  *) Add RFC 3161 compliant time stamp request creation, response generation
+     and response verification functionality.
+     [Zolt�n Gl�zik <zglozik@opentsa.org>, The OpenTSA Project]
+  *) Add initial support for TLS extensions, specifically for the server_name
+     extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
+     have new members for a host name.  The SSL data structure has an
+     additional member SSL_CTX *initial_ctx so that new sessions can be
+     stored in that context to allow for session resumption, even after the
+     SSL has been switched to a new SSL_CTX in reaction to a client's
+     server_name extension.
+     New functions (subject to change):
+         SSL_get_servername()
+         SSL_get_servername_type()
+         SSL_set_SSL_CTX()
+     New CTRL codes and macros (subject to change):
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+                                 - SSL_CTX_set_tlsext_servername_callback()
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
+                                      - SSL_CTX_set_tlsext_servername_arg()
+         SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_host_name()
+     openssl s_client has a new '-servername ...' option.
+     openssl s_server has new options '-servername_host ...', '-cert2 ...',
+     '-key2 ...', '-servername_fatal' (subject to change).  This allows
+     testing the HostName extension for a specific single host name ('-cert'
+     and '-key' remain fallbacks for handshakes without HostName
+     negotiation).  If the unrecogninzed_name alert has to be sent, this by
+     default is a warning; it becomes fatal with the '-servername_fatal'
+     option.
+     [Peter Sylvester,  Remy Allais, Christophe Renou]
+  *) Whirlpool hash implementation is added.
+     [Andy Polyakov]
+  *) BIGNUM code on 64-bit SPARCv9 targets is switched from bn(64,64) to
+     bn(64,32). Because of instruction set limitations it doesn't have
+     any negative impact on performance. This was done mostly in order
+     to make it possible to share assembler modules, such as bn_mul_mont
+     implementations, between 32- and 64-bit builds without hassle.
+     [Andy Polyakov]
+  *) Move code previously exiled into file crypto/ec/ec2_smpt.c
+     to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP
+     macro.
+     [Bodo Moeller]
+  *) New candidate for BIGNUM assembler implementation, bn_mul_mont,
+     dedicated Montgomery multiplication procedure, is introduced.
+     BN_MONT_CTX is modified to allow bn_mul_mont to reach for higher
+     "64-bit" performance on certain 32-bit targets.
+     [Andy Polyakov]
+  *) New option SSL_OP_NO_COMP to disable use of compression selectively
+     in SSL structures. New SSL ctrl to set maximum send fragment size. 
+     Save memory by seeting the I/O buffer sizes dynamically instead of
+     using the maximum available value.
+     [Steve Henson]
+  *) New option -V for 'openssl ciphers'. This prints the ciphersuite code
+     in addition to the text details.
+     [Bodo Moeller]
+  *) Very, very preliminary EXPERIMENTAL support for printing of general
+     ASN1 structures. This currently produces rather ugly output and doesn't
+     handle several customised structures at all.
+     [Steve Henson]
+  *) Integrated support for PVK file format and some related formats such
+     as MS PUBLICKEYBLOB and PRIVATEKEYBLOB. Command line switches to support
+     these in the 'rsa' and 'dsa' utilities.
+     [Steve Henson]
+  *) Support for PKCS#1 RSAPublicKey format on rsa utility command line.
+     [Steve Henson]
+  *) Remove the ancient ASN1_METHOD code. This was only ever used in one
+     place for the (very old) "NETSCAPE" format certificates which are now
+     handled using new ASN1 code equivalents.
+     [Steve Henson]
+  *) Let the TLSv1_method() etc. functions return a 'const' SSL_METHOD
+     pointer and make the SSL_METHOD parameter in SSL_CTX_new,
+     SSL_CTX_set_ssl_version and SSL_set_ssl_method 'const'.
+     [Nils Larsch]
+  *) Modify CRL distribution points extension code to print out previously
+     unsupported fields. Enhance extension setting code to allow setting of
+     all fields.
+     [Steve Henson]
+  *) Add print and set support for Issuing Distribution Point CRL extension.
+     [Steve Henson]
+  *) Change 'Configure' script to enable Camellia by default.
+     [NTT]
+  
+ Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
+  *) Correct a typo in the CMS ASN1 module which can result in invalid memory
+     access or freeing data twice (CVE-2010-0742)
+     [Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
+  *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
+     common in certificates and some applications which only call
+     SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
+     [Steve Henson]
+ Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
+  *) When rejecting SSL/TLS records due to an incorrect version number, never
+     update s->server with a new major version number.  As of
+     - OpenSSL 0.9.8m if 'short' is a 16-bit type,
+     - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
+     the previous behavior could result in a read attempt at NULL when
+     receiving specific incorrect SSL/TLS records once record payload
+     protection is active.  (CVE-2010-####)
+     [Bodo Moeller, Adam Langley]
+  *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 
+     could be crashed if the relevant tables were not present (e.g. chrooted).
+     [Tomas Hoger <thoger@redhat.com>]
+ Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
+  *) Always check bn_wexpend() return values for failure.  (CVE-2009-3245)
+     [Martin Olsson, Neel Mehta]
+  *) Fix X509_STORE locking: Every 'objs' access requires a lock (to
+     accommodate for stack sorting, always a write lock!).
+     [Bodo Moeller]
+  *) On some versions of WIN32 Heap32Next is very slow. This can cause
+     excessive delays in the RAND_poll(): over a minute. As a workaround
+     include a time check in the inner Heap32Next loop too.
+     [Steve Henson]
+  *) The code that handled flushing of data in SSL/TLS originally used the
+     BIO_CTRL_INFO ctrl to see if any data was pending first. This caused
+     the problem outlined in PR#1949. The fix suggested there however can
+     trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions
+     of Apache). So instead simplify the code to flush unconditionally.
+     This should be fine since flushing with no data to flush is a no op.
+     [Steve Henson]
+  *) Handle TLS versions 2.0 and later properly and correctly use the
+     highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
+     off ancient servers have a habit of sticking around for a while...
+     [Steve Henson]
+  *) Modify compression code so it frees up structures without using the
+     ex_data callbacks. This works around a problem where some applications
+     call CRYPTO_cleanup_all_ex_data() before application exit (e.g. when
+     restarting) then use compression (e.g. SSL with compression) later.
+     This results in significant per-connection memory leaks and
+     has caused some security issues including CVE-2008-1678 and
+     CVE-2009-4355.
+     [Steve Henson]
+  *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
+     change when encrypting or decrypting.
+     [Bodo Moeller]
+  *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
+     connect and renegotiate with servers which do not support RI.
+     Until RI is more widely deployed this option is enabled by default.
+     [Steve Henson]
+  *) Add "missing" ssl ctrls to clear options and mode.
+     [Steve Henson]
+  *) If client attempts to renegotiate and doesn't support RI respond with
+     a no_renegotiation alert as required by RFC5746.  Some renegotiating
+     TLS clients will continue a connection gracefully when they receive
+     the alert. Unfortunately OpenSSL mishandled this alert and would hang
+     waiting for a server hello which it will never receive. Now we treat a
+     received no_renegotiation alert as a fatal error. This is because
+     applications requesting a renegotiation might well expect it to succeed
+     and would have no code in place to handle the server denying it so the
+     only safe thing to do is to terminate the connection.
+     [Steve Henson]
+  *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if
+     peer supports secure renegotiation and 0 otherwise. Print out peer
+     renegotiation support in s_client/s_server.
+     [Steve Henson]
+  *) Replace the highly broken and deprecated SPKAC certification method with
+     the updated NID creation version. This should correctly handle UTF8.
+     [Steve Henson]
+  *) Implement RFC5746. Re-enable renegotiation but require the extension
+     as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+     turns out to be a bad idea. It has been replaced by
+     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
+     SSL_CTX_set_options(). This is really not recommended unless you
+     know what you are doing.
+     [Eric Rescorla <ekr@networkresonance.com>, Ben Laurie, Steve Henson]
+  *) Fixes to stateless session resumption handling. Use initial_ctx when
+     issuing and attempting to decrypt tickets in case it has changed during
+     servername handling. Use a non-zero length session ID when attempting
+     stateless session resumption: this makes it possible to determine if
+     a resumption has occurred immediately after receiving server hello
+     (several places in OpenSSL subtly assume this) instead of later in
+     the handshake.
+     [Steve Henson]
+  *) The functions ENGINE_ctrl(), OPENSSL_isservice(),
+     CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
+     fixes for a few places where the return code is not checked
+     correctly.
+     [Julia Lawall <julia@diku.dk>]
+  *) Add --strict-warnings option to Configure script to include devteam
+     warnings in other configurations.
+     [Steve Henson]
+  *) Add support for --libdir option and LIBDIR variable in makefiles. This
+     makes it possible to install openssl libraries in locations which
+     have names other than "lib", for example "/usr/lib64" which some
+     systems need.
+     [Steve Henson, based on patch from Jeremy Utley]
+  *) Don't allow the use of leading 0x80 in OIDs. This is a violation of
+     X690 8.9.12 and can produce some misleading textual output of OIDs.
+     [Steve Henson, reported by Dan Kaminsky]
+  *) Delete MD2 from algorithm tables. This follows the recommendation in
+     several standards that it is not used in new applications due to
+     several cryptographic weaknesses. For binary compatibility reasons
+     the MD2 API is still compiled in by default.
+     [Steve Henson]
+  *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
+     and restored.
+     [Steve Henson]
+  *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
+     OPENSSL_asc2uni conditionally on Netware platforms to avoid a name
+     clash.
+     [Guenter <lists@gknw.net>]
+  *) Fix the server certificate chain building code to use X509_verify_cert(),
+     it used to have an ad-hoc builder which was unable to cope with anything
+     other than a simple chain.
+     [David Woodhouse <dwmw2@infradead.org>, Steve Henson]
+  *) Don't check self signed certificate signatures in X509_verify_cert()
+     by default (a flag can override this): it just wastes time without
+     adding any security. As a useful side effect self signed root CAs
+     with non-FIPS digests are now usable in FIPS mode.
+     [Steve Henson]
+  *) In dtls1_process_out_of_seq_message() the check if the current message
+     is already buffered was missing. For every new message was memory
+     allocated, allowing an attacker to perform an denial of service attack
+     with sending out of seq handshake messages until there is no memory
+     left. Additionally every future messege was buffered, even if the
+     sequence number made no sense and would be part of another handshake.
+     So only messages with sequence numbers less than 10 in advance will be
+     buffered.  (CVE-2009-1378)
+     [Robin Seggelmann, discovered by Daniel Mentz]     
+  *) Records are buffered if they arrive with a future epoch to be
+     processed after finishing the corresponding handshake. There is
+     currently no limitation to this buffer allowing an attacker to perform
+     a DOS attack with sending records with future epochs until there is no
+     memory left. This patch adds the pqueue_size() function to detemine
+     the size of a buffer and limits the record buffer to 100 entries.
+     (CVE-2009-1377)
+     [Robin Seggelmann, discovered by Daniel Mentz]     
+  *) Keep a copy of frag->msg_header.frag_len so it can be used after the
+     parent structure is freed.  (CVE-2009-1379)
+     [Daniel Mentz]     
+  *) Handle non-blocking I/O properly in SSL_shutdown() call.
+     [Darryl Miles <darryl-mailinglists@netbauds.net>]
+  *) Add 2.5.4.* OIDs
+     [Ilya O. <vrghost@gmail.com>]
+ Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
+  *) Disable renegotiation completely - this fixes a severe security
+     problem (CVE-2009-3555) at the cost of breaking all
+     renegotiation. Renegotiation can be re-enabled by setting
+     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
+     run-time. This is really not recommended unless you know what
+     you're doing.
+     [Ben Laurie]
 Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
  *) Don't set val to NULL when freeing up structures, it is freed up by
@@ -86,6 +1129,10 @@
 Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
+  *) Fix NULL pointer dereference if a DTLS server received
+     ChangeCipherSpec as first record (CVE-2009-1386).
+     [PR #1679]
  *) Fix a state transitition in s3_srvr.c and d1_srvr.c
     (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
     [Nagendra Modadugu]
@@ -1489,19 +2536,6 @@
     differing sizes.
     [Richard Levitte]
- Changes between 0.9.7m and 0.9.7n  [xx XXX xxxx]
-  *) In the SSL/TLS server implementation, be strict about session ID
-     context matching (which matters if an application uses a single
-     external cache for different purposes).  Previously,
-     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
-     set.  This did ensure strict client verification, but meant that,
-     with applications using a single external cache for quite
-     different requirements, clients could circumvent ciphersuite
-     restrictions for a given session ID context by starting a session
-     in a different context.
-     [Bodo Moeller]
 Changes between 0.9.7l and 0.9.7m  [23 Feb 2007]
  *) Cleanse PEM buffers before freeing them since they may contain 
diff --git a/src/lib/libssl/src/CHANGES.SSLeay b/src/lib/libssl/src/CHANGES.SSLeay
index dbb80b003d..ca5cd72976 100644
--- a/src/lib/libssl/src/CHANGES.SSLeay
+++ b/src/lib/libssl/src/CHANGES.SSLeay
@@ -148,7 +148,7 @@ eric (about to go bushwalking for the 4 day easter break :-)
      This would tend to cause memory overwrites since SSLv3 has
      a maximum packet size of 16k.  If your program uses
      buffers <= 16k, you would probably never see this problem.
-    - Fixed a new errors that were cause by malloc() not returning
+    - Fixed a few errors that were cause by malloc() not returning
      0 initialised memory..
    - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
      SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure
index c6dbfae482..e3b13b9d43 100644
--- a/src/lib/libssl/src/Configure
+++ b/src/lib/libssl/src/Configure
@@ -6,13 +6,11 @@ eval 'exec perl -S $0 ${1+"$@"}'
 ##
 require 5.000;
-eval 'use strict;';
+use strict;
-print STDERR "Warning: perl module strict not found.\n" if ($@);
 # see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
 # Options:
 #
@@ -40,6 +38,8 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 # --test-sanity Make a number of sanity checks on the data in this file.
 #               This is a debugging tool for OpenSSL developers.
 #
+# --cross-compile-prefix Add specified prefix to binutils components.
+#
 # no-hw-xxx     do not compile support for specific crypto hardware.
 #               Generic OpenSSL-style methods relating to this support
 #               are always compiled but return NULL if the hardware
@@ -56,8 +56,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 # [no-]zlib     [don't] compile support for zlib compression.
 # zlib-dynamic  Like "zlib", but the zlib library is expected to be a shared
 #               library and will be loaded in run-time by the OpenSSL library.
-# enable-montasm 0.9.8 branch only: enable Montgomery x86 assembler backport
-#               from 0.9.9
 # 386           generate 80386 code
 # no-sse2       disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
@@ -106,6 +104,8 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+my $strict_warnings = 0;
 my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
 # MD2_CHAR slags pentium pros
@@ -123,14 +123,21 @@ my $tlib="-lnsl -lsocket";
 my $bits1="THIRTY_TWO_BIT ";
 my $bits2="SIXTY_FOUR_BIT ";
-my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o MAYBE-MO86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o rc4_skey.o:rm86-elf.o:r586-elf.o";
+my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes-586.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o";
-my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o MAYBE-MO86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o rc4_skey.o:rm86-cof.o:r586-cof.o";
-my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o MAYBE-MO86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o rc4_skey.o:rm86-out.o:r586-out.o";
-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o::";
+my $x86_elf_asm="$x86_asm:elf";
-my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o::";
-my $no_asm="::::::::::";
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o";
+my $ia64_asm="ia64cpuid.o:bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::void";
+my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::void";
+my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::void";
+my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::::::::void";
+my $mips3_asm=":bn-mips3.o::::::::::::void";
+my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o::aes-s390x.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::void";
+my $armv4_asm=":bn_asm.o armv4-mont.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::void";
+my $ppc32_asm="ppccpuid.o:bn-ppc.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::";
+my $ppc64_asm="ppccpuid.o:bn-ppc.o ppc-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o::::::";
+my $no_asm=":::::::::::::void";
 # As for $BSDthreads. Idea is to maintain "collective" set of flags,
 # which would cover all BSD flavors. -pthread applies to them all, 
@@ -141,7 +148,7 @@ my $no_asm="::::::::::";
 # seems to be sufficient?
 my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
-#config-string  $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags
+#config-string  $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
 my %table=(
 # File 'TABLE' (created by 'make TABLE') contains the data from this list,
@@ -156,28 +163,32 @@ my %table=(
 # Our development configs
 "purify",       "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
 "debug",        "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
-"debug-ben",    "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
+"debug-ben",    "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG_UNUSED -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
 "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-debug",      "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG  -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::",
+"debug-ben-debug",      "gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::",
+"debug-ben-no-opt",     "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
 "debug-ben-strict",     "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo",   "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo",   "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
-"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve",  "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
-"debug-steve-linux-pseudo64",   "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
 "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -DMD32_REG_T=int -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -DMD32_REG_T=int -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-x86_64",   "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "dist",         "cc:-O::(unknown)::::::",
 # Basic configs that should work on any (32 and less bit) box
@@ -185,8 +196,8 @@ my %table=(
 "cc",           "cc:-O::(unknown)::::::",
 ####VOS Configurations
-"vos-gcc","gcc:-O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
+"vos-gcc","gcc:-O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
-"debug-vos-gcc","gcc:-O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
+"debug-vos-gcc","gcc:-O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
 #### Solaris x86 with GNU C setups
 # -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
@@ -203,33 +214,33 @@ my %table=(
 # actually recommend to consider using gcc shared build even with vendor
 # compiler:-)
 #                                               <appro@fy.chalmers.se>
-"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 
 #### Solaris x86 with Sun C setups
 "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
-"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### SPARC Solaris with Sun C setups
 # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
 # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
 "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64",
 ####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
 #### SunOS configs, assuming sparc for the gcc one.
 #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
@@ -242,11 +253,11 @@ my %table=(
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-cc -o32' manually.
-"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -279,8 +290,8 @@ my %table=(
 # Since there is mention of this in shlib/hpux10-cc.sh
 "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::::void:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
@@ -288,17 +299,17 @@ my %table=(
 # Kevin Steves <ks@hp.se>
 "hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux-parisc1_0-cc","cc:+DAportable +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::::void:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::void:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
 # HP/UX IA-64 targets
-"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32",
 # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
 # with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64",
 # GCC builds...
-"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32",
-"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
+"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", 
 # Legacy HPUX 9.X configs...
 "hpux-cc",      "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -316,9 +327,9 @@ my %table=(
 #
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
 #
-"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
+"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
+"osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
+"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
 ####
 #### Variety of LINUX:-)
@@ -326,27 +337,31 @@ my %table=(
 # *-generic* is endian-neutral target, but ./config is free to
 # throw in -D[BL]_ENDIAN, whichever appropriate...
 "linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# It's believed that majority of ARM toolchains predefine appropriate -march.
+# If you compiler does not, do complement config command line with one!
+"linux-armv4",  "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IA-32 targets...
 "linux-ia32-icc",       "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-elf",    "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"linux-aout",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
 ####
 "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64",  "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64",  "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-s390x",  "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### SPARC Linux setups
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
 # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -360,25 +375,25 @@ my %table=(
 #
 #                                       <appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 #### *BSD [do see comment about ${BSDthreads} above!]
 "BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86",      "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86",      "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-x86-elf",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-BSD-x86-elf",    "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-sparcv8",  "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparcv8",  "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
 # simply *happens* to work around a compiler bug in gcc 3.3.3,
 # triggered by RIPEMD160 code.
-"BSD-sparc64",  "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparc64",  "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-ia64",     "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-ia64",     "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86_64",   "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86_64",   "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -390,7 +405,12 @@ my %table=(
 # QNX
 "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
-"qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
+"QNX6",       "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"QNX6-i386",  "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# BeOS
+"beos-x86-r5",   "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so",
+"beos-x86-bone", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lbind -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC:-shared:.so",
 #### SCO/Caldera targets.
 #
@@ -414,12 +434,12 @@ my %table=(
 #### IBM's AIX.
 "aix3-cc",  "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix-gcc",  "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix-gcc",  "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32",
-"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
+"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
 # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
 # at build time. $OBJECT_MODE is respected at ./config stage!
-"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
 #
 # Cray T90 and similar (SDSC)
@@ -467,28 +487,39 @@ my %table=(
 #
 "OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H  -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
-# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
-"VC-WIN64I","cl::::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32",
-"VC-WIN64A","cl::::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32",
 # Visual C targets
-"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
+#
+# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
+"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
+"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
+# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
+# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
+"VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+# Unified CE target
+"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
 "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
-"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
 # Borland C++ 4.5
 "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
 # MinGW
-"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin -shared:.dll.a",
+"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",
+# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll
+# compiled with one compiler with application compiled with another
+# compiler. It's possible to engage Applink support in mingw64 build,
+# but it's not done, because till mingw64 supports structured exception
+# handling, one can't seriously consider its binaries for using with
+# non-mingw64 run-time environment. And as mingw64 is always consistent
+# with itself, Applink is never engaged and can as well be omitted.
+"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
 # UWIN 
 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
 # Cygwin
 "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
 # NetWare from David Ward (dsward@novell.com)
 # requires either MetroWerks NLM development tools, or gcc / nlmconv
@@ -506,7 +537,7 @@ my %table=(
 "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
 # DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
@@ -516,12 +547,12 @@ my %table=(
 ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
-"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc64.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 ##### A/UX
 "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
@@ -538,18 +569,22 @@ my %table=(
 ##### VxWorks for various targets
 "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
 "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
-"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
+"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
 "vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
 "vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::${no_asm}::::::ranlibmips:",
 ##### Compaq Non-Stop Kernel (Tandem)
 "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
+# uClinux
+"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:::::::::::::::$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
+"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:::::::::::::::$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
 );
 my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
-                    VC-NT VC-CE VC-WIN32
+                    VC-NT VC-CE VC-WIN32 debug-VC-WIN32
-                    BC-32 OS2-EMX
+                    BC-32 
                    netware-clib netware-clib-bsdsock
                    netware-libc netware-libc-bsdsock);
@@ -572,6 +607,9 @@ my $idx_cast_obj = $idx++;
 my $idx_rc4_obj = $idx++;
 my $idx_rmd160_obj = $idx++;
 my $idx_rc5_obj = $idx++;
+my $idx_wp_obj = $idx++;
+my $idx_cmll_obj = $idx++;
+my $idx_perlasm_scheme = $idx++;
 my $idx_dso_scheme = $idx++;
 my $idx_shared_target = $idx++;
 my $idx_shared_cflag = $idx++;
@@ -579,23 +617,20 @@ my $idx_shared_ldflag = $idx++;
 my $idx_shared_extension = $idx++;
 my $idx_ranlib = $idx++;
 my $idx_arflags = $idx++;
+my $idx_multilib = $idx++;
 my $prefix="";
+my $libdir="";
 my $openssldir="";
 my $exe_ext="";
-my $install_prefix="";
+my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
-my $fipslibdir="/usr/local/ssl/fips-1.0/lib/";
+my $cross_compile_prefix="";
-my $nofipscanistercheck=0;
-my $fipsdso=0;
-my $fipscanisterinternal="n";
-my $baseaddr="0xFB00000";
 my $no_threads=0;
 my $threads=0;
 my $no_shared=0; # but "no-shared" is default
 my $zlib=1;      # but "no-zlib" is default
 my $no_krb5=0;   # but "no-krb5" is implied unless "--with-krb5-..." is used
 my $no_rfc3779=1; # but "no-rfc3779" is default
-my $montasm=1;   # but "no-montasm" is default
 my $no_asm=0;
 my $no_dso=0;
 my $no_gmp=0;
@@ -612,7 +647,6 @@ my $rc2	="crypto/rc2/rc2.h";
 my $bf  ="crypto/bf/bf_locl.h";
 my $bn_asm      ="bn_asm.o";
 my $des_enc="des_enc.o fcrypt_b.o";
-my $fips_des_enc="fips_des_enc.o";
 my $aes_enc="aes_core.o aes_cbc.o";
 my $bf_enc      ="bf_enc.o";
 my $cast_enc="c_enc.o";
@@ -621,26 +655,22 @@ my $rc5_enc="rc5_enc.o";
 my $md5_obj="";
 my $sha1_obj="";
 my $rmd160_obj="";
+my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o";
 my $processor="";
 my $default_ranlib;
 my $perl;
-my $fips=0;
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
-                 "camellia"       => "default",
+                 "gmp"            => "default",
-                 "capieng"        => "default",
-                 "cms"            => "default",
-                 "gmp"            => "default",
                 "jpake"          => "experimental",
-                 "mdc2"           => "default",
+                 "md2"            => "default",
-                 "montasm"        => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9)
                 "rc5"            => "default",
-                 "rfc3779"        => "default",
+                 "rfc3779"        => "default",
-                 "seed"           => "default",
                 "shared"         => "default",
+                 "store"          => "experimental",
                 "zlib"           => "default",
                 "zlib-dynamic"   => "default"
               );
@@ -648,8 +678,7 @@ my @experimental = ();
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED";
+my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE";
 # Explicit "no-..." options will be collected in %disabled along with the defaults.
 # To remove something from %disabled, use "enable-foo" (unless it's experimental).
@@ -728,8 +757,8 @@ PROCESS_ARGS:
                                        {
                                        $disabled{$1} = "option";
                                        }
-                                }
+                                }                       
-                        }                       
+                        }
                elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
                        {
                        my $algo = $1;
@@ -747,6 +776,10 @@ PROCESS_ARGS:
                        {
                        exit(&test_sanity());
                        }
+                elsif (/^--strict-warnings/)
+                        {
+                        $strict_warnings = 1;
+                        }
                elsif (/^reconfigure/ || /^reconf/)
                        {
                        if (open(IN,"<$Makefile"))
@@ -772,39 +805,15 @@ PROCESS_ARGS:
                        }
                elsif (/^386$/)
                        { $processor=386; }
-                elsif (/^fips$/)
-                        {
-                        $fips=1;
-                        }
                elsif (/^rsaref$/)
                        {
                        # No RSAref support any more since it's not needed.
                        # The check for the option is there so scripts aren't
                        # broken
                        }
-                elsif (/^nofipscanistercheck$/)
-                        {
-                        $fips = 1;
-                        $nofipscanistercheck = 1;
-                        }
-                elsif (/^fipscanisterbuild$/)
-                        {
-                        $fips = 1;
-                        $nofipscanistercheck = 1;
-                        $fipslibdir="";
-                        $fipscanisterinternal="y";
-                        }
-                elsif (/^fipsdso$/)
-                        {
-                        $fips = 1;
-                        $nofipscanistercheck = 1;
-                        $fipslibdir="";
-                        $fipscanisterinternal="y";
-                        $fipsdso = 1;
-                        }
                elsif (/^[-+]/)
                        {
-                        if (/^-[lL](.*)$/)
+                        if (/^-[lL](.*)$/ or /^-Wl,/)
                                {
                                $libs.=$_." ";
                                }
@@ -816,6 +825,10 @@ PROCESS_ARGS:
                                {
                                $prefix=$1;
                                }
+                        elsif (/^--libdir=(.*)$/)
+                                {
+                                $libdir=$1;
+                                }
                        elsif (/^--openssldir=(.*)$/)
                                {
                                $openssldir=$1;
@@ -836,13 +849,9 @@ PROCESS_ARGS:
                                {
                                $withargs{"zlib-include"}="-I$1";
                                }
-                        elsif (/^--with-fipslibdir=(.*)$/)
+                        elsif (/^--cross-compile-prefix=(.*)$/)
-                                {
-                                $fipslibdir="$1/";
-                                }
-                        elsif (/^--with-baseaddr=(.*)$/)
                                {
-                                $baseaddr="$1";
+                                $cross_compile_prefix=$1;
                                }
                        else
                                {
@@ -928,6 +937,12 @@ if (defined($disabled{"tls1"}))
        $disabled{"tlsext"} = "forced";
        }
+if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
+    || defined($disabled{"dh"}))
+        {
+        $disabled{"gost"} = "forced";
+        }
 if ($target eq "TABLE") {
        foreach $target (sort keys %table) {
                print_table_entry($target);
@@ -951,54 +966,6 @@ print "Configuring for $target\n";
 &usage if (!defined($table{$target}));
-my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-my $cc = $fields[$idx_cc];
-# Allow environment CC to override compiler...
-if($ENV{CC}) {
-    $cc = $ENV{CC};
-}
-my $cflags = $fields[$idx_cflags];
-my $unistd = $fields[$idx_unistd];
-my $thread_cflag = $fields[$idx_thread_cflag];
-my $sys_id = $fields[$idx_sys_id];
-my $lflags = $fields[$idx_lflags];
-my $bn_ops = $fields[$idx_bn_ops];
-my $cpuid_obj = $fields[$idx_cpuid_obj];
-my $bn_obj = $fields[$idx_bn_obj];
-my $des_obj = $fields[$idx_des_obj];
-my $aes_obj = $fields[$idx_aes_obj];
-my $bf_obj = $fields[$idx_bf_obj];
-my $md5_obj = $fields[$idx_md5_obj];
-my $sha1_obj = $fields[$idx_sha1_obj];
-my $cast_obj = $fields[$idx_cast_obj];
-my $rc4_obj = $fields[$idx_rc4_obj];
-my $rmd160_obj = $fields[$idx_rmd160_obj];
-my $rc5_obj = $fields[$idx_rc5_obj];
-my $dso_scheme = $fields[$idx_dso_scheme];
-my $shared_target = $fields[$idx_shared_target];
-my $shared_cflag = $fields[$idx_shared_cflag];
-my $shared_ldflag = $fields[$idx_shared_ldflag];
-my $shared_extension = $fields[$idx_shared_extension];
-my $ranlib = $fields[$idx_ranlib];
-my $arflags = $fields[$idx_arflags];
-if ($fips)
-        {
-        delete $disabled{"shared"} if ($disabled{"shared"} eq "default");
-        $disabled{"asm"}="forced"
-                if ($target !~ "VC\-.*" &&
-                    "$cpuid_obj:$bn_obj:$aes_obj:$des_obj:$sha1_obj" eq "::::");
-        }
-foreach (sort @experimental)
-        {
-        my $ALGO;
-        ($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
-        # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
-        $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n";
-        $cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
-        }
 foreach (sort (keys %disabled))
        {
@@ -1014,8 +981,6 @@ foreach (sort (keys %disabled))
                { $no_shared = 1; }
        elsif (/^zlib$/)
                { $zlib = 0; }
-        elsif (/^montasm$/)
-                { $montasm = 0; }
        elsif (/^static-engine$/)
                { }
        elsif (/^zlib-dynamic$/)
@@ -1057,31 +1022,31 @@ foreach (sort (keys %disabled))
        print "\n";
        }
-my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
+my $exp_cflags = "";
+foreach (sort @experimental)
+        {
+        my $ALGO;
+        ($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
-$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys());
+        # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
+        $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n";
+        $exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
+        }
-$no_shared = 0 if ($fipsdso && !$IsMK1MF);
+my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
-$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
+$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
 $exe_ext=".nlm" if ($target =~ /netware/);
 $exe_ext=".pm"  if ($target =~ /vos/);
-if ($openssldir eq "" and $prefix eq "")
+$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
-        {
-        if ($fips)
-                {
-                $openssldir="/usr/local/ssl/fips";
-                }
-        else
-                {
-                $openssldir="/usr/local/ssl";
-                }
-        }
 $prefix=$openssldir if $prefix eq "";
 $default_ranlib= &which("ranlib") or $default_ranlib="true";
 $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
  or $perl="perl";
+my $make = $ENV{'MAKE'} || "make";
+$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";
 chop $openssldir if $openssldir =~ /\/$/;
 chop $prefix if $prefix =~ /.\/$/;
@@ -1092,10 +1057,50 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/]
 print "IsMK1MF=$IsMK1MF\n";
+my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+my $cc = $fields[$idx_cc];
+# Allow environment CC to override compiler...
+if($ENV{CC}) {
+    $cc = $ENV{CC};
+}
+my $cflags = $fields[$idx_cflags];
+my $unistd = $fields[$idx_unistd];
+my $thread_cflag = $fields[$idx_thread_cflag];
+my $sys_id = $fields[$idx_sys_id];
+my $lflags = $fields[$idx_lflags];
+my $bn_ops = $fields[$idx_bn_ops];
+my $cpuid_obj = $fields[$idx_cpuid_obj];
+my $bn_obj = $fields[$idx_bn_obj];
+my $des_obj = $fields[$idx_des_obj];
+my $aes_obj = $fields[$idx_aes_obj];
+my $bf_obj = $fields[$idx_bf_obj];
+my $md5_obj = $fields[$idx_md5_obj];
+my $sha1_obj = $fields[$idx_sha1_obj];
+my $cast_obj = $fields[$idx_cast_obj];
+my $rc4_obj = $fields[$idx_rc4_obj];
+my $rmd160_obj = $fields[$idx_rmd160_obj];
+my $rc5_obj = $fields[$idx_rc5_obj];
+my $wp_obj = $fields[$idx_wp_obj];
+my $cmll_obj = $fields[$idx_cmll_obj];
+my $perlasm_scheme = $fields[$idx_perlasm_scheme];
+my $dso_scheme = $fields[$idx_dso_scheme];
+my $shared_target = $fields[$idx_shared_target];
+my $shared_cflag = $fields[$idx_shared_cflag];
+my $shared_ldflag = $fields[$idx_shared_ldflag];
+my $shared_extension = $fields[$idx_shared_extension];
+my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
+my $ar = $ENV{'AR'} || "ar";
+my $arflags = $fields[$idx_arflags];
+my $multilib = $fields[$idx_multilib];
+$libdir="lib$multilib" if $libdir eq "";
+$cflags = "$cflags$exp_cflags";
 # '%' in $lflags is used to split flags to "pre-" and post-flags
 my ($prelflags,$postlflags)=split('%',$lflags);
-if (defined($postlflags))       { $lflags=$postlflags;  }
+if (defined($postlflags))       { $lflags=$postlflags;  }
-else                            { $lflags=$prelflags; undef $prelflags; }
+else                            { $lflags=$prelflags; undef $prelflags; }
 my $no_shared_warn=0;
 my $no_user_cflags=0;
@@ -1223,18 +1228,9 @@ $lflags="$libs$lflags" if ($libs ne "");
 if ($no_asm)
        {
-        $cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj="";
+        $cpuid_obj=$bn_obj=
-        $sha1_obj=$md5_obj=$rmd160_obj="";
+        $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
-        $cflags=~s/\-D[BL]_ENDIAN//             if ($fips);
+        $sha1_obj=$md5_obj=$rmd160_obj=$wp_obj="";
-        $thread_cflags=~s/\-D[BL]_ENDIAN//      if ($fips);
-        }
-if ($montasm)
-        {
-        $bn_obj =~ s/MAYBE-MO86-/mo86-/;
-        }
-else
-        {
-        $bn_obj =~ s/MAYBE-MO86-[a-z.]*//;
        }
 if (!$no_shared)
@@ -1253,7 +1249,14 @@ if ($zlib)
        $cflags = "-DZLIB $cflags";
        if (defined($disabled{"zlib-dynamic"}))
                {
-                $lflags = "$lflags -lz";
+                if (defined($withargs{"zlib-lib"}))
+                        {
+                        $lflags = "$lflags -L" . $withargs{"zlib-lib"} . " -lz";
+                        }
+                else
+                        {
+                        $lflags = "$lflags -lz";
+                        }
                }
        else
                {
@@ -1265,7 +1268,7 @@ if ($zlib)
 my $shared_mark = "";
 if ($shared_target eq "")
        {
-        $no_shared_warn = 1 if !$no_shared && !$fips;
+        $no_shared_warn = 1 if !$no_shared;
        $no_shared = 1;
        }
 if (!$no_shared)
@@ -1278,13 +1281,16 @@ if (!$no_shared)
 if (!$IsMK1MF)
        {
+        # add {no-}static-engine to options to allow mkdef.pl to work without extra arguments
        if ($no_shared)
                {
                $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
+                $options.=" static-engine";
                }
        else
                {
                $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
+                $options.=" no-static-engine";
                }
        }
@@ -1351,17 +1357,13 @@ if ($ranlib eq "")
 $cpuid_obj="" if ($processor eq "386");
 $bn_obj = $bn_asm unless $bn_obj ne "";
-# bn86* is the only one implementing bn_*_part_words
+# bn-586 is the only one implementing bn_*_part_words
-$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/);
+$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn-586/);
-$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/);
+$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/);
-$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /\-mont|mo86\-/);
+$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/);
-if ($fips)
-        {
-        $openssl_other_defines.="#define OPENSSL_FIPS\n";
-        }
+$cpuid_obj="mem_clr.o"  unless ($cpuid_obj =~ /\.o$/);
 $des_obj=$des_enc       unless ($des_obj =~ /\.o$/);
 $bf_obj=$bf_enc         unless ($bf_obj =~ /\.o$/);
 $cast_obj=$cast_enc     unless ($cast_obj =~ /\.o$/);
@@ -1397,6 +1399,15 @@ if ($aes_obj =~ /\.o$/)
 else    {
        $aes_obj=$aes_enc;
        }
+$wp_obj="" if ($wp_obj =~ /mmx/ && $processor eq "386");
+if ($wp_obj =~ /\.o$/)
+        {
+        $cflags.=" -DWHIRLPOOL_ASM";
+        }
+else    {
+        $wp_obj="wp_block.o";
+        }
+$cmll_obj=$cmll_enc     unless ($cmll_obj =~ /.o$/);
 # "Stringify" the C flags string.  This permits it to be made part of a string
 # and works as well on command lines.
@@ -1434,6 +1445,16 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
        $shlib_minor=$2;
        }
+if ($strict_warnings)
+        {
+        my $wopt;
+        die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
+        foreach $wopt (split /\s+/, $gcc_devteam_warn)
+                {
+                $cflags .= " $wopt" unless ($cflags =~ /$wopt/)
+                }
+        }
 open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
 unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
 open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
@@ -1446,13 +1467,13 @@ while (<IN>)
        if ($sdirs) {
                my $dir;
                foreach $dir (@skip) {
-                        s/(\s)$dir\s/$1/;
+                        s/(\s)$dir /$1/;
                        s/\s$dir$//;
                        }
                }
        $sdirs = 0 unless /\\$/;
-        s/fips // if (/^DIRS=/ && !$fips);
        s/engines // if (/^DIRS=/ && $disabled{"engine"});
+        s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"});
        s/^VERSION=.*/VERSION=$version/;
        s/^MAJOR=.*/MAJOR=$major/;
        s/^MINOR=.*/MINOR=$minor/;
@@ -1462,13 +1483,27 @@ while (<IN>)
        s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
        s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
        s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
+        s/^MULTILIB=.*$/MULTILIB=$multilib/;
        s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
+        s/^LIBDIR=.*$/LIBDIR=$libdir/;
        s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
        s/^PLATFORM=.*$/PLATFORM=$target/;
        s/^OPTIONS=.*$/OPTIONS=$options/;
        s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
-        s/^CC=.*$/CC= $cc/;
+        if ($cross_compile_prefix)
-        s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
+                {
+                s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/;
+                s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
+                s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
+                s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
+                s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
+                }
+        else    {
+                s/^CC=.*$/CC= $cc/;
+                s/^AR=\s*ar/AR= $ar/;
+                s/^RANLIB=.*/RANLIB= $ranlib/;
+                s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
+                }
        s/^CFLAG=.*$/CFLAG= $cflags/;
        s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
        s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/;
@@ -1477,7 +1512,7 @@ while (<IN>)
        s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
        s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
        s/^DES_ENC=.*$/DES_ENC= $des_obj/;
-        s/^AES_ASM_OBJ=.*$/AES_ASM_OBJ= $aes_obj/;
+        s/^AES_ENC=.*$/AES_ENC= $aes_obj/;
        s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
        s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
        s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
@@ -1485,32 +1520,19 @@ while (<IN>)
        s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
        s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
        s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
+        s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/;
+        s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/;
+        s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/;
        s/^PROCESSOR=.*/PROCESSOR= $processor/;
-        s/^RANLIB=.*/RANLIB= $ranlib/;
        s/^ARFLAGS=.*/ARFLAGS= $arflags/;
        s/^PERL=.*/PERL= $perl/;
        s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
        s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
        s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
        s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
-        s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
-        if ($fipsdso)
-                {
-                s/^FIPSCANLIB=.*/FIPSCANLIB=libfips/;
-                s/^SHARED_FIPS=.*/SHARED_FIPS=libfips\$(SHLIB_EXT)/;
-                s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl fips/;
-                }
-        else
-                {
-                s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
-                s/^SHARED_FIPS=.*/SHARED_FIPS=/;
-                s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/;
-                }
-        s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/;
-        s/^BASEADDR=.*/BASEADDR=$baseaddr/;
        s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
        s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
-        s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_FIPS) \$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
+        s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
        if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
                {
                my $sotmp = $1;
@@ -1543,7 +1565,7 @@ print "EX_LIBS       =$lflags\n";
 print "CPUID_OBJ     =$cpuid_obj\n";
 print "BN_ASM        =$bn_obj\n";
 print "DES_ENC       =$des_obj\n";
-print "AES_ASM_OBJ   =$aes_obj\n";
+print "AES_ENC       =$aes_obj\n";
 print "BF_ENC        =$bf_obj\n";
 print "CAST_ENC      =$cast_obj\n";
 print "RC4_ENC       =$rc4_obj\n";
@@ -1551,6 +1573,7 @@ print "RC5_ENC       =$rc5_obj\n";
 print "MD5_OBJ_ASM   =$md5_obj\n";
 print "SHA1_OBJ_ASM  =$sha1_obj\n";
 print "RMD160_OBJ_ASM=$rmd160_obj\n";
+print "CMLL_ENC=     =$cmll_obj\n";
 print "PROCESSOR     =$processor\n";
 print "RANLIB        =$ranlib\n";
 print "ARFLAGS       =$arflags\n";
@@ -1638,14 +1661,22 @@ print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n";
 print OUT $openssl_algorithm_defines_trans;
 print OUT "#endif\n\n";
-print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj);
+print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj ne "mem_clr.o");
 while (<IN>)
        {
        if      (/^#define\s+OPENSSLDIR/)
-                { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
+                {
+                my $foo = $openssldir;
+                $foo =~ s/\\/\\\\/g;
+                print OUT "#define OPENSSLDIR \"$foo\"\n";
+                }
        elsif   (/^#define\s+ENGINESDIR/)
-                { print OUT "#define ENGINESDIR \"$prefix/lib/engines\"\n"; }
+                {
+                my $foo = "$prefix/$libdir/engines";
+                $foo =~ s/\\/\\\\/g;
+                print OUT "#define ENGINESDIR \"$foo\"\n";
+                }
        elsif   (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
                { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
                        if $export_var_as_fn;
@@ -1750,7 +1781,7 @@ if($IsMK1MF) {
 EOF
        close(OUT);
 } else {
-        my $make_command = "make PERL=\'$perl\'";
+        my $make_command = "$make PERL=\'$perl\'";
        my $make_targets = "";
        $make_targets .= " links" if $symlink;
        $make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;
@@ -1758,11 +1789,11 @@ EOF
        (system $make_command.$make_targets) == 0 or exit $?
                if $make_targets ne "";
        if ( $perl =~ m@^/@) {
-            &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+            &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
            &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
        } else {
            # No path for Perl known ...
-            &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+            &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";',  '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
            &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
        }
        if ($depflags ne $default_depflags && !$make_depend) {
@@ -1808,16 +1839,9 @@ BEGIN
    BEGIN
        BLOCK "040904b0"
        BEGIN
-#if defined(FIPS)
-            VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0"
-#endif
            // Required:            
            VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
-#if defined(FIPS)
-            VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0"
-#else
            VALUE "FileDescription", "OpenSSL Shared Library\\0"
-#endif
            VALUE "FileVersion", "$version\\0"
 #if defined(CRYPTO)
            VALUE "InternalName", "libeay32\\0"
@@ -1825,15 +1849,12 @@ BEGIN
 #elif defined(SSL)
            VALUE "InternalName", "ssleay32\\0"
            VALUE "OriginalFilename", "ssleay32.dll\\0"
-#elif defined(FIPS)
-            VALUE "InternalName", "libosslfips\\0"
-            VALUE "OriginalFilename", "libosslfips.dll\\0"
 #endif
            VALUE "ProductName", "The OpenSSL Toolkit\\0"
            VALUE "ProductVersion", "$version\\0"
            // Optional:
            //VALUE "Comments", "\\0"
-            VALUE "LegalCopyright", "Copyright � 1998-2007 The OpenSSL Project. Copyright � 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
+            VALUE "LegalCopyright", "Copyright � 1998-2005 The OpenSSL Project. Copyright � 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
            //VALUE "LegalTrademarks", "\\0"
            //VALUE "PrivateBuild", "\\0"
            //VALUE "SpecialBuild", "\\0"
@@ -1870,21 +1891,6 @@ libraries on this platform, they will at least look at it and try their best
 (but please first make sure you have tried with a current version of OpenSSL).
 EOF
-print <<\EOF if ($fipscanisterinternal eq "y");
-WARNING: OpenSSL has been configured using unsupported option(s) to internally
-generate a fipscanister.o object module for TESTING PURPOSES ONLY; that
-compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the
-OpenSSL FIPS Object Module as identified by the CMVP
-(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS
-140-2 validated software. 
-This is an OpenSSL 0.9.8 test version.
-See the file README.FIPS for details of how to build a test library.
-EOF
 exit(0);
 sub usage
@@ -1960,8 +1966,8 @@ sub print_table_entry
        (my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
        my $bn_ops,my $cpuid_obj,my $bn_obj,my $des_obj,my $aes_obj, my $bf_obj,
        my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
-        my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
+        my $rc5_obj,my $wp_obj,my $cmll_obj,my $perlasm_scheme,my $dso_scheme,my $shared_target,my $shared_cflag,
-        my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)=
+        my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags,my $multilib)=
        split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
                        
        print <<EOF
@@ -1985,6 +1991,9 @@ sub print_table_entry
 \$rc4_obj      = $rc4_obj
 \$rmd160_obj   = $rmd160_obj
 \$rc5_obj      = $rc5_obj
+\$wp_obj       = $wp_obj
+\$cmll_obj     = $cmll_obj
+\$perlasm_scheme = $perlasm_scheme
 \$dso_scheme   = $dso_scheme
 \$shared_target= $shared_target
 \$shared_cflag = $shared_cflag
@@ -1992,6 +2001,7 @@ sub print_table_entry
 \$shared_extension = $shared_extension
 \$ranlib       = $ranlib
 \$arflags      = $arflags
+\$multilib     = $multilib
 EOF
        }
@@ -2008,33 +2018,25 @@ sub test_sanity
                {
                @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-                if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/)
+                if ($fields[$idx_dso_scheme-1] =~ /^(beos|dl|dlfcn|win32|vms)$/)
                        {
                        $errorcnt++;
                        print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
                        print STDERR "              in the previous field\n";
                        }
-                elsif ($fields[$idx_dso_scheme+1] =~ /^(dl|dlfcn|win32|vms)$/)
+                elsif ($fields[$idx_dso_scheme+1] =~ /^(beos|dl|dlfcn|win32|vms)$/)
                        {
                        $errorcnt++;
                        print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
                        print STDERR "              in the following field\n";
                        }
-                elsif ($fields[$idx_dso_scheme] !~ /^(dl|dlfcn|win32|vms|)$/)
+                elsif ($fields[$idx_dso_scheme] !~ /^(beos|dl|dlfcn|win32|vms|)$/)
                        {
                        $errorcnt++;
                        print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n";
-                        print STDERR "              valid values are 'dl', 'dlfcn', 'win32' and 'vms'\n";
+                        print STDERR "              valid values are 'beos', 'dl', 'dlfcn', 'win32' and 'vms'\n";
                        }
                }
        print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
        return $errorcnt;
        }
-# Attempt to detect MSYS environment
-sub is_msys
-        {
-        return 1 if (exists $ENV{"TERM"} && $ENV{"TERM"} eq "msys");
-        return 0;
-        }
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ
index 942a671f2c..becee6663f 100644
--- a/src/lib/libssl/src/FAQ
+++ b/src/lib/libssl/src/FAQ
@@ -70,6 +70,7 @@ OpenSSL  -  Frequently Asked Questions
 * I think I've detected a memory leak, is this a bug?
 * Why does Valgrind complain about the use of uninitialized data?
 * Why doesn't a memory BIO work when a file does?
+* Where are the declarations and implementations of d2i_X509() etc?
 ===============================================================================
@@ -78,7 +79,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.8k was released on Mar 25th, 2009.
+OpenSSL 1.0.0a was released on Jun 1st, 2010.
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -94,14 +95,17 @@ explains how to install this library.
 OpenSSL includes a command line utility that can be used to perform a
 variety of cryptographic functions.  It is described in the openssl(1)
-manpage.  Documentation for developers is currently being written.  A
+manpage.  Documentation for developers is currently being written. Many
-few manual pages already are available; overviews over libcrypto and
+manual pages are available; overviews over libcrypto and
 libssl are given in the crypto(3) and ssl(3) manpages.
 The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
 different directory if you specified one as described in INSTALL).
 In addition, you can read the most current versions at
-<URL: http://www.openssl.org/docs/>.
+<URL: http://www.openssl.org/docs/>. Note that the online documents refer
+to the very latest development versions of OpenSSL and may include features
+not present in released versions. If in doubt refer to the documentation
+that came with the version of OpenSSL you are using.
 For information on parts of libcrypto that are not yet documented, you
 might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
@@ -717,8 +721,10 @@ file.
 Multi-threaded applications must provide two callback functions to
 OpenSSL by calling CRYPTO_set_locking_callback() and
-CRYPTO_set_id_callback().  This is described in the threads(3)
+CRYPTO_set_id_callback(), for all versions of OpenSSL up to and
-manpage.
+including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback()
+and associated APIs are deprecated by CRYPTO_THREADID_set_callback()
+and friends. This is described in the threads(3) manpage.
 * I've compiled a program under Windows and it crashes: why?
@@ -962,4 +968,15 @@ is needed. This must be done by calling:
 See the manual pages for more details.
+* Where are the declarations and implementations of d2i_X509() etc?
+These are defined and implemented by macros of the form:
+ DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509)
+The implementation passes an ASN1 "template" defining the structure into an
+ASN1 interpreter using generalised functions such as ASN1_item_d2i().
 ===============================================================================
diff --git a/src/lib/libssl/src/INSTALL b/src/lib/libssl/src/INSTALL
index c72cc1dcee..1325079f2a 100644
--- a/src/lib/libssl/src/INSTALL
+++ b/src/lib/libssl/src/INSTALL
@@ -98,11 +98,17 @@
                The crypto/<cipher> directory can be removed after running
                "make depend".
-  -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will
+  -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will
                be passed through to the compiler to allow you to
                define preprocessor symbols, specify additional libraries,
                library directories or other compiler options.
+  -DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using
+                BSD. Useful if you are running ocf-linux or something
+                similar. Once enabled you can also enable the use of
+                cryptodev digests, which is usually slower unless you have
+                large amounts data. Use -DUSE_CRYPTODEV_DIGESTS to force
+                it.
 Installation in Detail
 ----------------------
@@ -206,6 +212,10 @@
                       compile programs with libcrypto or libssl.
       lib             Contains the OpenSSL library files themselves.
+     Use "make install_sw" to install the software without documentation,
+     and "install_docs_html" to install HTML renditions of the manual
+     pages.
     Package builders who want to configure the library for standard
     locations, but have the package installed somewhere else so that
     it can easily be packaged, can use
diff --git a/src/lib/libssl/src/INSTALL.W32 b/src/lib/libssl/src/INSTALL.W32
index 3dd7832f4e..77441f1ef3 100644
--- a/src/lib/libssl/src/INSTALL.W32
+++ b/src/lib/libssl/src/INSTALL.W32
@@ -5,19 +5,30 @@
 [Instructions for building for Windows CE can be found in INSTALL.WCE]
 [Instructions for building for Win64 can be found in INSTALL.W64]
- Heres a few comments about building OpenSSL in Windows environments.  Most
+ Here are a few comments about building OpenSSL for Win32 environments,
- of this is tested on Win32 but it may also work in Win 3.1 with some
+ such as Windows NT and Windows 9x. It should be noted though that
- modification.
+ Windows 9x are not ordinarily tested. Its mention merely means that we
+ attempt to maintain certain programming discipline and pay attention
+ to backward compatibility issues, in other words it's kind of expected
+ to work on Windows 9x, but no regression tests are actually performed.
- You need Perl for Win32.  Unless you will build on Cygwin, you will need
+ On additional note newer OpenSSL versions are compiled and linked with
- ActiveState Perl, available from http://www.activestate.com/ActivePerl.
+ Winsock 2. This means that minimum OS requirement was elevated to NT 4
+ and Windows 98 [there is Winsock 2 update for Windows 95 though].
- and one of the following C compilers:
+ - you need Perl for Win32.  Unless you will build on Cygwin, you will need
+   ActiveState Perl, available from http://www.activestate.com/ActivePerl.
+ - one of the following C compilers:
  * Visual C++
  * Borland C
  * GNU C (Cygwin or MinGW)
+- Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/
+  is required if you intend to utilize assembler modules. Note that NASM
+  is now the only supported assembler.
 If you are compiling from a tarball or a CVS snapshot then the Win32 files
 may well be not up to date. This may mean that some "tweaking" is required to
 get it all to work. See the trouble shooting section later on for if (when?)
@@ -26,39 +37,18 @@
 Visual C++
 ----------
- If you want to compile in the assembly language routines with Visual C++ then
+ If you want to compile in the assembly language routines with Visual
- you will need an assembler. This is worth doing because it will result in
+ C++, then you will need already mentioned Netwide Assembler binary,
- faster code: for example it will typically result in a 2 times speedup in the
+ nasmw.exe or nasm.exe, to be available on your %PATH%.
- RSA routines. Currently the following assemblers are supported:
-  * Microsoft MASM (aka "ml")
-  * Free Netwide Assembler NASM.
- MASM is distributed with most versions of VC++. For the versions where it is
- not included in VC++, it is also distributed with some Microsoft DDKs, for
- example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have
- either of these DDKs then you can just download the binaries for the Windows
- 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to
- ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be
- downloaded from the Microsoft developers site www.msdn.com.
- NASM is freely available. Version 0.98 was used during testing: other versions
- may also work. It is available from many places, see for example:
- http://www.kernel.org/pub/software/devel/nasm/binaries/win32/
- The NASM binary nasmw.exe needs to be installed anywhere on your PATH.
- Firstly you should run Configure:
+ Firstly you should run Configure with platform VC-WIN32:
- > perl Configure VC-WIN32 --prefix=c:/some/openssl/dir
+ > perl Configure VC-WIN32 --prefix=c:\some\openssl\dir
-Where the prefix argument specifies where OpenSSL will be installed to.
+ Where the prefix argument specifies where OpenSSL will be installed to.
- Next you need to build the Makefiles and optionally the assembly language
+ Next you need to build the Makefiles and optionally the assembly
- files:
+ language files:
- - If you are using MASM then run:
-   > ms\do_masm
 - If you are using NASM then run:
@@ -66,6 +56,7 @@ Where the prefix argument specifies where OpenSSL will be installed to.
 - If you don't want to use the assembly language files at all then run:
+   > perl Configure VC-WIN32 no-asm --prefix=c:/some/openssl/dir
   > ms\do_ms
 If you get errors about things not having numbers assigned then check the
@@ -76,42 +67,39 @@ Where the prefix argument specifies where OpenSSL will be installed to.
 > nmake -f ms\ntdll.mak
- If all is well it should compile and you will have some DLLs and executables
+ If all is well it should compile and you will have some DLLs and
- in out32dll. If you want to try the tests then do:
+ executables in out32dll. If you want to try the tests then do:
 
 > nmake -f ms\ntdll.mak test
-To install OpenSSL to the specified location do:
+ To install OpenSSL to the specified location do:
-> nmake -f ms\ntdll.mak install
+ > nmake -f ms\ntdll.mak install
 Tweaks:
- There are various changes you can make to the Win32 compile environment. By
+ There are various changes you can make to the Win32 compile
- default the library is not compiled with debugging symbols. If you add 'debug'
+ environment. By default the library is not compiled with debugging
- to the mk1mf.pl lines in the do_* batch file then debugging symbols will be
+ symbols. If you use the platform debug-VC-WIN32 instead of VC-WIN32
- compiled in. Note that mk1mf.pl expects the platform to be the last argument
+ then debugging symbols will be compiled in.
- on the command line, so 'debug' must appear before that, as all other options.
- By default in 0.9.8 OpenSSL will compile builtin ENGINES into the libeay32.dll
+ By default in 1.0.0 OpenSSL will compile builtin ENGINES into the
- shared library. If you specify the "no-static-engine" option on the command
+ separate shared librariesy. If you specify the "enable-static-engine"
- line to Configure the shared library build (ms\ntdll.mak) will compile the
+ option on the command line to Configure the shared library build
- engines as separate DLLs.
+ (ms\ntdll.mak) will compile the engines into libeay32.dll instead.
 The default Win32 environment is to leave out any Windows NT specific
 features.
- If you want to enable the NT specific features of OpenSSL (currently only the
+ If you want to enable the NT specific features of OpenSSL (currently
- logging BIO) follow the instructions above but call the batch file do_nt.bat
+ only the logging BIO) follow the instructions above but call the batch
- instead of do_ms.bat.
+ file do_nt.bat instead of do_ms.bat.
 You can also build a static version of the library using the Makefile
 ms\nt.mak
 Borland C++ builder 5
 ---------------------
@@ -137,17 +125,13 @@ To install OpenSSL to the specified location do:
 GNU C (Cygwin)
 --------------
- Cygwin provides a bash shell and GNU tools environment running
+ Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of
- on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP.
+ Win32 subsystem and provides a bash shell and GNU tools environment.
- Consequently, a make of OpenSSL with Cygwin is closer to a GNU
+ Consequently, a make of OpenSSL with Cygwin is virtually identical to
- bash environment such as Linux than to other the other Win32
+ Unix procedure. It is also possible to create Win32 binaries that only
- makes.
+ use the Microsoft C runtime system (msvcrt.dll or crtdll.dll) using
+ MinGW. MinGW can be used in the Cygwin development environment or in a
- Cygwin implements a Posix/Unix runtime system (cygwin1.dll).
+ standalone setup as described in the following section.
- It is also possible to create Win32 binaries that only use the
- Microsoft C runtime system (msvcrt.dll or crtdll.dll) using
- MinGW. MinGW can be used in the Cygwin development environment
- or in a standalone setup as described in the following section.
 To build OpenSSL using Cygwin:
@@ -192,35 +176,35 @@ To install OpenSSL to the specified location do:
 non-fatal error in "make test" but is otherwise harmless.  If
 desired and needed, GNU bc can be built with Cygwin without change.
- GNU C (MinGW)
+ GNU C (MinGW/MSYS)
 -------------
- * Compiler installation:
+ * Compiler and shell environment installation:
-   MinGW is available from http://www.mingw.org. Run the installer and
+   MinGW and MSYS are available from http://www.mingw.org/, both are
-   set the MinGW bin directory to the PATH in "System Properties" or
+   required. Run the installers and do whatever magic they say it takes
-   autoexec.bat.
+   to start MSYS bash shell with GNU tools on its PATH.
 * Compile OpenSSL:
-   > ms\mingw32
+   $ ./config
+   [...]
+   $ make
+   [...]
+   $ make test
-   This will create the library and binaries in out. In case any problems
+   This will create the library and binaries in root source directory
-   occur, try
+   and openssl.exe application in apps directory.
-   > ms\mingw32 no-asm
-   instead.
+   It is also possible to cross-compile it on Linux by configuring
+   with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
+   'make test' is naturally not applicable then.
   libcrypto.a and libssl.a are the static libraries. To use the DLLs,
   link with libeay32.a and libssl32.a instead.
-   See troubleshooting if you get error messages about functions not having
+   See troubleshooting if you get error messages about functions not
-   a number assigned.
+   having a number assigned.
- * You can now try the tests:
-   > cd out
-   > ..\ms\test
 Installation
 ------------
@@ -307,13 +291,13 @@ To install OpenSSL to the specified location do:
 If you link with static OpenSSL libraries [those built with ms/nt.mak],
 then you're expected to additionally link your application with
- WSOCK32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing
+ WS2_32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing
 non-interactive service applications might feel concerned about linking
- with latter two, as they are justly associated with interactive desktop,
+ with the latter two, as they are justly associated with interactive
- which is not available to service processes. The toolkit is designed
+ desktop, which is not available to service processes. The toolkit is
- to detect in which context it's currently executed, GUI, console app
+ designed to detect in which context it's currently executed, GUI,
- or service, and act accordingly, namely whether or not to actually make
+ console app or service, and act accordingly, namely whether or not to
- GUI calls.
+ actually make GUI calls.
 If you link with OpenSSL .DLLs, then you're expected to include into
 your application code small "shim" snippet, which provides glue between
diff --git a/src/lib/libssl/src/INSTALL.WCE b/src/lib/libssl/src/INSTALL.WCE
index adc03f41d4..d78c61afa8 100644
--- a/src/lib/libssl/src/INSTALL.WCE
+++ b/src/lib/libssl/src/INSTALL.WCE
@@ -4,27 +4,36 @@
 Building OpenSSL for Windows CE requires the following external tools:
-  * Microsoft eMbedded Visual C++ 3.0
+  * Microsoft eMbedded Visual C++ 3.0 or later
-  * wcecompat compatibility library (www.essemer.com.au)
+  * Appropriate SDK might be required
-  * Optionally ceutils for running automated tests (www.essemer.com.au)
+  * Perl for Win32 [commonly recommended ActiveState Perl is available
+    from http://www.activestate.com/Products/ActivePerl/]
- You also need Perl for Win32.  You will need ActiveState Perl, available
- from http://www.activestate.com/ActivePerl.
+  * wcecompat compatibility library available at
+    http://www.essemer.com.au/windowsce/
- Windows CE support in OpenSSL relies on wcecompat and therefore it's
+  * Optionally ceutils for running automated tests (same location)
- appropriate to check http://www.essemer.com.au/windowsce/ for updates in
- case of compilation problems. As for the moment of this writing version
+  _or_
- 1.1 is available and actually required for WCE 4.2 and newer platforms.
- All Windows CE specific issues should be directed to www.essemer.com.au.
+  * PocketConsole driver and PortSDK available at
+    http://www.symbolictools.de/public/pocketconsole/
- The C Runtime Library implementation for Windows CE that is included with
+  * CMD command interpreter (same location)
- Microsoft eMbedded Visual C++ 3.0 is incomplete and in some places
- incorrect.  wcecompat plugs the holes and tries to bring the Windows CE
+ As Windows CE support in OpenSSL relies on 3rd party compatibility
- CRT to a level that is more compatible with ANSI C.  wcecompat goes further
+ library, it's appropriate to check corresponding URL for updates. For
- and provides low-level IO and stream IO support for stdin/stdout/stderr
+ example if you choose wcecompat, note that as for the moment of this
- (which Windows CE does not provide).  This IO functionality is not needed
+ writing version 1.2 is available and actually required for WCE 4.2
- by the OpenSSL library itself but is used for the tests and openssl.exe.
+ and newer platforms. All wcecompat issues should be directed to
- More information is available at www.essemer.com.au.
+ www.essemer.com.au.
+ Why compatibility library at all? The C Runtime Library implementation
+ for Windows CE that is included with Microsoft eMbedded Visual C++ is
+ incomplete and in some places incorrect.  Compatibility library plugs
+ the holes and tries to bring the Windows CE CRT to [more] usable level.
+ Most gaping hole in CRT is support for stdin/stdout/stderr IO, which
+ proposed compatibility libraries solve in two different ways: wcecompat
+ redirects IO to active sync link, while PortSDK - to NT-like console
+ driver on the handheld itself.
 Building
 --------
@@ -34,9 +43,21 @@
 > "C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEARM.BAT"
- Next indicate where wcecompat is located:
+ Next pick compatibility library according to your preferences.
- > set WCECOMPAT=C:\wcecompat
+ 1. To choose wcecompat set up WCECOMPAT environment variable pointing
+    at the location of wcecompat tree "root":
+    > set WCECOMPAT=C:\wcecompat
+    > set PORTSDK_LIBPATH=
+ 2. To choose PortSDK set up PORTSDK_LIBPATH to point at hardware-
+    specific location where your portlib.lib is installed:
+    > set PORTSDK_LIBPATH=C:\PortSDK\lib\ARM
+    > set WCECOMPAT=
+ Note that you may not set both variables.
 Next you should run Configure:
@@ -52,16 +73,16 @@
 Then from the VC++ environment at a prompt do:
- - to build static libraries:
+   > nmake -f ms\cedll.mak
-   > nmake -f ms\ce.mak
+ [note that static builds are not supported under CE]
- - or to build DLLs:
+ If all is well it should compile and you will have some DLLs and executables
+ in out32dll*. 
-   > nmake -f ms\cedll.mak
+ <<< everyting below needs revision in respect to wcecompat vs. PortSDK >>>
- If all is well it should compile and you will have some static libraries and
+ If you want
- executables in out32, or some DLLs and executables in out32dll.  If you want
 to try the tests then make sure the ceutils are in the path and do:
 
 > cd out32
diff --git a/src/lib/libssl/src/Makefile b/src/lib/libssl/src/Makefile
index 57d742e4d4..47bb99c40b 100644
--- a/src/lib/libssl/src/Makefile
+++ b/src/lib/libssl/src/Makefile
@@ -4,16 +4,16 @@
 ## Makefile for OpenSSL
 ##
-VERSION=0.9.8k
+VERSION=1.0.0a
-MAJOR=0
+MAJOR=1
-MINOR=9.8
+MINOR=0.0
-SHLIB_VERSION_NUMBER=0.9.8
+SHLIB_VERSION_NUMBER=1.0.0
 SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=0
+SHLIB_MAJOR=1
-SHLIB_MINOR=9.8
+SHLIB_MINOR=0.0
 SHLIB_EXT=
 PLATFORM=dist
-OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic
+OPTIONS= no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-shared no-store no-zlib no-zlib-dynamic static-engine
 CONFIGURE_ARGS=dist
 SHLIB_TARGET=
@@ -61,18 +61,19 @@ OPENSSLDIR=/usr/local/ssl
 CC= cc
 CFLAG= -O
-DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED
+DEPFLAG= -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE
 PEX_LIBS= 
 EX_LIBS= 
 EXE_EXT= 
 ARFLAGS= 
-AR=ar $(ARFLAGS) r
+AR= ar $(ARFLAGS) r
-ARD=ar $(ARFLAGS) d
 RANLIB= /usr/bin/ranlib
+NM= nm
 PERL= /usr/bin/perl
 TAR= tar
 TARFLAGS= --no-recursion
 MAKEDEPPROG=makedepend
+LIBDIR=lib
 # We let the C compiler driver to take care of .s files. This is done in
 # order to be excused from maintaining a separate set of architecture
@@ -87,10 +88,10 @@ ASFLAG=$(CFLAG)
 PROCESSOR= 
 # CPUID module collects small commonly used assembler snippets
-CPUID_OBJ= 
+CPUID_OBJ= mem_clr.o
 BN_ASM= bn_asm.o
 DES_ENC= des_enc.o fcrypt_b.o
-AES_ASM_OBJ= aes_core.o aes_cbc.o
+AES_ENC= aes_core.o aes_cbc.o
 BF_ENC= bf_enc.o
 CAST_ENC= c_enc.o
 RC4_ENC= rc4_enc.o rc4_skey.o
@@ -98,6 +99,9 @@ RC5_ENC= rc5_enc.o
 MD5_ASM_OBJ= 
 SHA1_ASM_OBJ= 
 RMD160_ASM_OBJ= 
+WP_ASM_OBJ= wp_block.o
+CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o
+PERLASM_SCHEME= 
 # KRB5 stuff
 KRB5_INCLUDES=
@@ -107,44 +111,19 @@ LIBKRB5=
 ZLIB_INCLUDE=
 LIBZLIB=
-# This is the location of fipscanister.o and friends.
-# The FIPS module build will place it $(INSTALLTOP)/lib
-# but since $(INSTALLTOP) can only take the default value
-# when the module is built it will be in /usr/local/ssl/lib
-# $(INSTALLTOP) for this build make be different so hard
-# code the path.
-FIPSLIBDIR=/usr/local/ssl/fips-1.0/lib/
-# This is set to "y" if fipscanister.o is compiled internally as
-# opposed to coming from an external validated location.
-FIPSCANISTERINTERNAL=n
-# The location of the library which contains fipscanister.o
-# normally it will be libcrypto unless fipsdso is set in which
-# case it will be libfips. If not compiling in FIPS mode at all
-# this is empty making it a useful test for a FIPS compile.
-FIPSCANLIB=
-# Shared library base address. Currently only used on Windows.
-#
-BASEADDR=0xFB00000
 DIRS=   crypto ssl engines apps test tools
+ENGDIRS= ccgost
 SHLIBDIRS= crypto ssl
 # dirs in crypto to build
 SDIRS=  \
        objects \
-        md2 md4 md5 sha hmac ripemd \
+        md4 md5 sha mdc2 hmac ripemd whrlpool \
-        des aes rc2 rc4 idea bf cast \
+        des aes rc2 rc4 idea bf cast camellia seed modes \
        bn ec rsa dsa ecdsa dh ecdh dso engine \
        buffer bio stack lhash rand err \
        evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-        store pqueue
+        cms pqueue ts
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
@@ -158,6 +137,8 @@ MANDIR=$(OPENSSLDIR)/man
 MAN1=1
 MAN3=3
 MANSUFFIX=
+HTMLSUFFIX=html
+HTMLDIR=$(OPENSSLDIR)/html
 SHELL=/bin/sh
 TOP=    .
@@ -167,7 +148,6 @@ WDIRS=  windows
 LIBS=   libcrypto.a libssl.a
 SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_FIPS=
 SHARED_LIBS=
 SHARED_LIBS_LINK_EXTS=
 SHARED_LDFLAGS=
@@ -198,33 +178,35 @@ CLEARENV=	TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}	\
                $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}     \
                $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
-BUILDENV=       PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
+BUILDENV=       PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
-                CC='${CC}' CFLAG='${CFLAG}'                     \
+                CC='$(CC)' CFLAG='$(CFLAG)'                     \
-                AS='${CC}' ASFLAG='${CFLAG} -c'                 \
+                AS='$(CC)' ASFLAG='$(CFLAG) -c'                 \
-                AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}'    \
+                AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'        \
-                SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib'   \
+                CROSS_COMPILE='$(CROSS_COMPILE)'        \
-                INSTALL_PREFIX='${INSTALL_PREFIX}'              \
+                PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'             \
-                INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}'   \
+                SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)'     \
-                MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
+                INSTALL_PREFIX='$(INSTALL_PREFIX)'              \
-                DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}'    \
+                INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)'   \
-                MAKEDEPPROG='${MAKEDEPPROG}'                    \
+                LIBDIR='$(LIBDIR)'                              \
-                SHARED_LDFLAGS='${SHARED_LDFLAGS}'              \
+                MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
-                KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}'   \
+                DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)'    \
-                EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}'       \
+                MAKEDEPPROG='$(MAKEDEPPROG)'                    \
-                SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
+                SHARED_LDFLAGS='$(SHARED_LDFLAGS)'              \
-                PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}'     \
+                KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)'   \
-                CPUID_OBJ='${CPUID_OBJ}'                        \
+                ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)'     \
-                BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}'         \
+                EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)'       \
-                AES_ASM_OBJ='${AES_ASM_OBJ}'                    \
+                SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
-                BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}'       \
+                PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)'     \
-                RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}'       \
+                CPUID_OBJ='$(CPUID_OBJ)'                        \
-                SHA1_ASM_OBJ='${SHA1_ASM_OBJ}'                  \
+                BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)'         \
-                MD5_ASM_OBJ='${MD5_ASM_OBJ}'                    \
+                AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)'     \
-                RMD160_ASM_OBJ='${RMD160_ASM_OBJ}'              \
+                BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)'       \
-                FIPSLIBDIR='${FIPSLIBDIR}'                      \
+                RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)'       \
-                FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"      \
+                SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)'                  \
-                FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}'  \
+                MD5_ASM_OBJ='$(MD5_ASM_OBJ)'                    \
-                FIPS_EX_OBJ='${FIPS_EX_OBJ}'    \
+                RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)'              \
+                WP_ASM_OBJ='$(WP_ASM_OBJ)'                      \
+                PERLASM_SCHEME='$(PERLASM_SCHEME)'              \
                THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
 # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
 # which in turn eliminates ambiguities in variable treatment with -e.
@@ -243,98 +225,26 @@ BUILDENV=	PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
 # subdirectories defined in $(DIRS).  It requires that the target
 # is given through the shell variable `target'.
 BUILD_CMD=  if [ -d "$$dir" ]; then \
-            (   [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \
+            (   cd $$dir && echo "making $$target in $$dir..." && \
-                cd $$dir && echo "making $$target in $$dir..." && \
                $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
            ) || exit 1; \
            fi
 RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
 BUILD_ONE_CMD=\
-        if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
+        if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
                $(BUILD_CMD); \
        fi
 reflect:
        @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
-        ../crypto/aes/aes_ecb.o \
-        ../crypto/aes/aes_ofb.o \
-        ../crypto/bn/bn_add.o \
-        ../crypto/bn/bn_blind.o \
-        ../crypto/bn/bn_ctx.o \
-        ../crypto/bn/bn_div.o \
-        ../crypto/bn/bn_exp2.o \
-        ../crypto/bn/bn_exp.o \
-        ../crypto/bn/bn_gcd.o \
-        ../crypto/bn/bn_lib.o \
-        ../crypto/bn/bn_mod.o \
-        ../crypto/bn/bn_mont.o \
-        ../crypto/bn/bn_mul.o \
-        ../crypto/bn/bn_prime.o \
-        ../crypto/bn/bn_rand.o \
-        ../crypto/bn/bn_recp.o \
-        ../crypto/bn/bn_shift.o \
-        ../crypto/bn/bn_sqr.o \
-        ../crypto/bn/bn_word.o \
-        ../crypto/bn/bn_x931p.o \
-        ../crypto/buffer/buf_str.o \
-        ../crypto/cryptlib.o \
-        ../crypto/des/cfb64ede.o \
-        ../crypto/des/cfb64enc.o \
-        ../crypto/des/cfb_enc.o \
-        ../crypto/des/ecb3_enc.o \
-        ../crypto/des/ecb_enc.o \
-        ../crypto/des/ofb64ede.o \
-        ../crypto/des/ofb64enc.o \
-        ../crypto/des/fcrypt.o \
-        ../crypto/des/set_key.o \
-        ../crypto/dsa/dsa_utl.o \
-        ../crypto/dsa/dsa_sign.o \
-        ../crypto/dsa/dsa_vrf.o \
-        ../crypto/err/err.o \
-        ../crypto/evp/digest.o \
-        ../crypto/evp/enc_min.o \
-        ../crypto/evp/e_aes.o \
-        ../crypto/evp/e_des3.o \
-        ../crypto/evp/p_sign.o \
-        ../crypto/evp/p_verify.o \
-        ../crypto/mem_clr.o \
-        ../crypto/mem.o \
-        ../crypto/rand/md_rand.o \
-        ../crypto/rand/rand_egd.o \
-        ../crypto/rand/randfile.o \
-        ../crypto/rand/rand_lib.o \
-        ../crypto/rand/rand_os2.o \
-        ../crypto/rand/rand_unix.o \
-        ../crypto/rand/rand_win.o \
-        ../crypto/rsa/rsa_lib.o \
-        ../crypto/rsa/rsa_none.o \
-        ../crypto/rsa/rsa_oaep.o \
-        ../crypto/rsa/rsa_pk1.o \
-        ../crypto/rsa/rsa_pss.o \
-        ../crypto/rsa/rsa_ssl.o \
-        ../crypto/rsa/rsa_x931.o \
-        ../crypto/sha/sha1dgst.o \
-        ../crypto/sha/sha256.o \
-        ../crypto/sha/sha512.o \
-        ../crypto/uid.o
 sub_all: build_all
 build_all: build_libs build_apps build_tests build_tools
-build_libs: build_crypto build_fips build_ssl build_shared build_engines
+build_libs: build_crypto build_ssl build_engines
 build_crypto:
-        if [ -n "$(FIPSCANLIB)" ]; then \
+        @dir=crypto; target=all; $(BUILD_ONE_CMD)
-                EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
-                ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
-        else \
-                ARX='${AR}' ; \
-        fi ; export ARX ; \
-                dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_fips:
-        @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
 build_ssl:
        @dir=ssl; target=all; $(BUILD_ONE_CMD)
 build_engines:
@@ -350,20 +260,9 @@ all_testapps: build_libs build_testapps
 build_testapps:
        @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-build_shared:   $(SHARED_LIBS)
+libcrypto$(SHLIB_EXT): libcrypto.a
-libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
        @if [ "$(SHLIB_TARGET)" != "" ]; then \
-                if [ "$(FIPSCANLIB)" = "libfips" ]; then \
+                $(MAKE) SHLIBDIRS=crypto build-shared; \
-                        $(ARD) libcrypto.a fipscanister.o ; \
-                        $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
-                        $(AR) libcrypto.a fips/fipscanister.o ; \
-                else \
-                        if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
-                                FIPSLD_CC=$(CC); CC=fips/fipsld; \
-                                export CC FIPSLD_CC; \
-                        fi; \
-                        $(MAKE) -e SHLIBDIRS='crypto' build-shared; \
-                fi \
        else \
                echo "There's no support for shared libraries on this platform" >&2; \
                exit 1; \
@@ -371,32 +270,12 @@ libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
 libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
        @if [ "$(SHLIB_TARGET)" != "" ]; then \
-                shlibdeps=-lcrypto; \
+                $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-                [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
-                $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
-        else \
-                echo "There's no support for shared libraries on this platform" >&2 ; \
-                exit 1; \
-        fi
-fips/fipscanister.o:    build_fips
-libfips$(SHLIB_EXT):            fips/fipscanister.o
-        @if [ "$(SHLIB_TARGET)" != "" ]; then \
-                FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \
-                $(MAKE) -f Makefile.shared -e $(BUILDENV) \
-                        CC=$${CC} LIBNAME=fips THIS=$@ \
-                        LIBEXTRAS=fips/fipscanister.o \
-                        LIBDEPS="$(EX_LIBS)" \
-                        LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
-                        link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
        else \
                echo "There's no support for shared libraries on this platform" >&2; \
                exit 1; \
        fi
-libfips.a:
-        dir=fips; target=all; $(BUILD_ONE_CMD)
 clean-shared:
        @set -e; for i in $(SHLIBDIRS); do \
                if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
@@ -412,10 +291,10 @@ clean-shared:
        done
 link-shared:
-        @ set -e; for i in ${SHLIBDIRS}; do \
+        @ set -e; for i in $(SHLIBDIRS); do \
                $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
-                        LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+                        LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-                        LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+                        LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
                        symlink.$(SHLIB_TARGET); \
                libs="$$libs -l$$i"; \
        done
@@ -423,13 +302,13 @@ link-shared:
 build-shared: do_$(SHLIB_TARGET) link-shared
 do_$(SHLIB_TARGET):
-        @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+        @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
-                if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+                if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
                        libs="$(LIBKRB5) $$libs"; \
                fi; \
                $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
-                        LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+                        LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-                        LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+                        LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
                        LIBDEPS="$$libs $(EX_LIBS)" \
                        link_a.$(SHLIB_TARGET); \
                libs="-l$$i $$libs"; \
@@ -438,7 +317,7 @@ do_$(SHLIB_TARGET):
 libcrypto.pc: Makefile
        @ ( echo 'prefix=$(INSTALLTOP)'; \
            echo 'exec_prefix=$${prefix}'; \
-            echo 'libdir=$${exec_prefix}/lib'; \
+            echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
            echo 'includedir=$${prefix}/include'; \
            echo ''; \
            echo 'Name: OpenSSL-libcrypto'; \
@@ -451,7 +330,7 @@ libcrypto.pc: Makefile
 libssl.pc: Makefile
        @ ( echo 'prefix=$(INSTALLTOP)'; \
            echo 'exec_prefix=$${prefix}'; \
-            echo 'libdir=$${exec_prefix}/lib'; \
+            echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
            echo 'includedir=$${prefix}/include'; \
            echo ''; \
            echo 'Name: OpenSSL'; \
@@ -464,7 +343,7 @@ libssl.pc: Makefile
 openssl.pc: Makefile
        @ ( echo 'prefix=$(INSTALLTOP)'; \
            echo 'exec_prefix=$${prefix}'; \
-            echo 'libdir=$${exec_prefix}/lib'; \
+            echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
            echo 'includedir=$${prefix}/include'; \
            echo ''; \
            echo 'Name: OpenSSL'; \
@@ -506,32 +385,32 @@ links:
        @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
        @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
        @set -e; target=links; $(RECURSIVE_BUILD_CMD)
-        @if [ -z "$(FIPSCANLIB)" ]; then \
-                set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
-        fi
 gentests:
        @(cd test && echo "generating dummy tests (if needed)..." && \
-        $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+        $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
 dclean:
-        rm -f *.bak
+        rm -rf *.bak include/openssl certs/.0
        @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
 rehash: rehash.time
-rehash.time: certs
+rehash.time: certs apps
-        @(OPENSSL="`pwd`/util/opensslwrap.sh"; \
+        @if [ -z "$(CROSS_COMPILE)" ]; then \
-          OPENSSL_DEBUG_MEMORY=on; \
+                (OPENSSL="`pwd`/util/opensslwrap.sh"; \
-          export OPENSSL OPENSSL_DEBUG_MEMORY; \
+                [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
-          $(PERL) tools/c_rehash certs)
+                OPENSSL_DEBUG_MEMORY=on; \
-        touch rehash.time
+                export OPENSSL OPENSSL_DEBUG_MEMORY; \
+                $(PERL) tools/c_rehash certs) && \
+                touch rehash.time; \
+        else :; fi
 test:   tests
 tests: rehash
        @(cd test && echo "testing..." && \
-        $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+        $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
-        util/opensslwrap.sh version -a
+        OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
 report:
        @$(PERL) util/selftest.pl
@@ -564,6 +443,8 @@ crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
        $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
 crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
        $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
+        $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
 apps/openssl-vms.cnf: apps/openssl.cnf
        $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
@@ -576,7 +457,7 @@ TABLE: Configure
        (echo 'Output of `Configure TABLE'"':"; \
        $(PERL) Configure TABLE) > TABLE
-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
@@ -607,8 +488,8 @@ tar-snap:
 dist:   
        $(PERL) Configure dist
        @$(MAKE) dist_pem_h
-        @$(MAKE) SDIRS='${SDIRS}' clean
+        @$(MAKE) SDIRS='$(SDIRS)' clean
-        @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+        @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
 dist_pem_h:
        (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
@@ -617,9 +498,9 @@ install: all install_docs install_sw
 install_sw:
        @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-                $(INSTALL_PREFIX)$(INSTALLTOP)/lib \
+                $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-                $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
+                $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-                $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
+                $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
                $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
                $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
                $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
@@ -634,10 +515,10 @@ install_sw:
        do \
                if [ -f "$$i" ]; then \
                (       echo installing $$i; \
-                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-                        $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+                        $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-                        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+                        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
                fi; \
        done;
        @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
@@ -647,22 +528,32 @@ install_sw:
                        if [ -f "$$i" -o -f "$$i.a" ]; then \
                        (       echo installing $$i; \
                                if [ "$(PLATFORM)" != "Cygwin" ]; then \
-                                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+                                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-                                        chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+                                        chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-                                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+                                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
                                else \
                                        c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
                                        cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
                                        chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
                                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-                                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+                                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-                                        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+                                        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-                                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+                                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
                                fi ); \
+                                if expr $(PLATFORM) : 'mingw' > /dev/null; then \
+                                (       case $$i in \
+                                                *crypto*) i=libeay32.dll;; \
+                                                *ssl*)    i=ssleay32.dll;; \
+                                        esac; \
+                                        echo installing $$i; \
+                                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+                                        chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+                                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+                                fi; \
                        fi; \
                done; \
                (       here="`pwd`"; \
-                        cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+                        cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
                        $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
                if [ "$(INSTALLTOP)" != "/usr" ]; then \
                        echo 'OpenSSL shared libraries have been installed in:'; \
@@ -671,12 +562,33 @@ install_sw:
                        sed -e '1,/^$$/d' doc/openssl-shared.txt; \
                fi; \
        fi
-        cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+        cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
-        cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+        cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
-        cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+        cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
+install_html_docs:
+        here="`pwd`"; \
+        for subdir in apps crypto ssl; do \
+                mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
+                for i in doc/$$subdir/*.pod; do \
+                        fn=`basename $$i .pod`; \
+                        echo "installing html/$$fn.$(HTMLSUFFIX)"; \
+                        cat $$i \
+                        | sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
+                        | pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
+                        | sed -r 's/<!DOCTYPE.*//g' \
+                        > $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
+                        $(PERL) util/extract-names.pl < $$i | \
+                                grep -v $$filecase "^$$fn\$$" | \
+                                (cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
+                                 while read n; do \
+                                        PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
+                                 done); \
+                done; \
+        done
 install_docs:
        @$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -684,7 +596,7 @@ install_docs:
                $(INSTALL_PREFIX)$(MANDIR)/man3 \
                $(INSTALL_PREFIX)$(MANDIR)/man5 \
                $(INSTALL_PREFIX)$(MANDIR)/man7
-        @pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+        @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
        here="`pwd`"; \
        filecase=; \
        if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
@@ -704,7 +616,7 @@ install_docs:
                        (grep -v "[     ]"; true) | \
                        (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
                         while read n; do \
-                                $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+                                PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
                         done); \
        done; \
        set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
@@ -721,7 +633,7 @@ install_docs:
                        (grep -v "[     ]"; true) | \
                        (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
                         while read n; do \
-                                $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+                                PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
                         done); \
        done
diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org
index d1b56b2f58..fb0af7ecc2 100644
--- a/src/lib/libssl/src/Makefile.org
+++ b/src/lib/libssl/src/Makefile.org
@@ -65,12 +65,13 @@ EX_LIBS=
 EXE_EXT= 
 ARFLAGS=
 AR=ar $(ARFLAGS) r
-ARD=ar $(ARFLAGS) d
 RANLIB= ranlib
+NM= nm
 PERL= perl
 TAR= tar
 TARFLAGS= --no-recursion
 MAKEDEPPROG=makedepend
+LIBDIR=lib
 # We let the C compiler driver to take care of .s files. This is done in
 # order to be excused from maintaining a separate set of architecture
@@ -88,7 +89,7 @@ PROCESSOR=
 CPUID_OBJ= 
 BN_ASM= bn_asm.o
 DES_ENC= des_enc.o fcrypt_b.o
-AES_ASM_OBJ=aes_core.o aes_cbc.o
+AES_ENC= aes_core.o aes_cbc.o
 BF_ENC= bf_enc.o
 CAST_ENC= c_enc.o
 RC4_ENC= rc4_enc.o
@@ -96,6 +97,9 @@ RC5_ENC= rc5_enc.o
 MD5_ASM_OBJ= 
 SHA1_ASM_OBJ= 
 RMD160_ASM_OBJ= 
+WP_ASM_OBJ=
+CMLL_ENC=
+PERLASM_SCHEME=
 # KRB5 stuff
 KRB5_INCLUDES=
@@ -105,44 +109,19 @@ LIBKRB5=
 ZLIB_INCLUDE=
 LIBZLIB=
-# This is the location of fipscanister.o and friends.
+DIRS=   crypto ssl engines apps test tools
-# The FIPS module build will place it $(INSTALLTOP)/lib
+ENGDIRS= ccgost
-# but since $(INSTALLTOP) can only take the default value
+SHLIBDIRS= crypto ssl
-# when the module is built it will be in /usr/local/ssl/lib
-# $(INSTALLTOP) for this build make be different so hard
-# code the path.
-FIPSLIBDIR=/usr/local/ssl/lib/
-# This is set to "y" if fipscanister.o is compiled internally as
-# opposed to coming from an external validated location.
-FIPSCANISTERINTERNAL=n
-# The location of the library which contains fipscanister.o
-# normally it will be libcrypto unless fipsdso is set in which
-# case it will be libfips. If not compiling in FIPS mode at all
-# this is empty making it a useful test for a FIPS compile.
-FIPSCANLIB=
-# Shared library base address. Currently only used on Windows.
-#
-BASEADDR=
-DIRS=   crypto fips ssl engines apps test tools
-SHLIBDIRS= crypto ssl fips
 # dirs in crypto to build
 SDIRS=  \
        objects \
-        md2 md4 md5 sha mdc2 hmac ripemd \
+        md2 md4 md5 sha mdc2 hmac ripemd whrlpool \
-        des aes rc2 rc4 rc5 idea bf cast camellia seed \
+        des aes rc2 rc4 rc5 idea bf cast camellia seed modes \
        bn ec rsa dsa ecdsa dh ecdh dso engine \
        buffer bio stack lhash rand err \
        evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-        store cms pqueue jpake
+        cms pqueue ts jpake store
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
@@ -156,6 +135,8 @@ MANDIR=$(OPENSSLDIR)/man
 MAN1=1
 MAN3=3
 MANSUFFIX=
+HTMLSUFFIX=html
+HTMLDIR=$(OPENSSLDIR)/html
 SHELL=/bin/sh
 TOP=    .
@@ -165,7 +146,6 @@ WDIRS=  windows
 LIBS=   libcrypto.a libssl.a
 SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_FIPS=
 SHARED_LIBS=
 SHARED_LIBS_LINK_EXTS=
 SHARED_LDFLAGS=
@@ -196,33 +176,35 @@ CLEARENV=	TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}	\
                $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}     \
                $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
-BUILDENV=       PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
+BUILDENV=       PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
-                CC='${CC}' CFLAG='${CFLAG}'                     \
+                CC='$(CC)' CFLAG='$(CFLAG)'                     \
-                AS='${CC}' ASFLAG='${CFLAG} -c'                 \
+                AS='$(CC)' ASFLAG='$(CFLAG) -c'                 \
-                AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}'    \
+                AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'        \
-                SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib'   \
+                CROSS_COMPILE='$(CROSS_COMPILE)'        \
-                INSTALL_PREFIX='${INSTALL_PREFIX}'              \
+                PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'             \
-                INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}'   \
+                SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)'     \
-                MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
+                INSTALL_PREFIX='$(INSTALL_PREFIX)'              \
-                DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}'    \
+                INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)'   \
-                MAKEDEPPROG='${MAKEDEPPROG}'                    \
+                LIBDIR='$(LIBDIR)'                              \
-                SHARED_LDFLAGS='${SHARED_LDFLAGS}'              \
+                MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
-                KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}'   \
+                DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)'    \
-                EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}'       \
+                MAKEDEPPROG='$(MAKEDEPPROG)'                    \
-                SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
+                SHARED_LDFLAGS='$(SHARED_LDFLAGS)'              \
-                PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}'     \
+                KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)'   \
-                CPUID_OBJ='${CPUID_OBJ}'                        \
+                ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)'     \
-                BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}'         \
+                EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)'       \
-                AES_ASM_OBJ='${AES_ASM_OBJ}'                    \
+                SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
-                BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}'       \
+                PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)'     \
-                RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}'       \
+                CPUID_OBJ='$(CPUID_OBJ)'                        \
-                SHA1_ASM_OBJ='${SHA1_ASM_OBJ}'                  \
+                BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)'         \
-                MD5_ASM_OBJ='${MD5_ASM_OBJ}'                    \
+                AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)'     \
-                RMD160_ASM_OBJ='${RMD160_ASM_OBJ}'              \
+                BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)'       \
-                FIPSLIBDIR='${FIPSLIBDIR}'                      \
+                RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)'       \
-                FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"      \
+                SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)'                  \
-                FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}'  \
+                MD5_ASM_OBJ='$(MD5_ASM_OBJ)'                    \
-                FIPS_EX_OBJ='${FIPS_EX_OBJ}'    \
+                RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)'              \
+                WP_ASM_OBJ='$(WP_ASM_OBJ)'                      \
+                PERLASM_SCHEME='$(PERLASM_SCHEME)'              \
                THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
 # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
 # which in turn eliminates ambiguities in variable treatment with -e.
@@ -241,98 +223,26 @@ BUILDENV=	PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
 # subdirectories defined in $(DIRS).  It requires that the target
 # is given through the shell variable `target'.
 BUILD_CMD=  if [ -d "$$dir" ]; then \
-            (   [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \
+            (   cd $$dir && echo "making $$target in $$dir..." && \
-                cd $$dir && echo "making $$target in $$dir..." && \
                $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
            ) || exit 1; \
            fi
 RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
 BUILD_ONE_CMD=\
-        if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
+        if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
                $(BUILD_CMD); \
        fi
 reflect:
        @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
-        ../crypto/aes/aes_ecb.o \
-        ../crypto/aes/aes_ofb.o \
-        ../crypto/bn/bn_add.o \
-        ../crypto/bn/bn_blind.o \
-        ../crypto/bn/bn_ctx.o \
-        ../crypto/bn/bn_div.o \
-        ../crypto/bn/bn_exp2.o \
-        ../crypto/bn/bn_exp.o \
-        ../crypto/bn/bn_gcd.o \
-        ../crypto/bn/bn_lib.o \
-        ../crypto/bn/bn_mod.o \
-        ../crypto/bn/bn_mont.o \
-        ../crypto/bn/bn_mul.o \
-        ../crypto/bn/bn_prime.o \
-        ../crypto/bn/bn_rand.o \
-        ../crypto/bn/bn_recp.o \
-        ../crypto/bn/bn_shift.o \
-        ../crypto/bn/bn_sqr.o \
-        ../crypto/bn/bn_word.o \
-        ../crypto/bn/bn_x931p.o \
-        ../crypto/buffer/buf_str.o \
-        ../crypto/cryptlib.o \
-        ../crypto/des/cfb64ede.o \
-        ../crypto/des/cfb64enc.o \
-        ../crypto/des/cfb_enc.o \
-        ../crypto/des/ecb3_enc.o \
-        ../crypto/des/ecb_enc.o \
-        ../crypto/des/ofb64ede.o \
-        ../crypto/des/ofb64enc.o \
-        ../crypto/des/fcrypt.o \
-        ../crypto/des/set_key.o \
-        ../crypto/dsa/dsa_utl.o \
-        ../crypto/dsa/dsa_sign.o \
-        ../crypto/dsa/dsa_vrf.o \
-        ../crypto/err/err.o \
-        ../crypto/evp/digest.o \
-        ../crypto/evp/enc_min.o \
-        ../crypto/evp/e_aes.o \
-        ../crypto/evp/e_des3.o \
-        ../crypto/evp/p_sign.o \
-        ../crypto/evp/p_verify.o \
-        ../crypto/mem_clr.o \
-        ../crypto/mem.o \
-        ../crypto/rand/md_rand.o \
-        ../crypto/rand/rand_egd.o \
-        ../crypto/rand/randfile.o \
-        ../crypto/rand/rand_lib.o \
-        ../crypto/rand/rand_os2.o \
-        ../crypto/rand/rand_unix.o \
-        ../crypto/rand/rand_win.o \
-        ../crypto/rsa/rsa_lib.o \
-        ../crypto/rsa/rsa_none.o \
-        ../crypto/rsa/rsa_oaep.o \
-        ../crypto/rsa/rsa_pk1.o \
-        ../crypto/rsa/rsa_pss.o \
-        ../crypto/rsa/rsa_ssl.o \
-        ../crypto/rsa/rsa_x931.o \
-        ../crypto/sha/sha1dgst.o \
-        ../crypto/sha/sha256.o \
-        ../crypto/sha/sha512.o \
-        ../crypto/uid.o
 sub_all: build_all
 build_all: build_libs build_apps build_tests build_tools
-build_libs: build_crypto build_fips build_ssl build_shared build_engines
+build_libs: build_crypto build_ssl build_engines
 build_crypto:
-        if [ -n "$(FIPSCANLIB)" ]; then \
+        @dir=crypto; target=all; $(BUILD_ONE_CMD)
-                EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
-                ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
-        else \
-                ARX='${AR}' ; \
-        fi ; export ARX ; \
-                dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_fips:
-        @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
 build_ssl:
        @dir=ssl; target=all; $(BUILD_ONE_CMD)
 build_engines:
@@ -348,20 +258,9 @@ all_testapps: build_libs build_testapps
 build_testapps:
        @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-build_shared:   $(SHARED_LIBS)
+libcrypto$(SHLIB_EXT): libcrypto.a
-libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
        @if [ "$(SHLIB_TARGET)" != "" ]; then \
-                if [ "$(FIPSCANLIB)" = "libfips" ]; then \
+                $(MAKE) SHLIBDIRS=crypto build-shared; \
-                        $(ARD) libcrypto.a fipscanister.o ; \
-                        $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
-                        $(AR) libcrypto.a fips/fipscanister.o ; \
-                else \
-                        if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
-                                FIPSLD_CC=$(CC); CC=fips/fipsld; \
-                                export CC FIPSLD_CC; \
-                        fi; \
-                        $(MAKE) -e SHLIBDIRS='crypto' build-shared; \
-                fi \
        else \
                echo "There's no support for shared libraries on this platform" >&2; \
                exit 1; \
@@ -369,32 +268,12 @@ libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
 libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
        @if [ "$(SHLIB_TARGET)" != "" ]; then \
-                shlibdeps=-lcrypto; \
+                $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-                [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
-                $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
-        else \
-                echo "There's no support for shared libraries on this platform" >&2 ; \
-                exit 1; \
-        fi
-fips/fipscanister.o:    build_fips
-libfips$(SHLIB_EXT):            fips/fipscanister.o
-        @if [ "$(SHLIB_TARGET)" != "" ]; then \
-                FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \
-                $(MAKE) -f Makefile.shared -e $(BUILDENV) \
-                        CC=$${CC} LIBNAME=fips THIS=$@ \
-                        LIBEXTRAS=fips/fipscanister.o \
-                        LIBDEPS="$(EX_LIBS)" \
-                        LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
-                        link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
        else \
                echo "There's no support for shared libraries on this platform" >&2; \
                exit 1; \
        fi
-libfips.a:
-        dir=fips; target=all; $(BUILD_ONE_CMD)
 clean-shared:
        @set -e; for i in $(SHLIBDIRS); do \
                if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
@@ -410,10 +289,10 @@ clean-shared:
        done
 link-shared:
-        @ set -e; for i in ${SHLIBDIRS}; do \
+        @ set -e; for i in $(SHLIBDIRS); do \
                $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
-                        LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+                        LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-                        LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+                        LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
                        symlink.$(SHLIB_TARGET); \
                libs="$$libs -l$$i"; \
        done
@@ -421,13 +300,13 @@ link-shared:
 build-shared: do_$(SHLIB_TARGET) link-shared
 do_$(SHLIB_TARGET):
-        @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+        @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
-                if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+                if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
                        libs="$(LIBKRB5) $$libs"; \
                fi; \
                $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
-                        LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+                        LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-                        LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+                        LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
                        LIBDEPS="$$libs $(EX_LIBS)" \
                        link_a.$(SHLIB_TARGET); \
                libs="-l$$i $$libs"; \
@@ -436,7 +315,7 @@ do_$(SHLIB_TARGET):
 libcrypto.pc: Makefile
        @ ( echo 'prefix=$(INSTALLTOP)'; \
            echo 'exec_prefix=$${prefix}'; \
-            echo 'libdir=$${exec_prefix}/lib'; \
+            echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
            echo 'includedir=$${prefix}/include'; \
            echo ''; \
            echo 'Name: OpenSSL-libcrypto'; \
@@ -449,7 +328,7 @@ libcrypto.pc: Makefile
 libssl.pc: Makefile
        @ ( echo 'prefix=$(INSTALLTOP)'; \
            echo 'exec_prefix=$${prefix}'; \
-            echo 'libdir=$${exec_prefix}/lib'; \
+            echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
            echo 'includedir=$${prefix}/include'; \
            echo ''; \
            echo 'Name: OpenSSL'; \
@@ -462,7 +341,7 @@ libssl.pc: Makefile
 openssl.pc: Makefile
        @ ( echo 'prefix=$(INSTALLTOP)'; \
            echo 'exec_prefix=$${prefix}'; \
-            echo 'libdir=$${exec_prefix}/lib'; \
+            echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
            echo 'includedir=$${prefix}/include'; \
            echo ''; \
            echo 'Name: OpenSSL'; \
@@ -504,32 +383,32 @@ links:
        @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
        @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
        @set -e; target=links; $(RECURSIVE_BUILD_CMD)
-        @if [ -z "$(FIPSCANLIB)" ]; then \
-                set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
-        fi
 gentests:
        @(cd test && echo "generating dummy tests (if needed)..." && \
-        $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+        $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
 dclean:
-        rm -f *.bak
+        rm -rf *.bak include/openssl certs/.0
        @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
 rehash: rehash.time
-rehash.time: certs
+rehash.time: certs apps
-        @(OPENSSL="`pwd`/util/opensslwrap.sh"; \
+        @if [ -z "$(CROSS_COMPILE)" ]; then \
-          OPENSSL_DEBUG_MEMORY=on; \
+                (OPENSSL="`pwd`/util/opensslwrap.sh"; \
-          export OPENSSL OPENSSL_DEBUG_MEMORY; \
+                [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
-          $(PERL) tools/c_rehash certs)
+                OPENSSL_DEBUG_MEMORY=on; \
-        touch rehash.time
+                export OPENSSL OPENSSL_DEBUG_MEMORY; \
+                $(PERL) tools/c_rehash certs) && \
+                touch rehash.time; \
+        else :; fi
 test:   tests
 tests: rehash
        @(cd test && echo "testing..." && \
-        $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+        $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
-        util/opensslwrap.sh version -a
+        OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
 report:
        @$(PERL) util/selftest.pl
@@ -562,6 +441,8 @@ crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
        $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
 crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
        $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
+        $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
 apps/openssl-vms.cnf: apps/openssl.cnf
        $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
@@ -574,7 +455,7 @@ TABLE: Configure
        (echo 'Output of `Configure TABLE'"':"; \
        $(PERL) Configure TABLE) > TABLE
-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
@@ -605,8 +486,8 @@ tar-snap:
 dist:   
        $(PERL) Configure dist
        @$(MAKE) dist_pem_h
-        @$(MAKE) SDIRS='${SDIRS}' clean
+        @$(MAKE) SDIRS='$(SDIRS)' clean
-        @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+        @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
 dist_pem_h:
        (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
@@ -615,9 +496,9 @@ install: all install_docs install_sw
 install_sw:
        @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-                $(INSTALL_PREFIX)$(INSTALLTOP)/lib \
+                $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-                $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
+                $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-                $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
+                $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
                $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
                $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
                $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
@@ -632,10 +513,10 @@ install_sw:
        do \
                if [ -f "$$i" ]; then \
                (       echo installing $$i; \
-                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-                        $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+                        $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-                        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+                        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
                fi; \
        done;
        @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
@@ -645,22 +526,32 @@ install_sw:
                        if [ -f "$$i" -o -f "$$i.a" ]; then \
                        (       echo installing $$i; \
                                if [ "$(PLATFORM)" != "Cygwin" ]; then \
-                                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+                                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-                                        chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+                                        chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-                                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+                                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
                                else \
                                        c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
                                        cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
                                        chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
                                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-                                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+                                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-                                        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+                                        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-                                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+                                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
                                fi ); \
+                                if expr $(PLATFORM) : 'mingw' > /dev/null; then \
+                                (       case $$i in \
+                                                *crypto*) i=libeay32.dll;; \
+                                                *ssl*)    i=ssleay32.dll;; \
+                                        esac; \
+                                        echo installing $$i; \
+                                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+                                        chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+                                        mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+                                fi; \
                        fi; \
                done; \
                (       here="`pwd`"; \
-                        cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+                        cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
                        $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
                if [ "$(INSTALLTOP)" != "/usr" ]; then \
                        echo 'OpenSSL shared libraries have been installed in:'; \
@@ -669,12 +560,33 @@ install_sw:
                        sed -e '1,/^$$/d' doc/openssl-shared.txt; \
                fi; \
        fi
-        cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+        cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
-        cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+        cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
-        cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+        cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
+install_html_docs:
+        here="`pwd`"; \
+        for subdir in apps crypto ssl; do \
+                mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
+                for i in doc/$$subdir/*.pod; do \
+                        fn=`basename $$i .pod`; \
+                        echo "installing html/$$fn.$(HTMLSUFFIX)"; \
+                        cat $$i \
+                        | sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
+                        | pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
+                        | sed -r 's/<!DOCTYPE.*//g' \
+                        > $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
+                        $(PERL) util/extract-names.pl < $$i | \
+                                grep -v $$filecase "^$$fn\$$" | \
+                                (cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
+                                 while read n; do \
+                                        PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
+                                 done); \
+                done; \
+        done
 install_docs:
        @$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -682,7 +594,7 @@ install_docs:
                $(INSTALL_PREFIX)$(MANDIR)/man3 \
                $(INSTALL_PREFIX)$(MANDIR)/man5 \
                $(INSTALL_PREFIX)$(MANDIR)/man7
-        @pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+        @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
        here="`pwd`"; \
        filecase=; \
        if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
@@ -702,7 +614,7 @@ install_docs:
                        (grep -v "[     ]"; true) | \
                        (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
                         while read n; do \
-                                $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+                                PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
                         done); \
        done; \
        set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
@@ -719,7 +631,7 @@ install_docs:
                        (grep -v "[     ]"; true) | \
                        (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
                         while read n; do \
-                                $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+                                PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
                         done); \
        done
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS
index 37156fc593..3a787ea06c 100644
--- a/src/lib/libssl/src/NEWS
+++ b/src/lib/libssl/src/NEWS
@@ -5,6 +5,63 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
+  Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:
+      o Fix for security issue CVE-2010-1633.
+      o GOST MAC and CFB fixes.
+  Major changes between OpenSSL 0.9.8n and OpenSSL 1.0:
+      o RFC3280 path validation: sufficient to process PKITS tests.
+      o Integrated support for PVK files and keyblobs.
+      o Change default private key format to PKCS#8.
+      o CMS support: able to process all examples in RFC4134
+      o Streaming ASN1 encode support for PKCS#7 and CMS.
+      o Multiple signer and signer add support for PKCS#7 and CMS.
+      o ASN1 printing support.
+      o Whirlpool hash algorithm added.
+      o RFC3161 time stamp support.
+      o New generalised public key API supporting ENGINE based algorithms.
+      o New generalised public key API utilities.
+      o New ENGINE supporting GOST algorithms.
+      o SSL/TLS GOST ciphersuite support.
+      o PKCS#7 and CMS GOST support.
+      o RFC4279 PSK ciphersuite support.
+      o Supported points format extension for ECC ciphersuites.
+      o ecdsa-with-SHA224/256/384/512 signature types.
+      o dsa-with-SHA224 and dsa-with-SHA256 signature types.
+      o Opaque PRF Input TLS extension support.
+      o Updated time routines to avoid OS limitations.
+  Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
+      o Fix for security issue CVE-2010-0742.
+      o Various DTLS fixes.
+      o Recognise SHA2 certificates if only SSL algorithms added.
+      o Fix for no-rc4 compilation.
+      o Chil ENGINE unload workaround.
+  Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n:
+      o CFB cipher definition fixes.
+      o Fix security issues CVE-2010-0740 and CVE-2010-0433.
+  Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m:
+      o Cipher definition fixes.
+      o Workaround for slow RAND_poll() on some WIN32 versions.
+      o Remove MD2 from algorithm tables.
+      o SPKAC handling fixes.
+      o Support for RFC5746 TLS renegotiation extension.
+      o Compression memory leak fixed.
+      o Compression session resumption fixed.
+      o Ticket and SNI coexistence fixes.
+      o Many fixes to DTLS handling. 
+  Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l:
+      o Temporary work around for CVE-2009-3555: disable renegotiation.
  Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:
      o Fix various build issues.
@@ -143,6 +200,11 @@
      o Added initial support for Win64.
      o Added alternate pkg-config files.
+  Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m:
+      o FIPS 1.1.1 module linking.
+      o Various ciphersuite selection fixes.
  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
diff --git a/src/lib/libssl/src/Netware/build.bat b/src/lib/libssl/src/Netware/build.bat
index 823134bda1..3125c2a487 100644
--- a/src/lib/libssl/src/Netware/build.bat
+++ b/src/lib/libssl/src/Netware/build.bat
@@ -159,6 +159,8 @@ cd ..\..\..
 echo SHA1
 cd crypto\sha\asm
 perl sha1-586.pl %ASM_MODE% > s1-nw.asm
+perl sha256-586.pl %ASM_MODE% > sha256-nw.asm
+perl sha512-586.pl %ASM_MODE% > sha512-nw.asm
 cd ..\..\..
 echo RIPEMD160
@@ -171,6 +173,11 @@ cd crypto\rc5\asm
 perl rc5-586.pl %ASM_MODE% > r5-nw.asm
 cd ..\..\..
+echo WHIRLPOOL
+cd crypto\whrlpool\asm
+perl wp-mmx.pl %ASM_MODE% > wp-nw.asm
+cd ..\..\..
 echo CPUID
 cd crypto
 perl x86cpuid.pl %ASM_MODE% > x86cpuid-nw.asm
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README
index 99a6a7b4bf..c1d0a5fd52 100644
--- a/src/lib/libssl/src/README
+++ b/src/lib/libssl/src/README
@@ -1,7 +1,7 @@
- OpenSSL 0.9.8k
+ OpenSSL 1.0.0a 1 Jun 2010
- Copyright (c) 1998-2008 The OpenSSL Project
+ Copyright (c) 1998-2010 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.
@@ -112,8 +112,6 @@
 should be contacted if that algorithm is to be used; their web page is
 http://www.ascom.ch/.
- The MDC2 algorithm is patented by IBM.
 NTT and Mitsubishi have patents and pending patents on the Camellia
 algorithm, but allow use at no charge without requiring an explicit
 licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
@@ -139,6 +137,9 @@
 SUPPORT
 -------
+ See the OpenSSL website www.openssl.org for details of how to obtain
+ commercial technical support.
 If you have any problems with OpenSSL then please take the following steps
 first:
@@ -165,6 +166,10 @@
    openssl-bugs@openssl.org
+ Note that the request tracker should NOT be used for general assistance
+ or support queries. Just because something doesn't work the way you expect
+ does not mean it is necessarily a bug in OpenSSL.
 Note that mail to openssl-bugs@openssl.org is recorded in the publicly
 readable request tracker database and is forwarded to a public
 mailing list. Confidential mail may be sent to openssl-security@openssl.org
@@ -175,10 +180,22 @@
 Development is coordinated on the openssl-dev mailing list (see
 http://www.openssl.org for information on subscribing). If you
- would like to submit a patch, send it to openssl-dev@openssl.org with
+ would like to submit a patch, send it to openssl-bugs@openssl.org with
 the string "[PATCH]" in the subject. Please be sure to include a
 textual explanation of what your patch does.
+ If you are unsure as to whether a feature will be useful for the general
+ OpenSSL community please discuss it on the openssl-dev mailing list first.
+ Someone may be already working on the same thing or there may be a good
+ reason as to why that feature isn't implemented.
+ Patches should be as up to date as possible, preferably relative to the
+ current CVS or the last snapshot. They should follow the coding style of
+ OpenSSL and compile without warnings. Some of the core team developer targets
+ can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
+ compiles on many varied platforms: try to ensure you only use portable
+ features.
 Note: For legal reasons, contributions from the US can be accepted only
 if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
 (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
diff --git a/src/lib/libssl/src/VMS/install.com b/src/lib/libssl/src/VMS/install.com
index f62635f24d..9c9c0e1e27 100644
--- a/src/lib/libssl/src/VMS/install.com
+++ b/src/lib/libssl/src/VMS/install.com
@@ -12,6 +12,14 @@ $	    WRITE SYS$OUTPUT "Should be the directory where you want things installed.
 $           EXIT
 $       ENDIF
 $
+$       IF (F$GETSYI("CPU").LT.128)
+$       THEN
+$           ARCH := VAX
+$       ELSE
+$           ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$           IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$       ENDIF
+$
 $       ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
 $       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
 $       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
@@ -19,13 +27,7 @@ $	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
 $       ROOT = ROOT_DEV + "[" + ROOT_DIR
 $
 $       DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$       DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
-$       DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
 $       DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$       DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
-$       DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
-$       DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
-$       DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
 $
 $       IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
           CREATE/DIR/LOG WRK_SSLROOT:[000000]
@@ -39,7 +41,7 @@ $	IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN -
 $
 $       OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
 $       WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
-$       WRITE SF "$! Startup file for Openssl 0.9.2-RL 15-Mar-1999"
+$       WRITE SF "$! Startup file for Openssl"
 $       WRITE SF "$!"
 $       WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
 $       WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
@@ -47,8 +49,13 @@ $	WRITE SF "$!"
 $       WRITE SF "$! P1 a qualifier to DEFINE.  For example ""/SYSTEM"" to get the logical names"
 $       WRITE SF "$!    defined in the system logical name table."
 $       WRITE SF "$!"
-$       WRITE SF "$     ARCH = ""VAX"""
+$       WRITE SF "$     IF (F$GETSYI(""CPU"").LT.128)"
-$       WRITE SF "$     IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA"""
+$       WRITE SF "$     THEN"
+$       WRITE SF "$         ARCH := VAX"
+$       WRITE SF "$     ELSE"
+$       WRITE SF "$         ARCH = F$EDIT( F$GETSYI( ""ARCH_NAME""), ""UPCASE"")"
+$       WRITE SF "$         IF (ARCH .EQS. """") THEN ARCH = ""UNK"""
+$       WRITE SF "$     ENDIF"
 $       WRITE SF "$     DEFINE/NOLOG'P1 SSLROOT         ",ROOT,".] /TRANS=CONC"
 $       WRITE SF "$     DEFINE/NOLOG'P1 SSLLIB          SSLROOT:['ARCH'_LIB]"
 $       WRITE SF "$     DEFINE/NOLOG'P1 SSLINCLUDE      SSLROOT:[INCLUDE]"
diff --git a/src/lib/libssl/src/VMS/mkshared.com b/src/lib/libssl/src/VMS/mkshared.com
index 1356fb9dd7..c8acd2adeb 100644
--- a/src/lib/libssl/src/VMS/mkshared.com
+++ b/src/lib/libssl/src/VMS/mkshared.com
@@ -3,10 +3,10 @@ $!
 $! No command line parameters.  This should be run at the start of the source
 $! tree (the same directory where one finds INSTALL.VMS).
 $!
-$! Input:       [.UTIL]LIBEAY.NUM,[.AXP.EXE.CRYPTO]LIBCRYPTO.OLB
+$! Input:       [.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB
-$!              [.UTIL]SSLEAY.NUM,[.AXP.EXE.SSL]LIBSSL.OLB
+$!              [.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]LIBSSL.OLB
-$! Output:      [.AXP.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE
+$! Output:      [.xxx.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE
-$!              [.AXP.EXE.SSL]LIBSSL.OPT,.MAP,.EXE
+$!              [.xxx.EXE.SSL]LIBSSL.OPT,.MAP,.EXE
 $!
 $! So far, tests have only been made on VMS for Alpha.  VAX will come in time.
 $! ===========================================================================
@@ -19,31 +19,41 @@ $   write sys$error "ERROR: Couldn't find any library version info..."
 $   exit
 $ endif
 $
-$ if f$getsyi("CPU") .ge. 128
+$ if (f$getsyi("cpu").lt.128)
 $ then
+$     arch := VAX
+$ else
+$     arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$     if (arch .eqs. "") then arch = "UNK"
+$ endif
+$
+$ if arch .nes. "VAX"
+$ then
+$   arch_vax = 0
 $   libid  = "Crypto"
 $   libnum = "[.UTIL]LIBEAY.NUM"
-$   libdir = "[.AXP.EXE.CRYPTO]"
+$   libdir = "[.''ARCH'.EXE.CRYPTO]"
 $   libolb = "''libdir'LIBCRYPTO.OLB"
 $   libopt = "''libdir'LIBCRYPTO.OPT"
 $   libmap = "''libdir'LIBCRYPTO.MAP"
 $   libgoal= "''libdir'LIBCRYPTO.EXE"
 $   libref = ""
-$   gosub create_axp_shr
+$   gosub create_nonvax_shr
 $   libid  = "SSL"
 $   libnum = "[.UTIL]SSLEAY.NUM"
-$   libdir = "[.AXP.EXE.SSL]"
+$   libdir = "[.''ARCH'.EXE.SSL]"
 $   libolb = "''libdir'LIBSSL.OLB"
 $   libopt = "''libdir'LIBSSL.OPT"
 $   libmap = "''libdir'LIBSSL.MAP"
 $   libgoal= "''libdir'LIBSSL.EXE"
-$   libref = "[.AXP.EXE.CRYPTO]LIBCRYPTO.EXE"
+$   libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE"
-$   gosub create_axp_shr
+$   gosub create_nonvax_shr
 $ else
+$   arch_vax = 1
 $   libtit = "CRYPTO_TRANSFER_VECTOR"
 $   libid  = "Crypto"
 $   libnum = "[.UTIL]LIBEAY.NUM"
-$   libdir = "[.VAX.EXE.CRYPTO]"
+$   libdir = "[.''ARCH'.EXE.CRYPTO]"
 $   libmar = "''libdir'LIBCRYPTO.MAR"
 $   libolb = "''libdir'LIBCRYPTO.OLB"
 $   libopt = "''libdir'LIBCRYPTO.OPT"
@@ -56,22 +66,22 @@ $   gosub create_vax_shr
 $   libtit = "SSL_TRANSFER_VECTOR"
 $   libid  = "SSL"
 $   libnum = "[.UTIL]SSLEAY.NUM"
-$   libdir = "[.VAX.EXE.SSL]"
+$   libdir = "[.''ARCH'.EXE.SSL]"
 $   libmar = "''libdir'LIBSSL.MAR"
 $   libolb = "''libdir'LIBSSL.OLB"
 $   libopt = "''libdir'LIBSSL.OPT"
 $   libobj = "''libdir'LIBSSL.OBJ"
 $   libmap = "''libdir'LIBSSL.MAP"
 $   libgoal= "''libdir'LIBSSL.EXE"
-$   libref = "[.VAX.EXE.CRYPTO]LIBCRYPTO.EXE"
+$   libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE"
 $   libvec = "LIBSSL"
 $   gosub create_vax_shr
 $ endif
 $ exit
 $
-$! ----- Soubroutines to actually build the shareable libraries
+$! ----- Soubroutines to build the shareable libraries
-$! The way things work, there's a main shareable library creator for each
+$! For each supported architecture, there's a main shareable library
-$! supported architecture, which is called from the main code above.
+$! creator, which is called from the main code above.
 $! The creator will define a number of variables to tell the next levels of
 $! subroutines what routines to use to write to the option files, call the
 $! main processor, read_func_num, and when that is done, it will write version
@@ -97,10 +107,10 @@ $! read_func_num depends on the following variables from the creator:
 $! libwriter    The name of the writer routine to call for each .num file line
 $! -----
 $
-$! ----- Subroutines for AXP
+$! ----- Subroutines for non-VAX
 $! -----
 $! The creator routine
-$ create_axp_shr:
+$ create_nonvax_shr:
 $   open/write opt 'libopt'
 $   write opt "identification=""",libid," ",libverstr,""""
 $   write opt libolb,"/lib"
@@ -108,7 +118,7 @@ $   if libref .nes. "" then write opt libref,"/SHARE"
 $   write opt "SYMBOL_VECTOR=(-"
 $   libfirstentry := true
 $   libwrch   := opt
-$   libwriter := write_axp_transfer_entry
+$   libwriter := write_nonvax_transfer_entry
 $   textcount = 0
 $   gosub read_func_num
 $   write opt ")"
@@ -118,7 +128,7 @@ $   link/map='libmap'/full/share='libgoal' 'libopt'/option
 $   return
 $
 $! The record writer routine
-$ write_axp_transfer_entry:
+$ write_nonvax_transfer_entry:
 $   if libentry .eqs. ".dummy" then return
 $   if info_kind .eqs. "VARIABLE"
 $   then
@@ -144,7 +154,7 @@ $   libfirstentry := false
 $   textcount = textcount + textcount_this
 $   return
 $
-$! ----- Subroutines for AXP
+$! ----- Subroutines for VAX
 $! -----
 $! The creator routine
 $ create_vax_shr:
@@ -264,8 +274,15 @@ $             truesum = truesum + 1
 $           if plat_entry .eqs. "!EXPORT_VAR_AS_FUNCTION" then -
 $             falsesum = falsesum + 1
 $         endif
-$         if plat_entry .eqs. "VMS" then truesum = truesum + 1
+$!
-$         if plat_entry .eqs. "!VMS" then falsesum = falsesum + 1
+$         if ((plat_entry .eqs. "VMS") .or. -
+            (arch_vax .and. (plat_entry .eqs. "VMSVAX"))) then -
+            truesum = truesum + 1
+$!
+$         if ((plat_entry .eqs. "!VMS") .or. -
+            (arch_vax .and. (plat_entry .eqs. "!VMSVAX"))) then -
+            falsesum = falsesum + 1
+$!
 $         goto loop1
 $       endif
 $     endloop1:
diff --git a/src/lib/libssl/src/VMS/openssl_utils.com b/src/lib/libssl/src/VMS/openssl_utils.com
index ddc107394f..64f4915104 100644
--- a/src/lib/libssl/src/VMS/openssl_utils.com
+++ b/src/lib/libssl/src/VMS/openssl_utils.com
@@ -8,31 +8,39 @@ $!
 $!
 $! Slightly modified by Richard Levitte <richard@levitte.org>
 $!
+$!
+$! Always define OPENSSL.  Others are optional (non-null P1).
+$!
 $ OPENSSL  :== $SSLEXE:OPENSSL
-$ VERIFY   :== $SSLEXE:OPENSSL VERIFY
+$
-$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
+$ IF (P1 .NES. "")
-$ REQ      :== $SSLEXE:OPENSSL REQ
+$ THEN
-$ DGST     :== $SSLEXE:OPENSSL DGST
+$     VERIFY   :== $SSLEXE:OPENSSL VERIFY
-$ DH       :== $SSLEXE:OPENSSL DH
+$     ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
-$ ENC      :== $SSLEXE:OPENSSL ENC
+$! REQ could conflict with REQUEST.
-$ GENDH    :== $SSLEXE:OPENSSL GENDH
+$     OREQ     :== $SSLEXE:OPENSSL REQ
-$ ERRSTR   :== $SSLEXE:OPENSSL ERRSTR
+$     DGST     :== $SSLEXE:OPENSSL DGST
-$ CA       :== $SSLEXE:OPENSSL CA
+$     DH       :== $SSLEXE:OPENSSL DH
-$ CRL      :== $SSLEXE:OPENSSL CRL
+$     ENC      :== $SSLEXE:OPENSSL ENC
-$ RSA      :== $SSLEXE:OPENSSL RSA
+$     GENDH    :== $SSLEXE:OPENSSL GENDH
-$ DSA      :== $SSLEXE:OPENSSL DSA
+$     ERRSTR   :== $SSLEXE:OPENSSL ERRSTR
-$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
+$     CA       :== $SSLEXE:OPENSSL CA
-$ X509     :== $SSLEXE:OPENSSL X509
+$     CRL      :== $SSLEXE:OPENSSL CRL
-$ GENRSA   :== $SSLEXE:OPENSSL GENRSA
+$     RSA      :== $SSLEXE:OPENSSL RSA
-$ GENDSA   :== $SSLEXE:OPENSSL GENDSA
+$     DSA      :== $SSLEXE:OPENSSL DSA
-$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
+$     DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
-$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
+$     X509     :== $SSLEXE:OPENSSL X509
-$ SPEED    :== $SSLEXE:OPENSSL SPEED
+$     GENRSA   :== $SSLEXE:OPENSSL GENRSA
-$ S_TIME   :== $SSLEXE:OPENSSL S_TIME
+$     GENDSA   :== $SSLEXE:OPENSSL GENDSA
-$ VERSION  :== $SSLEXE:OPENSSL VERSION
+$     S_SERVER :== $SSLEXE:OPENSSL S_SERVER
-$ PKCS7    :== $SSLEXE:OPENSSL PKCS7
+$     S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
-$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
+$     SPEED    :== $SSLEXE:OPENSSL SPEED
-$ SESS_ID  :== $SSLEXE:OPENSSL SESS_ID
+$     S_TIME   :== $SSLEXE:OPENSSL S_TIME
-$ CIPHERS  :== $SSLEXE:OPENSSL CIPHERS
+$     VERSION  :== $SSLEXE:OPENSSL VERSION
-$ NSEQ     :== $SSLEXE:OPENSSL NSEQ
+$     PKCS7    :== $SSLEXE:OPENSSL PKCS7
-$ PKCS12   :== $SSLEXE:OPENSSL PKCS12
+$     CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
+$     SESS_ID  :== $SSLEXE:OPENSSL SESS_ID
+$     CIPHERS  :== $SSLEXE:OPENSSL CIPHERS
+$     NSEQ     :== $SSLEXE:OPENSSL NSEQ
+$     PKCS12   :== $SSLEXE:OPENSSL PKCS12
+$ ENDIF
diff --git a/src/lib/libssl/src/apps/CA.com b/src/lib/libssl/src/apps/CA.com
index 02682e424a..69b7bb3fd8 100644
--- a/src/lib/libssl/src/apps/CA.com
+++ b/src/lib/libssl/src/apps/CA.com
@@ -114,8 +114,8 @@ $!
 $   IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""
 $   THEN
 $     READ '__INPUT' FILE -
-           /PROMT="CA certificate filename (or enter to create)"
+           /PROMPT="CA certificate filename (or enter to create)"
-$     IF F$SEARCH(FILE) .NES. ""
+$     IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "")
 $     THEN
 $       COPY 'FILE' 'CATOP'.private'CAKEY'
 $       RET=$STATUS
diff --git a/src/lib/libssl/src/apps/CA.sh b/src/lib/libssl/src/apps/CA.sh
index a0b20d85a9..7ad6b8c52e 100644
--- a/src/lib/libssl/src/apps/CA.sh
+++ b/src/lib/libssl/src/apps/CA.sh
@@ -5,10 +5,10 @@
 #      things easier between now and when Eric is convinced to fix it :-)
 #
 # CA -newca ... will setup the right stuff
-# CA -newreq ... will generate a certificate request 
+# CA -newreq ... will generate a certificate request
-# CA -sign ... will sign the generated request and output 
+# CA -sign ... will sign the generated request and output
 #
-# At the end of that grab newreq.pem and newcert.pem (one has the key 
+# At the end of that grab newreq.pem and newcert.pem (one has the key
 # and the other the certificate) and cat them together and that is what
 # you want/need ... I'll make even this a little cleaner later.
 #
@@ -16,8 +16,8 @@
 # 12-Jan-96 tjh    Added more things ... including CA -signcert which
 #                  converts a certificate to a request and then signs it.
 # 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
-#                  environment variable so this can be driven from
+#                  environment variable so this can be driven from
-#                  a script.
+#                  a script.
 # 25-Jul-96 eay    Cleaned up filenames some more.
 # 11-Jun-96 eay    Fixed a few filename missmatches.
 # 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
@@ -29,52 +29,87 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
+cp_pem() {
+    infile=$1
+    outfile=$2
+    bound=$3
+    flag=0
+    exec <$infile;
+    while read line; do
+        if [ $flag -eq 1 ]; then
+                echo $line|grep "^-----END.*$bound"  2>/dev/null 1>/dev/null
+                if [ $? -eq 0 ] ; then
+                        echo $line >>$outfile
+                        break
+                else
+                        echo $line >>$outfile
+                fi
+        fi
+        echo $line|grep "^-----BEGIN.*$bound"  2>/dev/null 1>/dev/null
+        if [ $? -eq 0 ]; then
+                echo $line >$outfile
+                flag=1
+        fi
+    done
+}
+usage() {
+ echo "usage: $0 -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify" >&2
+}
 if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
-DAYS="-days 365"        # 1 year
+if [ -z "$DAYS" ] ; then DAYS="-days 365" ; fi  # 1 year
 CADAYS="-days 1095"     # 3 years
 REQ="$OPENSSL req $SSLEAY_CONFIG"
 CA="$OPENSSL ca $SSLEAY_CONFIG"
 VERIFY="$OPENSSL verify"
 X509="$OPENSSL x509"
+PKCS12="openssl pkcs12"
-CATOP=./demoCA
+if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
 CAKEY=./cakey.pem
 CAREQ=./careq.pem
 CACERT=./cacert.pem
-for i
+RET=0
-do
-case $i in
+while [ "$1" != "" ] ; do
+case $1 in
 -\?|-h|-help)
-    echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2
+    usage
    exit 0
    ;;
-newcert) 
+-newcert)
    # create a certificate
    $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
    RET=$?
    echo "Certificate is in newcert.pem, private key is in newkey.pem"
    ;;
-newreq) 
+-newreq)
    # create a certificate request
    $REQ -new -keyout newkey.pem -out newreq.pem $DAYS
    RET=$?
    echo "Request is in newreq.pem, private key is in newkey.pem"
    ;;
-newca)     
+-newreq-nodes) 
+    # create a certificate request
+    $REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
+    RET=$?
+    echo "Request (and private key) is in newreq.pem"
+    ;;
+-newca)
    # if explicitly asked for or it doesn't exist then setup the directory
-    # structure that Eric likes to manage things 
+    # structure that Eric likes to manage things
    NEW="1"
    if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
        # create the directory hierarchy
-        mkdir ${CATOP} 
+        mkdir -p ${CATOP}
-        mkdir ${CATOP}/certs 
+        mkdir -p ${CATOP}/certs
-        mkdir ${CATOP}/crl 
+        mkdir -p ${CATOP}/crl
-        mkdir ${CATOP}/newcerts
+        mkdir -p ${CATOP}/newcerts
-        mkdir ${CATOP}/private
+        mkdir -p ${CATOP}/private
-        echo "00" > ${CATOP}/serial
        touch ${CATOP}/index.txt
    fi
    if [ ! -f ${CATOP}/private/$CAKEY ]; then
@@ -83,37 +118,60 @@ case $i in
        # ask user for existing CA certificate
        if [ "$FILE" ]; then
-            cp $FILE ${CATOP}/private/$CAKEY
+            cp_pem $FILE ${CATOP}/private/$CAKEY PRIVATE
+            cp_pem $FILE ${CATOP}/$CACERT CERTIFICATE
            RET=$?
+            if [ ! -f "${CATOP}/serial" ]; then
+                $X509 -in ${CATOP}/$CACERT -noout -next_serial \
+                      -out ${CATOP}/serial
+            fi
        else
            echo "Making CA certificate ..."
            $REQ -new -keyout ${CATOP}/private/$CAKEY \
                           -out ${CATOP}/$CAREQ
-            $CA -out ${CATOP}/$CACERT $CADAYS -batch \
+            $CA -create_serial -out ${CATOP}/$CACERT $CADAYS -batch \
                           -keyfile ${CATOP}/private/$CAKEY -selfsign \
-                           -infiles ${CATOP}/$CAREQ 
+                           -extensions v3_ca \
+                           -infiles ${CATOP}/$CAREQ
            RET=$?
        fi
    fi
    ;;
 -xsign)
-    $CA -policy policy_anything -infiles newreq.pem 
+    $CA -policy policy_anything -infiles newreq.pem
    RET=$?
    ;;
-sign|-signreq) 
+-pkcs12)
+    if [ -z "$2" ] ; then
+        CNAME="My Certificate"
+    else
+        CNAME="$2"
+    fi
+    $PKCS12 -in newcert.pem -inkey newreq.pem -certfile ${CATOP}/$CACERT \
+            -out newcert.p12 -export -name "$CNAME"
+    RET=$?
+    exit $RET
+    ;;
+-sign|-signreq)
    $CA -policy policy_anything -out newcert.pem -infiles newreq.pem
    RET=$?
    cat newcert.pem
    echo "Signed certificate is in newcert.pem"
    ;;
-signcert) 
+-signCA)
+    $CA -policy policy_anything -out newcert.pem -extensions v3_ca -infiles newreq.pem
+    RET=$?
+    echo "Signed CA certificate is in newcert.pem"
+    ;;
+-signcert)
    echo "Cert passphrase will be requested twice - bug?"
    $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
    $CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+    RET=$?
    cat newcert.pem
    echo "Signed certificate is in newcert.pem"
    ;;
-verify) 
+-verify)
    shift
    if [ -z "$1" ]; then
            $VERIFY -CAfile $CATOP/$CACERT newcert.pem
@@ -127,13 +185,14 @@ case $i in
            fi
        done
    fi
-    exit 0
+    exit $RET
    ;;
 *)
-    echo "Unknown arg $i";
+    echo "Unknown arg $i" >&2
+    usage
    exit 1
    ;;
 esac
+shift
 done
 exit $RET
diff --git a/src/lib/libssl/src/apps/Makefile b/src/lib/libssl/src/apps/Makefile
index 402981aede..fa32d2d7e7 100644
--- a/src/lib/libssl/src/apps/Makefile
+++ b/src/lib/libssl/src/apps/Makefile
@@ -31,15 +31,15 @@ LIBSSL=-L.. -lssl
 PROGRAM= openssl
-SCRIPTS=CA.sh CA.pl
+SCRIPTS=CA.sh CA.pl tsget
 EXE= $(PROGRAM)$(EXE_EXT)
 E_EXE=  verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
        ca crl rsa rsautl dsa dsaparam ec ecparam \
-        x509 genrsa gendsa s_server s_client speed \
+        x509 genrsa gendsa genpkey s_server s_client speed \
        s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \
-        pkcs8 spkac smime rand engine ocsp prime
+        pkcs8 pkey pkeyparam pkeyutl spkac smime rand engine ocsp prime ts
 PROGS= $(PROGRAM).c
@@ -53,18 +53,18 @@ RAND_SRC=app_rand.c
 E_OBJ=  verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
        ca.o pkcs7.o crl2p7.o crl.o \
        rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \
-        x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
+        x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o \
        s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
-        ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \
+        ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o \
-        ocsp.o prime.o cms.o
+        spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o
 E_SRC=  verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
        pkcs7.c crl2p7.c crl.c \
        rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \
-        x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
+        x509.c genrsa.c gendsa.c genpkey.c s_server.c s_client.c speed.c \
        s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
-        ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \
+        ciphers.c nseq.c pkcs12.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c \
-        ocsp.c prime.c cms.c
+        spkac.c smime.c cms.c rand.c engine.c ocsp.c prime.c ts.c
 SRC=$(E_SRC)
@@ -137,9 +137,10 @@ depend:
 dclean:
        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
        mv -f Makefile.new $(MAKEFILE)
+        rm -f CA.pl
 clean:
-        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+        rm -f *.o *.obj *.dll lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
        rm -f req
 $(DLIBSSL):
@@ -152,18 +153,13 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
        $(RM) $(EXE)
        shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
                shlib_target="$(SHLIB_TARGET)"; \
-        elif [ -n "$(FIPSCANLIB)" ]; then \
-          FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
        fi; \
        LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
-        [ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
        $(MAKE) -f $(TOP)/Makefile.shared -e \
-                CC=$${CC} APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
+                APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
                LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
                link_app.$${shlib_target}
-        -(cd ..; \
+        @(cd ..; $(MAKE) rehash)
-          OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
-          $(PERL) tools/c_rehash certs)
 progs.h: progs.pl
        $(PERL) progs.pl $(E_EXE) >progs.h
@@ -176,150 +172,149 @@ app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-app_rand.o: ../include/openssl/evp.h ../include/openssl/fips.h
+app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-app_rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-app_rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+app_rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+app_rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+app_rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-app_rand.o: ../include/openssl/x509v3.h app_rand.c apps.h
+app_rand.o: app_rand.c apps.h
 apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 apps.o: ../include/openssl/engine.h ../include/openssl/err.h
-apps.o: ../include/openssl/evp.h ../include/openssl/fips.h
+apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
-apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
-apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+apps.o: ../include/openssl/ui.h ../include/openssl/x509.h
-apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
-apps.o: ../include/openssl/x509v3.h apps.c apps.h
 asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
-asn1pars.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+asn1pars.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-asn1pars.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
+asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+asn1pars.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-asn1pars.o: ../include/openssl/x509v3.h apps.h asn1pars.c
+asn1pars.o: asn1pars.c
 ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ca.o: ../include/openssl/engine.h ../include/openssl/err.h
-ca.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ca.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-ca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ca.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
-ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c
+ca.o: ../include/openssl/x509v3.h apps.h ca.c
 ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ciphers.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ciphers.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ciphers.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h
+ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
-ciphers.o: ../include/openssl/evp.h ../include/openssl/fips.h
 ciphers.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ciphers.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c
+ciphers.o: ciphers.c
 cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-cms.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+cms.o: ../include/openssl/buffer.h ../include/openssl/cms.h
-cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cms.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-cms.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+cms.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-cms.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+cms.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-cms.o: ../include/openssl/evp.h ../include/openssl/fips.h
+cms.o: ../include/openssl/engine.h ../include/openssl/err.h
-cms.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+cms.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-cms.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+cms.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-cms.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cms.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-cms.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+cms.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-cms.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+cms.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-cms.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+cms.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-cms.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+cms.o: ../include/openssl/sha.h ../include/openssl/stack.h
-cms.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h cms.c
+cms.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+cms.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+cms.o: ../include/openssl/x509v3.h apps.h cms.c
 crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 crl.o: ../include/openssl/err.h ../include/openssl/evp.h
-crl.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-crl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+crl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c
-crl.o: ../include/openssl/x509v3.h apps.h crl.c
 crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
-crl2p7.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl2p7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-crl2p7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl2p7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-crl2p7.o: ../include/openssl/x509v3.h apps.h crl2p7.c
+crl2p7.o: crl2p7.c
 dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
-dgst.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+dgst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dgst.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+dgst.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-dgst.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dgst.c
+dgst.o: ../include/openssl/x509v3.h apps.h dgst.c
 dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -327,16 +322,15 @@ dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h
 dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 dh.o: ../include/openssl/err.h ../include/openssl/evp.h
-dh.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-dh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dh.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+dh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dh.c
-dh.o: ../include/openssl/x509v3.h apps.h dh.c
 dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -344,16 +338,15 @@ dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-dsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+dsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dsa.c
-dsa.o: ../include/openssl/x509v3.h apps.h dsa.c
 dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -361,15 +354,14 @@ dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
-dsaparam.o: ../include/openssl/evp.h ../include/openssl/fips.h
+dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsaparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+dsaparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h
 dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
 dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
@@ -380,40 +372,38 @@ ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ec.o: ../include/openssl/err.h ../include/openssl/evp.h
-ec.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ec.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-ec.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ec.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+ec.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ec.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ec.c
-ec.o: ../include/openssl/x509v3.h apps.h ec.c
 ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h
-ecparam.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-ecparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ecparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ecparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ecparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ecparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ecparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ecparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
-ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ecparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+ecparam.o: ../include/openssl/x509v3.h apps.h ecparam.c
-ecparam.o: ecparam.c
 enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+enc.o: ../include/openssl/engine.h ../include/openssl/err.h
-enc.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+enc.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 enc.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
@@ -424,49 +414,47 @@ enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 enc.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h enc.c
 engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+engine.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
+engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+engine.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+engine.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+engine.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-engine.o: ../include/openssl/engine.h ../include/openssl/err.h
+engine.o: ../include/openssl/err.h ../include/openssl/evp.h
-engine.o: ../include/openssl/evp.h ../include/openssl/fips.h
 engine.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-engine.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-engine.o: ../include/openssl/x509v3.h apps.h engine.c
+engine.o: engine.c
 errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+errstr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
+errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+errstr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+errstr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-errstr.o: ../include/openssl/engine.h ../include/openssl/err.h
+errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
-errstr.o: ../include/openssl/evp.h ../include/openssl/fips.h
 errstr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-errstr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-errstr.o: ../include/openssl/x509v3.h apps.h errstr.c
+errstr.o: errstr.c
 gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -474,15 +462,14 @@ gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
-gendh.o: ../include/openssl/evp.h ../include/openssl/fips.h
+gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+gendh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendh.o: ../include/openssl/stack.h ../include/openssl/store.h
 gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
 gendh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
@@ -494,16 +481,32 @@ gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+gendsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-gendsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+gendsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-gendsa.o: ../include/openssl/x509v3.h apps.h gendsa.c
+gendsa.o: gendsa.c
+genpkey.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+genpkey.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+genpkey.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+genpkey.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+genpkey.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+genpkey.o: ../include/openssl/err.h ../include/openssl/evp.h
+genpkey.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+genpkey.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+genpkey.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+genpkey.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+genpkey.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genpkey.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+genpkey.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+genpkey.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+genpkey.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+genpkey.o: genpkey.c
 genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -511,15 +514,14 @@ genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-genrsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
+genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-genrsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-genrsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+genrsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h
 genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
 genrsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
@@ -530,16 +532,15 @@ nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
-nseq.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+nseq.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-nseq.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
+nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+nseq.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+nseq.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h nseq.c
-nseq.o: ../include/openssl/x509v3.h apps.h nseq.c
 ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -547,14 +548,13 @@ ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h
-ocsp.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ocsp.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ocsp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
@@ -563,27 +563,26 @@ ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
 openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+openssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
+openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+openssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+openssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-openssl.o: ../include/openssl/engine.h ../include/openssl/err.h
+openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-openssl.o: ../include/openssl/evp.h ../include/openssl/fips.h
 openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-openssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h
+openssl.o: openssl.c progs.h s_apps.h
 passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
@@ -591,97 +590,142 @@ passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
 passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
-passwd.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-passwd.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+passwd.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+passwd.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-passwd.o: ../include/openssl/x509v3.h apps.h passwd.c
+passwd.o: passwd.c
 pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs12.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs12.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-pkcs12.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-pkcs12.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+pkcs12.o: ../include/openssl/x509v3.h apps.h pkcs12.c
-pkcs12.o: pkcs12.c
 pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs7.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-pkcs7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+pkcs7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-pkcs7.o: ../include/openssl/x509v3.h apps.h pkcs7.c
+pkcs7.o: pkcs7.c
 pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs8.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs8.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-pkcs8.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-pkcs8.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+pkcs8.o: ../include/openssl/x509v3.h apps.h pkcs8.c
-pkcs8.o: pkcs8.c
+pkey.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+pkey.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+pkey.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+pkey.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+pkey.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+pkey.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkey.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+pkey.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+pkey.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkey.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkey.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkey.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkey.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkey.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+pkey.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h pkey.c
+pkeyparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+pkeyparam.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+pkeyparam.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+pkeyparam.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+pkeyparam.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+pkeyparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkeyparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+pkeyparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+pkeyparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkeyparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkeyparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkeyparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkeyparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkeyparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+pkeyparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+pkeyparam.o: pkeyparam.c
+pkeyutl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+pkeyutl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+pkeyutl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+pkeyutl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+pkeyutl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+pkeyutl.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkeyutl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+pkeyutl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+pkeyutl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkeyutl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkeyutl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkeyutl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkeyutl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkeyutl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+pkeyutl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+pkeyutl.o: pkeyutl.c
 prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 prime.o: ../include/openssl/engine.h ../include/openssl/evp.h
-prime.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+prime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-prime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+prime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-prime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+prime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+prime.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+prime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-prime.o: ../include/openssl/sha.h ../include/openssl/stack.h
+prime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+prime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+prime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-prime.o: ../include/openssl/x509v3.h apps.h prime.c
+prime.o: prime.c
 rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 rand.o: ../include/openssl/err.h ../include/openssl/evp.h
-rand.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rand.c
+rand.o: ../include/openssl/x509v3.h apps.h rand.c
 req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -689,15 +733,14 @@ req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 req.o: ../include/openssl/engine.h ../include/openssl/err.h
-req.o: ../include/openssl/evp.h ../include/openssl/fips.h
+req.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-req.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+req.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-req.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/sha.h ../include/openssl/stack.h
-req.o: ../include/openssl/stack.h ../include/openssl/store.h
 req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 req.o: ../include/openssl/ui.h ../include/openssl/x509.h
 req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
@@ -707,49 +750,46 @@ rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-rsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
+rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+rsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
-rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+rsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rsa.c
-rsa.o: ../include/openssl/x509v3.h apps.h rsa.c
 rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
-rsautl.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rsautl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-rsautl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-rsautl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+rsautl.o: ../include/openssl/x509v3.h apps.h rsautl.c
-rsautl.o: rsautl.c
 s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_cb.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
+s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+s_cb.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_cb.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_cb.o: ../include/openssl/evp.h ../include/openssl/fips.h
 s_cb.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_cb.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s_cb.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
@@ -764,14 +804,13 @@ s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_client.o: ../include/openssl/evp.h ../include/openssl/fips.h
+s_client.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s_client.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+s_client.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s_client.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h
 s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -788,37 +827,35 @@ s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
 s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_server.o: ../include/openssl/evp.h ../include/openssl/fips.h
+s_server.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s_server.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_server.o: ../include/openssl/stack.h ../include/openssl/store.h
+s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h
-s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-s_server.o: ../include/openssl/x509v3.h apps.h s_apps.h s_server.c timeouts.h
+s_server.o: s_apps.h s_server.c timeouts.h
-s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s_socket.o: ../e_os.h ../e_os2.h ../include/openssl/asn1.h
-s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_socket.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h
-s_socket.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+s_socket.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 s_socket.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
 s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -828,88 +865,87 @@ s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 s_socket.o: s_apps.h s_socket.c
 s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
+s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+s_time.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_time.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s_time.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_time.o: ../include/openssl/evp.h ../include/openssl/fips.h
 s_time.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_time.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c
+s_time.o: s_apps.h s_time.c
 sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+sess_id.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
+sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+sess_id.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+sess_id.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h
+sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
-sess_id.o: ../include/openssl/evp.h ../include/openssl/fips.h
 sess_id.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-sess_id.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c
+sess_id.o: sess_id.c
 smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 smime.o: ../include/openssl/err.h ../include/openssl/evp.h
-smime.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+smime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-smime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
+smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+smime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+smime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-smime.o: ../include/openssl/x509v3.h apps.h smime.c
+smime.o: smime.c
 speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-speed.o: ../include/openssl/cast.h ../include/openssl/conf.h
+speed.o: ../include/openssl/camellia.h ../include/openssl/cast.h
-speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h
+speed.o: ../include/openssl/des.h ../include/openssl/des_old.h
-speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+speed.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-speed.o: ../include/openssl/engine.h ../include/openssl/err.h
+speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-speed.o: ../include/openssl/evp.h ../include/openssl/fips.h
+speed.o: ../include/openssl/err.h ../include/openssl/evp.h
 speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
-speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+speed.o: ../include/openssl/lhash.h ../include/openssl/md4.h
-speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
+speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
 speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+speed.o: ../include/openssl/safestack.h ../include/openssl/seed.h
-speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
-speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+speed.o: ../include/openssl/whrlpool.h ../include/openssl/x509.h
 speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 speed.o: speed.c testdsa.h testrsa.h
 spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
@@ -918,32 +954,50 @@ spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
-spkac.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+spkac.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-spkac.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
+spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+spkac.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-spkac.o: ../include/openssl/x509v3.h apps.h spkac.c
+spkac.o: spkac.c
+ts.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ts.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ts.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ts.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ts.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ts.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ts.o: ../include/openssl/engine.h ../include/openssl/err.h
+ts.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+ts.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ts.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+ts.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ts.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ts.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ts.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ts.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ts.o: ../include/openssl/symhacks.h ../include/openssl/ts.h
+ts.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+ts.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ts.c
 verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 verify.o: ../include/openssl/err.h ../include/openssl/evp.h
-verify.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+verify.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-verify.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
+verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+verify.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-verify.o: ../include/openssl/x509v3.h apps.h verify.c
+verify.o: verify.c
 version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
@@ -951,9 +1005,8 @@ version.o: ../include/openssl/crypto.h ../include/openssl/des.h
 version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
 version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-version.o: ../include/openssl/evp.h ../include/openssl/fips.h
+version.o: ../include/openssl/evp.h ../include/openssl/idea.h
-version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+version.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h
 version.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
@@ -970,13 +1023,13 @@ x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 x509.o: ../include/openssl/err.h ../include/openssl/evp.h
-x509.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+x509.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-x509.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
-x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c
+x509.o: ../include/openssl/x509v3.h apps.h x509.c
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
index 498722a5a2..acc50df04e 100644
--- a/src/lib/libssl/src/apps/apps.c
+++ b/src/lib/libssl/src/apps/apps.c
@@ -109,12 +109,21 @@
 *
 */
+#ifndef _POSIX_C_SOURCE
+#define _POSIX_C_SOURCE 2       /* On VMS, you need to define this to get
+                                   the declaration of fileno().  The value
+                                   2 is to make sure no function defined
+                                   in POSIX-2 is left undefined. */
+#endif
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
+#include <strings.h>
+#endif
 #include <sys/types.h>
-#include <sys/stat.h>
 #include <ctype.h>
+#include <errno.h>
 #include <assert.h>
 #include <openssl/err.h>
 #include <openssl/x509.h>
@@ -138,6 +147,11 @@
 #include "apps.h"
 #undef NON_MAIN
+#ifdef _WIN32
+static int WIN32_rename(const char *from, const char *to);
+#define rename(from,to) WIN32_rename((from),(to))
+#endif
 typedef struct {
        const char *name;
        unsigned long flag;
@@ -166,18 +180,23 @@ int args_from_file(char *file, int *argc, char **argv[])
        static char *buf=NULL;
        static char **arg=NULL;
        char *p;
-        struct stat stbuf;
-        if (stat(file,&stbuf) < 0) return(0);
        fp=fopen(file,"r");
        if (fp == NULL)
                return(0);
+        if (fseek(fp,0,SEEK_END)==0)
+                len=ftell(fp), rewind(fp);
+        else    len=-1;
+        if (len<=0)
+                {
+                fclose(fp);
+                return(0);
+                }
        *argc=0;
        *argv=NULL;
-        len=(unsigned int)stbuf.st_size;
        if (buf != NULL) OPENSSL_free(buf);
        buf=(char *)OPENSSL_malloc(len+1);
        if (buf == NULL) return(0);
@@ -242,18 +261,25 @@ int str2fmt(char *s)
                return(FORMAT_ASN1);
        else if ((*s == 'T') || (*s == 't'))
                return(FORMAT_TEXT);
-        else if ((*s == 'P') || (*s == 'p'))
+        else if ((*s == 'N') || (*s == 'n'))
-                return(FORMAT_PEM);
+                return(FORMAT_NETSCAPE);
-        else if ((*s == 'N') || (*s == 'n'))
+        else if ((*s == 'S') || (*s == 's'))
-                return(FORMAT_NETSCAPE);
+                return(FORMAT_SMIME);
-        else if ((*s == 'S') || (*s == 's'))
+        else if ((*s == 'M') || (*s == 'm'))
-                return(FORMAT_SMIME);
+                return(FORMAT_MSBLOB);
        else if ((*s == '1')
                || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
                || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
                return(FORMAT_PKCS12);
        else if ((*s == 'E') || (*s == 'e'))
                return(FORMAT_ENGINE);
+        else if ((*s == 'P') || (*s == 'p'))
+                {
+                if (s[1] == 'V' || s[1] == 'v')
+                        return FORMAT_PVK;
+                else
+                        return(FORMAT_PEM);
+                }
        else
                return(FORMAT_UNDEF);
        }
@@ -639,6 +665,15 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
                                BIO_printf(err, "Can't open file %s\n", arg + 5);
                                return NULL;
                        }
+#if !defined(_WIN32)
+                /*
+                 * Under _WIN32, which covers even Win64 and CE, file
+                 * descriptors referenced by BIO_s_fd are not inherited
+                 * by child process and therefore below is not an option.
+                 * It could have been an option if bss_fd.c was operating
+                 * on real Windows descriptors, such as those obtained
+                 * with CreateFile.
+                 */
                } else if(!strncmp(arg, "fd:", 3)) {
                        BIO *btmp;
                        i = atoi(arg + 3);
@@ -650,6 +685,7 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
                        /* Can't do BIO_gets on an fd BIO so add a buffering BIO */
                        btmp = BIO_new(BIO_f_buffer());
                        pwdbio = BIO_push(btmp, pwdbio);
+#endif
                } else if(!strcmp(arg, "stdin")) {
                        pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
                        if(!pwdbio) {
@@ -749,8 +785,6 @@ static int load_pkcs12(BIO *err, BIO *in, const char *desc,
 X509 *load_cert(BIO *err, const char *file, int format,
        const char *pass, ENGINE *e, const char *cert_descrip)
        {
-        ASN1_HEADER *ah=NULL;
-        BUF_MEM *buf=NULL;
        X509 *x=NULL;
        BIO *cert;
@@ -762,7 +796,9 @@ X509 *load_cert(BIO *err, const char *file, int format,
        if (file == NULL)
                {
+#ifdef _IONBF
                setvbuf(stdin, NULL, _IONBF, 0);
+#endif
                BIO_set_fp(cert,stdin,BIO_NOCLOSE);
                }
        else
@@ -780,46 +816,21 @@ X509 *load_cert(BIO *err, const char *file, int format,
                x=d2i_X509_bio(cert,NULL);
        else if (format == FORMAT_NETSCAPE)
                {
-                const unsigned char *p,*op;
+                NETSCAPE_X509 *nx;
-                int size=0,i;
+                nx=ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509),cert,NULL);
+                if (nx == NULL)
-                /* We sort of have to do it this way because it is sort of nice
-                 * to read the header first and check it, then
-                 * try to read the certificate */
-                buf=BUF_MEM_new();
-                for (;;)
-                        {
-                        if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
-                                goto end;
-                        i=BIO_read(cert,&(buf->data[size]),1024*10);
-                        size+=i;
-                        if (i == 0) break;
-                        if (i < 0)
-                                {
-                                perror("reading certificate");
                                goto end;
-                                }
-                        }
-                p=(unsigned char *)buf->data;
-                op=p;
-                /* First load the header */
+                if ((strncmp(NETSCAPE_CERT_HDR,(char *)nx->header->data,
-                if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
+                        nx->header->length) != 0))
-                        goto end;
-                if ((ah->header == NULL) || (ah->header->data == NULL) ||
-                        (strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,
-                        ah->header->length) != 0))
                        {
+                        NETSCAPE_X509_free(nx);
                        BIO_printf(err,"Error reading header on certificate\n");
                        goto end;
                        }
-                /* header is ok, so now read the object */
+                x=nx->cert;
-                p=op;
+                nx->cert = NULL;
-                ah->meth=X509_asn1_meth();
+                NETSCAPE_X509_free(nx);
-                if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
-                        goto end;
-                x=(X509 *)ah->data;
-                ah->data=NULL;
                }
        else if (format == FORMAT_PEM)
                x=PEM_read_bio_X509_AUX(cert,NULL,
@@ -841,9 +852,7 @@ end:
                BIO_printf(err,"unable to load certificate\n");
                ERR_print_errors(err);
                }
-        if (ah != NULL) ASN1_HEADER_free(ah);
        if (cert != NULL) BIO_free(cert);
-        if (buf != NULL) BUF_MEM_free(buf);
        return(x);
        }
@@ -866,10 +875,17 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
        if (format == FORMAT_ENGINE)
                {
                if (!e)
-                        BIO_printf(bio_err,"no engine specified\n");
+                        BIO_printf(err,"no engine specified\n");
                else
+                        {
                        pkey = ENGINE_load_private_key(e, file,
                                ui_method, &cb_data);
+                        if (!pkey) 
+                                {
+                                BIO_printf(err,"cannot load %s from engine\n",key_descrip);
+                                ERR_print_errors(err);
+                                }       
+                        }
                goto end;
                }
 #endif
@@ -881,7 +897,9 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
                }
        if (file == NULL && maybe_stdin)
                {
+#ifdef _IONBF
                setvbuf(stdin, NULL, _IONBF, 0);
+#endif
                BIO_set_fp(key,stdin,BIO_NOCLOSE);
                }
        else
@@ -912,6 +930,13 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
                                &pkey, NULL, NULL))
                        goto end;
                }
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
+        else if (format == FORMAT_MSBLOB)
+                pkey = b2i_PrivateKey_bio(key);
+        else if (format == FORMAT_PVK)
+                pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
+                                                                &cb_data);
+#endif
        else
                {
                BIO_printf(err,"bad input format specified for key file\n");
@@ -919,8 +944,11 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
                }
 end:
        if (key != NULL) BIO_free(key);
-        if (pkey == NULL)
+        if (pkey == NULL) 
+                {
                BIO_printf(err,"unable to load %s\n", key_descrip);
+                ERR_print_errors(err);
+                }       
        return(pkey);
        }
@@ -958,7 +986,9 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
                }
        if (file == NULL && maybe_stdin)
                {
+#ifdef _IONBF
                setvbuf(stdin, NULL, _IONBF, 0);
+#endif
                BIO_set_fp(key,stdin,BIO_NOCLOSE);
                }
        else
@@ -973,6 +1003,37 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
                {
                pkey=d2i_PUBKEY_bio(key, NULL);
                }
+#ifndef OPENSSL_NO_RSA
+        else if (format == FORMAT_ASN1RSA)
+                {
+                RSA *rsa;
+                rsa = d2i_RSAPublicKey_bio(key, NULL);
+                if (rsa)
+                        {
+                        pkey = EVP_PKEY_new();
+                        if (pkey)
+                                EVP_PKEY_set1_RSA(pkey, rsa);
+                        RSA_free(rsa);
+                        }
+                else
+                        pkey = NULL;
+                }
+        else if (format == FORMAT_PEMRSA)
+                {
+                RSA *rsa;
+                rsa = PEM_read_bio_RSAPublicKey(key, NULL, 
+                        (pem_password_cb *)password_callback, &cb_data);
+                if (rsa)
+                        {
+                        pkey = EVP_PKEY_new();
+                        if (pkey)
+                                EVP_PKEY_set1_RSA(pkey, rsa);
+                        RSA_free(rsa);
+                        }
+                else
+                        pkey = NULL;
+                }
+#endif
        else if (format == FORMAT_PEM)
                {
                pkey=PEM_read_bio_PUBKEY(key,NULL,
@@ -982,6 +1043,10 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
        else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
                pkey = load_netscape_key(err, key, file, key_descrip, format);
 #endif
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
+        else if (format == FORMAT_MSBLOB)
+                pkey = b2i_PublicKey_bio(key);
+#endif
        else
                {
                BIO_printf(err,"bad input format specified for key file\n");
@@ -1040,76 +1105,120 @@ error:
        }
 #endif /* ndef OPENSSL_NO_RC4 */
-STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+static int load_certs_crls(BIO *err, const char *file, int format,
-        const char *pass, ENGINE *e, const char *cert_descrip)
+        const char *pass, ENGINE *e, const char *desc,
+        STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls)
        {
-        BIO *certs;
        int i;
-        STACK_OF(X509) *othercerts = NULL;
+        BIO *bio;
-        STACK_OF(X509_INFO) *allcerts = NULL;
+        STACK_OF(X509_INFO) *xis = NULL;
        X509_INFO *xi;
        PW_CB_DATA cb_data;
+        int rv = 0;
        cb_data.password = pass;
        cb_data.prompt_info = file;
-        if((certs = BIO_new(BIO_s_file())) == NULL)
+        if (format != FORMAT_PEM)
                {
-                ERR_print_errors(err);
+                BIO_printf(err,"bad input format specified for %s\n", desc);
-                goto end;
+                return 0;
                }
        if (file == NULL)
-                BIO_set_fp(certs,stdin,BIO_NOCLOSE);
+                bio = BIO_new_fp(stdin,BIO_NOCLOSE);
        else
+                bio = BIO_new_file(file, "r");
+        if (bio == NULL)
                {
-                if (BIO_read_filename(certs,file) <= 0)
+                BIO_printf(err, "Error opening %s %s\n",
-                        {
+                                desc, file ? file : "stdin");
-                        BIO_printf(err, "Error opening %s %s\n",
+                ERR_print_errors(err);
-                                cert_descrip, file);
+                return 0;
-                        ERR_print_errors(err);
+                }
+        xis = PEM_X509_INFO_read_bio(bio, NULL,
+                                (pem_password_cb *)password_callback, &cb_data);
+        BIO_free(bio);
+        if (pcerts)
+                {
+                *pcerts = sk_X509_new_null();
+                if (!*pcerts)
                        goto end;
-                        }
                }
-        if      (format == FORMAT_PEM)
+        if (pcrls)
                {
-                othercerts = sk_X509_new_null();
+                *pcrls = sk_X509_CRL_new_null();
-                if(!othercerts)
+                if (!*pcrls)
-                        {
-                        sk_X509_free(othercerts);
-                        othercerts = NULL;
                        goto end;
+                }
+        for(i = 0; i < sk_X509_INFO_num(xis); i++)
+                {
+                xi = sk_X509_INFO_value (xis, i);
+                if (xi->x509 && pcerts)
+                        {
+                        if (!sk_X509_push(*pcerts, xi->x509))
+                                goto end;
+                        xi->x509 = NULL;
                        }
-                allcerts = PEM_X509_INFO_read_bio(certs, NULL,
+                if (xi->crl && pcrls)
-                                (pem_password_cb *)password_callback, &cb_data);
-                for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
                        {
-                        xi = sk_X509_INFO_value (allcerts, i);
+                        if (!sk_X509_CRL_push(*pcrls, xi->crl))
-                        if (xi->x509)
+                                goto end;
-                                {
+                        xi->crl = NULL;
-                                sk_X509_push(othercerts, xi->x509);
-                                xi->x509 = NULL;
-                                }
                        }
-                goto end;
                }
-        else    {
-                BIO_printf(err,"bad input format specified for %s\n",
+        if (pcerts && sk_X509_num(*pcerts) > 0)
-                        cert_descrip);
+                rv = 1;
-                goto end;
-                }
+        if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
-end:
+                rv = 1;
-        if (othercerts == NULL)
+        end:
+        if (xis)
+                sk_X509_INFO_pop_free(xis, X509_INFO_free);
+        if (rv == 0)
                {
-                BIO_printf(err,"unable to load certificates\n");
+                if (pcerts)
+                        {
+                        sk_X509_pop_free(*pcerts, X509_free);
+                        *pcerts = NULL;
+                        }
+                if (pcrls)
+                        {
+                        sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
+                        *pcrls = NULL;
+                        }
+                BIO_printf(err,"unable to load %s\n",
+                                pcerts ? "certificates" : "CRLs");
                ERR_print_errors(err);
                }
-        if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+        return rv;
-        if (certs != NULL) BIO_free(certs);
-        return(othercerts);
        }
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+        const char *pass, ENGINE *e, const char *desc)
+        {
+        STACK_OF(X509) *certs;
+        load_certs_crls(err, file, format, pass, e, desc, &certs, NULL);
+        return certs;
+        }       
+STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
+        const char *pass, ENGINE *e, const char *desc)
+        {
+        STACK_OF(X509_CRL) *crls;
+        load_certs_crls(err, file, format, pass, e, desc, NULL, &crls);
+        return crls;
+        }       
 #define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
 /* Return error for unknown extensions */
@@ -1396,6 +1505,10 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug)
 int load_config(BIO *err, CONF *cnf)
        {
+        static int load_config_called = 0;
+        if (load_config_called)
+                return 1;
+        load_config_called = 1;
        if (!cnf)
                cnf = config;
        if (!cnf)
@@ -1429,7 +1542,7 @@ char *make_config_name()
        return p;
        }
-static unsigned long index_serial_hash(const char **a)
+static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
        {
        const char *n;
@@ -1438,7 +1551,7 @@ static unsigned long index_serial_hash(const char **a)
        return(lh_strhash(n));
        }
-static int index_serial_cmp(const char **a, const char **b)
+static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
        {
        const char *aa,*bb;
@@ -1450,17 +1563,16 @@ static int index_serial_cmp(const char **a, const char **b)
 static int index_name_qual(char **a)
        { return(a[0][0] == 'V'); }
-static unsigned long index_name_hash(const char **a)
+static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
        { return(lh_strhash(a[DB_name])); }
-int index_name_cmp(const char **a, const char **b)
+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
-        { return(strcmp(a[DB_name],
+        { return(strcmp(a[DB_name], b[DB_name])); }
-             b[DB_name])); }
-static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
+static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
-static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
-static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
+static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
-static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
 #undef BSIZE
 #define BSIZE 256
@@ -1588,7 +1700,6 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
        {
        char buf[5][BSIZE];
        int i,j;
-        struct stat sb;
        i = strlen(serialfile) + strlen(old_suffix);
        j = strlen(serialfile) + strlen(new_suffix);
@@ -1613,30 +1724,21 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
        j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
                serialfile, old_suffix);
 #endif
-        if (stat(serialfile,&sb) < 0)
+#ifdef RL_DEBUG
-                {
+        BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-                if (errno != ENOENT 
+                serialfile, buf[1]);
+#endif
+        if (rename(serialfile,buf[1]) < 0 && errno != ENOENT
 #ifdef ENOTDIR
                        && errno != ENOTDIR
 #endif
-                   )
+           )            {
-                        goto err;
-                }
-        else
-                {
-#ifdef RL_DEBUG
-                BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-                        serialfile, buf[1]);
-#endif
-                if (rename(serialfile,buf[1]) < 0)
-                        {
                        BIO_printf(bio_err,
                                "unable to rename %s to %s\n",
                                serialfile, buf[1]);
                        perror("reason");
                        goto err;
                        }
-                }
 #ifdef RL_DEBUG
        BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
                buf[0],serialfile);
@@ -1703,10 +1805,7 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
                goto err;
                }
        if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
-                {
-                if (tmpdb != NULL) TXT_DB_free(tmpdb);
                goto err;
-                }
 #ifndef OPENSSL_SYS_VMS
        BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
@@ -1767,8 +1866,8 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
 int index_index(CA_DB *db)
        {
        if (!TXT_DB_create_index(db->db, DB_serial, NULL,
-                                LHASH_HASH_FN(index_serial_hash),
+                                LHASH_HASH_FN(index_serial),
-                                LHASH_COMP_FN(index_serial_cmp)))
+                                LHASH_COMP_FN(index_serial)))
                {
                BIO_printf(bio_err,
                  "error creating serial number index:(%ld,%ld,%ld)\n",
@@ -1778,8 +1877,8 @@ int index_index(CA_DB *db)
        if (db->attributes.unique_subject
                && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
-                        LHASH_HASH_FN(index_name_hash),
+                        LHASH_HASH_FN(index_name),
-                        LHASH_COMP_FN(index_name_cmp)))
+                        LHASH_COMP_FN(index_name)))
                {
                BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
                        db->db->error,db->db->arg1,db->db->arg2);
@@ -1859,7 +1958,6 @@ int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suf
        {
        char buf[5][BSIZE];
        int i,j;
-        struct stat sb;
        i = strlen(dbfile) + strlen(old_suffix);
        j = strlen(dbfile) + strlen(new_suffix);
@@ -1903,30 +2001,21 @@ int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suf
        j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
                dbfile, old_suffix);
 #endif
-        if (stat(dbfile,&sb) < 0)
-                {
-                if (errno != ENOENT 
-#ifdef ENOTDIR
-                        && errno != ENOTDIR
-#endif
-                   )
-                        goto err;
-                }
-        else
-                {
 #ifdef RL_DEBUG
-                BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+        BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-                        dbfile, buf[1]);
+                dbfile, buf[1]);
 #endif
-                if (rename(dbfile,buf[1]) < 0)
+        if (rename(dbfile,buf[1]) < 0 && errno != ENOENT
-                        {
+#ifdef ENOTDIR
+                && errno != ENOTDIR
+#endif
+           )            {
                        BIO_printf(bio_err,
                                "unable to rename %s to %s\n",
                                dbfile, buf[1]);
                        perror("reason");
                        goto err;
                        }
-                }
 #ifdef RL_DEBUG
        BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
                buf[0],dbfile);
@@ -1940,23 +2029,15 @@ int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suf
                rename(buf[1],dbfile);
                goto err;
                }
-        if (stat(buf[4],&sb) < 0)
-                {
-                if (errno != ENOENT 
-#ifdef ENOTDIR
-                        && errno != ENOTDIR
-#endif
-                   )
-                        goto err;
-                }
-        else
-                {
 #ifdef RL_DEBUG
-                BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+        BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-                        buf[4],buf[3]);
+                buf[4],buf[3]);
 #endif
-                if (rename(buf[4],buf[3]) < 0)
+        if (rename(buf[4],buf[3]) < 0 && errno != ENOENT
-                        {
+#ifdef ENOTDIR
+                && errno != ENOTDIR
+#endif
+           )            {
                        BIO_printf(bio_err,
                                "unable to rename %s to %s\n",
                                buf[4], buf[3]);
@@ -1965,7 +2046,6 @@ int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suf
                        rename(buf[1],dbfile);
                        goto err;
                        }
-                }
 #ifdef RL_DEBUG
        BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
                buf[2],buf[4]);
@@ -2160,52 +2240,13 @@ error:
        return NULL;
 }
-/* This code MUST COME AFTER anything that uses rename() */
-#ifdef OPENSSL_SYS_WIN32
-int WIN32_rename(const char *from, const char *to)
-        {
-#ifndef OPENSSL_SYS_WINCE
-        /* Windows rename gives an error if 'to' exists, so delete it
-         * first and ignore file not found errror
-         */
-        if((remove(to) != 0) && (errno != ENOENT))
-                return -1;
-#undef rename
-        return rename(from, to);
-#else
-        /* convert strings to UNICODE */
-        {
-        BOOL result = FALSE;
-        WCHAR* wfrom;
-        WCHAR* wto;
-        int i;
-        wfrom = malloc((strlen(from)+1)*2);
-        wto = malloc((strlen(to)+1)*2);
-        if (wfrom != NULL && wto != NULL)
-                {
-                for (i=0; i<(int)strlen(from)+1; i++)
-                        wfrom[i] = (short)from[i];
-                for (i=0; i<(int)strlen(to)+1; i++)
-                        wto[i] = (short)to[i];
-                result = MoveFile(wfrom, wto);
-                }
-        if (wfrom != NULL)
-                free(wfrom);
-        if (wto != NULL)
-                free(wto);
-        return result;
-        }
-#endif
-        }
-#endif
 int args_verify(char ***pargs, int *pargc,
                        int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
        {
        ASN1_OBJECT *otmp = NULL;
        unsigned long flags = 0;
        int i;
-        int purpose = 0;
+        int purpose = 0, depth = -1;
        char **oldargs = *pargs;
        char *arg = **pargs, *argn = (*pargs)[1];
        if (!strcmp(arg, "-policy"))
@@ -2245,6 +2286,21 @@ int args_verify(char ***pargs, int *pargc,
                        }
                (*pargs)++;
                }
+        else if (strcmp(arg,"-verify_depth") == 0)
+                {
+                if (!argn)
+                        *badarg = 1;
+                else
+                        {
+                        depth = atoi(argn);
+                        if(depth < 0)
+                                {
+                                BIO_printf(err, "invalid depth\n");
+                                *badarg = 1;
+                                }
+                        }
+                (*pargs)++;
+                }
        else if (!strcmp(arg, "-ignore_critical"))
                flags |= X509_V_FLAG_IGNORE_CRITICAL;
        else if (!strcmp(arg, "-issuer_checks"))
@@ -2257,10 +2313,20 @@ int args_verify(char ***pargs, int *pargc,
                flags |= X509_V_FLAG_POLICY_CHECK;
        else if (!strcmp(arg, "-explicit_policy"))
                flags |= X509_V_FLAG_EXPLICIT_POLICY;
+        else if (!strcmp(arg, "-inhibit_any"))
+                flags |= X509_V_FLAG_INHIBIT_ANY;
+        else if (!strcmp(arg, "-inhibit_map"))
+                flags |= X509_V_FLAG_INHIBIT_MAP;
        else if (!strcmp(arg, "-x509_strict"))
                flags |= X509_V_FLAG_X509_STRICT;
+        else if (!strcmp(arg, "-extended_crl"))
+                flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
+        else if (!strcmp(arg, "-use_deltas"))
+                flags |= X509_V_FLAG_USE_DELTAS;
        else if (!strcmp(arg, "-policy_print"))
                flags |= X509_V_FLAG_NOTIFY_POLICY;
+        else if (!strcmp(arg, "-check_ss_sig"))
+                flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
        else
                return 0;
@@ -2286,6 +2352,9 @@ int args_verify(char ***pargs, int *pargc,
        if (purpose)
                X509_VERIFY_PARAM_set_purpose(*pm, purpose);
+        if (depth >= 0)
+                X509_VERIFY_PARAM_set_depth(*pm, depth);
        end:
        (*pargs)++;
@@ -2297,6 +2366,61 @@ int args_verify(char ***pargs, int *pargc,
        }
+/* Read whole contents of a BIO into an allocated memory buffer and
+ * return it.
+ */
+int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
+        {
+        BIO *mem;
+        int len, ret;
+        unsigned char tbuf[1024];
+        mem = BIO_new(BIO_s_mem());
+        if (!mem)
+                return -1;
+        for(;;)
+                {
+                if ((maxlen != -1) && maxlen < 1024)
+                        len = maxlen;
+                else
+                        len = 1024;
+                len = BIO_read(in, tbuf, len);
+                if (len <= 0)
+                        break;
+                if (BIO_write(mem, tbuf, len) != len)
+                        {
+                        BIO_free(mem);
+                        return -1;
+                        }
+                maxlen -= len;
+                if (maxlen == 0)
+                        break;
+                }
+        ret = BIO_get_mem_data(mem, (char **)out);
+        BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
+        BIO_free(mem);
+        return ret;
+        }
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
+        {
+        int rv;
+        char *stmp, *vtmp = NULL;
+        stmp = BUF_strdup(value);
+        if (!stmp)
+                return -1;
+        vtmp = strchr(stmp, ':');
+        if (vtmp)
+                {
+                *vtmp = 0;
+                vtmp++;
+                }
+        rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
+        OPENSSL_free(stmp);
+        return rv;
+        }
 static void nodes_print(BIO *out, const char *name,
        STACK_OF(X509_POLICY_NODE) *nodes)
        {
@@ -2338,7 +2462,7 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx)
                BIO_free(out);
        }
-#ifndef OPENSSL_NO_JPAKE
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
 static JPAKE_CTX *jpake_init(const char *us, const char *them,
                                                         const char *secret)
@@ -2521,17 +2645,14 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
        jpake_send_step3a(bconn, ctx);
        jpake_receive_step3b(ctx, bconn);
-        /*
+        BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
-         * The problem is that you must use the derived key in the
-         * session key or you are subject to man-in-the-middle
+        psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
-         * attacks.
-         */
-        BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
-                 " be MitMed. See the version in HEAD for how to do it"
-                 " properly)\n");
        BIO_pop(bconn);
        BIO_free(bconn);
+        JPAKE_CTX_free(ctx);
        }
 void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
@@ -2553,17 +2674,340 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
        jpake_receive_step3a(ctx, bconn);
        jpake_send_step3b(bconn, ctx);
-        /*
+        BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
-         * The problem is that you must use the derived key in the
-         * session key or you are subject to man-in-the-middle
+        psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
-         * attacks.
-         */
-        BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
-                 " be MitMed. See the version in HEAD for how to do it"
-                 " properly)\n");
        BIO_pop(bconn);
        BIO_free(bconn);
+        JPAKE_CTX_free(ctx);
+        }
+#endif
+/*
+ * Platform-specific sections
+ */
+#if defined(_WIN32)
+# ifdef fileno
+#  undef fileno
+#  define fileno(a) (int)_fileno(a)
+# endif
+# include <windows.h>
+# include <tchar.h>
+static int WIN32_rename(const char *from, const char *to)
+        {
+        TCHAR  *tfrom=NULL,*tto;
+        DWORD   err;
+        int     ret=0;
+        if (sizeof(TCHAR) == 1)
+                {
+                tfrom = (TCHAR *)from;
+                tto   = (TCHAR *)to;
+                }
+        else    /* UNICODE path */
+                {
+                size_t i,flen=strlen(from)+1,tlen=strlen(to)+1;
+                tfrom = (TCHAR *)malloc(sizeof(TCHAR)*(flen+tlen));
+                if (tfrom==NULL) goto err;
+                tto=tfrom+flen;
+#if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+                if (!MultiByteToWideChar(CP_ACP,0,from,flen,(WCHAR *)tfrom,flen))
+#endif
+                        for (i=0;i<flen;i++)    tfrom[i]=(TCHAR)from[i];
+#if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+                if (!MultiByteToWideChar(CP_ACP,0,to,  tlen,(WCHAR *)tto,  tlen))
+#endif
+                        for (i=0;i<tlen;i++)    tto[i]  =(TCHAR)to[i];
+                }
+        if (MoveFile(tfrom,tto))        goto ok;
+        err=GetLastError();
+        if (err==ERROR_ALREADY_EXISTS || err==ERROR_FILE_EXISTS)
+                {
+                if (DeleteFile(tto) && MoveFile(tfrom,tto))
+                        goto ok;
+                err=GetLastError();
+                }
+        if (err==ERROR_FILE_NOT_FOUND || err==ERROR_PATH_NOT_FOUND)
+                errno = ENOENT;
+        else if (err==ERROR_ACCESS_DENIED)
+                errno = EACCES;
+        else
+                errno = EINVAL; /* we could map more codes... */
+err:
+        ret=-1;
+ok:
+        if (tfrom!=NULL && tfrom!=(TCHAR *)from)        free(tfrom);
+        return ret;
+        }
+#endif
+/* app_tminterval section */
+#if defined(_WIN32)
+double app_tminterval(int stop,int usertime)
+        {
+        FILETIME                now;
+        double                  ret=0;
+        static ULARGE_INTEGER   tmstart;
+        static int              warning=1;
+#ifdef _WIN32_WINNT
+        static HANDLE           proc=NULL;
+        if (proc==NULL)
+                {
+                if (GetVersion() < 0x80000000)
+                        proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
+                                                GetCurrentProcessId());
+                if (proc==NULL) proc = (HANDLE)-1;
+                }
+        if (usertime && proc!=(HANDLE)-1)
+                {
+                FILETIME junk;
+                GetProcessTimes(proc,&junk,&junk,&junk,&now);
+                }
+        else
+#endif
+                {
+                SYSTEMTIME systime;
+                if (usertime && warning)
+                        {
+                        BIO_printf(bio_err,"To get meaningful results, run "
+                                           "this program on idle system.\n");
+                        warning=0;
+                        }
+                GetSystemTime(&systime);
+                SystemTimeToFileTime(&systime,&now);
+                }
+        if (stop==TM_START)
+                {
+                tmstart.u.LowPart  = now.dwLowDateTime;
+                tmstart.u.HighPart = now.dwHighDateTime;
+                }
+        else    {
+                ULARGE_INTEGER tmstop;
+                tmstop.u.LowPart   = now.dwLowDateTime;
+                tmstop.u.HighPart  = now.dwHighDateTime;
+                ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart)*1e-7;
+                }
+        return (ret);
+        }
+#elif defined(OPENSSL_SYS_NETWARE)
+#include <time.h>
+double app_tminterval(int stop,int usertime)
+        {
+        double          ret=0;
+        static clock_t  tmstart;
+        static int      warning=1;
+        if (usertime && warning)
+                {
+                BIO_printf(bio_err,"To get meaningful results, run "
+                                   "this program on idle system.\n");
+                warning=0;
+                }
+        if (stop==TM_START)     tmstart = clock();
+        else                    ret     = (clock()-tmstart)/(double)CLOCKS_PER_SEC;
+        return (ret);
+        }
+#elif defined(OPENSSL_SYSTEM_VXWORKS)
+#include <time.h>
+double app_tminterval(int stop,int usertime)
+        {
+        double ret=0;
+#ifdef CLOCK_REALTIME
+        static struct timespec  tmstart;
+        struct timespec         now;
+#else
+        static unsigned long    tmstart;
+        unsigned long           now;
+#endif
+        static int warning=1;
+        if (usertime && warning)
+                {
+                BIO_printf(bio_err,"To get meaningful results, run "
+                                   "this program on idle system.\n");
+                warning=0;
+                }
+#ifdef CLOCK_REALTIME
+        clock_gettime(CLOCK_REALTIME,&now);
+        if (stop==TM_START)     tmstart = now;
+        else    ret = ( (now.tv_sec+now.tv_nsec*1e-9)
+                        - (tmstart.tv_sec+tmstart.tv_nsec*1e-9) );
+#else
+        now = tickGet();
+        if (stop==TM_START)     tmstart = now;
+        else                    ret = (now - tmstart)/(double)sysClkRateGet();
+#endif
+        return (ret);
+        }
+#elif defined(OPENSSL_SYSTEM_VMS)
+#include <time.h>
+#include <times.h>
+double app_tminterval(int stop,int usertime)
+        {
+        static clock_t  tmstart;
+        double          ret = 0;
+        clock_t         now;
+#ifdef __TMS
+        struct tms      rus;
+        now = times(&rus);
+        if (usertime)   now = rus.tms_utime;
+#else
+        if (usertime)
+                now = clock(); /* sum of user and kernel times */
+        else    {
+                struct timeval tv;
+                gettimeofday(&tv,NULL);
+                now = (clock_t)(
+                        (unsigned long long)tv.tv_sec*CLK_TCK +
+                        (unsigned long long)tv.tv_usec*(1000000/CLK_TCK)
+                        );
+                }
+#endif
+        if (stop==TM_START)     tmstart = now;
+        else                    ret = (now - tmstart)/(double)(CLK_TCK);
+        return (ret);
+        }
+#elif defined(_SC_CLK_TCK)      /* by means of unistd.h */
+#include <sys/times.h>
+double app_tminterval(int stop,int usertime)
+        {
+        double          ret = 0;
+        struct tms      rus;
+        clock_t         now = times(&rus);
+        static clock_t  tmstart;
+        if (usertime)           now = rus.tms_utime;
+        if (stop==TM_START)     tmstart = now;
+        else
+                {
+                long int tck = sysconf(_SC_CLK_TCK);
+                ret = (now - tmstart)/(double)tck;
+                }
+        return (ret);
+        }
+#else
+#include <sys/time.h>
+#include <sys/resource.h>
+double app_tminterval(int stop,int usertime)
+        {
+        double          ret = 0;
+        struct rusage   rus;
+        struct timeval  now;
+        static struct timeval tmstart;
+        if (usertime)           getrusage(RUSAGE_SELF,&rus), now = rus.ru_utime;
+        else                    gettimeofday(&now,NULL);
+        if (stop==TM_START)     tmstart = now;
+        else                    ret = ( (now.tv_sec+now.tv_usec*1e-6)
+                                        - (tmstart.tv_sec+tmstart.tv_usec*1e-6) );
+        return ret;
        }
+#endif
+/* app_isdir section */
+#ifdef _WIN32
+int app_isdir(const char *name)
+        {
+        HANDLE          hList;
+        WIN32_FIND_DATA FileData;
+#if defined(UNICODE) || defined(_UNICODE)
+        size_t i, len_0 = strlen(name)+1;
+        if (len_0 > sizeof(FileData.cFileName)/sizeof(FileData.cFileName[0]))
+                return -1;
+#if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+        if (!MultiByteToWideChar(CP_ACP,0,name,len_0,FileData.cFileName,len_0))
+#endif
+                for (i=0;i<len_0;i++)
+                        FileData.cFileName[i] = (WCHAR)name[i];
+        hList = FindFirstFile(FileData.cFileName,&FileData);
+#else
+        hList = FindFirstFile(name,&FileData);
+#endif
+        if (hList == INVALID_HANDLE_VALUE)      return -1;
+        FindClose(hList);
+        return ((FileData.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)!=0);
+        }
+#else
+#include <sys/stat.h>
+#ifndef S_ISDIR
+# if defined(_S_IFMT) && defined(_S_IFDIR)
+#  define S_ISDIR(a)   (((a) & _S_IFMT) == _S_IFDIR)
+# else 
+#  define S_ISDIR(a)   (((a) & S_IFMT) == S_IFDIR)
+# endif 
+#endif 
+int app_isdir(const char *name)
+        {
+#if defined(S_ISDIR)
+        struct stat st;
+        if (stat(name,&st)==0)  return S_ISDIR(st.st_mode);
+        else                    return -1;
+#else
+        return -1;
+#endif
+        }
+#endif
+/* raw_read|write section */
+#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
+int raw_read_stdin(void *buf,int siz)
+        {
+        DWORD n;
+        if (ReadFile(GetStdHandle(STD_INPUT_HANDLE),buf,siz,&n,NULL))
+                return (n);
+        else    return (-1);
+        }
+#else
+int raw_read_stdin(void *buf,int siz)
+        {       return read(fileno(stdin),buf,siz);     }
+#endif
+#if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
+int raw_write_stdout(const void *buf,int siz)
+        {
+        DWORD n;
+        if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE),buf,siz,&n,NULL))
+                return (n);
+        else    return (-1);
+        }
+#else
+int raw_write_stdout(const void *buf,int siz)
+        {       return write(fileno(stdout),buf,siz);   }
 #endif
diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h
index 88579094b1..596a39aceb 100644
--- a/src/lib/libssl/src/apps/apps.h
+++ b/src/lib/libssl/src/apps/apps.h
@@ -137,11 +137,6 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
                                       * (see e_os.h).  The string is
                                       * destroyed! */
-#ifdef OPENSSL_SYS_WIN32
-#define rename(from,to) WIN32_rename((from),(to))
-int WIN32_rename(const char *oldname,const char *newname);
-#endif
 #ifndef MONOLITH
 #define MAIN(a,v)       main(a,v)
@@ -149,11 +144,9 @@ int WIN32_rename(const char *oldname,const char *newname);
 #ifndef NON_MAIN
 CONF *config=NULL;
 BIO *bio_err=NULL;
-int in_FIPS_mode=0;
 #else
 extern CONF *config;
 extern BIO *bio_err;
-extern int in_FIPS_mode;
 #endif
 #else
@@ -162,7 +155,6 @@ extern int in_FIPS_mode;
 extern CONF *config;
 extern char *default_config_file;
 extern BIO *bio_err;
-extern int in_FIPS_mode;
 #endif
@@ -176,61 +168,37 @@ extern int in_FIPS_mode;
 #define do_pipe_sig()
 #endif
+#ifdef OPENSSL_NO_COMP
+#define zlib_cleanup() 
+#else
+#define zlib_cleanup() COMP_zlib_cleanup()
+#endif
 #if defined(MONOLITH) && !defined(OPENSSL_C)
 #  define apps_startup() \
                do_pipe_sig()
 #  define apps_shutdown()
 #else
 #  ifndef OPENSSL_NO_ENGINE
-#    if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+#    define apps_startup() \
-     defined(OPENSSL_SYS_WIN32)
+                        do { do_pipe_sig(); CRYPTO_malloc_init(); \
-#      ifdef _O_BINARY
-#        define apps_startup() \
-                        do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-                        ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
-                        ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
-#      else
-#        define apps_startup() \
-                        do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
                        ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
                        ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
-#      endif
-#    else
-#      define apps_startup() \
-                        do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
-                        ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
-                        setup_ui_method(); } while(0)
-#    endif
 #    define apps_shutdown() \
                        do { CONF_modules_unload(1); destroy_ui_method(); \
-                        EVP_cleanup(); ENGINE_cleanup(); \
+                        OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
-                        CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+                        CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
-                        ERR_free_strings(); } while(0)
+                        ERR_free_strings(); zlib_cleanup();} while(0)
 #  else
-#    if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+#    define apps_startup() \
-     defined(OPENSSL_SYS_WIN32)
+                        do { do_pipe_sig(); CRYPTO_malloc_init(); \
-#      ifdef _O_BINARY
-#        define apps_startup() \
-                        do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
                        ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
                        setup_ui_method(); } while(0)
-#      else
-#        define apps_startup() \
-                        do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-                        ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
-                        setup_ui_method(); } while(0)
-#      endif
-#    else
-#      define apps_startup() \
-                        do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
-                        ERR_load_crypto_strings(); \
-                        setup_ui_method(); } while(0)
-#    endif
 #    define apps_shutdown() \
                        do { CONF_modules_unload(1); destroy_ui_method(); \
-                        EVP_cleanup(); \
+                        OBJ_cleanup(); EVP_cleanup(); \
-                        CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+                        CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
-                        ERR_free_strings(); } while(0)
+                        ERR_free_strings(); zlib_cleanup(); } while(0)
 #  endif
 #endif
@@ -240,6 +208,7 @@ extern int in_FIPS_mode;
 #  define openssl_fdset(a,b) FD_SET(a, b)
 #endif
 typedef struct args_st
        {
        char **data;
@@ -282,6 +251,8 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
        const char *pass, ENGINE *e, const char *key_descrip);
 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
        const char *pass, ENGINE *e, const char *cert_descrip);
+STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
+        const char *pass, ENGINE *e, const char *cert_descrip);
 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
 #ifndef OPENSSL_NO_ENGINE
 ENGINE *setup_engine(BIO *err, const char *engine, int debug);
@@ -290,6 +261,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug);
 #ifndef OPENSSL_NO_OCSP
 OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
                        char *host, char *path, char *port, int use_ssl,
+                        STACK_OF(CONF_VALUE) *headers,
                        int req_timeout);
 #endif
@@ -331,13 +303,23 @@ int index_index(CA_DB *db);
 int save_index(const char *dbfile, const char *suffix, CA_DB *db);
 int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
 void free_index(CA_DB *db);
-int index_name_cmp(const char **a, const char **b);
+#define index_name_cmp_noconst(a, b) \
+        index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
+        (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
 int parse_yesno(const char *str, int def);
 X509_NAME *parse_name(char *str, long chtype, int multirdn);
 int args_verify(char ***pargs, int *pargc,
                        int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
 void policies_print(BIO *out, X509_STORE_CTX *ctx);
+int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
+int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
+                        const char *algname, ENGINE *e, int do_param);
+#ifndef OPENSSL_NO_PSK
+extern char *psk_key;
+#endif
 #ifndef OPENSSL_NO_JPAKE
 void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
 void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
@@ -353,6 +335,10 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
 #define FORMAT_ENGINE   7
 #define FORMAT_IISSGC   8       /* XXX this stupid macro helps us to avoid
                                 * adding yet another param to load_*key() */
+#define FORMAT_PEMRSA   9       /* PEM RSAPubicKey format */
+#define FORMAT_ASN1RSA  10      /* DER RSAPubicKey format */
+#define FORMAT_MSBLOB   11      /* MS Key blob format */
+#define FORMAT_PVK      12      /* MS PVK file format */
 #define EXT_COPY_NONE   0
 #define EXT_COPY_ADD    1
@@ -364,4 +350,11 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
 #define SERIAL_RAND_BITS        64
+int app_isdir(const char *);
+int raw_read_stdin(void *,int);
+int raw_write_stdout(const void *,int);
+#define TM_START        0
+#define TM_STOP         1
+double app_tminterval (int stop,int usertime);
 #endif
diff --git a/src/lib/libssl/src/apps/asn1pars.c b/src/lib/libssl/src/apps/asn1pars.c
index bde61d02d1..b5d65e725b 100644
--- a/src/lib/libssl/src/apps/asn1pars.c
+++ b/src/lib/libssl/src/apps/asn1pars.c
@@ -96,7 +96,7 @@ int MAIN(int argc, char **argv)
        unsigned char *tmpbuf;
        const unsigned char *ctmpbuf;
        BUF_MEM *buf=NULL;
-        STACK *osk=NULL;
+        STACK_OF(OPENSSL_STRING) *osk=NULL;
        ASN1_TYPE *at=NULL;
        informat=FORMAT_PEM;
@@ -113,7 +113,7 @@ int MAIN(int argc, char **argv)
        prog=argv[0];
        argc--;
        argv++;
-        if ((osk=sk_new_null()) == NULL)
+        if ((osk=sk_OPENSSL_STRING_new_null()) == NULL)
                {
                BIO_printf(bio_err,"Memory allocation failure\n");
                goto end;
@@ -169,7 +169,7 @@ int MAIN(int argc, char **argv)
                else if (strcmp(*argv,"-strparse") == 0)
                        {
                        if (--argc < 1) goto bad;
-                        sk_push(osk,*(++argv));
+                        sk_OPENSSL_STRING_push(osk,*(++argv));
                        }
                else if (strcmp(*argv,"-genstr") == 0)
                        {
@@ -302,18 +302,18 @@ bad:
        /* If any structs to parse go through in sequence */
-        if (sk_num(osk))
+        if (sk_OPENSSL_STRING_num(osk))
                {
                tmpbuf=(unsigned char *)str;
                tmplen=num;
-                for (i=0; i<sk_num(osk); i++)
+                for (i=0; i<sk_OPENSSL_STRING_num(osk); i++)
                        {
                        ASN1_TYPE *atmp;
                        int typ;
-                        j=atoi(sk_value(osk,i));
+                        j=atoi(sk_OPENSSL_STRING_value(osk,i));
                        if (j == 0)
                                {
-                                BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i));
+                                BIO_printf(bio_err,"'%s' is an invalid number\n",sk_OPENSSL_STRING_value(osk,i));
                                continue;
                                }
                        tmpbuf+=j;
@@ -378,7 +378,7 @@ end:
                ERR_print_errors(bio_err);
        if (buf != NULL) BUF_MEM_free(buf);
        if (at != NULL) ASN1_TYPE_free(at);
-        if (osk != NULL) sk_free(osk);
+        if (osk != NULL) sk_OPENSSL_STRING_free(osk);
        OBJ_cleanup();
        apps_shutdown();
        OPENSSL_EXIT(ret);
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index 68516ee9bd..6b8b0ef8fd 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -63,7 +63,6 @@
 #include <string.h>
 #include <ctype.h>
 #include <sys/types.h>
-#include <sys/stat.h>
 #include <openssl/conf.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>
@@ -83,7 +82,7 @@
 #    else
 #      include <unixlib.h>
 #    endif
-#  elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) && !defined(__TANDEM)
+#  elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE)
 #    include <sys/file.h>
 #  endif
 #endif
@@ -216,7 +215,6 @@ static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
                         char *startdate, char *enddate, long days, char *ext_sect,
                         CONF *conf, int verbose, unsigned long certopt, 
                         unsigned long nameopt, int default_op, int ext_copy);
-static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
        STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
@@ -227,7 +225,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
 static int get_certificate_status(const char *ser_status, CA_DB *db);
 static int do_updatedb(CA_DB *db);
-static int check_time_format(char *str);
+static int check_time_format(const char *str);
 char *make_revocation_str(int rev_type, char *rev_arg);
 int make_revoked(X509_REVOKED *rev, const char *str);
 int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
@@ -259,6 +257,7 @@ int MAIN(int argc, char **argv)
        int doupdatedb=0;
        long crldays=0;
        long crlhours=0;
+        long crlsec=0;
        long errorline= -1;
        char *configfile=NULL;
        char *md=NULL;
@@ -306,7 +305,8 @@ int MAIN(int argc, char **argv)
        ASN1_TIME *tmptm;
        ASN1_INTEGER *tmpser;
        char *f;
-        const char *p, **pp;
+        const char *p;
+        char * const *pp;
        int i,j;
        const EVP_MD *dgst=NULL;
        STACK_OF(CONF_VALUE) *attribs=NULL;
@@ -457,6 +457,11 @@ EF_ALIGNMENT=0;
                        if (--argc < 1) goto bad;
                        crlhours= atol(*(++argv));
                        }
+                else if (strcmp(*argv,"-crlsec") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        crlsec = atol(*(++argv));
+                        }
                else if (strcmp(*argv,"-infiles") == 0)
                        {
                        argc--;
@@ -550,8 +555,10 @@ bad:
        if (badops)
                {
-                for (pp=ca_usage; (*pp != NULL); pp++)
+                const char **pp2;
-                        BIO_printf(bio_err,"%s",*pp);
+                for (pp2=ca_usage; (*pp2 != NULL); pp2++)
+                        BIO_printf(bio_err,"%s",*pp2);
                goto err;
                }
@@ -826,7 +833,6 @@ bad:
        /* lookup where to write new certificates */
        if ((outdir == NULL) && (req))
                {
-                struct stat sb;
                if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
                        == NULL)
@@ -845,28 +851,24 @@ bad:
               that to access().  However, time's too short to do that just
               now.
            */
+#ifndef _WIN32
                if (access(outdir,R_OK|W_OK|X_OK) != 0)
+#else
+                if (_access(outdir,R_OK|W_OK|X_OK) != 0)
+#endif
                        {
                        BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
                        perror(outdir);
                        goto err;
                        }
-                if (stat(outdir,&sb) != 0)
+                if (app_isdir(outdir)<=0)
-                        {
-                        BIO_printf(bio_err,"unable to stat(%s)\n",outdir);
-                        perror(outdir);
-                        goto err;
-                        }
-#ifdef S_IFDIR
-                if (!(sb.st_mode & S_IFDIR))
                        {
                        BIO_printf(bio_err,"%s need to be a directory\n",outdir);
                        perror(outdir);
                        goto err;
                        }
 #endif
-#endif
                }
        /*****************************************************************/
@@ -880,9 +882,9 @@ bad:
        if (db == NULL) goto err;
        /* Lets check some fields */
-        for (i=0; i<sk_num(db->db->data); i++)
+        for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++)
                {
-                pp=(const char **)sk_value(db->db->data,i);
+                pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
                if ((pp[DB_type][0] != DB_TYPE_REV) &&
                        (pp[DB_rev_date][0] != '\0'))
                        {
@@ -935,7 +937,7 @@ bad:
 #endif
                TXT_DB_write(out,db->db);
                BIO_printf(bio_err,"%d entries loaded from the database\n",
-                        db->db->data->num);
+                           sk_OPENSSL_PSTRING_num(db->db->data));
                BIO_printf(bio_err,"generating index\n");
                }
        
@@ -1026,6 +1028,17 @@ bad:
                goto err;
                }
+        if (!strcmp(md, "default"))
+                {
+                int def_nid;
+                if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
+                        {
+                        BIO_puts(bio_err,"no default digest\n");
+                        goto err;
+                        }
+                md = (char *)OBJ_nid2sn(def_nid);
+                }
        if ((dgst=EVP_get_digestbyname(md)) == NULL)
                {
                BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
@@ -1095,9 +1108,9 @@ bad:
                        if (startdate == NULL)
                                ERR_clear_error();
                        }
-                if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
+                if (startdate && !ASN1_TIME_set_string(NULL, startdate))
                        {
-                        BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
+                        BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
                        goto err;
                        }
                if (startdate == NULL) startdate="today";
@@ -1109,9 +1122,9 @@ bad:
                        if (enddate == NULL)
                                ERR_clear_error();
                        }
-                if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
+                if (enddate && !ASN1_TIME_set_string(NULL, enddate))
                        {
-                        BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
+                        BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
                        goto err;
                        }
@@ -1249,7 +1262,12 @@ bad:
                                BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
                                (void)BIO_flush(bio_err);
                                buf[0][0]='\0';
-                                fgets(buf[0],10,stdin);
+                                if (!fgets(buf[0],10,stdin))
+                                        {
+                                        BIO_printf(bio_err,"CERTIFICATION CANCELED: I/O error\n"); 
+                                        ret=0;
+                                        goto err;
+                                        }
                                if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
                                        {
                                        BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); 
@@ -1366,7 +1384,7 @@ bad:
                                goto err;
                                }
-                if (!crldays && !crlhours)
+                if (!crldays && !crlhours && !crlsec)
                        {
                        if (!NCONF_get_number(conf,section,
                                ENV_DEFAULT_CRL_DAYS, &crldays))
@@ -1375,7 +1393,7 @@ bad:
                                ENV_DEFAULT_CRL_HOURS, &crlhours))
                                crlhours = 0;
                        }
-                if ((crldays == 0) && (crlhours == 0))
+                if ((crldays == 0) && (crlhours == 0) && (crlsec == 0))
                        {
                        BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
                        goto err;
@@ -1389,14 +1407,19 @@ bad:
                if (!tmptm) goto err;
                X509_gmtime_adj(tmptm,0);
                X509_CRL_set_lastUpdate(crl, tmptm);    
-                X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60);
+                if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec,
+                        NULL))
+                        {
+                        BIO_puts(bio_err, "error setting CRL nextUpdate\n");
+                        goto err;
+                        }
                X509_CRL_set_nextUpdate(crl, tmptm);    
                ASN1_TIME_free(tmptm);
-                for (i=0; i<sk_num(db->db->data); i++)
+                for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++)
                        {
-                        pp=(const char **)sk_value(db->db->data,i);
+                        pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
                        if (pp[DB_type][0] == DB_TYPE_REV)
                                {
                                if ((r=X509_REVOKED_new()) == NULL) goto err;
@@ -1422,15 +1445,6 @@ bad:
                /* we now have a CRL */
                if (verbose) BIO_printf(bio_err,"signing CRL\n");
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA) 
-                        dgst=EVP_dss1();
-                else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-                if (pkey->type == EVP_PKEY_EC)
-                        dgst=EVP_ecdsa();
-#endif
                /* Add any extensions asked for */
@@ -1463,6 +1477,12 @@ bad:
                if (crlnumberfile != NULL)      /* we have a CRL number that need updating */
                        if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
+                if (crlnumber)
+                        {
+                        BN_free(crlnumber);
+                        crlnumber = NULL;
+                        }
                if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
                PEM_write_bio_X509_CRL(Sout,crl);
@@ -1515,6 +1535,7 @@ err:
        if (free_key && key)
                OPENSSL_free(key);
        BN_free(serial);
+        BN_free(crlnumber);
        free_index(db);
        EVP_PKEY_free(pkey);
        if (x509) X509_free(x509);
@@ -1673,7 +1694,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
        int ok= -1,i,j,last,nid;
        const char *p;
        CONF_VALUE *cv;
-        char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
+        OPENSSL_STRING row[DB_NUMBER];
+        OPENSSL_STRING *irow=NULL;
+        OPENSSL_STRING *rrow=NULL;
        char buf[25];
        tmptm=ASN1_UTCTIME_new();
@@ -1915,7 +1938,9 @@ again2:
        if (db->attributes.unique_subject)
                {
-                rrow=TXT_DB_get_by_index(db->db,DB_name,row);
+                OPENSSL_STRING *crow=row;
+                rrow=TXT_DB_get_by_index(db->db,DB_name,crow);
                if (rrow != NULL)
                        {
                        BIO_printf(bio_err,
@@ -1991,11 +2016,11 @@ again2:
        if (strcmp(startdate,"today") == 0)
                X509_gmtime_adj(X509_get_notBefore(ret),0);
-        else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+        else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate);
        if (enddate == NULL)
-                X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
+                X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL);
-        else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
+        else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
        if (!X509_set_subject_name(ret,subject)) goto err;
@@ -2091,7 +2116,7 @@ again2:
                }
        BIO_printf(bio_err,"Certificate is to be certified until ");
-        ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
+        ASN1_TIME_print(bio_err,X509_get_notAfter(ret));
        if (days) BIO_printf(bio_err," (%ld days)",days);
        BIO_printf(bio_err, "\n");
@@ -2101,7 +2126,12 @@ again2:
                BIO_printf(bio_err,"Sign the certificate? [y/n]:");
                (void)BIO_flush(bio_err);
                buf[0]='\0';
-                fgets(buf,sizeof(buf)-1,stdin);
+                if (!fgets(buf,sizeof(buf)-1,stdin))
+                        {
+                        BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
+                        ok=0;
+                        goto err;
+                        }
                if (!((buf[0] == 'y') || (buf[0] == 'Y')))
                        {
                        BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n");
@@ -2110,25 +2140,11 @@ again2:
                        }
                }
-#ifndef OPENSSL_NO_DSA
-        if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
        pktmp=X509_get_pubkey(ret);
        if (EVP_PKEY_missing_parameters(pktmp) &&
                !EVP_PKEY_missing_parameters(pkey))
                EVP_PKEY_copy_parameters(pktmp,pkey);
        EVP_PKEY_free(pktmp);
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        if (pkey->type == EVP_PKEY_EC)
-                dgst = EVP_ecdsa();
-        pktmp = X509_get_pubkey(ret);
-        if (EVP_PKEY_missing_parameters(pktmp) &&
-                !EVP_PKEY_missing_parameters(pkey))
-                EVP_PKEY_copy_parameters(pktmp, pkey);
-        EVP_PKEY_free(pktmp);
-#endif
        if (!X509_sign(ret,pkey,dgst))
                goto err;
@@ -2230,7 +2246,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
             unsigned long nameopt, int default_op, int ext_copy)
        {
        STACK_OF(CONF_VALUE) *sk=NULL;
-        LHASH *parms=NULL;
+        LHASH_OF(CONF_VALUE) *parms=NULL;
        X509_REQ *req=NULL;
        CONF_VALUE *cv=NULL;
        NETSCAPE_SPKI *spki = NULL;
@@ -2317,25 +2333,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
                        continue;
                        }
-                /*
+                if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
-                if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))
+                                (unsigned char *)buf, -1, -1, 0))
-                        continue;
-                */
-                
-                j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
-                if (fix_data(nid, &j) == 0)
-                        {
-                        BIO_printf(bio_err,
-                                "invalid characters in string %s\n",buf);
-                        goto err;
-                        }
-                if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j,
-                        (unsigned char *)buf,
-                        strlen(buf))) == NULL)
                        goto err;
-                if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err;
                }
        if (spki == NULL)
                {
@@ -2378,29 +2378,9 @@ err:
        return(ok);
        }
-static int fix_data(int nid, int *type)
+static int check_time_format(const char *str)
        {
-        if (nid == NID_pkcs9_emailAddress)
+        return ASN1_TIME_set_string(NULL, str);
-                *type=V_ASN1_IA5STRING;
-        if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
-                *type=V_ASN1_T61STRING;
-        if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING))
-                *type=V_ASN1_T61STRING;
-        if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING))
-                return(0);
-        if (nid == NID_pkcs9_unstructuredName)
-                *type=V_ASN1_IA5STRING;
-        return(1);
-        }
-static int check_time_format(char *str)
-        {
-        ASN1_UTCTIME tm;
-        tm.data=(unsigned char *)str;
-        tm.length=strlen(str);
-        tm.type=V_ASN1_UTCTIME;
-        return(ASN1_UTCTIME_check(&tm));
        }
 static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
@@ -2415,6 +2395,8 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
                row[i]=NULL;
        row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
        bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+        if (!bn)
+                goto err;
        if (BN_is_zero(bn))
                row[DB_serial]=BUF_strdup("00");
        else
@@ -2484,7 +2466,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
                goto err;
                }
-        else if (index_name_cmp((const char **)row,(const char **)rrow))
+        else if (index_name_cmp_noconst(row, rrow))
                {
                BIO_printf(bio_err,"ERROR:name does not match %s\n",
                           row[DB_name]);
@@ -2633,9 +2615,9 @@ static int do_updatedb (CA_DB *db)
        else
                a_y2k = 0;
-        for (i = 0; i < sk_num(db->db->data); i++)
+        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
                {
-                rrow = (char **) sk_value(db->db->data, i);
+                rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
                if (rrow[DB_type][0] == 'V')
                        {
@@ -2882,22 +2864,13 @@ int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
        p=(char *)str->data;
        for (j=str->length; j>0; j--)
                {
-#ifdef CHARSET_EBCDIC
-                if ((*p >= 0x20) && (*p <= 0x7e))
-                        BIO_printf(bp,"%c",os_toebcdic[*p]);
-#else
                if ((*p >= ' ') && (*p <= '~'))
                        BIO_printf(bp,"%c",*p);
-#endif
                else if (*p & 0x80)
                        BIO_printf(bp,"\\0x%02X",*p);
                else if ((unsigned char)*p == 0xf7)
                        BIO_printf(bp,"^?");
-#ifdef CHARSET_EBCDIC
-                else    BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]);
-#else
                else    BIO_printf(bp,"^%c",*p+'@');
-#endif
                p++;
                }
        BIO_printf(bp,"'\n");
diff --git a/src/lib/libssl/src/apps/ciphers.c b/src/lib/libssl/src/apps/ciphers.c
index 43f0ac594a..3d4c60db9e 100644
--- a/src/lib/libssl/src/apps/ciphers.c
+++ b/src/lib/libssl/src/apps/ciphers.c
@@ -71,7 +71,8 @@
 static const char *ciphers_usage[]={
 "usage: ciphers args\n",
-" -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",
+" -v          - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n",
+" -V          - even more verbose\n",
 " -ssl2       - SSL2 mode\n",
 " -ssl3       - SSL3 mode\n",
 " -tls1       - TLS1 mode\n",
@@ -83,14 +84,14 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
        {
        int ret=1,i;
-        int verbose=0;
+        int verbose=0,Verbose=0;
        const char **pp;
        const char *p;
        int badops=0;
        SSL_CTX *ctx=NULL;
        SSL *ssl=NULL;
        char *ciphers=NULL;
-        SSL_METHOD *meth=NULL;
+        const SSL_METHOD *meth=NULL;
        STACK_OF(SSL_CIPHER) *sk;
        char buf[512];
        BIO *STDout=NULL;
@@ -114,6 +115,8 @@ int MAIN(int argc, char **argv)
        STDout = BIO_push(tmpbio, STDout);
        }
 #endif
+        if (!load_config(bio_err, NULL))
+                goto end;
        argc--;
        argv++;
@@ -121,6 +124,8 @@ int MAIN(int argc, char **argv)
                {
                if (strcmp(*argv,"-v") == 0)
                        verbose=1;
+                else if (strcmp(*argv,"-V") == 0)
+                        verbose=Verbose=1;
 #ifndef OPENSSL_NO_SSL2
                else if (strcmp(*argv,"-ssl2") == 0)
                        meth=SSLv2_client_method();
@@ -179,15 +184,33 @@ int MAIN(int argc, char **argv)
                        }
                BIO_printf(STDout,"\n");
                }
-        else
+        else /* verbose */
                {
                sk=SSL_get_ciphers(ssl);
                for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
                        {
-                        BIO_puts(STDout,SSL_CIPHER_description(
+                        SSL_CIPHER *c;
-                                sk_SSL_CIPHER_value(sk,i),
-                                buf,sizeof buf));
+                        c = sk_SSL_CIPHER_value(sk,i);
+                        
+                        if (Verbose)
+                                {
+                                unsigned long id = c->id;
+                                int id0 = (int)(id >> 24);
+                                int id1 = (int)((id >> 16) & 0xffL);
+                                int id2 = (int)((id >> 8) & 0xffL);
+                                int id3 = (int)(id & 0xffL);
+                                
+                                if ((id & 0xff000000L) == 0x02000000L)
+                                        BIO_printf(STDout, "     0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
+                                else if ((id & 0xff000000L) == 0x03000000L)
+                                        BIO_printf(STDout, "          0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
+                                else
+                                        BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
+                                }
+                        BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf));
                        }
                }
diff --git a/src/lib/libssl/src/apps/crl2p7.c b/src/lib/libssl/src/apps/crl2p7.c
index b2f2d121d5..bbc83774db 100644
--- a/src/lib/libssl/src/apps/crl2p7.c
+++ b/src/lib/libssl/src/apps/crl2p7.c
@@ -63,7 +63,6 @@
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
-#include <sys/stat.h>
 #include "apps.h"
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -93,7 +92,7 @@ int MAIN(int argc, char **argv)
        PKCS7 *p7 = NULL;
        PKCS7_SIGNED *p7s = NULL;
        X509_CRL *crl=NULL;
-        STACK *certflst=NULL;
+        STACK_OF(OPENSSL_STRING) *certflst=NULL;
        STACK_OF(X509_CRL) *crl_stack=NULL;
        STACK_OF(X509) *cert_stack=NULL;
        int ret=1,nocrl=0;
@@ -141,8 +140,8 @@ int MAIN(int argc, char **argv)
                else if (strcmp(*argv,"-certfile") == 0)
                        {
                        if (--argc < 1) goto bad;
-                        if(!certflst) certflst = sk_new_null();
+                        if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
-                        sk_push(certflst,*(++argv));
+                        sk_OPENSSL_STRING_push(certflst,*(++argv));
                        }
                else
                        {
@@ -227,8 +226,8 @@ bad:
        if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
        p7s->cert=cert_stack;
-        if(certflst) for(i = 0; i < sk_num(certflst); i++) {
+        if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
-                certfile = sk_value(certflst, i);
+                certfile = sk_OPENSSL_STRING_value(certflst, i);
                if (add_certs_from_file(cert_stack,certfile) < 0)
                        {
                        BIO_printf(bio_err, "error loading certificates\n");
@@ -237,7 +236,7 @@ bad:
                        }
        }
-        sk_free(certflst);
+        sk_OPENSSL_STRING_free(certflst);
        if (outfile == NULL)
                {
@@ -295,19 +294,12 @@ end:
 */
 static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
        {
-        struct stat st;
        BIO *in=NULL;
        int count=0;
        int ret= -1;
        STACK_OF(X509_INFO) *sk=NULL;
        X509_INFO *xi;
-        if ((stat(certfile,&st) != 0))
-                {
-                BIO_printf(bio_err,"unable to load the file, %s\n",certfile);
-                goto end;
-                }
        in=BIO_new(BIO_s_file());
        if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
                {
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c
index 9ebfc22e79..9bf38ce73b 100644
--- a/src/lib/libssl/src/apps/dgst.c
+++ b/src/lib/libssl/src/apps/dgst.c
@@ -75,8 +75,29 @@
 #define PROG    dgst_main
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
-          EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+          EVP_PKEY *key, unsigned char *sigin, int siglen,
-          const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow);
+          const char *sig_name, const char *md_name,
+          const char *file,BIO *bmd);
+static void list_md_fn(const EVP_MD *m,
+                        const char *from, const char *to, void *arg)
+        {
+        const char *mname;
+        /* Skip aliases */
+        if (!m)
+                return;
+        mname = OBJ_nid2ln(EVP_MD_type(m));
+        /* Skip shortnames */
+        if (strcmp(from, mname))
+                return;
+        /* Skip clones */
+        if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST)
+                return;
+        if (strchr(mname, ' '))
+                mname= EVP_MD_name(m);
+        BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n",
+                        mname, mname);
+        }
 int MAIN(int, char **);
@@ -89,7 +110,6 @@ int MAIN(int argc, char **argv)
        BIO *in=NULL,*inp;
        BIO *bmd=NULL;
        BIO *out = NULL;
-        const char *name;
 #define PROG_NAME_SIZE  39
        char pname[PROG_NAME_SIZE+1];
        int separator=0;
@@ -101,16 +121,16 @@ int MAIN(int argc, char **argv)
        EVP_PKEY *sigkey = NULL;
        unsigned char *sigbuf = NULL;
        int siglen = 0;
-        unsigned int sig_flags = 0;
        char *passargin = NULL, *passin = NULL;
 #ifndef OPENSSL_NO_ENGINE
        char *engine=NULL;
 #endif
        char *hmac_key=NULL;
-        int non_fips_allow = 0;
+        char *mac_name=NULL;
+        STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
        apps_startup();
-ERR_load_crypto_strings();
        if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
                {
                BIO_printf(bio_err,"out of memory\n");
@@ -135,6 +155,8 @@ ERR_load_crypto_strings();
                if ((*argv)[0] != '-') break;
                if (strcmp(*argv,"-c") == 0)
                        separator=1;
+                else if (strcmp(*argv,"-r") == 0)
+                        separator=2;
                else if (strcmp(*argv,"-rand") == 0)
                        {
                        if (--argc < 1) break;
@@ -169,27 +191,6 @@ ERR_load_crypto_strings();
                        keyfile=*(++argv);
                        do_verify = 1;
                        }
-                else if (strcmp(*argv,"-x931") == 0)
-                        sig_flags = EVP_MD_CTX_FLAG_PAD_X931;
-                else if (strcmp(*argv,"-pss_saltlen") == 0)
-                        {
-                        int saltlen;
-                        if (--argc < 1) break;
-                        saltlen=atoi(*(++argv));
-                        if (saltlen == -1)
-                                sig_flags = EVP_MD_CTX_FLAG_PSS_MREC;
-                        else if (saltlen == -2)
-                                sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN;
-                        else if (saltlen < -2 || saltlen >= 0xFFFE)
-                                {
-                                BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen);
-                                goto end;
-                                }
-                        else
-                                sig_flags = saltlen;
-                        sig_flags <<= 16;
-                        sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS;
-                        }
                else if (strcmp(*argv,"-signature") == 0)
                        {
                        if (--argc < 1) break;
@@ -205,6 +206,7 @@ ERR_load_crypto_strings();
                        {
                        if (--argc < 1) break;
                        engine= *(++argv);
+                        e = setup_engine(bio_err, engine, 0);
                        }
 #endif
                else if (strcmp(*argv,"-hex") == 0)
@@ -213,16 +215,36 @@ ERR_load_crypto_strings();
                        out_bin = 1;
                else if (strcmp(*argv,"-d") == 0)
                        debug=1;
-                else if (strcmp(*argv,"-non-fips-allow") == 0)
-                        non_fips_allow=1;
-                else if (!strcmp(*argv,"-fips-fingerprint"))
-                        hmac_key = "etaonrishdlcupfm";
                else if (!strcmp(*argv,"-hmac"))
                        {
                        if (--argc < 1)
                                break;
                        hmac_key=*++argv;
                        }
+                else if (!strcmp(*argv,"-mac"))
+                        {
+                        if (--argc < 1)
+                                break;
+                        mac_name=*++argv;
+                        }
+                else if (strcmp(*argv,"-sigopt") == 0)
+                        {
+                        if (--argc < 1)
+                                break;
+                        if (!sigopts)
+                                sigopts = sk_OPENSSL_STRING_new_null();
+                        if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
+                                break;
+                        }
+                else if (strcmp(*argv,"-macopt") == 0)
+                        {
+                        if (--argc < 1)
+                                break;
+                        if (!macopts)
+                                macopts = sk_OPENSSL_STRING_new_null();
+                        if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
+                                break;
+                        }
                else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
                        md=m;
                else
@@ -231,12 +253,9 @@ ERR_load_crypto_strings();
                argv++;
                }
-        if (md == NULL)
-                md=EVP_md5();
        if(do_verify && !sigfile) {
                BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
-                err = 1; 
                goto end;
        }
@@ -245,6 +264,7 @@ ERR_load_crypto_strings();
                BIO_printf(bio_err,"unknown option '%s'\n",*argv);
                BIO_printf(bio_err,"options are\n");
                BIO_printf(bio_err,"-c              to output the digest with separating colons\n");
+                BIO_printf(bio_err,"-r              to output the digest in coreutils format\n");
                BIO_printf(bio_err,"-d              to output debug info\n");
                BIO_printf(bio_err,"-hex            output as hex dump\n");
                BIO_printf(bio_err,"-binary         output in binary form\n");
@@ -252,49 +272,20 @@ ERR_load_crypto_strings();
                BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
                BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
                BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
+                BIO_printf(bio_err,"-out filename   output to filename rather than stdout\n");
                BIO_printf(bio_err,"-signature file signature to verify\n");
-                BIO_printf(bio_err,"-binary         output in binary form\n");
+                BIO_printf(bio_err,"-sigopt nm:v    signature parameter\n");
                BIO_printf(bio_err,"-hmac key       create hashed MAC with key\n");
+                BIO_printf(bio_err,"-mac algorithm  create MAC (not neccessarily HMAC)\n"); 
+                BIO_printf(bio_err,"-macopt nm:v    MAC algorithm parameters or key\n");
 #ifndef OPENSSL_NO_ENGINE
                BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 #endif
-                BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n",
+                EVP_MD_do_all_sorted(list_md_fn, bio_err);
-                        LN_md5,LN_md5);
-                BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-                        LN_md4,LN_md4);
-                BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-                        LN_md2,LN_md2);
-#ifndef OPENSSL_NO_SHA
-                BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-                        LN_sha1,LN_sha1);
-                BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-                        LN_sha,LN_sha);
-#ifndef OPENSSL_NO_SHA256
-                BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-                        LN_sha224,LN_sha224);
-                BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-                        LN_sha256,LN_sha256);
-#endif
-#ifndef OPENSSL_NO_SHA512
-                BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-                        LN_sha384,LN_sha384);
-                BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-                        LN_sha512,LN_sha512);
-#endif
-#endif
-                BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-                        LN_mdc2,LN_mdc2);
-                BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
-                        LN_ripemd160,LN_ripemd160);
-                err=1;
                goto end;
                }
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
        in=BIO_new(BIO_s_file());
        bmd=BIO_new(BIO_f_md());
        if (debug)
@@ -317,8 +308,10 @@ ERR_load_crypto_strings();
                }
        if(out_bin == -1) {
-                if(keyfile) out_bin = 1;
+                if(keyfile)
-                else out_bin = 0;
+                        out_bin = 1;
+                else
+                        out_bin = 0;
        }
        if(randfile)
@@ -344,6 +337,11 @@ ERR_load_crypto_strings();
                ERR_print_errors(bio_err);
                goto end;
        }
+        if ((!!mac_name + !!keyfile + !!hmac_key) > 1)
+                {
+                BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
+                goto end;
+                }
        if(keyfile)
                {
@@ -361,6 +359,101 @@ ERR_load_crypto_strings();
                        }
                }
+        if (mac_name)
+                {
+                EVP_PKEY_CTX *mac_ctx = NULL;
+                int r = 0;
+                if (!init_gen_str(bio_err, &mac_ctx, mac_name,e, 0))
+                        goto mac_end;
+                if (macopts)
+                        {
+                        char *macopt;
+                        for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++)
+                                {
+                                macopt = sk_OPENSSL_STRING_value(macopts, i);
+                                if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
+                                        {
+                                        BIO_printf(bio_err,
+                                                "MAC parameter error \"%s\"\n",
+                                                macopt);
+                                        ERR_print_errors(bio_err);
+                                        goto mac_end;
+                                        }
+                                }
+                        }
+                if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0)
+                        {
+                        BIO_puts(bio_err, "Error generating key\n");
+                        ERR_print_errors(bio_err);
+                        goto mac_end;
+                        }
+                r = 1;
+                mac_end:
+                if (mac_ctx)
+                        EVP_PKEY_CTX_free(mac_ctx);
+                if (r == 0)
+                        goto end;
+                }
+        if (hmac_key)
+                {
+                sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
+                                        (unsigned char *)hmac_key, -1);
+                if (!sigkey)
+                        goto end;
+                }
+        if (sigkey)
+                {
+                EVP_MD_CTX *mctx = NULL;
+                EVP_PKEY_CTX *pctx = NULL;
+                int r;
+                if (!BIO_get_md_ctx(bmd, &mctx))
+                        {
+                        BIO_printf(bio_err, "Error getting context\n");
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                if (do_verify)
+                        r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey);
+                else
+                        r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey);
+                if (!r)
+                        {
+                        BIO_printf(bio_err, "Error setting context\n");
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                if (sigopts)
+                        {
+                        char *sigopt;
+                        for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++)
+                                {
+                                sigopt = sk_OPENSSL_STRING_value(sigopts, i);
+                                if (pkey_ctrl_string(pctx, sigopt) <= 0)
+                                        {
+                                        BIO_printf(bio_err,
+                                                "parameter error \"%s\"\n",
+                                                sigopt);
+                                        ERR_print_errors(bio_err);
+                                        goto end;
+                                        }
+                                }
+                        }
+                }
+        /* we use md as a filter, reading from 'in' */
+        else
+                {
+                if (md == NULL)
+                        md = EVP_md5(); 
+                if (!BIO_set_md(bmd,md))
+                        {
+                        BIO_printf(bio_err, "Error setting digest %s\n", pname);
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+                }
        if(sigfile && sigkey) {
                BIO *sigbio;
                sigbio = BIO_new_file(sigfile, "rb");
@@ -381,67 +474,51 @@ ERR_load_crypto_strings();
                        goto end;
                }
        }
+        inp=BIO_push(bmd,in);
-        if (non_fips_allow)
+        if (md == NULL)
-                {
-                EVP_MD_CTX *md_ctx;
-                BIO_get_md_ctx(bmd,&md_ctx);
-                EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-                }
-        if (sig_flags)
                {
-                EVP_MD_CTX *md_ctx;
+                EVP_MD_CTX *tctx;
-                BIO_get_md_ctx(bmd,&md_ctx);
+                BIO_get_md_ctx(bmd, &tctx);
-                EVP_MD_CTX_set_flags(md_ctx, sig_flags);
+                md = EVP_MD_CTX_md(tctx);
                }
-        /* we use md as a filter, reading from 'in' */
-        if (!BIO_set_md(bmd,md))
-                {
-                BIO_printf(bio_err, "Error setting digest %s\n", pname);
-                ERR_print_errors(bio_err);
-                goto end;
-                }
-                
-        inp=BIO_push(bmd,in);
        if (argc == 0)
                {
                BIO_set_fp(in,stdin,BIO_NOCLOSE);
                err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
-                          siglen,"","(stdin)",bmd,hmac_key,non_fips_allow);
+                          siglen,NULL,NULL,"stdin",bmd);
                }
        else
                {
-                name=OBJ_nid2sn(md->type);
+                const char *md_name = NULL, *sig_name = NULL;
+                if(!out_bin)
+                        {
+                        if (sigkey)
+                                {
+                                const EVP_PKEY_ASN1_METHOD *ameth;
+                                ameth = EVP_PKEY_get0_asn1(sigkey);
+                                if (ameth)
+                                        EVP_PKEY_asn1_get0_info(NULL, NULL,
+                                                NULL, NULL, &sig_name, ameth);
+                                }
+                        md_name = EVP_MD_name(md);
+                        }
                err = 0;
                for (i=0; i<argc; i++)
                        {
-                        char *tmp,*tofree=NULL;
                        int r;
                        if (BIO_read_filename(in,argv[i]) <= 0)
                                {
                                perror(argv[i]);
                                err++;
                                continue;
                                }
-                        if(!out_bin)
-                                {
-                                size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5;
-                                tmp=tofree=OPENSSL_malloc(len);
-                                BIO_snprintf(tmp,len,"%s%s(%s)= ",
-                                                         hmac_key ? "HMAC-" : "",name,argv[i]);
-                                }
                        else
-                                tmp="";
                        r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
-                                siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow);
+                                siglen,sig_name,md_name, argv[i],bmd);
                        if(r)
                            err=r;
-                        if(tofree)
-                                OPENSSL_free(tofree);
                        (void)BIO_reset(bmd);
                        }
                }
@@ -456,6 +533,10 @@ end:
                OPENSSL_free(passin);
        BIO_free_all(out);
        EVP_PKEY_free(sigkey);
+        if (sigopts)
+                sk_OPENSSL_STRING_free(sigopts);
+        if (macopts)
+                sk_OPENSSL_STRING_free(macopts);
        if(sigbuf) OPENSSL_free(sigbuf);
        if (bmd != NULL) BIO_free(bmd);
        apps_shutdown();
@@ -463,24 +544,13 @@ end:
        }
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
-          EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+          EVP_PKEY *key, unsigned char *sigin, int siglen,
-          const char *file,BIO *bmd,const char *hmac_key,int non_fips_allow)
+          const char *sig_name, const char *md_name,
+          const char *file,BIO *bmd)
        {
-        unsigned int len;
+        size_t len;
        int i;
-        EVP_MD_CTX *md_ctx;
-        HMAC_CTX hmac_ctx;
-        if (hmac_key)
-                {
-                EVP_MD *md;
-                BIO_get_md(bmd,&md);
-                HMAC_CTX_init(&hmac_ctx);
-                HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL);
-                BIO_get_md_ctx(bmd,&md_ctx);
-                BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
-                }
        for (;;)
                {
                i=BIO_read(bp,(char *)buf,BUFSIZE);
@@ -496,7 +566,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
                {
                EVP_MD_CTX *ctx;
                BIO_get_md_ctx(bp, &ctx);
-                i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); 
+                i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen); 
                if(i > 0)
                        BIO_printf(out, "Verified OK\n");
                else if(i == 0)
@@ -516,25 +586,39 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
                {
                EVP_MD_CTX *ctx;
                BIO_get_md_ctx(bp, &ctx);
-                if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) 
+                len = BUFSIZE;
+                if(!EVP_DigestSignFinal(ctx, buf, &len)) 
                        {
                        BIO_printf(bio_err, "Error Signing Data\n");
                        ERR_print_errors(bio_err);
                        return 1;
                        }
                }
-        else if(hmac_key)
-                {
-                HMAC_Final(&hmac_ctx,buf,&len);
-                HMAC_CTX_cleanup(&hmac_ctx);
-                }
        else
+                {
                len=BIO_gets(bp,(char *)buf,BUFSIZE);
+                if ((int)len <0)
+                        {
+                        ERR_print_errors(bio_err);
+                        return 1;
+                        }
+                }
        if(binout) BIO_write(out, buf, len);
+        else if (sep == 2)
+                {
+                for (i=0; i<(int)len; i++)
+                        BIO_printf(out, "%02x",buf[i]);
+                BIO_printf(out, " *%s\n", file);
+                }
        else 
                {
-                BIO_write(out,title,strlen(title));
+                if (sig_name)
+                        BIO_printf(out, "%s-%s(%s)= ", sig_name, md_name, file);
+                else if (md_name)
+                        BIO_printf(out, "%s(%s)= ", md_name, file);
+                else
+                        BIO_printf(out, "(%s)= ", file);
                for (i=0; i<(int)len; i++)
                        {
                        if (sep && (i != 0))
@@ -543,10 +627,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
                        }
                BIO_printf(out, "\n");
                }
-        if (hmac_key)
-                {
-                BIO_set_md_ctx(bmd,md_ctx);
-                }
        return 0;
        }
diff --git a/src/lib/libssl/src/apps/dh.c b/src/lib/libssl/src/apps/dh.c
index c4d891e125..e9609d630d 100644
--- a/src/lib/libssl/src/apps/dh.c
+++ b/src/lib/libssl/src/apps/dh.c
@@ -349,4 +349,10 @@ end:
        apps_shutdown();
        OPENSSL_EXIT(ret);
        }
+#else /* !OPENSSL_NO_DH */
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 #endif
diff --git a/src/lib/libssl/src/apps/dhparam.c b/src/lib/libssl/src/apps/dhparam.c
index 04bd57c6e8..5fab29eb87 100644
--- a/src/lib/libssl/src/apps/dhparam.c
+++ b/src/lib/libssl/src/apps/dhparam.c
@@ -554,4 +554,10 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
        return 1;
        }
+#else /* !OPENSSL_NO_DH */
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 #endif
diff --git a/src/lib/libssl/src/apps/dsa.c b/src/lib/libssl/src/apps/dsa.c
index cbc1fe3f81..5222487ab9 100644
--- a/src/lib/libssl/src/apps/dsa.c
+++ b/src/lib/libssl/src/apps/dsa.c
@@ -112,6 +112,8 @@ int MAIN(int argc, char **argv)
        char *passin = NULL, *passout = NULL;
        int modulus=0;
+        int pvk_encr = 2;
        apps_startup();
        if (bio_err == NULL)
@@ -171,6 +173,12 @@ int MAIN(int argc, char **argv)
                        engine= *(++argv);
                        }
 #endif
+                else if (strcmp(*argv,"-pvk-strong") == 0)
+                        pvk_encr=2;
+                else if (strcmp(*argv,"-pvk-weak") == 0)
+                        pvk_encr=1;
+                else if (strcmp(*argv,"-pvk-none") == 0)
+                        pvk_encr=0;
                else if (strcmp(*argv,"-noout") == 0)
                        noout=1;
                else if (strcmp(*argv,"-text") == 0)
@@ -238,16 +246,30 @@ bad:
                goto end;
        }
+        in=BIO_new(BIO_s_file());
        out=BIO_new(BIO_s_file());
-        if (out == NULL)
+        if ((in == NULL) || (out == NULL))
                {
                ERR_print_errors(bio_err);
                goto end;
                }
+        if (infile == NULL)
+                BIO_set_fp(in,stdin,BIO_NOCLOSE);
+        else
+                {
+                if (BIO_read_filename(in,infile) <= 0)
+                        {
+                        perror(infile);
+                        goto end;
+                        }
+                }
        BIO_printf(bio_err,"read DSA key\n");
-        {
+                {
                EVP_PKEY        *pkey;
                if (pubin)
                        pkey = load_pubkey(bio_err, infile, informat, 1,
                                passin, e, "Public Key");
@@ -255,10 +277,12 @@ bad:
                        pkey = load_key(bio_err, infile, informat, 1,
                                passin, e, "Private Key");
-                if (pkey != NULL)
+                if (pkey)
-                dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey);
+                        {
-                EVP_PKEY_free(pkey);
+                        dsa = EVP_PKEY_get1_DSA(pkey);
-        }
+                        EVP_PKEY_free(pkey);
+                        }
+                }
        if (dsa == NULL)
                {
                BIO_printf(bio_err,"unable to load Key\n");
@@ -310,11 +334,24 @@ bad:
                        i=PEM_write_bio_DSA_PUBKEY(out,dsa);
                else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
                                                        NULL,0,NULL, passout);
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
+        } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
+                EVP_PKEY *pk;
+                pk = EVP_PKEY_new();
+                EVP_PKEY_set1_DSA(pk, dsa);
+                if (outformat == FORMAT_PVK)
+                        i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
+                else if (pubin || pubout)
+                        i = i2b_PublicKey_bio(out, pk);
+                else
+                        i = i2b_PrivateKey_bio(out, pk);
+                EVP_PKEY_free(pk);
+#endif
        } else {
                BIO_printf(bio_err,"bad output format specified for outfile\n");
                goto end;
                }
-        if (!i)
+        if (i <= 0)
                {
                BIO_printf(bio_err,"unable to write private key\n");
                ERR_print_errors(bio_err);
@@ -330,4 +367,10 @@ end:
        apps_shutdown();
        OPENSSL_EXIT(ret);
        }
+#else /* !OPENSSL_NO_DSA */
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 #endif
diff --git a/src/lib/libssl/src/apps/dsaparam.c b/src/lib/libssl/src/apps/dsaparam.c
index c301e81af1..4305a739b3 100644
--- a/src/lib/libssl/src/apps/dsaparam.c
+++ b/src/lib/libssl/src/apps/dsaparam.c
@@ -475,4 +475,10 @@ static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
 #endif
        return 1;
        }
+#else /* !OPENSSL_NO_DSA */
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 #endif
diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c
index f4f9a4c4a4..3c2c91e920 100644
--- a/src/lib/libssl/src/apps/enc.c
+++ b/src/lib/libssl/src/apps/enc.c
@@ -67,6 +67,7 @@
 #include <openssl/x509.h>
 #include <openssl/rand.h>
 #include <openssl/pem.h>
+#include <openssl/comp.h>
 #include <ctype.h>
 int set_hex(char *in,unsigned char *out,int size);
@@ -116,6 +117,10 @@ int MAIN(int argc, char **argv)
        char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
        char *md=NULL;
        int enc=1,printkey=0,i,base64=0;
+#ifdef ZLIB
+        int do_zlib=0;
+        BIO *bzl = NULL;
+#endif
        int debug=0,olb64=0,nosalt=0;
        const EVP_CIPHER *cipher=NULL,*c;
        EVP_CIPHER_CTX *ctx = NULL;
@@ -127,7 +132,6 @@ int MAIN(int argc, char **argv)
        char *engine = NULL;
 #endif
        const EVP_MD *dgst=NULL;
-        int non_fips_allow = 0;
        apps_startup();
@@ -142,9 +146,18 @@ int MAIN(int argc, char **argv)
        program_name(argv[0],pname,sizeof pname);
        if (strcmp(pname,"base64") == 0)
                base64=1;
+#ifdef ZLIB
+        if (strcmp(pname,"zlib") == 0)
+                do_zlib=1;
+#endif
        cipher=EVP_get_cipherbyname(pname);
+#ifdef ZLIB
+        if (!do_zlib && !base64 && (cipher == NULL)
+                                && (strcmp(pname,"enc") != 0))
+#else
        if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
+#endif
                {
                BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
                goto bad;
@@ -200,6 +213,10 @@ int MAIN(int argc, char **argv)
                        base64=1;
                else if (strcmp(*argv,"-base64") == 0)
                        base64=1;
+#ifdef ZLIB
+                else if (strcmp(*argv,"-z") == 0)
+                        do_zlib=1;
+#endif
                else if (strcmp(*argv,"-bufsize") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -226,7 +243,12 @@ int MAIN(int argc, char **argv)
                                goto bad;
                                }
                        buf[0]='\0';
-                        fgets(buf,sizeof buf,infile);
+                        if (!fgets(buf,sizeof buf,infile))
+                                {
+                                BIO_printf(bio_err,"unable to read key from '%s'\n",
+                                        file);
+                                goto bad;
+                                }
                        fclose(infile);
                        i=strlen(buf);
                        if ((i > 0) &&
@@ -262,8 +284,6 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        md= *(++argv);
                        }
-                else if (strcmp(*argv,"-non-fips-allow") == 0)
-                        non_fips_allow = 1;
                else if ((argv[0][0] == '-') &&
                        ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
                        {
@@ -286,9 +306,11 @@ bad:
                        BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
                        BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
                        BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
+                        BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
                        BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
                        BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
                        BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+                        BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad");
 #ifndef OPENSSL_NO_ENGINE
                        BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
 #endif
@@ -317,10 +339,7 @@ bad:
        if (dgst == NULL)
                {
-                if (in_FIPS_mode)
+                dgst = EVP_md5();
-                        dgst = EVP_sha1();
-                else
-                        dgst = EVP_md5();
                }
        if (bufsize != NULL)
@@ -452,6 +471,19 @@ bad:
        rbio=in;
        wbio=out;
+#ifdef ZLIB
+        if (do_zlib)
+                {
+                if ((bzl=BIO_new(BIO_f_zlib())) == NULL)
+                        goto end;
+                if (enc)
+                        wbio=BIO_push(bzl,wbio);
+                else
+                        rbio=BIO_push(bzl,rbio);
+                }
+#endif
        if (base64)
                {
                if ((b64=BIO_new(BIO_f_base64())) == NULL)
@@ -556,11 +588,6 @@ bad:
                 */
                BIO_get_cipher_ctx(benc, &ctx);
-                if (non_fips_allow)
-                        EVP_CIPHER_CTX_set_flags(ctx,
-                                EVP_CIPH_FLAG_NON_FIPS_ALLOW);
                if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
                        {
                        BIO_printf(bio_err, "Error setting cipher %s\n",
@@ -651,6 +678,9 @@ end:
        if (out != NULL) BIO_free_all(out);
        if (benc != NULL) BIO_free(benc);
        if (b64 != NULL) BIO_free(b64);
+#ifdef ZLIB
+        if (bzl != NULL) BIO_free(bzl);
+#endif
        if(pass) OPENSSL_free(pass);
        apps_shutdown();
        OPENSSL_EXIT(ret);
diff --git a/src/lib/libssl/src/apps/engine.c b/src/lib/libssl/src/apps/engine.c
index 17bd81fb79..9a0294398e 100644
--- a/src/lib/libssl/src/apps/engine.c
+++ b/src/lib/libssl/src/apps/engine.c
@@ -92,7 +92,7 @@ static const char *engine_usage[]={
 NULL
 };
-static void identity(void *ptr)
+static void identity(char *ptr)
        {
        return;
        }
@@ -148,11 +148,6 @@ static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
        if(flags & ENGINE_CMD_FLAG_NUMERIC)
                {
-                if(started)
-                        {
-                        BIO_printf(bio_out, "|");
-                        err = 1;
-                        }
                BIO_printf(bio_out, "NUMERIC");
                started = 1;
                }
@@ -205,7 +200,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
        char *desc = NULL;
        int flags;
        int xpos = 0;
-        STACK *cmds = NULL;
+        STACK_OF(OPENSSL_STRING) *cmds = NULL;
        if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
                        ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
                                        0, NULL, NULL)) <= 0))
@@ -216,7 +211,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
                return 1;
                }
-        cmds = sk_new_null();
+        cmds = sk_OPENSSL_STRING_new_null();
        if(!cmds)
                goto err;
@@ -289,15 +284,17 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
                BIO_printf(bio_out, "\n");
        ret = 1;
 err:
-        if(cmds) sk_pop_free(cmds, identity);
+        if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity);
        if(name) OPENSSL_free(name);
        if(desc) OPENSSL_free(desc);
        return ret;
        }
-static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent)
+static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
+                        BIO *bio_out, const char *indent)
        {
-        int loop, res, num = sk_num(cmds);
+        int loop, res, num = sk_OPENSSL_STRING_num(cmds);
        if(num < 0)
                {
                BIO_printf(bio_out, "[Error]: internal stack error\n");
@@ -307,7 +304,7 @@ static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *inden
                {
                char buf[256];
                const char *cmd, *arg;
-                cmd = sk_value(cmds, loop);
+                cmd = sk_OPENSSL_STRING_value(cmds, loop);
                res = 1; /* assume success */
                /* Check if this command has no ":arg" */
                if((arg = strstr(cmd, ":")) == NULL)
@@ -347,9 +344,9 @@ int MAIN(int argc, char **argv)
        const char **pp;
        int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
        ENGINE *e;
-        STACK *engines = sk_new_null();
+        STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null();
-        STACK *pre_cmds = sk_new_null();
+        STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
-        STACK *post_cmds = sk_new_null();
+        STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
        int badops=1;
        BIO *bio_out=NULL;
        const char *indent = "     ";
@@ -396,20 +393,20 @@ int MAIN(int argc, char **argv)
                        argc--; argv++;
                        if (argc == 0)
                                goto skip_arg_loop;
-                        sk_push(pre_cmds,*argv);
+                        sk_OPENSSL_STRING_push(pre_cmds,*argv);
                        }
                else if (strcmp(*argv,"-post") == 0)
                        {
                        argc--; argv++;
                        if (argc == 0)
                                goto skip_arg_loop;
-                        sk_push(post_cmds,*argv);
+                        sk_OPENSSL_STRING_push(post_cmds,*argv);
                        }
                else if ((strncmp(*argv,"-h",2) == 0) ||
                                (strcmp(*argv,"-?") == 0))
                        goto skip_arg_loop;
                else
-                        sk_push(engines,*argv);
+                        sk_OPENSSL_STRING_push(engines,*argv);
                argc--;
                argv++;
                }
@@ -424,17 +421,17 @@ skip_arg_loop:
                goto end;
                }
-        if (sk_num(engines) == 0)
+        if (sk_OPENSSL_STRING_num(engines) == 0)
                {
                for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
                        {
-                        sk_push(engines,(char *)ENGINE_get_id(e));
+                        sk_OPENSSL_STRING_push(engines,(char *)ENGINE_get_id(e));
                        }
                }
-        for (i=0; i<sk_num(engines); i++)
+        for (i=0; i<sk_OPENSSL_STRING_num(engines); i++)
                {
-                const char *id = sk_value(engines,i);
+                const char *id = sk_OPENSSL_STRING_value(engines,i);
                if ((e = ENGINE_by_id(id)) != NULL)
                        {
                        const char *name = ENGINE_get_name(e);
@@ -454,6 +451,7 @@ skip_arg_loop:
                                const int *nids;
                                ENGINE_CIPHERS_PTR fn_c;
                                ENGINE_DIGESTS_PTR fn_d;
+                                ENGINE_PKEY_METHS_PTR fn_pk;
                                if (ENGINE_get_RSA(e) != NULL
                                        && !append_buf(&cap_buf, "RSA",
@@ -492,6 +490,15 @@ skip_ciphers:
                                                goto end;
 skip_digests:
+                                fn_pk = ENGINE_get_pkey_meths(e);
+                                if(!fn_pk) goto skip_pmeths;
+                                n = fn_pk(e, NULL, &nids, 0);
+                                for(k=0 ; k < n ; ++k)
+                                        if(!append_buf(&cap_buf,
+                                                       OBJ_nid2sn(nids[k]),
+                                                       &cap_size, 256))
+                                                goto end;
+skip_pmeths:
                                if (cap_buf && (*cap_buf != '\0'))
                                        BIO_printf(bio_out, " [%s]\n", cap_buf);
@@ -526,9 +533,9 @@ skip_digests:
 end:
        ERR_print_errors(bio_err);
-        sk_pop_free(engines, identity);
+        sk_OPENSSL_STRING_pop_free(engines, identity);
-        sk_pop_free(pre_cmds, identity);
+        sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
-        sk_pop_free(post_cmds, identity);
+        sk_OPENSSL_STRING_pop_free(post_cmds, identity);
        if (bio_out != NULL) BIO_free_all(bio_out);
        apps_shutdown();
        OPENSSL_EXIT(ret);
diff --git a/src/lib/libssl/src/apps/errstr.c b/src/lib/libssl/src/apps/errstr.c
index 19489b0df3..fe3b98077e 100644
--- a/src/lib/libssl/src/apps/errstr.c
+++ b/src/lib/libssl/src/apps/errstr.c
@@ -97,10 +97,12 @@ int MAIN(int argc, char **argv)
                        out = BIO_push(tmpbio, out);
                        }
 #endif
-                        lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
+                        lh_ERR_STRING_DATA_node_stats_bio(
-                        lh_stats_bio((LHASH *)ERR_get_string_table(),out);
+                                                  ERR_get_string_table(), out);
-                        lh_node_usage_stats_bio((LHASH *)
+                        lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(),
-                                ERR_get_string_table(),out);
+                                                     out);
+                        lh_ERR_STRING_DATA_node_usage_stats_bio(
+                                                    ERR_get_string_table(),out);
                        }
                if (out != NULL) BIO_free_all(out);
                argc--;
diff --git a/src/lib/libssl/src/apps/gendh.c b/src/lib/libssl/src/apps/gendh.c
index 47497864b0..caa7327a10 100644
--- a/src/lib/libssl/src/apps/gendh.c
+++ b/src/lib/libssl/src/apps/gendh.c
@@ -235,4 +235,10 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
 #endif
        return 1;
        }
+#else /* !OPENSSL_NO_DH */
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 #endif
diff --git a/src/lib/libssl/src/apps/gendsa.c b/src/lib/libssl/src/apps/gendsa.c
index 8a296c66e5..22c39629e5 100644
--- a/src/lib/libssl/src/apps/gendsa.c
+++ b/src/lib/libssl/src/apps/gendsa.c
@@ -279,4 +279,10 @@ end:
        apps_shutdown();
        OPENSSL_EXIT(ret);
        }
+#else /* !OPENSSL_NO_DSA */
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 #endif
diff --git a/src/lib/libssl/src/apps/genrsa.c b/src/lib/libssl/src/apps/genrsa.c
index fdc0d4a07d..37e9310910 100644
--- a/src/lib/libssl/src/apps/genrsa.c
+++ b/src/lib/libssl/src/apps/genrsa.c
@@ -95,7 +95,6 @@ int MAIN(int argc, char **argv)
        int ret=1;
        int i,num=DEFBITS;
        long l;
-        int use_x931 = 0;
        const EVP_CIPHER *enc=NULL;
        unsigned long f4=RSA_F4;
        char *outfile=NULL;
@@ -106,9 +105,9 @@ int MAIN(int argc, char **argv)
        char *inrand=NULL;
        BIO *out=NULL;
        BIGNUM *bn = BN_new();
-        RSA *rsa = RSA_new();
+        RSA *rsa = NULL;
-        if(!bn || !rsa) goto err;
+        if(!bn) goto err;
        apps_startup();
        BN_GENCB_set(&cb, genrsa_cb, bio_err);
@@ -139,8 +138,6 @@ int MAIN(int argc, char **argv)
                        f4=3;
                else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
                        f4=RSA_F4;
-                else if (strcmp(*argv,"-x931") == 0)
-                        use_x931 = 1;
 #ifndef OPENSSL_NO_ENGINE
                else if (strcmp(*argv,"-engine") == 0)
                        {
@@ -268,18 +265,15 @@ bad:
        BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
                num);
+#ifdef OPENSSL_NO_ENGINE
+        rsa = RSA_new();
+#else
+        rsa = RSA_new_method(e);
+#endif
+        if (!rsa)
+                goto err;
-        if (use_x931)
+        if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
-                {
-                BIGNUM *pubexp;
-                pubexp = BN_new();
-                if (!BN_set_word(pubexp, f4))
-                        goto err;
-                if (!RSA_X931_generate_key_ex(rsa, num, pubexp, &cb))
-                        goto err;
-                BN_free(pubexp);
-                }
-        else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
                goto err;
                
        app_RAND_write_file(NULL, bio_err);
diff --git a/src/lib/libssl/src/apps/install.com b/src/lib/libssl/src/apps/install.com
index f927dc29f5..c5821b40e3 100644
--- a/src/lib/libssl/src/apps/install.com
+++ b/src/lib/libssl/src/apps/install.com
@@ -5,13 +5,23 @@ $! Time of creation: 22-MAY-1998 10:13
 $!
 $! P1   root of the directory tree
 $!
+$
 $       IF P1 .EQS. ""
 $       THEN
 $           WRITE SYS$OUTPUT "First argument missing."
-$           WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$           WRITE SYS$OUTPUT -
+                  "Should be the directory where you want things installed."
 $           EXIT
 $       ENDIF
 $
+$       IF (F$GETSYI("CPU").LT.128)
+$       THEN
+$           ARCH := VAX
+$       ELSE
+$           ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$           IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$       ENDIF
+$
 $       ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
 $       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
 $       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
@@ -19,23 +29,16 @@ $	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
 $       ROOT = ROOT_DEV + "[" + ROOT_DIR
 $
 $       DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$       DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$       DEFINE/NOLOG WRK_SSLEXE WRK_SSLROOT:['ARCH'_EXE]
-$       DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
-$       DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:[LIB]
 $
 $       IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
           CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$       IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
+$       IF F$PARSE("WRK_SSLEXE:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLVEXE:
+           CREATE/DIR/LOG WRK_SSLEXE:
-$       IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLAEXE:
-$       IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLLIB:
 $
 $       EXE := openssl
 $
-$       VEXE_DIR := [-.VAX.EXE.APPS]
+$       EXE_DIR := [-.'ARCH'.EXE.APPS]
-$       AEXE_DIR := [-.AXP.EXE.APPS]
 $
 $       I = 0
 $ LOOP_EXE: 
@@ -43,25 +46,18 @@ $	E = F$EDIT(F$ELEMENT(I, ",", EXE),"TRIM")
 $       I = I + 1
 $       IF E .EQS. "," THEN GOTO LOOP_EXE_END
 $       SET NOON
-$       IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
+$       IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
-$       THEN
-$         COPY 'VEXE_DIR''E'.EXE WRK_SSLVEXE:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLVEXE:'E'.EXE
-$       ENDIF
-$       IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
 $       THEN
-$         COPY 'AEXE_DIR''E'.EXE WRK_SSLAEXE:'E'.EXE/log
+$         COPY 'EXE_DIR''E'.EXE WRK_SSLEXE:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLAEXE:'E'.EXE
+$         SET FILE/PROT=W:RE WRK_SSLEXE:'E'.EXE
 $       ENDIF
 $       SET ON
 $       GOTO LOOP_EXE
 $ LOOP_EXE_END:
 $
 $       SET NOON
-$       COPY CA.COM WRK_SSLAEXE:CA.COM/LOG
+$       COPY CA.COM WRK_SSLEXE:CA.COM/LOG
-$       SET FILE/PROT=W:RE WRK_SSLAEXE:CA.COM
+$       SET FILE/PROT=W:RE WRK_SSLEXE:CA.COM
-$       COPY CA.COM WRK_SSLVEXE:CA.COM/LOG
-$       SET FILE/PROT=W:RE WRK_SSLVEXE:CA.COM
 $       COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
 $       SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
 $       SET ON
diff --git a/src/lib/libssl/src/apps/makeapps.com b/src/lib/libssl/src/apps/makeapps.com
index 0580a1f401..58f2865623 100644
--- a/src/lib/libssl/src/apps/makeapps.com
+++ b/src/lib/libssl/src/apps/makeapps.com
@@ -6,11 +6,12 @@ $!               A-Com Computing, Inc.
 $!               byer@mail.all-net.net
 $!
 $!  Changes by Richard Levitte <richard@levitte.org>
+$!             Zoltan Arpadffy <zoli@polarhome.com>   
 $!
 $!  This command files compiles and creates all the various different
 $!  "application" programs for the different types of encryption for OpenSSL.
 $!  The EXE's are placed in the directory [.xxx.EXE.APPS] where "xxx" denotes
-$!  either AXP or VAX depending on your machine architecture.
+$!  ALPHA, IA64 or VAX, depending on your machine architecture.
 $!
 $!  It was written so it would try to determine what "C" compiler to
 $!  use or you can specify which "C" compiler to use.
@@ -24,7 +25,7 @@ $!	   VAXC	 For VAX C.
 $!         DECC  For DEC C.
 $!         GNUC  For GNU C.
 $!
-$!  If you don't speficy a compiler, it will try to determine which
+$!  If you don't specify a compiler, it will try to determine which
 $!  "C" compiler to use.
 $!
 $!  P3, if defined, sets a TCP/IP library to use, through one of the following
@@ -46,20 +47,21 @@ $ TCPIP_LIB = ""
 $!
 $! Check What Architecture We Are Using.
 $!
-$ IF (F$GETSYI("CPU").GE.128)
+$ IF (F$GETSYI("CPU").LT.128)
 $ THEN
 $!
-$!  The Architecture Is AXP.
+$!  The Architecture Is VAX.
 $!
-$   ARCH := AXP
+$   ARCH = "VAX"
 $!
 $! Else...
 $!
 $ ELSE
 $!
-$!  The Architecture Is VAX.
+$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
 $!
-$   ARCH := VAX
+$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
 $!
 $! End The Architecture Check.
 $!
@@ -68,22 +70,6 @@ $!
 $! Define what programs should be compiled
 $!
 $ PROGRAMS := OPENSSL
-$!$ PROGRAMS := VERIFY,ASN1PARS,REQ,DGST,DH,ENC,PASSWD,GENDH,ERRSTR,CA,CRL,-
-$!            RSA,DSA,DSAPARAM,-
-$!            X509,GENRSA,GENDSA,S_SERVER,S_CLIENT,SPEED,-
-$!            S_TIME,VERSION,PKCS7,CRL2P7,SESS_ID,CIPHERS,NSEQ,
-$!
-$! Check To Make Sure We Have Valid Command Line Parameters.
-$!
-$ GOSUB CHECK_OPTIONS
-$!
-$! Initialise logical names and such
-$!
-$ GOSUB INITIALISE
-$!
-$! Tell The User What Kind of Machine We Run On.
-$!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
 $!
 $! Define The CRYPTO Library.
 $!
@@ -97,6 +83,22 @@ $! Define The OBJ Directory.
 $!
 $ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.APPS]
 $!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.APPS]
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
 $! Check To See If The OBJ Directory Exists.
 $!
 $ IF (F$PARSE(OBJ_DIR).EQS."")
@@ -110,10 +112,6 @@ $! End The OBJ Directory Check.
 $!
 $ ENDIF
 $!
-$! Define The EXE Directory.
-$!
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.APPS]
-$!
 $! Check To See If The EXE Directory Exists.
 $!
 $ IF (F$PARSE(EXE_DIR).EQS."")
@@ -136,140 +134,172 @@ $!
 $ GOSUB CHECK_OPT_FILE
 $!
 $! Define The Application Files.
-$!
+$! NOTE: Some might think this list ugly.  However, it's made this way to
-$ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
+$! reflect the E_OBJ variable in Makefile as closely as possible, thereby
-              "CA;PKCS7;CRL2P7;CRL;"+-
+$! making it fairly easy to verify that the lists are the same.
-              "RSA;RSAUTL;DSA;DSAPARAM;EC;ECPARAM;"+-
+$!
-              "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
+$ LIB_OPENSSL = "VERIFY,ASN1PARS,REQ,DGST,DH,DHPARAM,ENC,PASSWD,GENDH,ERRSTR,"+-
-              "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
+                "CA,PKCS7,CRL2P7,CRL,"+-
-              "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP;PRIME"
+                "RSA,RSAUTL,DSA,DSAPARAM,EC,ECPARAM,"+-
+                "X509,GENRSA,GENDSA,GENPKEY,S_SERVER,S_CLIENT,SPEED,"+-
+                "S_TIME,APPS,S_CB,S_SOCKET,APP_RAND,VERSION,SESS_ID,"+-
+                "CIPHERS,NSEQ,PKCS12,PKCS8,PKEY,PKEYPARAM,PKEYUTL,"+ -
+                "SPKAC,SMIME,CMS,RAND,ENGINE,OCSP,PRIME,TS"
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
     TCPIP_PROGRAMS = ",OPENSSL,"
 $!
 $! Setup exceptional compilations
 $!
-$ COMPILEWITH_CC2 = ",S_SERVER,S_CLIENT,"
+$ COMPILEWITH_CC2 = ",S_SOCKET,S_SERVER,S_CLIENT,"
 $!
 $ PHASE := LIB
 $!
 $ RESTART: 
 $!
-$!  Define A File Counter And Set It To "0".
+$!  Define An App Counter And Set It To "0".
+$!
+$ APP_COUNTER = 0
 $!
-$ FILE_COUNTER = 0
+$!  Top Of The App Loop.
 $!
-$! Top Of The File Loop.
+$ NEXT_APP:
 $!
-$ NEXT_FILE:
+$!  Make The Application File Name
 $!
-$! O.K, Extract The File Name From The File List.
+$ CURRENT_APP = F$EDIT(F$ELEMENT(APP_COUNTER,",",PROGRAMS),"TRIM")
 $!
-$ FILE_NAME0 = F$EDIT(F$ELEMENT(FILE_COUNTER,";",'PHASE'_FILES),"TRIM")
+$!  Create The Executable File Name.
-$ FILE_NAME = F$EDIT(F$ELEMENT(0,",",FILE_NAME0),"TRIM")
-$ EXTRA_OBJ = FILE_NAME0 - FILE_NAME
 $!
-$! Check To See If We Are At The End Of The File List.
+$   EXE_FILE = EXE_DIR + CURRENT_APP + ".EXE"
 $!
-$ IF (FILE_NAME0.EQS.";")
+$!  Check To See If We Are At The End Of The File List.
+$!
+$ IF (CURRENT_APP.EQS.",")
 $ THEN
 $   IF (PHASE.EQS."LIB")
 $   THEN
 $     PHASE := APP
 $     GOTO RESTART
 $   ELSE
-$     GOTO FILE_DONE
+$     GOTO APP_DONE
 $   ENDIF
 $ ENDIF
 $!
-$! Increment The Counter.
+$!  Increment The Counter.
 $!
-$ FILE_COUNTER = FILE_COUNTER + 1
+$ APP_COUNTER = APP_COUNTER + 1
 $!
-$! Check to see if this program should actually be compiled
+$!  Decide if we're building the object files or not.
 $!
-$ IF PHASE .EQS. "APP" .AND. -
+$ IF (PHASE.EQS."LIB")
-     ","+PROGRAMS+"," - (","+F$EDIT(FILE_NAME,"UPCASE")+",") .EQS. ","+PROGRAMS+","
 $ THEN
-$   GOTO NEXT_FILE
-$ ENDIF
 $!
-$! Create The Source File Name.
+$!  Define A Library File Counter And Set It To "-1".
+$!  -1 Means The Application File Name Is To Be Used.
 $!
-$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$   LIB_COUNTER = -1
 $!
-$! Create The Object File Name.
+$!  Create a .OPT file for the object files
 $!
-$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
+$   OPEN/WRITE OBJECTS 'EXE_DIR''CURRENT_APP'.OPT
 $!
-$! Create The Executable File Name.
+$!  Top Of The File Loop.
 $!
-$ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE"
+$  NEXT_LIB:
-$ ON WARNING THEN GOTO NEXT_FILE
 $!
-$! Check To See If The File We Want To Compile Actually Exists.
+$!  O.K, Extract The File Name From The File List.
 $!
-$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$   IF LIB_COUNTER .GE. 0
-$ THEN
+$   THEN
+$     FILE_NAME = F$EDIT(F$ELEMENT(LIB_COUNTER,",",LIB_'CURRENT_APP'),"TRIM")
+$   ELSE
+$     FILE_NAME = CURRENT_APP
+$   ENDIF
 $!
-$!  Tell The User That The File Dosen't Exist.
+$!  Check To See If We Are At The End Of The File List.
 $!
-$   WRITE SYS$OUTPUT ""
+$   IF (FILE_NAME.EQS.",")
-$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$   THEN
-$   WRITE SYS$OUTPUT ""
+$     CLOSE OBJECTS
+$     GOTO NEXT_APP
+$   ENDIF
 $!
-$!  Exit The Build.
+$!  Increment The Counter.
 $!
-$   GOTO EXIT
+$   LIB_COUNTER = LIB_COUNTER + 1
 $!
-$! End The File Exist Check.
+$!  Create The Source File Name.
 $!
-$ ENDIF
+$   SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
 $!
-$! Tell The User What We Are Building.
+$!  Create The Object File Name.
 $!
-$ IF (PHASE.EQS."LIB")
+$   OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
-$ THEN
+$   ON WARNING THEN GOTO NEXT_LIB
-$   WRITE SYS$OUTPUT "Compiling The ",FILE_NAME,".C File."
-$ ELSE
-$   WRITE SYS$OUTPUT "Building The ",FILE_NAME," Application Program."
-$ ENDIF
 $!
-$! Compile The File.
+$!  Check To See If The File We Want To Compile Actually Exists.
 $!
-$ ON ERROR THEN GOTO NEXT_FILE
+$   IF (F$SEARCH(SOURCE_FILE).EQS."")
-$ IF COMPILEWITH_CC2 - FILE_NAME .NES. COMPILEWITH_CC2
+$   THEN
-$ THEN
+$!
-$   CC2/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$!    Tell The User That The File Dosen't Exist.
-$ ELSE
-$   CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$ ENDIF
 $!
-$ ON WARNING THEN GOTO NEXT_FILE
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Exit The Build.
+$!
+$     GOTO EXIT
+$!
+$!  End The File Exist Check.
 $!
-$ IF (PHASE.EQS."LIB") 
+$   ENDIF
-$ THEN 
+$!
-$   GOTO NEXT_FILE
+$!  Tell The User What We Are Building.
+$!
+$   IF (PHASE.EQS."LIB")
+$   THEN
+$     WRITE SYS$OUTPUT "Compiling The ",FILE_NAME,".C File."
+$   ELSE
+$     WRITE SYS$OUTPUT "Building The ",FILE_NAME," Application Program."
+$   ENDIF
+$!
+$!  Compile The File.
+$!
+$   ON ERROR THEN GOTO NEXT_LIB
+$   IF COMPILEWITH_CC2 - FILE_NAME .NES. COMPILEWITH_CC2
+$   THEN
+$     CC2/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$   ELSE
+$     CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$   ENDIF
+$   WRITE OBJECTS OBJECT_FILE
+$!
+$   GOTO NEXT_LIB
 $ ENDIF
 $!
 $!  Check if this program works well without a TCPIP library
 $!
-$ IF TCPIP_LIB .EQS. "" .AND. TCPIP_PROGRAMS - FILE_NAME .NES. TCPIP_PROGRAMS
+$ IF TCPIP_LIB .EQS. "" .AND. TCPIP_PROGRAMS - CURRENT_APP .NES. TCPIP_PROGRAMS
 $ THEN
-$   WRITE SYS$OUTPUT FILE_NAME," needs a TCP/IP library.  Can't link.  Skipping..."
+$   WRITE SYS$OUTPUT CURRENT_APP," needs a TCP/IP library.  Can't link.  Skipping..."
-$   GOTO NEXT_FILE
+$   GOTO NEXT_APP
 $ ENDIF
 $!
 $! Link The Program.
 $! Check To See If We Are To Link With A Specific TCP/IP Library.
 $!
+$ ON WARNING THEN GOTO NEXT_APP
+$!
 $ IF (TCPIP_LIB.NES."")
 $ THEN
 $!
 $! Don't Link With The RSAREF Routines And TCP/IP Library.
 $!
 $   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
-        'OBJECT_FILE''EXTRA_OBJ', -
+        'EXE_DIR''CURRENT_APP'.OPT/OPTION, -
        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
        'TCPIP_LIB','OPT_FILE'/OPTION
 $!
@@ -280,7 +310,7 @@ $!
 $! Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
 $!
 $   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
-        'OBJECT_FILE''EXTRA_OBJ', -
+        'EXE_DIR''CURRENT_APP'.OPT/OPTION, -
        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
        'OPT_FILE'/OPTION
 $!
@@ -290,11 +320,11 @@ $ ENDIF
 $!
 $! Go Back And Do It Again.
 $!
-$ GOTO NEXT_FILE
+$ GOTO NEXT_APP
 $!
 $! All Done With This File.
 $!
-$ FILE_DONE:
+$ APP_DONE:
 $ EXIT:
 $!
 $! All Done, Time To Clean Up And Exit.
@@ -395,19 +425,19 @@ $!    Else...
 $!
 $     ELSE
 $!
-$!      Create The AXP Linker Option File.
+$!      Create The non-VAX Linker Option File.
 $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For AXP To Link Agianst 
+! Default System Options File For non-VAX To Link Agianst 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
 SYS$SHARE:CMA$OPEN_RTL/SHARE
 $EOD
 $!
-$!    End The VAX/AXP DEC C Option File Check.
+$!    End The DEC C Option File Check.
 $!
 $     ENDIF
 $!
@@ -525,7 +555,7 @@ $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -556,7 +586,7 @@ $   ELSE
 $!
 $!  Check To See If We Have VAXC Or DECC.
 $!
-$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
 $     THEN 
 $!
 $!      Looks Like DECC, Set To Use DECC.
@@ -666,7 +696,7 @@ $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -687,9 +717,9 @@ $!
 $!    Compile Using VAXC.
 $!
 $     CC = "CC"
-$     IF ARCH.EQS."AXP"
+$     IF ARCH.NES."VAX"
 $     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
 $       EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
@@ -703,7 +733,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -730,7 +760,7 @@ $     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -740,7 +770,7 @@ $!  Set up default defines
 $!
 $   CCDEFS = """FLAT_INC=1""," + CCDEFS
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
@@ -845,7 +875,7 @@ $!  Print info
 $!
 $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c
index 251044d77f..01847dfad7 100644
--- a/src/lib/libssl/src/apps/ocsp.c
+++ b/src/lib/libssl/src/apps/ocsp.c
@@ -56,25 +56,53 @@
 *
 */
 #ifndef OPENSSL_NO_OCSP
+#ifdef OPENSSL_SYS_VMS
+#define _XOPEN_SOURCE_EXTENDED  /* So fd_set and friends get properly defined
+                                   on OpenVMS */
+#endif
 #define USE_SOCKETS
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <time.h>
 #include "apps.h" /* needs to be included before the openssl headers! */
 #include <openssl/e_os2.h>
-#include <openssl/ssl.h>
+#include <openssl/crypto.h>
 #include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#if defined(NETWARE_CLIB)
+#  ifdef NETWARE_BSDSOCK
+#    include <sys/socket.h>
+#    include <sys/bsdskt.h>
+#  else
+#    include <novsock2.h>
+#  endif
+#elif defined(NETWARE_LIBC)
+#  ifdef NETWARE_BSDSOCK
+#    include <sys/select.h>
+#  else
+#    include <novsock2.h>
+#  endif
+#endif
+  
 /* Maximum leeway in validity period: default 5 minutes */
 #define MAX_VALIDITY_PERIOD     (5 * 60)
-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer,
                                STACK_OF(OCSP_CERTID) *ids);
-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD * cert_id_md, X509 *issuer,
                                STACK_OF(OCSP_CERTID) *ids);
 static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
-                                STACK *names, STACK_OF(OCSP_CERTID) *ids,
+                              STACK_OF(OPENSSL_STRING) *names,
-                                long nsec, long maxage);
+                              STACK_OF(OCSP_CERTID) *ids, long nsec,
+                              long maxage);
 static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
                        X509 *ca, X509 *rcert, EVP_PKEY *rkey,
@@ -86,6 +114,7 @@ static BIO *init_responder(char *port);
 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
 static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
 static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+                                STACK_OF(CONF_VALUE) *headers,
                                OCSP_REQUEST *req, int req_timeout);
 #undef PROG
@@ -104,6 +133,7 @@ int MAIN(int argc, char **argv)
        char *rsignfile = NULL, *rkeyfile = NULL;
        char *outfile = NULL;
        int add_nonce = 1, noverify = 0, use_ssl = -1;
+        STACK_OF(CONF_VALUE) *headers = NULL;
        OCSP_REQUEST *req = NULL;
        OCSP_RESPONSE *resp = NULL;
        OCSP_BASICRESP *bs = NULL;
@@ -126,7 +156,7 @@ int MAIN(int argc, char **argv)
        int badarg = 0;
        int i;
        int ignore_err = 0;
-        STACK *reqnames = NULL;
+        STACK_OF(OPENSSL_STRING) *reqnames = NULL;
        STACK_OF(OCSP_CERTID) *ids = NULL;
        X509 *rca_cert = NULL;
@@ -134,6 +164,7 @@ int MAIN(int argc, char **argv)
        char *rca_filename = NULL;
        CA_DB *rdb = NULL;
        int nmin = 0, ndays = -1;
+        const EVP_MD *cert_id_md = NULL;
        if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -142,7 +173,7 @@ int MAIN(int argc, char **argv)
        SSL_load_error_strings();
        OpenSSL_add_ssl_algorithms();
        args = argv + 1;
-        reqnames = sk_new_null();
+        reqnames = sk_OPENSSL_STRING_new_null();
        ids = sk_OCSP_CERTID_new_null();
        while (!badarg && *args && *args[0] == '-')
                {
@@ -202,6 +233,16 @@ int MAIN(int argc, char **argv)
                                }
                        else badarg = 1;
                        }
+                else if (!strcmp(*args, "-header"))
+                        {
+                        if (args[1] && args[2])
+                                {
+                                if (!X509V3_add_value(args[1], args[2], &headers))
+                                        goto end;
+                                args += 2;
+                                }
+                        else badarg = 1;
+                        }
                else if (!strcmp(*args, "-ignore_err"))
                        ignore_err = 1;
                else if (!strcmp(*args, "-noverify"))
@@ -401,9 +442,10 @@ int MAIN(int argc, char **argv)
                                cert = load_cert(bio_err, *args, FORMAT_PEM,
                                        NULL, e, "certificate");
                                if(!cert) goto end;
-                                if(!add_ocsp_cert(&req, cert, issuer, ids))
+                                if (!cert_id_md) cert_id_md = EVP_sha1();
+                                if(!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
                                        goto end;
-                                if(!sk_push(reqnames, *args))
+                                if(!sk_OPENSSL_STRING_push(reqnames, *args))
                                        goto end;
                                }
                        else badarg = 1;
@@ -413,9 +455,10 @@ int MAIN(int argc, char **argv)
                        if (args[1])
                                {
                                args++;
-                                if(!add_ocsp_serial(&req, *args, issuer, ids))
+                                if (!cert_id_md) cert_id_md = EVP_sha1();
+                                if(!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids))
                                        goto end;
-                                if(!sk_push(reqnames, *args))
+                                if(!sk_OPENSSL_STRING_push(reqnames, *args))
                                        goto end;
                                }
                        else badarg = 1;
@@ -515,7 +558,10 @@ int MAIN(int argc, char **argv)
                                }
                        else badarg = 1;
                        }
-                else badarg = 1;
+                else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL)
+                        {
+                        badarg = 1;
+                        }
                args++;
                }
@@ -571,6 +617,7 @@ int MAIN(int argc, char **argv)
                BIO_printf (bio_err, "-ndays n           number of days before next update\n");
                BIO_printf (bio_err, "-resp_key_id       identify reponse by signing certificate key ID\n");
                BIO_printf (bio_err, "-nrequest n        number of requests to accept (default unlimited)\n");
+                BIO_printf (bio_err, "-<dgst alg>     use specified digest in the request");
                goto end;
                }
@@ -677,7 +724,8 @@ int MAIN(int argc, char **argv)
                        "signer private key");
                if (!key)
                        goto end;
-                if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags))
+                if (!OCSP_request_sign(req, signer, key, NULL, sign_other, sign_flags))
                        {
                        BIO_printf(bio_err, "Error signing OCSP request\n");
                        goto end;
@@ -721,7 +769,7 @@ int MAIN(int argc, char **argv)
                {
 #ifndef OPENSSL_NO_SOCK
                resp = process_responder(bio_err, req, host, path,
-                                                port, use_ssl, req_timeout);
+                                        port, use_ssl, headers, req_timeout);
                if (!resp)
                        goto end;
 #else
@@ -866,10 +914,11 @@ end:
        OCSP_REQUEST_free(req);
        OCSP_RESPONSE_free(resp);
        OCSP_BASICRESP_free(bs);
-        sk_free(reqnames);
+        sk_OPENSSL_STRING_free(reqnames);
        sk_OCSP_CERTID_free(ids);
        sk_X509_pop_free(sign_other, X509_free);
        sk_X509_pop_free(verify_other, X509_free);
+        sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
        if (use_ssl != -1)
                {
@@ -881,7 +930,7 @@ end:
        OPENSSL_EXIT(ret);
 }
-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md,X509 *issuer,
                                STACK_OF(OCSP_CERTID) *ids)
        {
        OCSP_CERTID *id;
@@ -892,7 +941,7 @@ static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
                }
        if(!*req) *req = OCSP_REQUEST_new();
        if(!*req) goto err;
-        id = OCSP_cert_to_id(NULL, cert, issuer);
+        id = OCSP_cert_to_id(cert_id_md, cert, issuer);
        if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
        if(!OCSP_request_add0_id(*req, id)) goto err;
        return 1;
@@ -902,7 +951,7 @@ static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
        return 0;
        }
-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,const EVP_MD *cert_id_md, X509 *issuer,
                                STACK_OF(OCSP_CERTID) *ids)
        {
        OCSP_CERTID *id;
@@ -924,7 +973,7 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
                BIO_printf(bio_err, "Error converting serial number %s\n", serial);
                return 0;
                }
-        id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno);
+        id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno);
        ASN1_INTEGER_free(sno);
        if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
        if(!OCSP_request_add0_id(*req, id)) goto err;
@@ -936,8 +985,9 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
        }
 static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
-                                        STACK *names, STACK_OF(OCSP_CERTID) *ids,
+                              STACK_OF(OPENSSL_STRING) *names,
-                                        long nsec, long maxage)
+                              STACK_OF(OCSP_CERTID) *ids, long nsec,
+                              long maxage)
        {
        OCSP_CERTID *id;
        char *name;
@@ -947,13 +997,13 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
        ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
-        if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids))
+        if (!bs || !req || !sk_OPENSSL_STRING_num(names) || !sk_OCSP_CERTID_num(ids))
                return 1;
        for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
                {
                id = sk_OCSP_CERTID_value(ids, i);
-                name = sk_value(names, i);
+                name = sk_OPENSSL_STRING_value(names, i);
                BIO_printf(out, "%s: ", name);
                if(!OCSP_resp_find_status(bs, id, &status, &reason,
@@ -1010,7 +1060,6 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
        OCSP_BASICRESP *bs = NULL;
        int i, id_count, ret = 1;
        id_count = OCSP_request_onereq_count(req);
        if (id_count <= 0)
@@ -1019,7 +1068,6 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
                goto end;
                }
-        ca_id = OCSP_cert_to_id(EVP_sha1(), NULL, ca);
        bs = OCSP_BASICRESP_new();
        thisupd = X509_gmtime_adj(NULL, 0);
@@ -1032,8 +1080,23 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
                OCSP_ONEREQ *one;
                ASN1_INTEGER *serial;
                char **inf;
+                ASN1_OBJECT *cert_id_md_oid;
+                const EVP_MD *cert_id_md;
                one = OCSP_request_onereq_get0(req, i);
                cid = OCSP_onereq_get0_id(one);
+                OCSP_id_get0_info(NULL,&cert_id_md_oid, NULL,NULL, cid);
+                cert_id_md = EVP_get_digestbyobj(cert_id_md_oid);       
+                if (! cert_id_md) 
+                        {
+                        *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
+                                NULL);
+                                goto end;
+                        }       
+                if (ca_id) OCSP_CERTID_free(ca_id);
+                ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca);
                /* Is this request about our CA? */
                if (OCSP_id_issuer_cmp(ca_id, cid))
                        {
@@ -1078,8 +1141,8 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
                }
        OCSP_copy_nonce(bs, req);
-                
+        
-        OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags);
+        OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags);
        *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
@@ -1211,10 +1274,12 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
        }
 static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+                                STACK_OF(CONF_VALUE) *headers,
                                OCSP_REQUEST *req, int req_timeout)
        {
        int fd;
        int rv;
+        int i;
        OCSP_REQ_CTX *ctx = NULL;
        OCSP_RESPONSE *rsp = NULL;
        fd_set confds;
@@ -1231,16 +1296,13 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
                return NULL;
                }
-        if (req_timeout == -1)
-                return OCSP_sendreq_bio(cbio, path, req);
        if (BIO_get_fd(cbio, &fd) <= 0)
                {
                BIO_puts(err, "Can't get connection fd\n");
                goto err;
                }
-        if (rv <= 0)
+        if (req_timeout != -1 && rv <= 0)
                {
                FD_ZERO(&confds);
                openssl_fdset(fd, &confds);
@@ -1255,15 +1317,27 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
                }
-        ctx = OCSP_sendreq_new(cbio, path, req, -1);
+        ctx = OCSP_sendreq_new(cbio, path, NULL, -1);
        if (!ctx)
                return NULL;
+        for (i = 0; i < sk_CONF_VALUE_num(headers); i++)
+                {
+                CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i);
+                if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value))
+                        goto err;
+                }
+        if (!OCSP_REQ_CTX_set1_req(ctx, req))
+                goto err;
        
        for (;;)
                {
                rv = OCSP_sendreq_nbio(&rsp, ctx);
                if (rv != -1)
                        break;
+                if (req_timeout == -1)
+                        continue;
                FD_ZERO(&confds);
                openssl_fdset(fd, &confds);
                tv.tv_usec = 0;
@@ -1287,7 +1361,7 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
                        BIO_puts(err, "Select error\n");
                        break;
                        }
-                        
                }
        err:
        if (ctx)
@@ -1298,6 +1372,7 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
 OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
                        char *host, char *path, char *port, int use_ssl,
+                        STACK_OF(CONF_VALUE) *headers,
                        int req_timeout)
        {
        BIO *cbio = NULL;
@@ -1332,14 +1407,14 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
                sbio = BIO_new_ssl(ctx, 1);
                cbio = BIO_push(sbio, cbio);
                }
-        resp = query_responder(err, cbio, path, req, req_timeout);
+        resp = query_responder(err, cbio, path, headers, req, req_timeout);
        if (!resp)
                BIO_printf(bio_err, "Error querying OCSP responsder\n");
        end:
-        if (ctx)
-                SSL_CTX_free(ctx);
        if (cbio)
                BIO_free_all(cbio);
+        if (ctx)
+                SSL_CTX_free(ctx);
        return resp;
        }
diff --git a/src/lib/libssl/src/apps/openssl-vms.cnf b/src/lib/libssl/src/apps/openssl-vms.cnf
index fae82b0d53..20ed61bc3e 100644
--- a/src/lib/libssl/src/apps/openssl-vms.cnf
+++ b/src/lib/libssl/src/apps/openssl-vms.cnf
@@ -21,12 +21,17 @@ oid_section		= new_oids
 [ new_oids ]
-# We can add new OIDs in here for use by 'ca' and 'req'.
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
 # Add a simple OID like this:
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
 ####################################################################
 [ ca ]
 default_ca      = CA_default            # The default ca section
@@ -67,7 +72,7 @@ cert_opt 	= ca_default		# Certificate field options
 default_days    = 365                   # how long to certify for
 default_crl_days= 30                    # how long before next CRL
-default_md      = sha1                  # which md to use.
+default_md      = default               # use public key default MD
 preserve        = no                    # keep passed DN ordering
 # A few difference way of specifying how similar the request should look
@@ -110,13 +115,12 @@ x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # This sets a mask for permitted string types. There are several options. 
 # default: PrintableString, T61String, BMPString.
-# pkix   : PrintableString, BMPString.
+# pkix   : PrintableString, BMPString (PKIX recommendation before 2004)
-# utf8only: only UTF8Strings.
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
 # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
 # MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
-# so use this option with caution!
+string_mask = utf8only
-string_mask = nombstr
 # req_extensions = v3_req # The extensions to add to a certificate request
@@ -207,6 +211,9 @@ authorityKeyIdentifier=keyid,issuer
 #nsCaPolicyUrl
 #nsSslServerName
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
 [ v3_req ]
 # Extensions to add to a certificate request
@@ -224,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier=keyid:always,issuer
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
@@ -257,7 +264,7 @@ basicConstraints = CA:true
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
 # issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier=keyid:always
 [ proxy_cert_ext ]
 # These extensions should be added when creating a proxy certificate
@@ -290,7 +297,7 @@ nsComment			= "OpenSSL Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+authorityKeyIdentifier=keyid,issuer
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
@@ -311,3 +318,33 @@ authorityKeyIdentifier=keyid,issuer:always
 # This really needs to be in place for it to be a proxy certificate.
 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+####################################################################
+[ tsa ]
+default_tsa = tsa_config1       # the default TSA section
+[ tsa_config1 ]
+# These are used by the TSA reply generation only.
+dir             = sys\$disk:[.demoCA            # TSA root directory
+serial          = $dir]tsaserial.       # The current serial number (mandatory)
+crypto_device   = builtin               # OpenSSL engine to use for signing
+signer_cert     = $dir/tsacert.pem      # The TSA signing certificate
+                                        # (optional)
+certs           = $dir.cacert.pem]      # Certificate chain to include in reply
+                                        # (optional)
+signer_key      = $dir/private/tsakey.pem # The TSA private key (optional)
+default_policy  = tsa_policy1           # Policy if request did not specify it
+                                        # (optional)
+other_policies  = tsa_policy2, tsa_policy3      # acceptable policies (optional)
+digests         = md5, sha1             # Acceptable message digests (mandatory)
+accuracy        = secs:1, millisecs:500, microsecs:100  # (optional)
+clock_precision_digits  = 0     # number of digits after dot. (optional)
+ordering                = yes   # Is ordering defined for timestamps?
+                                # (optional, default: no)
+tsa_name                = yes   # Must the TSA name be included in the reply?
+                                # (optional, default: no)
+ess_cert_id_chain       = no    # Must the ESS cert id chain be included?
+                                # (optional, default: no)
diff --git a/src/lib/libssl/src/apps/openssl.c b/src/lib/libssl/src/apps/openssl.c
index 7d2b476cf0..851e639735 100644
--- a/src/lib/libssl/src/apps/openssl.c
+++ b/src/lib/libssl/src/apps/openssl.c
@@ -135,19 +135,17 @@
 * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
 * functions. */
-/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */
+static LHASH_OF(FUNCTION) *prog_init(void );
-static unsigned long MS_CALLBACK hash(const void *a_void);
+static int do_cmd(LHASH_OF(FUNCTION) *prog,int argc,char *argv[]);
-/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */
+static void list_pkey(BIO *out);
-static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
+static void list_cipher(BIO *out);
-static LHASH *prog_init(void );
+static void list_md(BIO *out);
-static int do_cmd(LHASH *prog,int argc,char *argv[]);
 char *default_config_file=NULL;
 /* Make sure there is only one when MONOLITH is defined */
 #ifdef MONOLITH
 CONF *config=NULL;
 BIO *bio_err=NULL;
-int in_FIPS_mode=0;
 #endif
@@ -227,25 +225,12 @@ int main(int Argc, char *Argv[])
        int n,i,ret=0;
        int argc;
        char **argv,*p;
-        LHASH *prog=NULL;
+        LHASH_OF(FUNCTION) *prog=NULL;
        long errline;
 
        arg.data=NULL;
        arg.count=0;
-        in_FIPS_mode = 0;
-#ifdef OPENSSL_FIPS
-        if(getenv("OPENSSL_FIPS")) {
-                if (!FIPS_mode_set(1)) {
-                        ERR_load_crypto_strings();
-                        ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-                        EXIT(1);
-                }
-                in_FIPS_mode = 1;
-                }
-#endif
        if (bio_err == NULL)
                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
@@ -287,9 +272,21 @@ int main(int Argc, char *Argv[])
        i=NCONF_load(config,p,&errline);
        if (i == 0)
                {
-                NCONF_free(config);
+                if (ERR_GET_REASON(ERR_peek_last_error())
-                config = NULL;
+                    == CONF_R_NO_SUCH_FILE)
-                ERR_clear_error();
+                        {
+                        BIO_printf(bio_err,
+                                   "WARNING: can't open config file: %s\n",p);
+                        ERR_clear_error();
+                        NCONF_free(config);
+                        config = NULL;
+                        }
+                else
+                        {
+                        ERR_print_errors(bio_err);
+                        NCONF_free(config);
+                        exit(1);
+                        }
                }
        prog=prog_init();
@@ -298,7 +295,7 @@ int main(int Argc, char *Argv[])
        program_name(Argv[0],pname,sizeof pname);
        f.name=pname;
-        fp=(FUNCTION *)lh_retrieve(prog,&f);
+        fp=lh_FUNCTION_retrieve(prog,&f);
        if (fp != NULL)
                {
                Argv[0]=pname;
@@ -333,7 +330,8 @@ int main(int Argc, char *Argv[])
                        else    prompt="OpenSSL> ";
                        fputs(prompt,stdout);
                        fflush(stdout);
-                        fgets(p,n,stdin);
+                        if (!fgets(p,n,stdin))
+                                goto end;
                        if (p[0] == '\0') goto end;
                        i=strlen(p);
                        if (i <= 1) break;
@@ -364,7 +362,7 @@ end:
                NCONF_free(config);
                config=NULL;
                }
-        if (prog != NULL) lh_free(prog);
+        if (prog != NULL) lh_FUNCTION_free(prog);
        if (arg.data != NULL) OPENSSL_free(arg.data);
        apps_shutdown();
@@ -380,9 +378,13 @@ end:
 #define LIST_STANDARD_COMMANDS "list-standard-commands"
 #define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
+#define LIST_MESSAGE_DIGEST_ALGORITHMS "list-message-digest-algorithms"
 #define LIST_CIPHER_COMMANDS "list-cipher-commands"
+#define LIST_CIPHER_ALGORITHMS "list-cipher-algorithms"
+#define LIST_PUBLIC_KEY_ALGORITHMS "list-public-key-algorithms"
-static int do_cmd(LHASH *prog, int argc, char *argv[])
+static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
        {
        FUNCTION f,*fp;
        int i,ret=1,tp,nl;
@@ -390,7 +392,22 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
        if ((argc <= 0) || (argv[0] == NULL))
                { ret=0; goto end; }
        f.name=argv[0];
-        fp=(FUNCTION *)lh_retrieve(prog,&f);
+        fp=lh_FUNCTION_retrieve(prog,&f);
+        if (fp == NULL)
+                {
+                if (EVP_get_digestbyname(argv[0]))
+                        {
+                        f.type = FUNC_TYPE_MD;
+                        f.func = dgst_main;
+                        fp = &f;
+                        }
+                else if (EVP_get_cipherbyname(argv[0]))
+                        {
+                        f.type = FUNC_TYPE_CIPHER;
+                        f.func = enc_main;
+                        fp = &f;
+                        }
+                }
        if (fp != NULL)
                {
                ret=fp->func(argc,argv);
@@ -405,7 +422,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
                }
 #endif
                f.name=argv[0]+3;
-                ret = (lh_retrieve(prog,&f) != NULL);
+                ret = (lh_FUNCTION_retrieve(prog,&f) != NULL);
                if (!ret)
                        BIO_printf(bio_stdout, "%s\n", argv[0]);
                else
@@ -423,7 +440,10 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
                }
        else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
                (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
-                (strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0))
+                (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) ||
+                (strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0) ||
+                (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) ||
+                (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0))
                {
                int list_type;
                BIO *bio_stdout;
@@ -432,6 +452,12 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
                        list_type = FUNC_TYPE_GENERAL;
                else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)
                        list_type = FUNC_TYPE_MD;
+                else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0)
+                        list_type = FUNC_TYPE_MD_ALG;
+                else if (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0)
+                        list_type = FUNC_TYPE_PKEY;
+                else if (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0)
+                        list_type = FUNC_TYPE_CIPHER_ALG;
                else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
                        list_type = FUNC_TYPE_CIPHER;
                bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
@@ -441,10 +467,23 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
                bio_stdout = BIO_push(tmpbio, bio_stdout);
                }
 #endif
-                
-                for (fp=functions; fp->name != NULL; fp++)
+                if (!load_config(bio_err, NULL))
-                        if (fp->type == list_type)
+                        goto end;
-                                BIO_printf(bio_stdout, "%s\n", fp->name);
+                if (list_type == FUNC_TYPE_PKEY)
+                        list_pkey(bio_stdout);  
+                if (list_type == FUNC_TYPE_MD_ALG)
+                        list_md(bio_stdout);    
+                if (list_type == FUNC_TYPE_CIPHER_ALG)
+                        list_cipher(bio_stdout);        
+                else
+                        {
+                        for (fp=functions; fp->name != NULL; fp++)
+                                if (fp->type == list_type)
+                                        BIO_printf(bio_stdout, "%s\n",
+                                                                fp->name);
+                        }
                BIO_free_all(bio_stdout);
                ret=0;
                goto end;
@@ -507,9 +546,94 @@ static int SortFnByName(const void *_f1,const void *_f2)
    return strcmp(f1->name,f2->name);
    }
-static LHASH *prog_init(void)
+static void list_pkey(BIO *out)
+        {
+        int i;
+        for (i = 0; i < EVP_PKEY_asn1_get_count(); i++)
+                {
+                const EVP_PKEY_ASN1_METHOD *ameth;
+                int pkey_id, pkey_base_id, pkey_flags;
+                const char *pinfo, *pem_str;
+                ameth = EVP_PKEY_asn1_get0(i);
+                EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
+                                                &pinfo, &pem_str, ameth);
+                if (pkey_flags & ASN1_PKEY_ALIAS)
+                        {
+                        BIO_printf(out, "Name: %s\n", 
+                                        OBJ_nid2ln(pkey_id));
+                        BIO_printf(out, "\tType: Alias to %s\n",
+                                        OBJ_nid2ln(pkey_base_id));
+                        }
+                else
+                        {
+                        BIO_printf(out, "Name: %s\n", pinfo);
+                        BIO_printf(out, "\tType: %s Algorithm\n", 
+                                pkey_flags & ASN1_PKEY_DYNAMIC ?
+                                        "External" : "Builtin");
+                        BIO_printf(out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
+                        if (pem_str == NULL)
+                                pem_str = "(none)";
+                        BIO_printf(out, "\tPEM string: %s\n", pem_str);
+                        }
+                                        
+                }
+        }
+static void list_cipher_fn(const EVP_CIPHER *c,
+                        const char *from, const char *to, void *arg)
+        {
+        if (c)
+                BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
+        else
+                {
+                if (!from)
+                        from = "<undefined>";
+                if (!to)
+                        to = "<undefined>";
+                BIO_printf(arg, "%s => %s\n", from, to);
+                }
+        }
+static void list_cipher(BIO *out)
+        {
+        EVP_CIPHER_do_all_sorted(list_cipher_fn, out);
+        }
+static void list_md_fn(const EVP_MD *m,
+                        const char *from, const char *to, void *arg)
+        {
+        if (m)
+                BIO_printf(arg, "%s\n", EVP_MD_name(m));
+        else
+                {
+                if (!from)
+                        from = "<undefined>";
+                if (!to)
+                        to = "<undefined>";
+                BIO_printf(arg, "%s => %s\n", from, to);
+                }
+        }
+static void list_md(BIO *out)
+        {
+        EVP_MD_do_all_sorted(list_md_fn, out);
+        }
+static int MS_CALLBACK function_cmp(const FUNCTION *a, const FUNCTION *b)
+        {
+        return strncmp(a->name,b->name,8);
+        }
+static IMPLEMENT_LHASH_COMP_FN(function, FUNCTION)
+static unsigned long MS_CALLBACK function_hash(const FUNCTION *a)
+        {
+        return lh_strhash(a->name);
+        }       
+static IMPLEMENT_LHASH_HASH_FN(function, FUNCTION)
+static LHASH_OF(FUNCTION) *prog_init(void)
        {
-        LHASH *ret;
+        LHASH_OF(FUNCTION) *ret;
        FUNCTION *f;
        size_t i;
@@ -518,23 +642,11 @@ static LHASH *prog_init(void)
            ;
        qsort(functions,i,sizeof *functions,SortFnByName);
-        if ((ret=lh_new(hash, cmp)) == NULL)
+        if ((ret=lh_FUNCTION_new()) == NULL)
                return(NULL);
        for (f=functions; f->name != NULL; f++)
-                lh_insert(ret,f);
+                (void)lh_FUNCTION_insert(ret,f);
        return(ret);
        }
-/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
-static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
-        {
-        return(strncmp(((const FUNCTION *)a_void)->name,
-                        ((const FUNCTION *)b_void)->name,8));
-        }
-/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
-static unsigned long MS_CALLBACK hash(const void *a_void)
-        {
-        return(lh_strhash(((const FUNCTION *)a_void)->name));
-        }
diff --git a/src/lib/libssl/src/apps/openssl.cnf b/src/lib/libssl/src/apps/openssl.cnf
index 9e59020c17..9d2cd5bfa5 100644
--- a/src/lib/libssl/src/apps/openssl.cnf
+++ b/src/lib/libssl/src/apps/openssl.cnf
@@ -21,12 +21,17 @@ oid_section		= new_oids
 [ new_oids ]
-# We can add new OIDs in here for use by 'ca' and 'req'.
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
 # Add a simple OID like this:
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
 ####################################################################
 [ ca ]
 default_ca      = CA_default            # The default ca section
@@ -67,7 +72,7 @@ cert_opt 	= ca_default		# Certificate field options
 default_days    = 365                   # how long to certify for
 default_crl_days= 30                    # how long before next CRL
-default_md      = sha1                  # which md to use.
+default_md      = default               # use public key default MD
 preserve        = no                    # keep passed DN ordering
 # A few difference way of specifying how similar the request should look
@@ -110,13 +115,12 @@ x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # This sets a mask for permitted string types. There are several options. 
 # default: PrintableString, T61String, BMPString.
-# pkix   : PrintableString, BMPString.
+# pkix   : PrintableString, BMPString (PKIX recommendation before 2004)
-# utf8only: only UTF8Strings.
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
 # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
 # MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
-# so use this option with caution!
+string_mask = utf8only
-string_mask = nombstr
 # req_extensions = v3_req # The extensions to add to a certificate request
@@ -207,6 +211,9 @@ authorityKeyIdentifier=keyid,issuer
 #nsCaPolicyUrl
 #nsSslServerName
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
 [ v3_req ]
 # Extensions to add to a certificate request
@@ -224,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier=keyid:always,issuer
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
@@ -257,7 +264,7 @@ basicConstraints = CA:true
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
 # issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier=keyid:always
 [ proxy_cert_ext ]
 # These extensions should be added when creating a proxy certificate
@@ -290,7 +297,7 @@ nsComment			= "OpenSSL Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+authorityKeyIdentifier=keyid,issuer
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
@@ -311,3 +318,33 @@ authorityKeyIdentifier=keyid,issuer:always
 # This really needs to be in place for it to be a proxy certificate.
 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+####################################################################
+[ tsa ]
+default_tsa = tsa_config1       # the default TSA section
+[ tsa_config1 ]
+# These are used by the TSA reply generation only.
+dir             = ./demoCA              # TSA root directory
+serial          = $dir/tsaserial        # The current serial number (mandatory)
+crypto_device   = builtin               # OpenSSL engine to use for signing
+signer_cert     = $dir/tsacert.pem      # The TSA signing certificate
+                                        # (optional)
+certs           = $dir/cacert.pem       # Certificate chain to include in reply
+                                        # (optional)
+signer_key      = $dir/private/tsakey.pem # The TSA private key (optional)
+default_policy  = tsa_policy1           # Policy if request did not specify it
+                                        # (optional)
+other_policies  = tsa_policy2, tsa_policy3      # acceptable policies (optional)
+digests         = md5, sha1             # Acceptable message digests (mandatory)
+accuracy        = secs:1, millisecs:500, microsecs:100  # (optional)
+clock_precision_digits  = 0     # number of digits after dot. (optional)
+ordering                = yes   # Is ordering defined for timestamps?
+                                # (optional, default: no)
+tsa_name                = yes   # Must the TSA name be included in the reply?
+                                # (optional, default: no)
+ess_cert_id_chain       = no    # Must the ESS cert id chain be included?
+                                # (optional, default: no)
diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c
index 248bc1154d..514a02e0f1 100644
--- a/src/lib/libssl/src/apps/pkcs12.c
+++ b/src/lib/libssl/src/apps/pkcs12.c
@@ -88,6 +88,7 @@ int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
 int alg_print(BIO *x, X509_ALGOR *alg);
 int cert_load(BIO *in, STACK_OF(X509) *sk);
+static int set_pbe(BIO *err, int *ppbe, const char *str);
 int MAIN(int, char **);
@@ -111,16 +112,17 @@ int MAIN(int argc, char **argv)
    int maciter = PKCS12_DEFAULT_ITER;
    int twopass = 0;
    int keytype = 0;
-    int cert_pbe;
+    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    int ret = 1;
    int macver = 1;
    int noprompt = 0;
-    STACK *canames = NULL;
+    STACK_OF(OPENSSL_STRING) *canames = NULL;
    char *cpass = NULL, *mpass = NULL;
    char *passargin = NULL, *passargout = NULL, *passarg = NULL;
    char *passin = NULL, *passout = NULL;
    char *inrand = NULL;
+    char *macalg = NULL;
    char *CApath = NULL, *CAfile = NULL;
 #ifndef OPENSSL_NO_ENGINE
    char *engine=NULL;
@@ -128,13 +130,6 @@ int MAIN(int argc, char **argv)
    apps_startup();
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-    else
-#endif
-    cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
    enc = EVP_des_ede3_cbc();
    if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
@@ -185,33 +180,18 @@ int MAIN(int argc, char **argv)
                                         maciter = 1;
                else if (!strcmp (*args, "-nomac"))
                                         maciter = -1;
+                else if (!strcmp (*args, "-macalg"))
+                    if (args[1]) {
+                        args++; 
+                        macalg = *args;
+                    } else badarg = 1;
                else if (!strcmp (*args, "-nodes")) enc=NULL;
                else if (!strcmp (*args, "-certpbe")) {
-                        if (args[1]) {
+                        if (!set_pbe(bio_err, &cert_pbe, *++args))
-                                args++;
+                                badarg = 1;
-                                if (!strcmp(*args, "NONE"))
-                                        cert_pbe = -1;
-                                else
-                                        cert_pbe=OBJ_txt2nid(*args);
-                                if(cert_pbe == NID_undef) {
-                                        BIO_printf(bio_err,
-                                                 "Unknown PBE algorithm %s\n", *args);
-                                        badarg = 1;
-                                }
-                        } else badarg = 1;
                } else if (!strcmp (*args, "-keypbe")) {
-                        if (args[1]) {
+                        if (!set_pbe(bio_err, &key_pbe, *++args))
-                                args++;
+                                badarg = 1;
-                                if (!strcmp(*args, "NONE"))
-                                        key_pbe = -1;
-                                else
-                                        key_pbe=OBJ_txt2nid(*args);
-                                if(key_pbe == NID_undef) {
-                                        BIO_printf(bio_err,
-                                                 "Unknown PBE algorithm %s\n", *args);
-                                        badarg = 1;
-                                }
-                        } else badarg = 1;
                } else if (!strcmp (*args, "-rand")) {
                    if (args[1]) {
                        args++; 
@@ -242,8 +222,8 @@ int MAIN(int argc, char **argv)
                } else if (!strcmp (*args, "-caname")) {
                    if (args[1]) {
                        args++; 
-                        if (!canames) canames = sk_new_null();
+                        if (!canames) canames = sk_OPENSSL_STRING_new_null();
-                        sk_push(canames, *args);
+                        sk_OPENSSL_STRING_push(canames, *args);
                    } else badarg = 1;
                } else if (!strcmp (*args, "-in")) {
                    if (args[1]) {
@@ -332,11 +312,14 @@ int MAIN(int argc, char **argv)
 #endif
        BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
        BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
+        BIO_printf (bio_err, "-nomaciter    don't use MAC iteration\n");
        BIO_printf (bio_err, "-maciter      use MAC iteration\n");
+        BIO_printf (bio_err, "-nomac        don't generate MAC\n");
        BIO_printf (bio_err, "-twopass      separate MAC, encryption passwords\n");
        BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
        BIO_printf (bio_err, "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");
        BIO_printf (bio_err, "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");
+        BIO_printf (bio_err, "-macalg alg   digest algorithm used in MAC (default SHA1)\n");
        BIO_printf (bio_err, "-keyex        set MS key exchange type\n");
        BIO_printf (bio_err, "-keysig       set MS key signature type\n");
        BIO_printf (bio_err, "-password p   set import/export password source\n");
@@ -348,8 +331,8 @@ int MAIN(int argc, char **argv)
        BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
        BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
        BIO_printf(bio_err,  "              the random number generator\n");
-        BIO_printf(bio_err,  "-CSP name     Microsoft CSP name\n");
+        BIO_printf(bio_err,  "-CSP name     Microsoft CSP name\n");
-        BIO_printf(bio_err,  "-LMK          Add local machine keyset attribute to private key\n");
+        BIO_printf(bio_err,  "-LMK          Add local machine keyset attribute to private key\n");
        goto end;
    }
@@ -439,6 +422,7 @@ int MAIN(int argc, char **argv)
        EVP_PKEY *key = NULL;
        X509 *ucert = NULL, *x = NULL;
        STACK_OF(X509) *certs=NULL;
+        const EVP_MD *macmd = NULL;
        unsigned char *catmp = NULL;
        int i;
@@ -565,9 +549,9 @@ int MAIN(int argc, char **argv)
        /* Add any CA names */
-        for (i = 0; i < sk_num(canames); i++)
+        for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++)
                {
-                catmp = (unsigned char *)sk_value(canames, i);
+                catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
                X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
                }
@@ -605,8 +589,18 @@ int MAIN(int argc, char **argv)
                goto export_end;
                }
+        if (macalg)
+                {
+                macmd = EVP_get_digestbyname(macalg);
+                if (!macmd)
+                        {
+                        BIO_printf(bio_err, "Unknown digest algorithm %s\n", 
+                                                macalg);
+                        }
+                }
        if (maciter != -1)
-                PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL);
+                PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
 #ifdef CRYPTO_MDEBUG
        CRYPTO_pop_info();
@@ -693,7 +687,7 @@ int MAIN(int argc, char **argv)
 #endif
    BIO_free(in);
    BIO_free_all(out);
-    if (canames) sk_free(canames);
+    if (canames) sk_OPENSSL_STRING_free(canames);
    if(passin) OPENSSL_free(passin);
    if(passout) OPENSSL_free(passout);
    apps_shutdown();
@@ -929,7 +923,7 @@ int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
                        av = sk_ASN1_TYPE_value(attr->value.set, 0);
                        switch(av->type) {
                                case V_ASN1_BMPSTRING:
-                                value = uni2asc(av->value.bmpstring->data,
+                                value = OPENSSL_uni2asc(av->value.bmpstring->data,
                                               av->value.bmpstring->length);
                                BIO_printf(out, "%s\n", value);
                                OPENSSL_free(value);
@@ -962,4 +956,22 @@ void hex_prin(BIO *out, unsigned char *buf, int len)
        for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
 }
+static int set_pbe(BIO *err, int *ppbe, const char *str)
+        {
+        if (!str)
+                return 0;
+        if (!strcmp(str, "NONE"))
+                {
+                *ppbe = -1;
+                return 1;
+                }
+        *ppbe=OBJ_txt2nid(str);
+        if (*ppbe == NID_undef)
+                {
+                BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
+                return 0;
+                }
+        return 1;
+        }
+                        
 #endif
diff --git a/src/lib/libssl/src/apps/pkcs7.c b/src/lib/libssl/src/apps/pkcs7.c
index da4dbe7a07..86d31b99a7 100644
--- a/src/lib/libssl/src/apps/pkcs7.c
+++ b/src/lib/libssl/src/apps/pkcs7.c
@@ -90,7 +90,7 @@ int MAIN(int argc, char **argv)
        BIO *in=NULL,*out=NULL;
        int informat,outformat;
        char *infile,*outfile,*prog;
-        int print_certs=0,text=0,noout=0;
+        int print_certs=0,text=0,noout=0,p7_print=0;
        int ret=1;
 #ifndef OPENSSL_NO_ENGINE
        char *engine=NULL;
@@ -139,6 +139,8 @@ int MAIN(int argc, char **argv)
                        noout=1;
                else if (strcmp(*argv,"-text") == 0)
                        text=1;
+                else if (strcmp(*argv,"-print") == 0)
+                        p7_print=1;
                else if (strcmp(*argv,"-print_certs") == 0)
                        print_certs=1;
 #ifndef OPENSSL_NO_ENGINE
@@ -238,6 +240,9 @@ bad:
                        }
                }
+        if (p7_print)
+                PKCS7_print_ctx(out, p7, 0, NULL);
        if (print_certs)
                {
                STACK_OF(X509) *certs=NULL;
diff --git a/src/lib/libssl/src/apps/pkcs8.c b/src/lib/libssl/src/apps/pkcs8.c
index 9633a149bc..7edeb179dd 100644
--- a/src/lib/libssl/src/apps/pkcs8.c
+++ b/src/lib/libssl/src/apps/pkcs8.c
@@ -80,11 +80,12 @@ int MAIN(int argc, char **argv)
        int informat, outformat;
        int p8_broken = PKCS8_OK;
        int nocrypt = 0;
-        X509_SIG *p8;
+        X509_SIG *p8 = NULL;
-        PKCS8_PRIV_KEY_INFO *p8inf;
+        PKCS8_PRIV_KEY_INFO *p8inf = NULL;
        EVP_PKEY *pkey=NULL;
        char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
        int badarg = 0;
+        int ret = 1;
 #ifndef OPENSSL_NO_ENGINE
        char *engine=NULL;
 #endif
@@ -225,7 +226,7 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
                BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 #endif
-                return 1;
+                goto end;
                }
 #ifndef OPENSSL_NO_ENGINE
@@ -235,7 +236,7 @@ int MAIN(int argc, char **argv)
        if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
                {
                BIO_printf(bio_err, "Error getting passwords\n");
-                return 1;
+                goto end;
                }
        if ((pbe_nid == -1) && !cipher)
@@ -247,7 +248,7 @@ int MAIN(int argc, char **argv)
                        {
                        BIO_printf(bio_err,
                                 "Can't open input file %s\n", infile);
-                        return (1);
+                        goto end;
                        }
                }
        else
@@ -259,7 +260,7 @@ int MAIN(int argc, char **argv)
                        {
                        BIO_printf(bio_err,
                                 "Can't open output file %s\n", outfile);
-                        return (1);
+                        goto end;
                        }
                }
        else
@@ -274,21 +275,15 @@ int MAIN(int argc, char **argv)
                }
        if (topk8)
                {
-                BIO_free(in); /* Not needed in this section */
                pkey = load_key(bio_err, infile, informat, 1,
                        passin, e, "key");
                if (!pkey)
-                        {
+                        goto end;
-                        BIO_free_all(out);
-                        return 1;
-                        }
                if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
                        {
                        BIO_printf(bio_err, "Error converting key\n");
                        ERR_print_errors(bio_err);
-                        EVP_PKEY_free(pkey);
+                        goto end;
-                        BIO_free_all(out);
-                        return 1;
                        }
                if (nocrypt)
                        {
@@ -299,10 +294,7 @@ int MAIN(int argc, char **argv)
                        else
                                {
                                BIO_printf(bio_err, "Bad format specified for key\n");
-                                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                                goto end;
-                                EVP_PKEY_free(pkey);
-                                BIO_free_all(out);
-                                return (1);
                                }
                        }
                else
@@ -313,12 +305,7 @@ int MAIN(int argc, char **argv)
                                {
                                p8pass = pass;
                                if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
-                                        {
+                                        goto end;
-                                        PKCS8_PRIV_KEY_INFO_free(p8inf);
-                                        EVP_PKEY_free(pkey);
-                                        BIO_free_all(out);
-                                        return (1);
-                                        }
                                }
                        app_RAND_load_file(NULL, bio_err, 0);
                        if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
@@ -327,10 +314,7 @@ int MAIN(int argc, char **argv)
                                {
                                BIO_printf(bio_err, "Error encrypting key\n");
                                ERR_print_errors(bio_err);
-                                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                                goto end;
-                                EVP_PKEY_free(pkey);
-                                BIO_free_all(out);
-                                return (1);
                                }
                        app_RAND_write_file(NULL, bio_err);
                        if (outformat == FORMAT_PEM) 
@@ -340,22 +324,12 @@ int MAIN(int argc, char **argv)
                        else
                                {
                                BIO_printf(bio_err, "Bad format specified for key\n");
-                                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                                goto end;
-                                EVP_PKEY_free(pkey);
-                                BIO_free_all(out);
-                                return (1);
                                }
-                        X509_SIG_free(p8);
                        }
-                PKCS8_PRIV_KEY_INFO_free (p8inf);
+                ret = 0;
-                EVP_PKEY_free(pkey);
+                goto end;
-                BIO_free_all(out);
-                if (passin)
-                        OPENSSL_free(passin);
-                if (passout)
-                        OPENSSL_free(passout);
-                return (0);
                }
        if (nocrypt)
@@ -367,7 +341,7 @@ int MAIN(int argc, char **argv)
                else
                        {
                        BIO_printf(bio_err, "Bad format specified for key\n");
-                        return (1);
+                        goto end;
                        }
                }
        else
@@ -379,14 +353,14 @@ int MAIN(int argc, char **argv)
                else
                        {
                        BIO_printf(bio_err, "Bad format specified for key\n");
-                        return (1);
+                        goto end;
                        }
                if (!p8)
                        {
                        BIO_printf (bio_err, "Error reading key\n");
                        ERR_print_errors(bio_err);
-                        return (1);
+                        goto end;
                        }
                if (passin)
                        p8pass = passin;
@@ -396,21 +370,20 @@ int MAIN(int argc, char **argv)
                        EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
                        }
                p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
-                X509_SIG_free(p8);
                }
        if (!p8inf)
                {
                BIO_printf(bio_err, "Error decrypting key\n");
                ERR_print_errors(bio_err);
-                return (1);
+                goto end;
                }
        if (!(pkey = EVP_PKCS82PKEY(p8inf)))
                {
                BIO_printf(bio_err, "Error converting key\n");
                ERR_print_errors(bio_err);
-                return (1);
+                goto end;
                }
        
        if (p8inf->broken)
@@ -430,13 +403,16 @@ int MAIN(int argc, char **argv)
                        BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
                        break;
+                        case PKCS8_NEG_PRIVKEY:
+                        BIO_printf(bio_err, "DSA private key value is negative\n");
+                        break;
                        default:
                        BIO_printf(bio_err, "Unknown broken type\n");
                        break;
                }
        }
        
-        PKCS8_PRIV_KEY_INFO_free(p8inf);
        if (outformat == FORMAT_PEM) 
                PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
        else if (outformat == FORMAT_ASN1)
@@ -444,10 +420,13 @@ int MAIN(int argc, char **argv)
        else
                {
                BIO_printf(bio_err, "Bad format specified for key\n");
-                        return (1);
+                        goto end;
                }
+        ret = 0;
        end:
+        X509_SIG_free(p8);
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
        EVP_PKEY_free(pkey);
        BIO_free_all(out);
        BIO_free(in);
@@ -456,5 +435,5 @@ int MAIN(int argc, char **argv)
        if (passout)
                OPENSSL_free(passout);
-        return (0);
+        return ret;
        }
diff --git a/src/lib/libssl/src/apps/prime.c b/src/lib/libssl/src/apps/prime.c
index af2fed15af..f1aaef8725 100644
--- a/src/lib/libssl/src/apps/prime.c
+++ b/src/lib/libssl/src/apps/prime.c
@@ -62,6 +62,9 @@ int MAIN(int argc, char **argv)
    {
    int hex=0;
    int checks=20;
+    int generate=0;
+    int bits=0;
+    int safe=0;
    BIGNUM *bn=NULL;
    BIO *bio_out;
@@ -77,6 +80,15 @@ int MAIN(int argc, char **argv)
        {
        if(!strcmp(*argv,"-hex"))
            hex=1;
+        else if(!strcmp(*argv,"-generate"))
+            generate=1;
+        else if(!strcmp(*argv,"-bits"))
+            if(--argc < 1)
+                goto bad;
+            else
+                bits=atoi(*++argv);
+        else if(!strcmp(*argv,"-safe"))
+            safe=1;
        else if(!strcmp(*argv,"-checks"))
            if(--argc < 1)
                goto bad;
@@ -91,13 +103,13 @@ int MAIN(int argc, char **argv)
        ++argv;
        }
-    if (argv[0] == NULL)
+    if (argv[0] == NULL && !generate)
        {
        BIO_printf(bio_err,"No prime specified\n");
        goto bad;
        }
-   if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+    if ((bio_out=BIO_new(BIO_s_file())) != NULL)
        {
        BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
@@ -108,14 +120,32 @@ int MAIN(int argc, char **argv)
 #endif
        }
-    if(hex)
+    if(generate)
-        BN_hex2bn(&bn,argv[0]);
+        {
+        char *s;
+        if(!bits)
+            {
+            BIO_printf(bio_err,"Specifiy the number of bits.\n");
+            return 1;
+            }
+        bn=BN_new();
+        BN_generate_prime_ex(bn,bits,safe,NULL,NULL,NULL);
+        s=hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
+        BIO_printf(bio_out,"%s\n",s);
+        OPENSSL_free(s);
+        }
    else
-        BN_dec2bn(&bn,argv[0]);
+        {
+        if(hex)
+            BN_hex2bn(&bn,argv[0]);
+        else
+            BN_dec2bn(&bn,argv[0]);
-    BN_print(bio_out,bn);
+        BN_print(bio_out,bn);
-    BIO_printf(bio_out," is %sprime\n",
+        BIO_printf(bio_out," is %sprime\n",
-               BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");
+                   BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");
+        }
    BN_free(bn);
    BIO_free_all(bio_out);
diff --git a/src/lib/libssl/src/apps/progs.h b/src/lib/libssl/src/apps/progs.h
index aafd800bdf..79e479a337 100644
--- a/src/lib/libssl/src/apps/progs.h
+++ b/src/lib/libssl/src/apps/progs.h
@@ -22,6 +22,7 @@ extern int ecparam_main(int argc,char *argv[]);
 extern int x509_main(int argc,char *argv[]);
 extern int genrsa_main(int argc,char *argv[]);
 extern int gendsa_main(int argc,char *argv[]);
+extern int genpkey_main(int argc,char *argv[]);
 extern int s_server_main(int argc,char *argv[]);
 extern int s_client_main(int argc,char *argv[]);
 extern int speed_main(int argc,char *argv[]);
@@ -35,22 +36,30 @@ extern int ciphers_main(int argc,char *argv[]);
 extern int nseq_main(int argc,char *argv[]);
 extern int pkcs12_main(int argc,char *argv[]);
 extern int pkcs8_main(int argc,char *argv[]);
+extern int pkey_main(int argc,char *argv[]);
+extern int pkeyparam_main(int argc,char *argv[]);
+extern int pkeyutl_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
 extern int rand_main(int argc,char *argv[]);
 extern int engine_main(int argc,char *argv[]);
 extern int ocsp_main(int argc,char *argv[]);
 extern int prime_main(int argc,char *argv[]);
+extern int ts_main(int argc,char *argv[]);
 #define FUNC_TYPE_GENERAL       1
 #define FUNC_TYPE_MD            2
 #define FUNC_TYPE_CIPHER        3
+#define FUNC_TYPE_PKEY          4
+#define FUNC_TYPE_MD_ALG        5
+#define FUNC_TYPE_CIPHER_ALG    6
 typedef struct {
        int type;
        const char *name;
        int (*func)(int argc,char *argv[]);
        } FUNCTION;
+DECLARE_LHASH_OF(FUNCTION);
 FUNCTION functions[] = {
        {FUNC_TYPE_GENERAL,"verify",verify_main},
@@ -96,6 +105,7 @@ FUNCTION functions[] = {
 #ifndef OPENSSL_NO_DSA
        {FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
 #endif
+        {FUNC_TYPE_GENERAL,"genpkey",genpkey_main},
 #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
        {FUNC_TYPE_GENERAL,"s_server",s_server_main},
 #endif
@@ -123,14 +133,20 @@ FUNCTION functions[] = {
        {FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
 #endif
        {FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
+        {FUNC_TYPE_GENERAL,"pkey",pkey_main},
+        {FUNC_TYPE_GENERAL,"pkeyparam",pkeyparam_main},
+        {FUNC_TYPE_GENERAL,"pkeyutl",pkeyutl_main},
        {FUNC_TYPE_GENERAL,"spkac",spkac_main},
        {FUNC_TYPE_GENERAL,"smime",smime_main},
        {FUNC_TYPE_GENERAL,"rand",rand_main},
 #ifndef OPENSSL_NO_ENGINE
        {FUNC_TYPE_GENERAL,"engine",engine_main},
 #endif
+#ifndef OPENSSL_NO_OCSP
        {FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
+#endif
        {FUNC_TYPE_GENERAL,"prime",prime_main},
+        {FUNC_TYPE_GENERAL,"ts",ts_main},
 #ifndef OPENSSL_NO_MD2
        {FUNC_TYPE_MD,"md2",dgst_main},
 #endif
@@ -189,6 +205,9 @@ FUNCTION functions[] = {
        {FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main},
 #endif
        {FUNC_TYPE_CIPHER,"base64",enc_main},
+#ifdef ZLIB
+        {FUNC_TYPE_CIPHER,"zlib",enc_main},
+#endif
 #ifndef OPENSSL_NO_DES
        {FUNC_TYPE_CIPHER,"des",enc_main},
 #endif
diff --git a/src/lib/libssl/src/apps/progs.pl b/src/lib/libssl/src/apps/progs.pl
index 645432cfcc..de6fdeabbd 100644
--- a/src/lib/libssl/src/apps/progs.pl
+++ b/src/lib/libssl/src/apps/progs.pl
@@ -13,12 +13,16 @@ print <<'EOF';
 #define FUNC_TYPE_GENERAL       1
 #define FUNC_TYPE_MD            2
 #define FUNC_TYPE_CIPHER        3
+#define FUNC_TYPE_PKEY          4
+#define FUNC_TYPE_MD_ALG        5
+#define FUNC_TYPE_CIPHER_ALG    6
 typedef struct {
        int type;
        const char *name;
        int (*func)(int argc,char *argv[]);
        } FUNCTION;
+DECLARE_LHASH_OF(FUNCTION);
 FUNCTION functions[] = {
 EOF
@@ -45,6 +49,8 @@ foreach (@ARGV)
                { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
        elsif ( ($_ =~ /^cms$/))
                { print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
+        elsif ( ($_ =~ /^ocsp$/))
+                { print "#ifndef OPENSSL_NO_OCSP\n${str}#endif\n"; }
        else
                { print $str; }
        }
@@ -62,7 +68,7 @@ foreach (
        "camellia-128-cbc", "camellia-128-ecb",
        "camellia-192-cbc", "camellia-192-ecb",
        "camellia-256-cbc", "camellia-256-ecb",
-        "base64",
+        "base64", "zlib",
        "des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
        "rc2", "bf", "cast", "rc5",
        "des-ecb", "des-ede",    "des-ede3",
@@ -89,6 +95,7 @@ foreach (
        elsif ($_ =~ /bf/)   { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
        elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; }
        elsif ($_ =~ /rc5/)  { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; }
+        elsif ($_ =~ /zlib/)  { $t="#ifdef ZLIB\n${t}#endif\n"; }
        print $t;
        }
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
index 5ed08960c1..820cd18fc7 100644
--- a/src/lib/libssl/src/apps/req.c
+++ b/src/lib/libssl/src/apps/req.c
@@ -141,39 +141,33 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
                                int n_max, unsigned long chtype);
 static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
        int nid,int n_min,int n_max, unsigned long chtype, int mval);
-#ifndef OPENSSL_NO_RSA
+static int genpkey_cb(EVP_PKEY_CTX *ctx);
-static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb);
-#endif
 static int req_check_len(int len,int n_min,int n_max);
 static int check_end(const char *str, const char *end);
+static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
+                                        long *pkeylen, char **palgnam,
+                                        ENGINE *keygen_engine);
 #ifndef MONOLITH
 static char *default_config_file=NULL;
 #endif
 static CONF *req_conf=NULL;
 static int batch=0;
-#define TYPE_RSA        1
-#define TYPE_DSA        2
-#define TYPE_DH         3
-#define TYPE_EC         4
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
        {
-        ENGINE *e = NULL;
+        ENGINE *e = NULL, *gen_eng = NULL;
-#ifndef OPENSSL_NO_DSA
-        DSA *dsa_params=NULL;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        EC_KEY *ec_params = NULL;
-#endif
        unsigned long nmflag = 0, reqflag = 0;
        int ex=1,x509=0,days=30;
        X509 *x509ss=NULL;
        X509_REQ *req=NULL;
+        EVP_PKEY_CTX *genctx = NULL;
+        const char *keyalg = NULL;
+        char *keyalgstr = NULL;
+        STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
        EVP_PKEY *pkey=NULL;
-        int i=0,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
+        int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1;
        long newkey = -1;
        BIO *in=NULL,*out=NULL;
        int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
@@ -193,7 +187,7 @@ int MAIN(int argc, char **argv)
        char *p;
        char *subj = NULL;
        int multirdn = 0;
-        const EVP_MD *md_alg=NULL,*digest=EVP_sha1();
+        const EVP_MD *md_alg=NULL,*digest=NULL;
        unsigned long chtype = MBSTRING_ASC;
 #ifndef MONOLITH
        char *to_free;
@@ -236,6 +230,16 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        engine= *(++argv);
                        }
+                else if (strcmp(*argv,"-keygen_engine") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        gen_eng = ENGINE_by_id(*(++argv));
+                        if (gen_eng == NULL)
+                                {
+                                BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv);
+                                goto end;
+                                }
+                        }
 #endif
                else if (strcmp(*argv,"-key") == 0)
                        {
@@ -292,126 +296,20 @@ int MAIN(int argc, char **argv)
                        }
                else if (strcmp(*argv,"-newkey") == 0)
                        {
-                        int is_numeric;
+                        if (--argc < 1)
-                        if (--argc < 1) goto bad;
-                        p= *(++argv);
-                        is_numeric = p[0] >= '0' && p[0] <= '9';
-                        if (strncmp("rsa:",p,4) == 0 || is_numeric)
-                                {
-                                pkey_type=TYPE_RSA;
-                                if(!is_numeric)
-                                    p+=4;
-                                newkey= atoi(p);
-                                }
-                        else
-#ifndef OPENSSL_NO_DSA
-                                if (strncmp("dsa:",p,4) == 0)
-                                {
-                                X509 *xtmp=NULL;
-                                EVP_PKEY *dtmp;
-                                pkey_type=TYPE_DSA;
-                                p+=4;
-                                if ((in=BIO_new_file(p,"r")) == NULL)
-                                        {
-                                        perror(p);
-                                        goto end;
-                                        }
-                                if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
-                                        {
-                                        ERR_clear_error();
-                                        (void)BIO_reset(in);
-                                        if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
-                                                {
-                                                BIO_printf(bio_err,"unable to load DSA parameters from file\n");
-                                                goto end;
-                                                }
-                                        if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
-                                        if (dtmp->type == EVP_PKEY_DSA)
-                                                dsa_params=DSAparams_dup(dtmp->pkey.dsa);
-                                        EVP_PKEY_free(dtmp);
-                                        X509_free(xtmp);
-                                        if (dsa_params == NULL)
-                                                {
-                                                BIO_printf(bio_err,"Certificate does not contain DSA parameters\n");
-                                                goto end;
-                                                }
-                                        }
-                                BIO_free(in);
-                                in=NULL;
-                                newkey=BN_num_bits(dsa_params->p);
-                                }
-                        else 
-#endif
-#ifndef OPENSSL_NO_ECDSA
-                                if (strncmp("ec:",p,3) == 0)
-                                {
-                                X509 *xtmp=NULL;
-                                EVP_PKEY *dtmp;
-                                EC_GROUP *group;
-                                pkey_type=TYPE_EC;
-                                p+=3;
-                                if ((in=BIO_new_file(p,"r")) == NULL)
-                                        {
-                                        perror(p);
-                                        goto end;
-                                        }
-                                if ((ec_params = EC_KEY_new()) == NULL)
-                                        goto end;
-                                group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
-                                if (group == NULL)
-                                        {
-                                        EC_KEY_free(ec_params);
-                                        ERR_clear_error();
-                                        (void)BIO_reset(in);
-                                        if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
-                                                {       
-                                                BIO_printf(bio_err,"unable to load EC parameters from file\n");
-                                                goto end;
-                                                }
-                                        if ((dtmp=X509_get_pubkey(xtmp))==NULL)
-                                                goto end;
-                                        if (dtmp->type == EVP_PKEY_EC)
-                                                ec_params = EC_KEY_dup(dtmp->pkey.ec);
-                                        EVP_PKEY_free(dtmp);
-                                        X509_free(xtmp);
-                                        if (ec_params == NULL)
-                                                {
-                                                BIO_printf(bio_err,"Certificate does not contain EC parameters\n");
-                                                goto end;
-                                                }
-                                        }
-                                else
-                                        {
-                                        if (EC_KEY_set_group(ec_params, group) == 0)
-                                                goto end;
-                                        EC_GROUP_free(group);
-                                        }
-                                BIO_free(in);
-                                in=NULL;
-                                newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params));
-                                }
-                        else
-#endif
-#ifndef OPENSSL_NO_DH
-                                if (strncmp("dh:",p,4) == 0)
-                                {
-                                pkey_type=TYPE_DH;
-                                p+=3;
-                                }
-                        else
-#endif
-                                {
                                goto bad;
-                                }
+                        keyalg = *(++argv);
                        newreq=1;
                        }
+                else if (strcmp(*argv,"-pkeyopt") == 0)
+                        {
+                        if (--argc < 1)
+                                goto bad;
+                        if (!pkeyopts)
+                                pkeyopts = sk_OPENSSL_STRING_new_null();
+                        if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv)))
+                                goto bad;
+                        }
                else if (strcmp(*argv,"-batch") == 0)
                        batch=1;
                else if (strcmp(*argv,"-newhdr") == 0)
@@ -467,11 +365,6 @@ int MAIN(int argc, char **argv)
                        serial = s2i_ASN1_INTEGER(NULL, *(++argv));
                        if (!serial) goto bad;
                        }
-                else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
-                        {
-                        /* ok */
-                        digest=md_alg;
-                        }
                else if (strcmp(*argv,"-extensions") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -482,6 +375,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        req_exts = *(++argv);
                        }
+                else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+                        {
+                        /* ok */
+                        digest=md_alg;
+                        }
                else
                        {
                        BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -730,15 +628,20 @@ bad:
        if (newreq && (pkey == NULL))
                {
-#ifndef OPENSSL_NO_RSA
-                BN_GENCB cb;
-#endif
                char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
                if (randfile == NULL)
                        ERR_clear_error();
                app_RAND_load_file(randfile, bio_err, 0);
                if (inrand)
                        app_RAND_load_files(inrand);
+                if (keyalg)
+                        {
+                        genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
+                                                        &keyalgstr, gen_eng);
+                        if (!genctx)
+                                goto end;
+                        }
        
                if (newkey <= 0)
                        {
@@ -746,57 +649,54 @@ bad:
                                newkey=DEFAULT_KEY_LENGTH;
                        }
-                if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA))
+                if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
                        {
                        BIO_printf(bio_err,"private key length is too short,\n");
                        BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey);
                        goto end;
                        }
-                BIO_printf(bio_err,"Generating a %ld bit %s private key\n",
-                        newkey,(pkey_type == TYPE_RSA)?"RSA":
-                        (pkey_type == TYPE_DSA)?"DSA":"EC");
-                if ((pkey=EVP_PKEY_new()) == NULL) goto end;
-#ifndef OPENSSL_NO_RSA
+                if (!genctx)
-                BN_GENCB_set(&cb, req_cb, bio_err);
+                        {
-                if (pkey_type == TYPE_RSA)
+                        genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey,
-                        {
+                                                        &keyalgstr, gen_eng);
-                        RSA *rsa = RSA_new();
+                        if (!genctx)
-                        BIGNUM *bn = BN_new();
-                        if(!bn || !rsa || !BN_set_word(bn, 0x10001) ||
-                                        !RSA_generate_key_ex(rsa, newkey, bn, &cb) ||
-                                        !EVP_PKEY_assign_RSA(pkey, rsa))
-                                {
-                                if(bn) BN_free(bn);
-                                if(rsa) RSA_free(rsa);
                                goto end;
-                                }
-                        BN_free(bn);
                        }
-                else
-#endif
+                if (pkeyopts)
-#ifndef OPENSSL_NO_DSA
-                        if (pkey_type == TYPE_DSA)
                        {
-                        if (!DSA_generate_key(dsa_params)) goto end;
+                        char *genopt;
-                        if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end;
+                        for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++)
-                        dsa_params=NULL;
+                                {
+                                genopt = sk_OPENSSL_STRING_value(pkeyopts, i);
+                                if (pkey_ctrl_string(genctx, genopt) <= 0)
+                                        {
+                                        BIO_printf(bio_err,
+                                                "parameter error \"%s\"\n",
+                                                genopt);
+                                        ERR_print_errors(bio_err);
+                                        goto end;
+                                        }
+                                }
                        }
-#endif
-#ifndef OPENSSL_NO_ECDSA
+                BIO_printf(bio_err,"Generating a %ld bit %s private key\n",
-                        if (pkey_type == TYPE_EC)
+                                newkey, keyalgstr);
+                EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
+                EVP_PKEY_CTX_set_app_data(genctx, bio_err);
+                if (EVP_PKEY_keygen(genctx, &pkey) <= 0)
                        {
-                        if (!EC_KEY_generate_key(ec_params)) goto end;
+                        BIO_puts(bio_err, "Error Generating Key\n");
-                        if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params)) 
+                        goto end;
-                                goto end;
-                        ec_params = NULL;
                        }
-#endif
-                app_RAND_write_file(randfile, bio_err);
+                EVP_PKEY_CTX_free(genctx);
+                genctx = NULL;
-                if (pkey == NULL) goto end;
+                app_RAND_write_file(randfile, bio_err);
                if (keyout == NULL)
                        {
@@ -895,14 +795,7 @@ loop:
                        BIO_printf(bio_err,"you need to specify a private key\n");
                        goto end;
                        }
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                        digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-                if (pkey->type == EVP_PKEY_EC)
-                        digest=EVP_ecdsa();
-#endif
                if (req == NULL)
                        {
                        req=X509_REQ_new();
@@ -945,7 +838,7 @@ loop:
                        if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
                        if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
-                        if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end;
+                        if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL)) goto end;
                        if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
                        tmppkey = X509_REQ_get_pubkey(req);
                        if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
@@ -967,7 +860,10 @@ loop:
                                }
                        
                        if (!(i=X509_sign(x509ss,pkey,digest)))
+                                {
+                                ERR_print_errors(bio_err);
                                goto end;
+                                }
                        }
                else
                        {
@@ -988,7 +884,10 @@ loop:
                                goto end;
                                }
                        if (!(i=X509_REQ_sign(req,pkey,digest)))
+                                {
+                                ERR_print_errors(bio_err);
                                goto end;
+                                }
                        }
                }
@@ -1125,7 +1024,7 @@ loop:
                        }
                fprintf(stdout,"Modulus=");
 #ifndef OPENSSL_NO_RSA
-                if (tpubkey->type == EVP_PKEY_RSA)
+                if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA)
                        BN_print(out,tpubkey->pkey.rsa->n);
                else
 #endif
@@ -1181,18 +1080,22 @@ end:
        BIO_free(in);
        BIO_free_all(out);
        EVP_PKEY_free(pkey);
+        if (genctx)
+                EVP_PKEY_CTX_free(genctx);
+        if (pkeyopts)
+                sk_OPENSSL_STRING_free(pkeyopts);
+#ifndef OPENSSL_NO_ENGINE
+        if (gen_eng)
+                ENGINE_free(gen_eng);
+#endif
+        if (keyalgstr)
+                OPENSSL_free(keyalgstr);
        X509_REQ_free(req);
        X509_free(x509ss);
        ASN1_INTEGER_free(serial);
        if(passargin && passin) OPENSSL_free(passin);
        if(passargout && passout) OPENSSL_free(passout);
        OBJ_cleanup();
-#ifndef OPENSSL_NO_DSA
-        if (dsa_params != NULL) DSA_free(dsa_params);
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        if (ec_params != NULL) EC_KEY_free(ec_params);
-#endif
        apps_shutdown();
        OPENSSL_EXIT(ex);
        }
@@ -1433,11 +1336,17 @@ start2:			for (;;)
                                BIO_snprintf(buf,sizeof buf,"%s_min",type);
                                if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
+                                        {
+                                        ERR_clear_error();
                                        n_min = -1;
+                                        }
                                BIO_snprintf(buf,sizeof buf,"%s_max",type);
                                if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
+                                        {
+                                        ERR_clear_error();
                                        n_max = -1;
+                                        }
                                if (!add_attribute_object(req,
                                        v->value,def,value,nid,n_min,n_max, chtype))
@@ -1538,7 +1447,8 @@ start:
                buf[0]='\0';
                if (!batch)
                        {
-                        fgets(buf,sizeof buf,stdin);
+                        if (!fgets(buf,sizeof buf,stdin))
+                                return 0;
                        }
                else
                        {
@@ -1596,7 +1506,8 @@ start:
                buf[0]='\0';
                if (!batch)
                        {
-                        fgets(buf,sizeof buf,stdin);
+                        if (!fgets(buf,sizeof buf,stdin))
+                                return 0;
                        }
                else
                        {
@@ -1639,24 +1550,6 @@ err:
        return(0);
        }
-#ifndef OPENSSL_NO_RSA
-static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb)
-        {
-        char c='*';
-        if (p == 0) c='.';
-        if (p == 1) c='+';
-        if (p == 2) c='*';
-        if (p == 3) c='\n';
-        BIO_write(cb->arg,&c,1);
-        (void)BIO_flush(cb->arg);
-#ifdef LINT
-        p=n;
-#endif
-        return 1;
-        }
-#endif
 static int req_check_len(int len, int n_min, int n_max)
        {
        if ((n_min > 0) && (len < n_min))
@@ -1683,3 +1576,183 @@ static int check_end(const char *str, const char *end)
        tmp = str + slen - elen;
        return strcmp(tmp, end);
 }
+static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
+                                        long *pkeylen, char **palgnam,
+                                        ENGINE *keygen_engine)
+        {
+        EVP_PKEY_CTX *gctx = NULL;
+        EVP_PKEY *param = NULL;
+        long keylen = -1;
+        BIO *pbio = NULL;
+        const char *paramfile = NULL;
+        if (gstr == NULL)
+                {
+                *pkey_type = EVP_PKEY_RSA;
+                keylen = *pkeylen;
+                }
+        else if (gstr[0] >= '0' && gstr[0] <= '9')
+                {
+                *pkey_type = EVP_PKEY_RSA;
+                keylen = atol(gstr);
+                *pkeylen = keylen;
+                }
+        else if (!strncmp(gstr, "param:", 6))
+                paramfile = gstr + 6;
+        else
+                {
+                const char *p = strchr(gstr, ':');
+                int len;
+                ENGINE *tmpeng;
+                const EVP_PKEY_ASN1_METHOD *ameth;
+                if (p)
+                        len = p - gstr;
+                else
+                        len = strlen(gstr);
+                /* The lookup of a the string will cover all engines so
+                 * keep a note of the implementation.
+                 */
+                ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len);
+                if (!ameth)
+                        {
+                        BIO_printf(err, "Unknown algorithm %.*s\n", len, gstr);
+                        return NULL;
+                        }
+                EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL,
+                                                                        ameth);
+#ifndef OPENSSL_NO_ENGINE
+                if (tmpeng)
+                        ENGINE_finish(tmpeng);
+#endif
+                if (*pkey_type == EVP_PKEY_RSA)
+                        {
+                        if (p)
+                                {
+                                keylen = atol(p + 1);
+                                *pkeylen = keylen;
+                                }
+                        }
+                else if (p)
+                        paramfile = p + 1;
+                }
+        if (paramfile)
+                {
+                pbio = BIO_new_file(paramfile, "r");
+                if (!pbio)
+                        {
+                        BIO_printf(err, "Can't open parameter file %s\n",
+                                        paramfile);
+                        return NULL;
+                        }
+                param = PEM_read_bio_Parameters(pbio, NULL);
+                if (!param)
+                        {
+                        X509 *x;
+                        (void)BIO_reset(pbio);
+                        x = PEM_read_bio_X509(pbio, NULL, NULL, NULL);
+                        if (x)
+                                {
+                                param = X509_get_pubkey(x);
+                                X509_free(x);
+                                }
+                        }
+                BIO_free(pbio);
+                if (!param)
+                        {
+                        BIO_printf(err, "Error reading parameter file %s\n",
+                                        paramfile);
+                        return NULL;
+                        }
+                if (*pkey_type == -1)
+                        *pkey_type = EVP_PKEY_id(param);
+                else if (*pkey_type != EVP_PKEY_base_id(param))
+                        {
+                        BIO_printf(err, "Key Type does not match parameters\n");
+                        EVP_PKEY_free(param);
+                        return NULL;
+                        }
+                }
+        if (palgnam)
+                {
+                const EVP_PKEY_ASN1_METHOD *ameth;
+                ENGINE *tmpeng;
+                const char *anam;
+                ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type);
+                if (!ameth)
+                        {
+                        BIO_puts(err, "Internal error: can't find key algorithm\n");
+                        return NULL;
+                        }
+                EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
+                *palgnam = BUF_strdup(anam);
+#ifndef OPENSSL_NO_ENGINE
+                if (tmpeng)
+                        ENGINE_finish(tmpeng);
+#endif
+                }
+        if (param)
+                {
+                gctx = EVP_PKEY_CTX_new(param, keygen_engine);
+                *pkeylen = EVP_PKEY_bits(param);
+                EVP_PKEY_free(param);
+                }
+        else
+                gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine);
+        if (!gctx)
+                {
+                BIO_puts(err, "Error allocating keygen context\n");
+                ERR_print_errors(err);
+                return NULL;
+                }
+        if (EVP_PKEY_keygen_init(gctx) <= 0)
+                {
+                BIO_puts(err, "Error initializing keygen context\n");
+                ERR_print_errors(err);
+                return NULL;
+                }
+#ifndef OPENSSL_NO_RSA
+        if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1))
+                {
+                if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0)
+                        {
+                        BIO_puts(err, "Error setting RSA keysize\n");
+                        ERR_print_errors(err);
+                        EVP_PKEY_CTX_free(gctx);
+                        return NULL;
+                        }
+                }
+#endif
+        return gctx;
+        }
+static int genpkey_cb(EVP_PKEY_CTX *ctx)
+        {
+        char c='*';
+        BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+        int p;
+        p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write(b,&c,1);
+        (void)BIO_flush(b);
+#ifdef LINT
+        p=n;
+#endif
+        return 1;
+        }
diff --git a/src/lib/libssl/src/apps/rsa.c b/src/lib/libssl/src/apps/rsa.c
index 930f1f038a..a17708fe9c 100644
--- a/src/lib/libssl/src/apps/rsa.c
+++ b/src/lib/libssl/src/apps/rsa.c
@@ -115,6 +115,8 @@ int MAIN(int argc, char **argv)
 #endif
        int modulus=0;
+        int pvk_encr = 2;
        apps_startup();
        if (bio_err == NULL)
@@ -177,6 +179,16 @@ int MAIN(int argc, char **argv)
                        pubin=1;
                else if (strcmp(*argv,"-pubout") == 0)
                        pubout=1;
+                else if (strcmp(*argv,"-RSAPublicKey_in") == 0)
+                        pubin = 2;
+                else if (strcmp(*argv,"-RSAPublicKey_out") == 0)
+                        pubout = 2;
+                else if (strcmp(*argv,"-pvk-strong") == 0)
+                        pvk_encr=2;
+                else if (strcmp(*argv,"-pvk-weak") == 0)
+                        pvk_encr=1;
+                else if (strcmp(*argv,"-pvk-none") == 0)
+                        pvk_encr=0;
                else if (strcmp(*argv,"-noout") == 0)
                        noout=1;
                else if (strcmp(*argv,"-text") == 0)
@@ -257,10 +269,23 @@ bad:
                EVP_PKEY        *pkey;
                if (pubin)
-                        pkey = load_pubkey(bio_err, infile,
+                        {
-                                (informat == FORMAT_NETSCAPE && sgckey ?
+                        int tmpformat=-1;
-                                        FORMAT_IISSGC : informat), 1,
+                        if (pubin == 2)
+                                {
+                                if (informat == FORMAT_PEM)
+                                        tmpformat = FORMAT_PEMRSA;
+                                else if (informat == FORMAT_ASN1)
+                                        tmpformat = FORMAT_ASN1RSA;
+                                }
+                        else if (informat == FORMAT_NETSCAPE && sgckey)
+                                tmpformat = FORMAT_IISSGC;
+                        else
+                                tmpformat = informat;
+                                        
+                        pkey = load_pubkey(bio_err, infile, tmpformat, 1,
                                passin, e, "Public Key");
+                        }
                else
                        pkey = load_key(bio_err, infile,
                                (informat == FORMAT_NETSCAPE && sgckey ?
@@ -268,7 +293,7 @@ bad:
                                passin, e, "Private Key");
                if (pkey != NULL)
-                rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);
+                        rsa = EVP_PKEY_get1_RSA(pkey);
                EVP_PKEY_free(pkey);
        }
@@ -346,7 +371,13 @@ bad:
                }
        BIO_printf(bio_err,"writing RSA key\n");
        if      (outformat == FORMAT_ASN1) {
-                if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);
+                if(pubout || pubin) 
+                        {
+                        if (pubout == 2)
+                                i=i2d_RSAPublicKey_bio(out,rsa);
+                        else
+                                i=i2d_RSA_PUBKEY_bio(out,rsa);
+                        }
                else i=i2d_RSAPrivateKey_bio(out,rsa);
        }
 #ifndef OPENSSL_NO_RC4
@@ -370,14 +401,32 @@ bad:
 #endif
        else if (outformat == FORMAT_PEM) {
                if(pubout || pubin)
-                    i=PEM_write_bio_RSA_PUBKEY(out,rsa);
+                        {
+                        if (pubout == 2)
+                                i=PEM_write_bio_RSAPublicKey(out,rsa);
+                        else
+                                i=PEM_write_bio_RSA_PUBKEY(out,rsa);
+                        }
                else i=PEM_write_bio_RSAPrivateKey(out,rsa,
                                                enc,NULL,0,NULL,passout);
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
+        } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
+                EVP_PKEY *pk;
+                pk = EVP_PKEY_new();
+                EVP_PKEY_set1_RSA(pk, rsa);
+                if (outformat == FORMAT_PVK)
+                        i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
+                else if (pubin || pubout)
+                        i = i2b_PublicKey_bio(out, pk);
+                else
+                        i = i2b_PrivateKey_bio(out, pk);
+                EVP_PKEY_free(pk);
+#endif
        } else  {
                BIO_printf(bio_err,"bad output format specified for outfile\n");
                goto end;
                }
-        if (!i)
+        if (i <= 0)
                {
                BIO_printf(bio_err,"unable to write key\n");
                ERR_print_errors(bio_err);
diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c
index 923e2b682f..b01f004eb3 100644
--- a/src/lib/libssl/src/apps/rsautl.c
+++ b/src/lib/libssl/src/apps/rsautl.c
@@ -342,4 +342,10 @@ static void usage()
 }
+#else /* !OPENSSL_NO_RSA */
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 #endif
diff --git a/src/lib/libssl/src/apps/s_apps.h b/src/lib/libssl/src/apps/s_apps.h
index 08fbbc2229..820e5c5815 100644
--- a/src/lib/libssl/src/apps/s_apps.h
+++ b/src/lib/libssl/src/apps/s_apps.h
@@ -117,7 +117,7 @@
 #include <conio.h>
 #endif
-#ifdef OPENSSL_SYS_MSDOS
+#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
 #define _kbhit kbhit
 #endif
@@ -162,7 +162,7 @@ int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
-        int argi, long argl, long ret);
+                                   int argi, long argl, long ret);
 #ifdef HEADER_SSL_H
 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
@@ -171,3 +171,6 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
                                        unsigned char *data, int len,
                                        void *arg);
 #endif
+int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
+int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len);
diff --git a/src/lib/libssl/src/apps/s_cb.c b/src/lib/libssl/src/apps/s_cb.c
index a512589e8c..c4f5512247 100644
--- a/src/lib/libssl/src/apps/s_cb.c
+++ b/src/lib/libssl/src/apps/s_cb.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -117,16 +117,21 @@
 #undef NON_MAIN
 #undef USE_SOCKETS
 #include <openssl/err.h>
+#include <openssl/rand.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 #include "s_apps.h"
+#define COOKIE_SECRET_LENGTH    16
 int verify_depth=0;
 int verify_error=X509_V_OK;
+int verify_return_error=0;
+unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
+int cookie_initialized=0;
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
        {
-        char buf[256];
        X509 *err_cert;
        int err,depth;
@@ -134,15 +139,23 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
        err=    X509_STORE_CTX_get_error(ctx);
        depth=  X509_STORE_CTX_get_error_depth(ctx);
-        X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
+        BIO_printf(bio_err,"depth=%d ",depth);
-        BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
+        if (err_cert)
+                {
+                X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
+                                        0, XN_FLAG_ONELINE);
+                BIO_puts(bio_err, "\n");
+                }
+        else
+                BIO_puts(bio_err, "<no cert>\n");
        if (!ok)
                {
                BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
                        X509_verify_cert_error_string(err));
                if (verify_depth >= depth)
                        {
-                        ok=1;
+                        if (!verify_return_error)
+                                ok=1;
                        verify_error=X509_V_OK;
                        }
                else
@@ -151,25 +164,33 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
                        verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
                        }
                }
-        switch (ctx->error)
+        switch (err)
                {
        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-                X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);
+                BIO_puts(bio_err,"issuer= ");
-                BIO_printf(bio_err,"issuer= %s\n",buf);
+                X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+                                        0, XN_FLAG_ONELINE);
+                BIO_puts(bio_err, "\n");
                break;
        case X509_V_ERR_CERT_NOT_YET_VALID:
        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
                BIO_printf(bio_err,"notBefore=");
-                ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+                ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
                BIO_printf(bio_err,"\n");
                break;
        case X509_V_ERR_CERT_HAS_EXPIRED:
        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
                BIO_printf(bio_err,"notAfter=");
-                ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+                ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
                BIO_printf(bio_err,"\n");
                break;
+        case X509_V_ERR_NO_EXPLICIT_POLICY:
+                policies_print(bio_err, ctx);
+                break;
                }
+        if (err == X509_V_OK && ok == 2)
+                policies_print(bio_err, ctx);
        BIO_printf(bio_err,"verify return:%d\n",ok);
        return(ok);
        }
@@ -258,7 +279,7 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
        }
 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
-        int argi, long argl, long ret)
+                                   int argi, long argl, long ret)
        {
        BIO *out;
@@ -267,15 +288,15 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
        if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
                {
-                BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n",
+                BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
-                        (void *)bio,argp,argi,ret,ret);
+                        (void *)bio,argp,(unsigned long)argi,ret,ret);
                BIO_dump(out,argp,(int)ret);
                return(ret);
                }
        else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
                {
-                BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n",
+                BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
-                        (void *)bio,argp,argi,ret,ret);
+                        (void *)bio,argp,(unsigned long)argi,ret,ret);
                BIO_dump(out,argp,(int)ret);
                }
        return(ret);
@@ -336,6 +357,12 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
        case TLS1_VERSION:
                str_version = "TLS 1.0 ";
                break;
+        case DTLS1_VERSION:
+                str_version = "DTLS 1.0 ";
+                break;
+        case DTLS1_BAD_VER:
+                str_version = "DTLS 1.0 (bad) ";
+                break;
        default:
                str_version = "???";
                }
@@ -401,7 +428,10 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
                        }
                }
-        if (version == SSL3_VERSION || version == TLS1_VERSION)
+        if (version == SSL3_VERSION ||
+            version == TLS1_VERSION ||
+            version == DTLS1_VERSION ||
+            version == DTLS1_BAD_VER)
                {
                switch (content_type)
                        {
@@ -504,6 +534,21 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
                                case 100:
                                        str_details2 = " no_renegotiation";
                                        break;
+                                case 110:
+                                        str_details2 = " unsupported_extension";
+                                        break;
+                                case 111:
+                                        str_details2 = " certificate_unobtainable";
+                                        break;
+                                case 112:
+                                        str_details2 = " unrecognized_name";
+                                        break;
+                                case 113:
+                                        str_details2 = " bad_certificate_status_response";
+                                        break;
+                                case 114:
+                                        str_details2 = " bad_certificate_hash_value";
+                                        break;
                                        }
                                }
                        }
@@ -525,6 +570,9 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
                                case 2:
                                        str_details1 = ", ServerHello";
                                        break;
+                                case 3:
+                                        str_details1 = ", HelloVerifyRequest";
+                                        break;
                                case 11:
                                        str_details1 = ", Certificate";
                                        break;
@@ -621,6 +669,15 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
                extname = "server ticket";
                break;
+                case TLSEXT_TYPE_renegotiate:
+                extname = "renegotiate";
+                break;
+#ifdef TLSEXT_TYPE_opaque_prf_input
+                case TLSEXT_TYPE_opaque_prf_input:
+                extname = "opaque PRF input";
+                break;
+#endif
                default:
                extname = "unknown";
@@ -634,3 +691,172 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
        BIO_dump(bio, (char *)data, len);
        (void)BIO_flush(bio);
        }
+int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
+        {
+        unsigned char *buffer, result[EVP_MAX_MD_SIZE];
+        unsigned int length, resultlength;
+        union {
+                struct sockaddr sa;
+                struct sockaddr_in s4;
+#if OPENSSL_USE_IPV6
+                struct sockaddr_in6 s6;
+#endif
+        } peer;
+        /* Initialize a random secret */
+        if (!cookie_initialized)
+                {
+                if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
+                        {
+                        BIO_printf(bio_err,"error setting random cookie secret\n");
+                        return 0;
+                        }
+                cookie_initialized = 1;
+                }
+        /* Read peer information */
+        (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
+        /* Create buffer with peer's address and port */
+        length = 0;
+        switch (peer.sa.sa_family)
+                {
+        case AF_INET:
+                length += sizeof(struct in_addr);
+                length += sizeof(peer.s4.sin_port);
+                break;
+#if OPENSSL_USE_IPV6
+        case AF_INET6:
+                length += sizeof(struct in6_addr);
+                length += sizeof(peer.s6.sin6_port);
+                break;
+#endif
+        default:
+                OPENSSL_assert(0);
+                break;
+                }
+        buffer = OPENSSL_malloc(length);
+        if (buffer == NULL)
+                {
+                BIO_printf(bio_err,"out of memory\n");
+                return 0;
+                }
+        switch (peer.sa.sa_family)
+                {
+        case AF_INET:
+                memcpy(buffer,
+                       &peer.s4.sin_port,
+                       sizeof(peer.s4.sin_port));
+                memcpy(buffer + sizeof(peer.s4.sin_port),
+                       &peer.s4.sin_addr,
+                       sizeof(struct in_addr));
+                break;
+#if OPENSSL_USE_IPV6
+        case AF_INET6:
+                memcpy(buffer,
+                       &peer.s6.sin6_port,
+                       sizeof(peer.s6.sin6_port));
+                memcpy(buffer + sizeof(peer.s6.sin6_port),
+                       &peer.s6.sin6_addr,
+                       sizeof(struct in6_addr));
+                break;
+#endif
+        default:
+                OPENSSL_assert(0);
+                break;
+                }
+        /* Calculate HMAC of buffer using the secret */
+        HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
+             buffer, length, result, &resultlength);
+        OPENSSL_free(buffer);
+        memcpy(cookie, result, resultlength);
+        *cookie_len = resultlength;
+        return 1;
+        }
+int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
+        {
+        unsigned char *buffer, result[EVP_MAX_MD_SIZE];
+        unsigned int length, resultlength;
+        union {
+                struct sockaddr sa;
+                struct sockaddr_in s4;
+#if OPENSSL_USE_IPV6
+                struct sockaddr_in6 s6;
+#endif
+        } peer;
+        /* If secret isn't initialized yet, the cookie can't be valid */
+        if (!cookie_initialized)
+                return 0;
+        /* Read peer information */
+        (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
+        /* Create buffer with peer's address and port */
+        length = 0;
+        switch (peer.sa.sa_family)
+                {
+        case AF_INET:
+                length += sizeof(struct in_addr);
+                length += sizeof(peer.s4.sin_port);
+                break;
+#if OPENSSL_USE_IPV6
+        case AF_INET6:
+                length += sizeof(struct in6_addr);
+                length += sizeof(peer.s6.sin6_port);
+                break;
+#endif
+        default:
+                OPENSSL_assert(0);
+                break;
+                }
+        buffer = OPENSSL_malloc(length);
+        
+        if (buffer == NULL)
+                {
+                BIO_printf(bio_err,"out of memory\n");
+                return 0;
+                }
+        switch (peer.sa.sa_family)
+                {
+        case AF_INET:
+                memcpy(buffer,
+                       &peer.s4.sin_port,
+                       sizeof(peer.s4.sin_port));
+                memcpy(buffer + sizeof(peer.s4.sin_port),
+                       &peer.s4.sin_addr,
+                       sizeof(struct in_addr));
+                break;
+#if OPENSSL_USE_IPV6
+        case AF_INET6:
+                memcpy(buffer,
+                       &peer.s6.sin6_port,
+                       sizeof(peer.s6.sin6_port));
+                memcpy(buffer + sizeof(peer.s6.sin6_port),
+                       &peer.s6.sin6_addr,
+                       sizeof(struct in6_addr));
+                break;
+#endif
+        default:
+                OPENSSL_assert(0);
+                break;
+                }
+        /* Calculate HMAC of buffer using the secret */
+        HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
+             buffer, length, result, &resultlength);
+        OPENSSL_free(buffer);
+        if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
+                return 1;
+        return 0;
+        }
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index 4974f5fc93..34ad2cec78 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -108,8 +108,35 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #include <assert.h>
+#include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -135,23 +162,19 @@ typedef unsigned int u_int;
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 #include <openssl/ocsp.h>
+#include <openssl/bn.h>
 #include "s_apps.h"
 #include "timeouts.h"
-#ifdef OPENSSL_SYS_WINCE
-/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
-#ifdef fileno
-#undef fileno
-#endif
-#define fileno(a) (int)_fileno(a)
-#endif
 #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
 #undef FIONBIO
 #endif
+#if defined(OPENSSL_SYS_BEOS_R5)
+#include <fcntl.h>
+#endif
 #undef PROG
 #define PROG    s_client_main
@@ -166,6 +189,7 @@ typedef unsigned int u_int;
 extern int verify_depth;
 extern int verify_error;
+extern int verify_return_error;
 #ifdef FIONBIO
 static int c_nbio=0;
@@ -188,6 +212,69 @@ static BIO *bio_c_out=NULL;
 static int c_quiet=0;
 static int c_ign_eof=0;
+#ifndef OPENSSL_NO_PSK
+/* Default PSK identity and key */
+static char *psk_identity="Client_identity";
+/*char *psk_key=NULL;  by default PSK is not used */
+static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
+        unsigned int max_identity_len, unsigned char *psk,
+        unsigned int max_psk_len)
+        {
+        unsigned int psk_len = 0;
+        int ret;
+        BIGNUM *bn=NULL;
+        if (c_debug)
+                BIO_printf(bio_c_out, "psk_client_cb\n");
+        if (!hint)
+                {
+                /* no ServerKeyExchange message*/
+                if (c_debug)
+                        BIO_printf(bio_c_out,"NULL received PSK identity hint, continuing anyway\n");
+                }
+        else if (c_debug)
+                BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
+        /* lookup PSK identity and PSK key based on the given identity hint here */
+        ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity);
+        if (ret < 0 || (unsigned int)ret > max_identity_len)
+                goto out_err;
+        if (c_debug)
+                BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, ret);
+        ret=BN_hex2bn(&bn, psk_key);
+        if (!ret)
+                {
+                BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key);
+                if (bn)
+                        BN_free(bn);
+                return 0;
+                }
+        if ((unsigned int)BN_num_bytes(bn) > max_psk_len)
+                {
+                BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
+                        max_psk_len, BN_num_bytes(bn));
+                BN_free(bn);
+                return 0;
+                }
+        psk_len=BN_bn2bin(bn, psk);
+        BN_free(bn);
+        if (psk_len == 0)
+                goto out_err;
+        if (c_debug)
+                BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len);
+        return psk_len;
+ out_err:
+        if (c_debug)
+                BIO_printf(bio_err, "Error in PSK client callback\n");
+        return 0;
+        }
+#endif
 static void sc_usage(void)
        {
        BIO_printf(bio_err,"usage: s_client args\n");
@@ -196,7 +283,7 @@ static void sc_usage(void)
        BIO_printf(bio_err," -port port     - use -connect instead\n");
        BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-        BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n");
+        BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
        BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
        BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
        BIO_printf(bio_err," -key arg      - Private key file to use, in cert file if\n");
@@ -222,11 +309,18 @@ static void sc_usage(void)
        BIO_printf(bio_err," -quiet        - no s_client output\n");
        BIO_printf(bio_err," -ign_eof      - ignore input eof (default when -quiet)\n");
        BIO_printf(bio_err," -no_ign_eof   - don't ignore input eof\n");
+#ifndef OPENSSL_NO_PSK
+        BIO_printf(bio_err," -psk_identity arg - PSK identity\n");
+        BIO_printf(bio_err," -psk arg      - PSK in hex (without 0x)\n");
+# ifndef OPENSSL_NO_JPAKE
+        BIO_printf(bio_err," -jpake arg    - JPAKE secret to use\n");
+# endif
+#endif
        BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
        BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
        BIO_printf(bio_err," -tls1         - just use TLSv1\n");
        BIO_printf(bio_err," -dtls1        - just use DTLSv1\n");    
-        BIO_printf(bio_err," -mtu          - set the MTU\n");
+        BIO_printf(bio_err," -mtu          - set the link layer MTU\n");
        BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
        BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
        BIO_printf(bio_err," -serverpref   - Use server's cipher preferences (only SSLv2)\n");
@@ -249,6 +343,7 @@ static void sc_usage(void)
        BIO_printf(bio_err," -status           - request certificate status from server\n");
        BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
 #endif
+        BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
        }
 #ifndef OPENSSL_NO_TLSEXT
@@ -272,6 +367,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
        return SSL_TLSEXT_ERR_OK;
        }
 #endif
 enum
 {
        PROTO_OFF       = 0,
@@ -286,9 +382,8 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
        {
-        int off=0;
+        unsigned int off=0, clr=0;
-        SSL *con=NULL,*con2=NULL;
+        SSL *con=NULL;
-        X509_STORE *store = NULL;
        int s,k,width,state=0;
        char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
        int cbuf_len,cbuf_off;
@@ -309,25 +404,27 @@ int MAIN(int argc, char **argv)
        SSL_CTX *ctx=NULL;
        int ret=1,in_init=1,i,nbio_test=0;
        int starttls_proto = PROTO_OFF;
-        int prexit = 0, vflags = 0;
+        int prexit = 0;
-        SSL_METHOD *meth=NULL;
+        X509_VERIFY_PARAM *vpm = NULL;
-#ifdef sock_type
+        int badarg = 0;
-#undef sock_type
+        const SSL_METHOD *meth=NULL;
-#endif
+        int socket_type=SOCK_STREAM;
-        int sock_type=SOCK_STREAM;
        BIO *sbio;
        char *inrand=NULL;
        int mbuf_len=0;
+        struct timeval timeout, *timeoutp;
 #ifndef OPENSSL_NO_ENGINE
        char *engine_id=NULL;
        char *ssl_client_engine_id=NULL;
        ENGINE *ssl_client_engine=NULL;
 #endif
        ENGINE *e=NULL;
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
        struct timeval tv;
+#if defined(OPENSSL_SYS_BEOS_R5)
+        int stdin_set = 0;
+#endif
 #endif
 #ifndef OPENSSL_NO_TLSEXT
        char *servername = NULL; 
        tlsextctx tlsextcbp = 
@@ -338,7 +435,7 @@ int MAIN(int argc, char **argv)
        struct sockaddr peer;
        int peerlen = sizeof(peer);
        int enable_timeouts = 0 ;
-        long mtu = 0;
+        long socket_mtu = 0;
 #ifndef OPENSSL_NO_JPAKE
        char *jpake_secret = NULL;
 #endif
@@ -427,10 +524,14 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        cert_format = str2fmt(*(++argv));
                        }
-                else if (strcmp(*argv,"-crl_check") == 0)
+                else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
-                        vflags |= X509_V_FLAG_CRL_CHECK;
+                        {
-                else if (strcmp(*argv,"-crl_check_all") == 0)
+                        if (badarg)
-                        vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+                                goto bad;
+                        continue;
+                        }
+                else if (strcmp(*argv,"-verify_return_error") == 0)
+                        verify_return_error = 1;
                else if (strcmp(*argv,"-prexit") == 0)
                        prexit=1;
                else if (strcmp(*argv,"-crlf") == 0)
@@ -466,6 +567,27 @@ int MAIN(int argc, char **argv)
                        nbio_test=1;
                else if (strcmp(*argv,"-state") == 0)
                        state=1;
+#ifndef OPENSSL_NO_PSK
+                else if (strcmp(*argv,"-psk_identity") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        psk_identity=*(++argv);
+                        }
+                else if (strcmp(*argv,"-psk") == 0)
+                        {
+                        size_t j;
+                        if (--argc < 1) goto bad;
+                        psk_key=*(++argv);
+                        for (j = 0; j < strlen(psk_key); j++)
+                                {
+                                if (isxdigit((int)psk_key[j]))
+                                        continue;
+                                BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
+                                goto bad;
+                                }
+                        }
+#endif
 #ifndef OPENSSL_NO_SSL2
                else if (strcmp(*argv,"-ssl2") == 0)
                        meth=SSLv2_client_method();
@@ -482,14 +604,14 @@ int MAIN(int argc, char **argv)
                else if (strcmp(*argv,"-dtls1") == 0)
                        {
                        meth=DTLSv1_client_method();
-                        sock_type=SOCK_DGRAM;
+                        socket_type=SOCK_DGRAM;
                        }
                else if (strcmp(*argv,"-timeout") == 0)
                        enable_timeouts=1;
                else if (strcmp(*argv,"-mtu") == 0)
                        {
                        if (--argc < 1) goto bad;
-                        mtu = atol(*(++argv));
+                        socket_mtu = atol(*(++argv));
                        }
 #endif
                else if (strcmp(*argv,"-bugs") == 0)
@@ -529,12 +651,20 @@ int MAIN(int argc, char **argv)
                        off|=SSL_OP_NO_SSLv3;
                else if (strcmp(*argv,"-no_ssl2") == 0)
                        off|=SSL_OP_NO_SSLv2;
+                else if (strcmp(*argv,"-no_comp") == 0)
+                        { off|=SSL_OP_NO_COMPRESSION; }
 #ifndef OPENSSL_NO_TLSEXT
                else if (strcmp(*argv,"-no_ticket") == 0)
                        { off|=SSL_OP_NO_TICKET; }
 #endif
                else if (strcmp(*argv,"-serverpref") == 0)
                        off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
+                else if (strcmp(*argv,"-legacy_renegotiation") == 0)
+                        off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+                else if (strcmp(*argv,"-legacy_server_connect") == 0)
+                        { off|=SSL_OP_LEGACY_SERVER_CONNECT; }
+                else if (strcmp(*argv,"-no_legacy_server_connect") == 0)
+                        { clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
                else if (strcmp(*argv,"-cipher") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -609,6 +739,26 @@ bad:
                goto end;
                }
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
+        if (jpake_secret)
+                {
+                if (psk_key)
+                        {
+                        BIO_printf(bio_err,
+                                   "Can't use JPAKE and PSK together\n");
+                        goto end;
+                        }
+                psk_identity = "JPAKE";
+                }
+        if (cipher)
+                {
+                BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
+                goto end;
+                }
+        cipher = "PSK";
+#endif
        OpenSSL_add_ssl_algorithms();
        SSL_load_error_strings();
@@ -624,6 +774,7 @@ bad:
                        goto end;
                        }
                }
 #endif
        if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
                {
@@ -691,6 +842,9 @@ bad:
                goto end;
                }
+        if (vpm)
+                SSL_CTX_set1_param(ctx, vpm);
 #ifndef OPENSSL_NO_ENGINE
        if (ssl_client_engine)
                {
@@ -705,14 +859,29 @@ bad:
                }
 #endif
+#ifndef OPENSSL_NO_PSK
+#ifdef OPENSSL_NO_JPAKE
+        if (psk_key != NULL)
+#else
+        if (psk_key != NULL || jpake_secret)
+#endif
+                {
+                if (c_debug)
+                        BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
+                SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
+                }
+#endif
        if (bugs)
                SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
        else
                SSL_CTX_set_options(ctx,off);
+        if (clr)
+                SSL_CTX_clear_options(ctx, clr);
        /* DTLS: partial reads end up discarding unread UDP bytes :-( 
         * Setting read ahead solves this problem.
         */
-        if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
+        if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
        if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
        if (cipher != NULL)
@@ -738,8 +907,6 @@ bad:
                /* goto end; */
                }
-        store = SSL_CTX_get_cert_store(ctx);
-        X509_STORE_set_flags(store, vflags);
 #ifndef OPENSSL_NO_TLSEXT
        if (servername != NULL)
                {
@@ -784,7 +951,6 @@ bad:
                        }
                }
 #endif
 #ifndef OPENSSL_NO_KRB5
        if (con  &&  (con->kssl_ctx = kssl_ctx_new()) != NULL)
                {
@@ -792,10 +958,15 @@ bad:
                }
 #endif  /* OPENSSL_NO_KRB5  */
 /*      SSL_set_cipher_list(con,"RC4-MD5"); */
+#if 0
+#ifdef TLSEXT_TYPE_opaque_prf_input
+        SSL_set_tlsext_opaque_prf_input(con, "Test client", 11);
+#endif
+#endif
 re_start:
-        if (init_client(&s,host,port,sock_type) == 0)
+        if (init_client(&s,host,port,socket_type) == 0)
                {
                BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
                SHUTDOWN(s);
@@ -819,7 +990,6 @@ re_start:
        if ( SSL_version(con) == DTLS1_VERSION)
                {
-                struct timeval timeout;
                sbio=BIO_new_dgram(s,BIO_NOCLOSE);
                if (getsockname(s, &peer, (void *)&peerlen) < 0)
@@ -832,7 +1002,7 @@ re_start:
                (void)BIO_ctrl_set_connected(sbio, 1, &peer);
-                if ( enable_timeouts)
+                if (enable_timeouts)
                        {
                        timeout.tv_sec = 0;
                        timeout.tv_usec = DGRAM_RCV_TIMEOUT;
@@ -843,10 +1013,10 @@ re_start:
                        BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
                        }
-                if ( mtu > 0)
+                if (socket_mtu > 28)
                        {
                        SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
-                        SSL_set_mtu(con, mtu);
+                        SSL_set_mtu(con, socket_mtu - 28);
                        }
                else
                        /* want to do MTU discovery */
@@ -1036,6 +1206,12 @@ SSL_set_tlsext_status_ids(con, ids);
                FD_ZERO(&readfds);
                FD_ZERO(&writefds);
+                if ((SSL_version(con) == DTLS1_VERSION) &&
+                        DTLSv1_get_timeout(con, &timeout))
+                        timeoutp = &timeout;
+                else
+                        timeoutp = NULL;
                if (SSL_in_init(con) && !SSL_total_renegotiations(con))
                        {
                        in_init=1;
@@ -1047,6 +1223,14 @@ SSL_set_tlsext_status_ids(con, ids);
                        if (in_init)
                                {
                                in_init=0;
+#if 0 /* This test doesn't really work as intended (needs to be fixed) */
+#ifndef OPENSSL_NO_TLSEXT
+                                if (servername != NULL && !SSL_session_reused(con))
+                                        {
+                                        BIO_printf(bio_c_out,"Server did %sacknowledge servername extension.\n",tlsextcbp.ack?"":"not ");
+                                        }
+#endif
+#endif
                                if (sess_out)
                                        {
                                        BIO *stmp = BIO_new_file(sess_out, "w");
@@ -1084,22 +1268,22 @@ SSL_set_tlsext_status_ids(con, ids);
                if (!ssl_pending)
                        {
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5)
                        if (tty_on)
                                {
-                                if (read_tty)  FD_SET(fileno(stdin),&readfds);
+                                if (read_tty)  openssl_fdset(fileno(stdin),&readfds);
-                                if (write_tty) FD_SET(fileno(stdout),&writefds);
+                                if (write_tty) openssl_fdset(fileno(stdout),&writefds);
                                }
                        if (read_ssl)
-                                FD_SET(SSL_get_fd(con),&readfds);
+                                openssl_fdset(SSL_get_fd(con),&readfds);
                        if (write_ssl)
-                                FD_SET(SSL_get_fd(con),&writefds);
+                                openssl_fdset(SSL_get_fd(con),&writefds);
 #else
                        if(!tty_on || !write_tty) {
                                if (read_ssl)
-                                        FD_SET(SSL_get_fd(con),&readfds);
+                                        openssl_fdset(SSL_get_fd(con),&readfds);
                                if (write_ssl)
-                                        FD_SET(SSL_get_fd(con),&writefds);
+                                        openssl_fdset(SSL_get_fd(con),&writefds);
                        }
 #endif
 /*                      printf("mode tty(%d %d%d) ssl(%d%d)\n",
@@ -1132,7 +1316,7 @@ SSL_set_tlsext_status_ids(con, ids);
                                        if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
 #endif
                                } else  i=select(width,(void *)&readfds,(void *)&writefds,
-                                         NULL,NULL);
+                                         NULL,timeoutp);
                        }
 #elif defined(OPENSSL_SYS_NETWARE)
                        if(!write_tty) {
@@ -1142,11 +1326,30 @@ SSL_set_tlsext_status_ids(con, ids);
                                        i=select(width,(void *)&readfds,(void *)&writefds,
                                                NULL,&tv);
                                } else  i=select(width,(void *)&readfds,(void *)&writefds,
-                                        NULL,NULL);
+                                        NULL,timeoutp);
+                        }
+#elif defined(OPENSSL_SYS_BEOS_R5)
+                        /* Under BeOS-R5 the situation is similar to DOS */
+                        i=0;
+                        stdin_set = 0;
+                        (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
+                        if(!write_tty) {
+                                if(read_tty) {
+                                        tv.tv_sec = 1;
+                                        tv.tv_usec = 0;
+                                        i=select(width,(void *)&readfds,(void *)&writefds,
+                                                 NULL,&tv);
+                                        if (read(fileno(stdin), sbuf, 0) >= 0)
+                                                stdin_set = 1;
+                                        if (!i && (stdin_set != 1 || !read_tty))
+                                                continue;
+                                } else  i=select(width,(void *)&readfds,(void *)&writefds,
+                                         NULL,timeoutp);
                        }
+                        (void)fcntl(fileno(stdin), F_SETFL, 0);
 #else
                        i=select(width,(void *)&readfds,(void *)&writefds,
-                                 NULL,NULL);
+                                 NULL,timeoutp);
 #endif
                        if ( i < 0)
                                {
@@ -1157,6 +1360,11 @@ SSL_set_tlsext_status_ids(con, ids);
                                }
                        }
+                if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
+                        {
+                        BIO_printf(bio_err,"TIMEOUT occured\n");
+                        }
                if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
                        {
                        k=SSL_write(con,&(cbuf[cbuf_off]),
@@ -1197,6 +1405,7 @@ SSL_set_tlsext_status_ids(con, ids);
                                if (cbuf_len != 0)
                                        {
                                        BIO_printf(bio_c_out,"shutdown\n");
+                                        ret = 0;
                                        goto shut;
                                        }
                                else
@@ -1224,8 +1433,8 @@ SSL_set_tlsext_status_ids(con, ids);
                                goto shut;
                                }
                        }
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
-                /* Assume Windows/DOS can always write */
+                /* Assume Windows/DOS/BeOS can always write */
                else if (!ssl_pending && write_tty)
 #else
                else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
@@ -1234,11 +1443,12 @@ SSL_set_tlsext_status_ids(con, ids);
 #ifdef CHARSET_EBCDIC
                        ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
 #endif
-                        i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
+                        i=raw_write_stdout(&(sbuf[sbuf_off]),sbuf_len);
                        if (i <= 0)
                                {
                                BIO_printf(bio_c_out,"DONE\n");
+                                ret = 0;
                                goto shut;
                                /* goto end; */
                                }
@@ -1293,10 +1503,12 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
                                BIO_printf(bio_c_out,"read X BLOCK\n");
                                break;
                        case SSL_ERROR_SYSCALL:
-                                BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
+                                ret=get_last_socket_error();
+                                BIO_printf(bio_err,"read:errno=%d\n",ret);
                                goto shut;
                        case SSL_ERROR_ZERO_RETURN:
                                BIO_printf(bio_c_out,"closed\n");
+                                ret=0;
                                goto shut;
                        case SSL_ERROR_SSL:
                                ERR_print_errors(bio_err);
@@ -1312,7 +1524,9 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
                else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
 #endif
 #elif defined (OPENSSL_SYS_NETWARE)
-        else if (_kbhit())
+                else if (_kbhit())
+#elif defined(OPENSSL_SYS_BEOS_R5)
+                else if (stdin_set)
 #else
                else if (FD_ISSET(fileno(stdin),&readfds))
 #endif
@@ -1321,7 +1535,7 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
                                {
                                int j, lf_num;
-                                i=read(fileno(stdin),cbuf,BUFSIZZ/2);
+                                i=raw_read_stdin(cbuf,BUFSIZZ/2);
                                lf_num = 0;
                                /* both loops are skipped when i <= 0 */
                                for (j = 0; j < i; j++)
@@ -1340,11 +1554,12 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
                                assert(lf_num == 0);
                                }
                        else
-                                i=read(fileno(stdin),cbuf,BUFSIZZ);
+                                i=raw_read_stdin(cbuf,BUFSIZZ);
                        if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
                                {
                                BIO_printf(bio_err,"DONE\n");
+                                ret=0;
                                goto shut;
                                }
@@ -1367,14 +1582,20 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
                        read_tty=0;
                        }
                }
+        ret=0;
 shut:
+        if (in_init)
+                print_stuff(bio_c_out,con,full_log);
        SSL_shutdown(con);
        SHUTDOWN(SSL_get_fd(con));
-        ret=0;
 end:
-        if(prexit) print_stuff(bio_c_out,con,1);
+        if (con != NULL)
-        if (con != NULL) SSL_free(con);
+                {
-        if (con2 != NULL) SSL_free(con2);
+                if (prexit != 0)
+                        print_stuff(bio_c_out,con,1);
+                SSL_free(con);
+                }
        if (ctx != NULL) SSL_CTX_free(ctx);
        if (cert)
                X509_free(cert);
@@ -1403,7 +1624,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
        char buf[BUFSIZ];
        STACK_OF(X509) *sk;
        STACK_OF(X509_NAME) *sk2;
-        SSL_CIPHER *c;
+        const SSL_CIPHER *c;
        X509_NAME *xn;
        int j,i;
 #ifndef OPENSSL_NO_COMP
@@ -1511,6 +1732,8 @@ static void print_stuff(BIO *bio, SSL *s, int full)
                                                         EVP_PKEY_bits(pktmp));
                EVP_PKEY_free(pktmp);
        }
+        BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
+                        SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
 #ifndef OPENSSL_NO_COMP
        comp=SSL_get_current_compression(s);
        expansion=SSL_get_current_expansion(s);
@@ -1554,4 +1777,5 @@ static int ocsp_resp_cb(SSL *s, void *arg)
        OCSP_RESPONSE_free(rsp);
        return 1;
        }
-#endif  /* ndef OPENSSL_NO_TLSEXT */
+#endif
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 84b1b28461..1a06d19bb1 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -113,6 +113,32 @@
 * ECC cipher suite support in OpenSSL originally developed by 
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
 * deprecated functions for openssl-internal code */
@@ -121,11 +147,11 @@
 #endif
 #include <assert.h>
+#include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <sys/stat.h>
 #include <openssl/e_os2.h>
 #ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
@@ -163,19 +189,15 @@ typedef unsigned int u_int;
 #include "s_apps.h"
 #include "timeouts.h"
-#ifdef OPENSSL_SYS_WINCE
-/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
-#ifdef fileno
-#undef fileno
-#endif
-#define fileno(a) (int)_fileno(a)
-#endif
 #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
 #undef FIONBIO
 #endif
+#if defined(OPENSSL_SYS_BEOS_R5)
+#include <fcntl.h>
+#endif
 #ifndef OPENSSL_NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
 #endif
@@ -196,14 +218,6 @@ static DH *get_dh512(void);
 static void s_server_init(void);
 #endif
-#ifndef S_ISDIR
-# if defined(_S_IFMT) && defined(_S_IFDIR)
-#  define S_ISDIR(a)    (((a) & _S_IFMT) == _S_IFDIR)
-# else
-#  define S_ISDIR(a)    (((a) & S_IFMT) == S_IFDIR)
-# endif
-#endif
 #ifndef OPENSSL_NO_DH
 static unsigned char dh512_p[]={
        0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
@@ -245,7 +259,7 @@ static int accept_socket= -1;
 #undef PROG
 #define PROG            s_server_main
-extern int verify_depth;
+extern int verify_depth, verify_return_error;
 static char *cipher=NULL;
 static int s_server_verify=SSL_VERIFY_NONE;
@@ -283,12 +297,77 @@ static char *engine_id=NULL;
 static const char *session_id_prefix=NULL;
 static int enable_timeouts = 0;
-#ifdef mtu
+static long socket_mtu;
-#undef mtu
+#ifndef OPENSSL_NO_DTLS1
-#endif
-static long mtu;
 static int cert_chain = 0;
+#endif
+#ifndef OPENSSL_NO_PSK
+static char *psk_identity="Client_identity";
+char *psk_key=NULL; /* by default PSK is not used */
+static unsigned int psk_server_cb(SSL *ssl, const char *identity,
+        unsigned char *psk, unsigned int max_psk_len)
+        {
+        unsigned int psk_len = 0;
+        int ret;
+        BIGNUM *bn = NULL;
+        if (s_debug)
+                BIO_printf(bio_s_out,"psk_server_cb\n");
+        if (!identity)
+                {
+                BIO_printf(bio_err,"Error: client did not send PSK identity\n");
+                goto out_err;
+                }
+        if (s_debug)
+                BIO_printf(bio_s_out,"identity_len=%d identity=%s\n",
+                        identity ? (int)strlen(identity) : 0, identity);
+        /* here we could lookup the given identity e.g. from a database */
+        if (strcmp(identity, psk_identity) != 0)
+                {
+                BIO_printf(bio_s_out, "PSK error: client identity not found"
+                           " (got '%s' expected '%s')\n", identity,
+                           psk_identity);
+                goto out_err;
+                }
+        if (s_debug)
+                BIO_printf(bio_s_out, "PSK client identity found\n");
+        /* convert the PSK key to binary */
+        ret = BN_hex2bn(&bn, psk_key);
+        if (!ret)
+                {
+                BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key);
+                if (bn)
+                        BN_free(bn);
+                return 0;
+                }
+        if (BN_num_bytes(bn) > (int)max_psk_len)
+                {
+                BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
+                        max_psk_len, BN_num_bytes(bn));
+                BN_free(bn);
+                return 0;
+                }
+        ret = BN_bn2bin(bn, psk);
+        BN_free(bn);
+        if (ret < 0)
+                goto out_err;
+        psk_len = (unsigned int)ret;
+        if (s_debug)
+                BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
+        return psk_len;
+ out_err:
+        if (s_debug)
+                BIO_printf(bio_err, "Error in PSK server callback\n");
+        return 0;
+        }
+#endif
 #ifdef MONOLITH
 static void s_server_init(void)
@@ -353,7 +432,7 @@ static void sv_usage(void)
 #ifndef OPENSSL_NO_ECDH
        BIO_printf(bio_err," -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \
                           "                 Use \"openssl ecparam -list_curves\" for all names\n" \
-                           "                 (default is sect163r2).\n");
+                           "                 (default is nistp256).\n");
 #endif
 #ifdef FIONBIO
        BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
@@ -370,12 +449,19 @@ static void sv_usage(void)
        BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");
        BIO_printf(bio_err," -quiet        - No server output\n");
        BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
+#ifndef OPENSSL_NO_PSK
+        BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n");
+        BIO_printf(bio_err," -psk arg      - PSK in hex (without 0x)\n");
+# ifndef OPENSSL_NO_JPAKE
+        BIO_printf(bio_err," -jpake arg    - JPAKE secret to use\n");
+# endif
+#endif
        BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
        BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
        BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
        BIO_printf(bio_err," -dtls1        - Just talk DTLSv1\n");
        BIO_printf(bio_err," -timeout      - Enable timeouts\n");
-        BIO_printf(bio_err," -mtu          - Set MTU\n");
+        BIO_printf(bio_err," -mtu          - Set link layer MTU\n");
        BIO_printf(bio_err," -chain        - Read a certificate chain\n");
        BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
        BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
@@ -405,6 +491,7 @@ static void sv_usage(void)
        BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT2);
        BIO_printf(bio_err," -tlsextdebug  - hex dump of all TLS extensions received\n");
        BIO_printf(bio_err," -no_ticket    - disable use of RFC4507bis session tickets\n");
+        BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 #endif
        }
@@ -587,7 +674,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
                        return p->extension_error;
                if (ctx2)
                        {
-                        BIO_printf(p->biodebug,"Swiching server context.\n");
+                        BIO_printf(p->biodebug,"Switching server context.\n");
                        SSL_set_SSL_CTX(s,ctx2);
                        }     
                }
@@ -626,7 +713,7 @@ static int cert_status_cb(SSL *s, void *arg)
        int use_ssl;
        unsigned char *rspder = NULL;
        int rspderlen;
-        STACK *aia = NULL;
+        STACK_OF(OPENSSL_STRING) *aia = NULL;
        X509 *x = NULL;
        X509_STORE_CTX inctx;
        X509_OBJECT obj;
@@ -648,7 +735,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
        aia = X509_get1_ocsp(x);
        if (aia)
                {
-                if (!OCSP_parse_url(sk_value(aia, 0),
+                if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
                        &host, &port, &path, &use_ssl))
                        {
                        BIO_puts(err, "cert_status: can't parse AIA URL\n");
@@ -656,7 +743,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
                        }
                if (srctx->verbose)
                        BIO_printf(err, "cert_status: AIA URL: %s\n",
-                                        sk_value(aia, 0));
+                                        sk_OPENSSL_STRING_value(aia, 0));
                }
        else
                {
@@ -701,7 +788,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
                if (!OCSP_REQUEST_add_ext(req, ext, -1))
                        goto err;
                }
-        resp = process_responder(err, req, host, path, port, use_ssl,
+        resp = process_responder(err, req, host, path, port, use_ssl, NULL,
                                        srctx->timeout);
        if (!resp)
                {
@@ -740,6 +827,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
        goto done;
        }
 #endif
 int MAIN(int, char **);
 #ifndef OPENSSL_NO_JPAKE
@@ -748,8 +836,8 @@ static char *jpake_secret = NULL;
 int MAIN(int argc, char *argv[])
        {
-        X509_STORE *store = NULL;
+        X509_VERIFY_PARAM *vpm = NULL;
-        int vflags = 0;
+        int badarg = 0;
        short port=PORT;
        char *CApath=NULL,*CAfile=NULL;
        unsigned char *context = NULL;
@@ -762,8 +850,8 @@ int MAIN(int argc, char *argv[])
        int off=0;
        int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
        int state=0;
-        SSL_METHOD *meth=NULL;
+        const SSL_METHOD *meth=NULL;
-        int socket_type=SOCK_STREAM;
+        int socket_type=SOCK_STREAM;
        ENGINE *e=NULL;
        char *inrand=NULL;
        int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
@@ -772,6 +860,7 @@ int MAIN(int argc, char *argv[])
        int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
        X509 *s_cert = NULL, *s_dcert = NULL;
        EVP_PKEY *s_key = NULL, *s_dkey = NULL;
+        int no_cache = 0;
 #ifndef OPENSSL_NO_TLSEXT
        EVP_PKEY *s_key2 = NULL;
        X509 *s_cert2 = NULL;
@@ -779,7 +868,10 @@ int MAIN(int argc, char *argv[])
 #ifndef OPENSSL_NO_TLSEXT
        tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
 #endif
+#ifndef OPENSSL_NO_PSK
+        /* by default do not send a PSK identity hint */
+        static char *psk_identity_hint=NULL;
+#endif
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
        meth=SSLv23_server_method();
 #elif !defined(OPENSSL_NO_SSL3)
@@ -911,16 +1003,20 @@ int MAIN(int argc, char *argv[])
                        if (--argc < 1) goto bad;
                        CApath= *(++argv);
                        }
-                else if (strcmp(*argv,"-crl_check") == 0)
+                else if (strcmp(*argv,"-no_cache") == 0)
-                        {
+                        no_cache = 1;
-                        vflags |= X509_V_FLAG_CRL_CHECK;
+                else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
-                        }
-                else if (strcmp(*argv,"-crl_check_all") == 0)
                        {
-                        vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+                        if (badarg)
+                                goto bad;
+                        continue;
                        }
+                else if (strcmp(*argv,"-verify_return_error") == 0)
+                        verify_return_error = 1;
                else if (strcmp(*argv,"-serverpref") == 0)
                        { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
+                else if (strcmp(*argv,"-legacy_renegotiation") == 0)
+                        off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
                else if (strcmp(*argv,"-cipher") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -993,6 +1089,27 @@ int MAIN(int argc, char *argv[])
                        { no_dhe=1; }
                else if (strcmp(*argv,"-no_ecdhe") == 0)
                        { no_ecdhe=1; }
+#ifndef OPENSSL_NO_PSK
+                else if (strcmp(*argv,"-psk_hint") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        psk_identity_hint= *(++argv);
+                        }
+                else if (strcmp(*argv,"-psk") == 0)
+                        {
+                        size_t i;
+                        if (--argc < 1) goto bad;
+                        psk_key=*(++argv);
+                        for (i=0; i<strlen(psk_key); i++)
+                                {
+                                if (isxdigit((int)psk_key[i]))
+                                        continue;
+                                BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
+                                goto bad;
+                                }
+                        }
+#endif
                else if (strcmp(*argv,"-www") == 0)
                        { www=1; }
                else if (strcmp(*argv,"-WWW") == 0)
@@ -1005,6 +1122,8 @@ int MAIN(int argc, char *argv[])
                        { off|=SSL_OP_NO_SSLv3; }
                else if (strcmp(*argv,"-no_tls1") == 0)
                        { off|=SSL_OP_NO_TLSv1; }
+                else if (strcmp(*argv,"-no_comp") == 0)
+                        { off|=SSL_OP_NO_COMPRESSION; }
 #ifndef OPENSSL_NO_TLSEXT
                else if (strcmp(*argv,"-no_ticket") == 0)
                        { off|=SSL_OP_NO_TICKET; }
@@ -1032,7 +1151,7 @@ int MAIN(int argc, char *argv[])
                else if (strcmp(*argv,"-mtu") == 0)
                        {
                        if (--argc < 1) goto bad;
-                        mtu = atol(*(++argv));
+                        socket_mtu = atol(*(++argv));
                        }
                else if (strcmp(*argv, "-chain") == 0)
                        cert_chain = 1;
@@ -1074,7 +1193,7 @@ int MAIN(int argc, char *argv[])
                        }
                        
 #endif
-#ifndef OPENSSL_NO_JPAKE
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
                else if (strcmp(*argv,"-jpake") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -1097,6 +1216,26 @@ bad:
                goto end;
                }
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
+        if (jpake_secret)
+                {
+                if (psk_key)
+                        {
+                        BIO_printf(bio_err,
+                                   "Can't use JPAKE and PSK together\n");
+                        goto end;
+                        }
+                psk_identity = "JPAKE";
+                if (cipher)
+                        {
+                        BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
+                        goto end;
+                        }
+                cipher = "PSK";
+                }
+#endif
        SSL_load_error_strings();
        OpenSSL_add_ssl_algorithms();
@@ -1159,6 +1298,8 @@ bad:
                        }
 #endif
                }
        if (s_dcert_file)
                {
@@ -1253,8 +1394,10 @@ bad:
        if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
        if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
+        if (no_cache)
-        SSL_CTX_sess_set_cache_size(ctx,128);
+                SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+        else
+                SSL_CTX_sess_set_cache_size(ctx,128);
 #if 0
        if (cipher == NULL) cipher=getenv("SSL_CIPHER");
@@ -1275,8 +1418,9 @@ bad:
                ERR_print_errors(bio_err);
                /* goto end; */
                }
-        store = SSL_CTX_get_cert_store(ctx);
+        if (vpm)
-        X509_STORE_set_flags(store, vflags);
+                SSL_CTX_set1_param(ctx, vpm);
 #ifndef OPENSSL_NO_TLSEXT
        if (s_cert2)
                {
@@ -1312,28 +1456,28 @@ bad:
                if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL);
                if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
                SSL_CTX_set_options(ctx2,off);
                /* DTLS: partial reads end up discarding unread UDP bytes :-( 
                 * Setting read ahead solves this problem.
                 */
                if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1);
                if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
-                SSL_CTX_sess_set_cache_size(ctx2,128);
+                if (no_cache)
+                        SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);
+                else
+                        SSL_CTX_sess_set_cache_size(ctx2,128);
                if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
                        (!SSL_CTX_set_default_verify_paths(ctx2)))
                        {
                        ERR_print_errors(bio_err);
                        }
-                store = SSL_CTX_get_cert_store(ctx2);
+                if (vpm)
-                X509_STORE_set_flags(store, vflags);
+                        SSL_CTX_set1_param(ctx2, vpm);
                }
 #endif 
 #ifndef OPENSSL_NO_DH
        if (!no_dhe)
                {
@@ -1409,10 +1553,10 @@ bad:
                else
                        {
                        BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
-                        ecdh = EC_KEY_new_by_curve_name(NID_sect163r2);
+                        ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
                        if (ecdh == NULL) 
                                {
-                                BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
+                                BIO_printf(bio_err, "unable to create curve (nistp256)\n");
                                goto end;
                                }
                        }
@@ -1447,7 +1591,7 @@ bad:
 #ifndef OPENSSL_NO_TLSEXT
                if (ctx2) 
                        SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb);
-#endif  
+#endif          
                }
 #else
        if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
@@ -1480,11 +1624,34 @@ bad:
 #endif
 #endif
-        if (cipher != NULL)
+#ifndef OPENSSL_NO_PSK
-                if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
+#ifdef OPENSSL_NO_JPAKE
-                BIO_printf(bio_err,"error setting cipher list\n");
+        if (psk_key != NULL)
+#else
+        if (psk_key != NULL || jpake_secret)
+#endif
+                {
+                if (s_debug)
+                        BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");
+                SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
+                }
+        if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint))
+                {
+                BIO_printf(bio_err,"error setting PSK identity hint to context\n");
                ERR_print_errors(bio_err);
                goto end;
+                }
+#endif
+        if (cipher != NULL)
+                {
+                if(!SSL_CTX_set_cipher_list(ctx,cipher))
+                        {
+                        BIO_printf(bio_err,"error setting cipher list\n");
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
 #ifndef OPENSSL_NO_TLSEXT
                if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher))
                        {
@@ -1493,11 +1660,15 @@ bad:
                        goto end;
                        }
 #endif
-        }
+                }
        SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
        SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
                sizeof s_server_session_id_context);
+        /* Set DTLS cookie generation and verification callbacks */
+        SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
+        SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
 #ifndef OPENSSL_NO_TLSEXT
        if (ctx2)
                {
@@ -1512,6 +1683,7 @@ bad:
                SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
                }
 #endif
        if (CAfile != NULL)
                {
                SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
@@ -1520,7 +1692,9 @@ bad:
                        SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile));
 #endif
                }
        BIO_printf(bio_s_out,"ACCEPT\n");
+        (void)BIO_flush(bio_s_out);
        if (www)
                do_server(port,socket_type,&accept_socket,www_body, context);
        else
@@ -1591,8 +1765,11 @@ static int sv_body(char *hostname, int s, unsigned char *context)
        unsigned long l;
        SSL *con=NULL;
        BIO *sbio;
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+        struct timeval timeout;
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
        struct timeval tv;
+#else
+        struct timeval *timeoutp;
 #endif
        if ((buf=OPENSSL_malloc(bufsize)) == NULL)
@@ -1641,14 +1818,18 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                                                 strlen((char *)context));
        }
        SSL_clear(con);
+#if 0
+#ifdef TLSEXT_TYPE_opaque_prf_input
+        SSL_set_tlsext_opaque_prf_input(con, "Test server", 11);
+#endif
+#endif
        if (SSL_version(con) == DTLS1_VERSION)
                {
-                struct timeval timeout;
                sbio=BIO_new_dgram(s,BIO_NOCLOSE);
-                if ( enable_timeouts)
+                if (enable_timeouts)
                        {
                        timeout.tv_sec = 0;
                        timeout.tv_usec = DGRAM_RCV_TIMEOUT;
@@ -1659,11 +1840,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                        BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
                        }
-                
+                if (socket_mtu > 28)
-                if ( mtu > 0)
                        {
                        SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
-                        SSL_set_mtu(con, mtu);
+                        SSL_set_mtu(con, socket_mtu - 28);
                        }
                else
                        /* want to do MTU discovery */
@@ -1722,10 +1902,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                if (!read_from_sslcon)
                        {
                        FD_ZERO(&readfds);
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5)
-                        FD_SET(fileno(stdin),&readfds);
+                        openssl_fdset(fileno(stdin),&readfds);
 #endif
-                        FD_SET(s,&readfds);
+                        openssl_fdset(s,&readfds);
                        /* Note: under VMS with SOCKETSHR the second parameter is
                         * currently of type (int *) whereas under other systems
                         * it is (void *) if you don't have a cast it will choke
@@ -1744,8 +1924,31 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                        if((i < 0) || (!i && !_kbhit() ) )continue;
                        if(_kbhit())
                                read_from_terminal = 1;
+#elif defined(OPENSSL_SYS_BEOS_R5)
+                        /* Under BeOS-R5 the situation is similar to DOS */
+                        tv.tv_sec = 1;
+                        tv.tv_usec = 0;
+                        (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
+                        i=select(width,(void *)&readfds,NULL,NULL,&tv);
+                        if ((i < 0) || (!i && read(fileno(stdin), buf, 0) < 0))
+                                continue;
+                        if (read(fileno(stdin), buf, 0) >= 0)
+                                read_from_terminal = 1;
+                        (void)fcntl(fileno(stdin), F_SETFL, 0);
 #else
-                        i=select(width,(void *)&readfds,NULL,NULL,NULL);
+                        if ((SSL_version(con) == DTLS1_VERSION) &&
+                                DTLSv1_get_timeout(con, &timeout))
+                                timeoutp = &timeout;
+                        else
+                                timeoutp = NULL;
+                        i=select(width,(void *)&readfds,NULL,NULL,timeoutp);
+                        if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
+                                {
+                                BIO_printf(bio_err,"TIMEOUT occured\n");
+                                }
                        if (i <= 0) continue;
                        if (FD_ISSET(fileno(stdin),&readfds))
                                read_from_terminal = 1;
@@ -1759,7 +1962,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                                {
                                int j, lf_num;
-                                i=read(fileno(stdin), buf, bufsize/2);
+                                i=raw_read_stdin(buf, bufsize/2);
                                lf_num = 0;
                                /* both loops are skipped when i <= 0 */
                                for (j = 0; j < i; j++)
@@ -1778,7 +1981,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                                assert(lf_num == 0);
                                }
                        else
-                                i=read(fileno(stdin),buf,bufsize);
+                                i=raw_read_stdin(buf,bufsize);
                        if (!s_quiet)
                                {
                                if ((i <= 0) || (buf[0] == 'Q'))
@@ -1798,6 +2001,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                                        ret= -11;*/
                                        goto err;
                                        }
                                if ((buf[0] == 'r') && 
                                        ((buf[1] == '\n') || (buf[1] == '\r')))
                                        {
@@ -1894,7 +2098,7 @@ again:
 #ifdef CHARSET_EBCDIC
                                        ascii2ebcdic(buf,buf,i);
 #endif
-                                        write(fileno(stdout),buf,
+                                        raw_write_stdout(buf,
                                                (unsigned int)i);
                                        if (SSL_pending(con)) goto again;
                                        break;
@@ -1918,13 +2122,16 @@ again:
                        }
                }
 err:
-        BIO_printf(bio_s_out,"shutting down SSL\n");
+        if (con != NULL)
+                {
+                BIO_printf(bio_s_out,"shutting down SSL\n");
 #if 1
-        SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+                SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 #else
-        SSL_shutdown(con);
+                SSL_shutdown(con);
 #endif
-        if (con != NULL) SSL_free(con);
+                SSL_free(con);
+                }
        BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
        if (buf != NULL)
                {
@@ -2002,6 +2209,8 @@ static int init_ssl_connection(SSL *con)
                        con->kssl_ctx->client_princ);
                }
 #endif /* OPENSSL_NO_KRB5 */
+        BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
+                      SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
        return(1);
        }
@@ -2046,9 +2255,8 @@ static int www_body(char *hostname, int s, unsigned char *context)
        char *buf=NULL;
        int ret=1;
        int i,j,k,blank,dot;
-        struct stat st_buf;
        SSL *con;
-        SSL_CIPHER *c;
+        const SSL_CIPHER *c;
        BIO *io,*ssl_bio,*sbio;
        long total_bytes;
@@ -2318,14 +2526,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 #endif
                        /* if a directory, do the index thang */
-                        if (stat(p,&st_buf) < 0)
+                        if (app_isdir(p)>0)
-                                {
-                                BIO_puts(io,text);
-                                BIO_printf(io,"Error accessing '%s'\r\n",p);
-                                ERR_print_errors(io);
-                                break;
-                                }
-                        if (S_ISDIR(st_buf.st_mode))
                                {
 #if 0 /* must check buffer size */
                                strcat(p,"/index.html");
diff --git a/src/lib/libssl/src/apps/s_socket.c b/src/lib/libssl/src/apps/s_socket.c
index 4a922e16a0..6b8713de60 100644
--- a/src/lib/libssl/src/apps/s_socket.c
+++ b/src/lib/libssl/src/apps/s_socket.c
@@ -62,6 +62,12 @@
 #include <errno.h>
 #include <signal.h>
+#ifdef FLAT_INC
+#include "e_os2.h"
+#else
+#include "../e_os2.h"
+#endif
 /* With IPv6, it looks like Digital has mixed up the proper order of
   recursive header file inclusion, resulting in the compiler complaining
   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
@@ -231,13 +237,11 @@ static int ssl_sock_init(void)
 int init_client(int *sock, char *host, int port, int type)
        {
        unsigned char ip[4];
-        short p=0;
        if (!host_ip(host,&(ip[0])))
                {
                return(0);
                }
-        if (p != 0) port=p;
        return(init_client_ip(sock,ip,port,type));
        }
@@ -266,7 +270,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
                        
        if (s == INVALID_SOCKET) { perror("socket"); return(0); }
-#ifndef OPENSSL_SYS_MPE
+#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
        if (type == SOCK_STREAM)
                {
                i=0;
@@ -276,7 +280,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
 #endif
        if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
-                { close(s); perror("connect"); return(0); }
+                { closesocket(s); perror("connect"); return(0); }
        *sock=s;
        return(1);
        }
@@ -285,7 +289,7 @@ int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, uns
        {
        int sock;
        char *name = NULL;
-        int accept_socket;
+        int accept_socket = 0;
        int i;
        if (!init_server(&accept_socket,port,type)) return(0);
diff --git a/src/lib/libssl/src/apps/s_time.c b/src/lib/libssl/src/apps/s_time.c
index 904945e1a8..b823c33c58 100644
--- a/src/lib/libssl/src/apps/s_time.c
+++ b/src/lib/libssl/src/apps/s_time.c
@@ -85,54 +85,6 @@
 #include OPENSSL_UNISTD
 #endif
-#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
-#define TIMES
-#endif
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-/* Depending on the VMS version, the tms structure is perhaps defined.
-   The __TMS macro will show if it was.  If it wasn't defined, we should
-   undefine TIMES, since that tells the rest of the program how things
-   should be handled.                           -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
-#include <sys/timeb.h>
-#endif
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-/* The following if from times(3) man page.  It may need to be changed
-*/
-#ifndef HZ
-# ifdef _SC_CLK_TCK
-#  define HZ ((double)sysconf(_SC_CLK_TCK))
-# else
-#  ifndef CLK_TCK
-#   ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#    define HZ  100.0
-#   else /* _BSD_CLK_TCK_ */
-#    define HZ ((double)_BSD_CLK_TCK_)
-#   endif
-#  else /* CLK_TCK */
-#   define HZ ((double)CLK_TCK)
-#  endif
-# endif
-#endif
 #undef PROG
 #define PROG s_time_main
@@ -177,7 +129,7 @@ static char *tm_cipher=NULL;
 static int tm_verify = SSL_VERIFY_NONE;
 static int maxTime = SECONDS;
 static SSL_CTX *tm_ctx=NULL;
-static SSL_METHOD *s_time_meth=NULL;
+static const SSL_METHOD *s_time_meth=NULL;
 static char *s_www_path=NULL;
 static long bytes_read=0; 
 static int st_bugs=0;
@@ -372,63 +324,8 @@ bad:
 static double tm_Time_F(int s)
        {
-        static double ret;
+        return app_tminterval(s,1);
-#ifdef TIMES
-        static struct tms tstart,tend;
-        if(s == START) {
-                times(&tstart);
-                return(0);
-        } else {
-                times(&tend);
-                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
-                return((ret == 0.0)?1e-6:ret);
        }
-#elif defined(OPENSSL_SYS_NETWARE)
-    static clock_t tstart,tend;
-    if (s == START)
-    {
-        tstart=clock();
-        return(0);
-    }
-    else
-    {
-        tend=clock();
-        ret=(double)((double)(tend)-(double)(tstart));
-        return((ret < 0.001)?0.001:ret);
-    }
-#elif defined(OPENSSL_SYS_VXWORKS)
-        {
-        static unsigned long tick_start, tick_end;
-        if( s == START )
-                {
-                tick_start = tickGet();
-                return 0;
-                }
-        else
-                {
-                tick_end = tickGet();
-                ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
-                return((ret == 0.0)?1e-6:ret);
-                }
-        }
-#else /* !times() */
-        static struct timeb tstart,tend;
-        long i;
-        if(s == START) {
-                ftime(&tstart);
-                return(0);
-        } else {
-                ftime(&tend);
-                i=(long)tend.millitm-(long)tstart.millitm;
-                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
-                return((ret == 0.0)?1e-6:ret);
-        }
-#endif
-}
 /***********************************************************************
 * MAIN - main processing area for client
@@ -704,7 +601,7 @@ static SSL *doConnection(SSL *scon)
                        i=SSL_get_fd(serverCon);
                        width=i+1;
                        FD_ZERO(&readfds);
-                        FD_SET(i,&readfds);
+                        openssl_fdset(i,&readfds);
                        /* Note: under VMS with SOCKETSHR the 2nd parameter
                         * is currently of type (int *) whereas under other
                         * systems it is (void *) if you don't have a cast it
diff --git a/src/lib/libssl/src/apps/smime.c b/src/lib/libssl/src/apps/smime.c
index 75804b8d7b..c583f8a0e1 100644
--- a/src/lib/libssl/src/apps/smime.c
+++ b/src/lib/libssl/src/apps/smime.c
@@ -73,11 +73,14 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 static int smime_cb(int ok, X509_STORE_CTX *ctx);
 #define SMIME_OP        0x10
+#define SMIME_IP        0x20
+#define SMIME_SIGNERS   0x40
 #define SMIME_ENCRYPT   (1 | SMIME_OP)
-#define SMIME_DECRYPT   2
+#define SMIME_DECRYPT   (2 | SMIME_IP)
-#define SMIME_SIGN      (3 | SMIME_OP)
+#define SMIME_SIGN      (3 | SMIME_OP | SMIME_SIGNERS)
-#define SMIME_VERIFY    4
+#define SMIME_VERIFY    (4 | SMIME_IP)
-#define SMIME_PK7OUT    5
+#define SMIME_PK7OUT    (5 | SMIME_IP | SMIME_OP)
+#define SMIME_RESIGN    (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
 int MAIN(int, char **);
@@ -90,6 +93,7 @@ int MAIN(int argc, char **argv)
        const char *inmode = "r", *outmode = "w";
        char *infile = NULL, *outfile = NULL;
        char *signerfile = NULL, *recipfile = NULL;
+        STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
        char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
        const EVP_CIPHER *cipher = NULL;
        PKCS7 *p7 = NULL;
@@ -105,6 +109,8 @@ int MAIN(int argc, char **argv)
        char *passargin = NULL, *passin = NULL;
        char *inrand = NULL;
        int need_rand = 0;
+        int indef = 0;
+        const EVP_MD *sign_md = NULL;
        int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
        int keyform = FORMAT_PEM;
 #ifndef OPENSSL_NO_ENGINE
@@ -135,6 +141,8 @@ int MAIN(int argc, char **argv)
                        operation = SMIME_DECRYPT;
                else if (!strcmp (*args, "-sign"))
                        operation = SMIME_SIGN;
+                else if (!strcmp (*args, "-resign"))
+                        operation = SMIME_RESIGN;
                else if (!strcmp (*args, "-verify"))
                        operation = SMIME_VERIFY;
                else if (!strcmp (*args, "-pk7out"))
@@ -193,205 +201,209 @@ int MAIN(int argc, char **argv)
                                flags |= PKCS7_BINARY;
                else if (!strcmp (*args, "-nosigs"))
                                flags |= PKCS7_NOSIGS;
+                else if (!strcmp (*args, "-stream"))
+                                indef = 1;
+                else if (!strcmp (*args, "-indef"))
+                                indef = 1;
+                else if (!strcmp (*args, "-noindef"))
+                                indef = 0;
                else if (!strcmp (*args, "-nooldmime"))
                                flags |= PKCS7_NOOLDMIMETYPE;
                else if (!strcmp (*args, "-crlfeol"))
                                flags |= PKCS7_CRLFEOL;
                else if (!strcmp(*args,"-rand"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        args++;
-                                inrand = *args;
+                        inrand = *args;
-                                }
-                        else
-                                badarg = 1;
                        need_rand = 1;
                        }
 #ifndef OPENSSL_NO_ENGINE
                else if (!strcmp(*args,"-engine"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        engine = *++args;
-                                engine = *args;
-                                }
-                        else badarg = 1;
                        }
 #endif
                else if (!strcmp(*args,"-passin"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        passargin = *++args;
-                                passargin = *args;
-                                }
-                        else
-                                badarg = 1;
                        }
                else if (!strcmp (*args, "-to"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        to = *++args;
-                                to = *args;
-                                }
-                        else
-                                badarg = 1;
                        }
                else if (!strcmp (*args, "-from"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        from = *++args;
-                                from = *args;
-                                }
-                        else badarg = 1;
                        }
                else if (!strcmp (*args, "-subject"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        subject = *++args;
-                                subject = *args;
-                                }
-                        else
-                                badarg = 1;
                        }
                else if (!strcmp (*args, "-signer"))
                        {
-                        if (args[1])
+                        if (!args[1])
+                                goto argerr;
+                        /* If previous -signer argument add signer to list */
+                        if (signerfile)
                                {
-                                args++;
+                                if (!sksigners)
-                                signerfile = *args;
+                                        sksigners = sk_OPENSSL_STRING_new_null();
+                                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                                if (!keyfile)
+                                        keyfile = signerfile;
+                                if (!skkeys)
+                                        skkeys = sk_OPENSSL_STRING_new_null();
+                                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                                keyfile = NULL;
                                }
-                        else
+                        signerfile = *++args;
-                                badarg = 1;
                        }
                else if (!strcmp (*args, "-recip"))
                        {
-                        if (args[1])
+                        if (!args[1])
+                                goto argerr;
+                        recipfile = *++args;
+                        }
+                else if (!strcmp (*args, "-md"))
+                        {
+                        if (!args[1])
+                                goto argerr;
+                        sign_md = EVP_get_digestbyname(*++args);
+                        if (sign_md == NULL)
                                {
-                                args++;
+                                BIO_printf(bio_err, "Unknown digest %s\n",
-                                recipfile = *args;
+                                                        *args);
+                                goto argerr;
                                }
-                        else badarg = 1;
                        }
                else if (!strcmp (*args, "-inkey"))
                        {
-                        if (args[1])
+                        if (!args[1])   
+                                goto argerr;
+                        /* If previous -inkey arument add signer to list */
+                        if (keyfile)
                                {
-                                args++;
+                                if (!signerfile)
-                                keyfile = *args;
+                                        {
+                                        BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+                                        goto argerr;
+                                        }
+                                if (!sksigners)
+                                        sksigners = sk_OPENSSL_STRING_new_null();
+                                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                                signerfile = NULL;
+                                if (!skkeys)
+                                        skkeys = sk_OPENSSL_STRING_new_null();
+                                sk_OPENSSL_STRING_push(skkeys, keyfile);
                                }
-                        else
+                        keyfile = *++args;
-                                badarg = 1;
+                        }
-                }
                else if (!strcmp (*args, "-keyform"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        keyform = str2fmt(*++args);
-                                keyform = str2fmt(*args);
-                                }
-                        else
-                                badarg = 1;
                        }
                else if (!strcmp (*args, "-certfile"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        certfile = *++args;
-                                certfile = *args;
-                                }
-                        else
-                                badarg = 1;
                        }
                else if (!strcmp (*args, "-CAfile"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        CAfile = *++args;
-                                CAfile = *args;
-                                }
-                        else
-                                badarg = 1;
                        }
                else if (!strcmp (*args, "-CApath"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        CApath = *++args;
-                                CApath = *args;
-                                }
-                        else
-                                badarg = 1;
                        }
                else if (!strcmp (*args, "-in"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        infile = *++args;
-                                infile = *args;
-                                }
-                        else
-                                badarg = 1;
                        }
                else if (!strcmp (*args, "-inform"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        informat = str2fmt(*++args);
-                                informat = str2fmt(*args);
-                                }
-                        else
-                                badarg = 1;
                        }
                else if (!strcmp (*args, "-outform"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        outformat = str2fmt(*++args);
-                                outformat = str2fmt(*args);
-                                }
-                        else
-                                badarg = 1;
                        }
                else if (!strcmp (*args, "-out"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        outfile = *++args;
-                                outfile = *args;
-                                }
-                        else
-                                badarg = 1;
                        }
                else if (!strcmp (*args, "-content"))
                        {
-                        if (args[1])
+                        if (!args[1])
-                                {
+                                goto argerr;
-                                args++;
+                        contfile = *++args;
-                                contfile = *args;
-                                }
-                        else
-                                badarg = 1;
                        }
                else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
                        continue;
-                else
+                else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
                        badarg = 1;
                args++;
                }
+        if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
+                {
+                BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
+                goto argerr;
+                }
-        if (operation == SMIME_SIGN)
+        if (operation & SMIME_SIGNERS)
                {
-                if (!signerfile)
+                /* Check to see if any final signer needs to be appended */
+                if (keyfile && !signerfile)
+                        {
+                        BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+                        goto argerr;
+                        }
+                if (signerfile)
+                        {
+                        if (!sksigners)
+                                sksigners = sk_OPENSSL_STRING_new_null();
+                        sk_OPENSSL_STRING_push(sksigners, signerfile);
+                        if (!skkeys)
+                                skkeys = sk_OPENSSL_STRING_new_null();
+                        if (!keyfile)
+                                keyfile = signerfile;
+                        sk_OPENSSL_STRING_push(skkeys, keyfile);
+                        }
+                if (!sksigners)
                        {
                        BIO_printf(bio_err, "No signer certificate specified\n");
                        badarg = 1;
                        }
+                signerfile = NULL;
+                keyfile = NULL;
                need_rand = 1;
                }
        else if (operation == SMIME_DECRYPT)
@@ -416,6 +428,7 @@ int MAIN(int argc, char **argv)
        if (badarg)
                {
+                argerr:
                BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
                BIO_printf (bio_err, "where options are\n");
                BIO_printf (bio_err, "-encrypt       encrypt message\n");
@@ -499,13 +512,11 @@ int MAIN(int argc, char **argv)
        ret = 2;
-        if (operation != SMIME_SIGN)
+        if (!(operation & SMIME_SIGNERS))
                flags &= ~PKCS7_DETACHED;
        if (operation & SMIME_OP)
                {
-                if (flags & PKCS7_BINARY)
-                        inmode = "rb";
                if (outformat == FORMAT_ASN1)
                        outmode = "wb";
                }
@@ -513,9 +524,18 @@ int MAIN(int argc, char **argv)
                {
                if (flags & PKCS7_BINARY)
                        outmode = "wb";
+                }
+        if (operation & SMIME_IP)
+                {
                if (informat == FORMAT_ASN1)
                        inmode = "rb";
                }
+        else
+                {
+                if (flags & PKCS7_BINARY)
+                        inmode = "rb";
+                }
        if (operation == SMIME_ENCRYPT)
                {
@@ -545,26 +565,11 @@ int MAIN(int argc, char **argv)
                        }
                }
-        if (signerfile && (operation == SMIME_SIGN))
-                {
-                if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
-                        e, "signer certificate")))
-                        {
-#if 0                   /* An appropri message has already been printed */
-                        BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
-#endif
-                        goto end;
-                        }
-                }
        if (certfile)
                {
                if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
                        e, "certificate file")))
                        {
-#if 0                   /* An appropriate message has already been printed */
-                        BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
-#endif
                        ERR_print_errors(bio_err);
                        goto end;
                        }
@@ -575,9 +580,6 @@ int MAIN(int argc, char **argv)
                if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
                        e, "recipient certificate file")))
                        {
-#if 0                   /* An appropriate message has alrady been printed */
-                        BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
-#endif
                        ERR_print_errors(bio_err);
                        goto end;
                        }
@@ -615,6 +617,36 @@ int MAIN(int argc, char **argv)
        else
                in = BIO_new_fp(stdin, BIO_NOCLOSE);
+        if (operation & SMIME_IP)
+                {
+                if (informat == FORMAT_SMIME) 
+                        p7 = SMIME_read_PKCS7(in, &indata);
+                else if (informat == FORMAT_PEM) 
+                        p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+                else if (informat == FORMAT_ASN1) 
+                        p7 = d2i_PKCS7_bio(in, NULL);
+                else
+                        {
+                        BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
+                        goto end;
+                        }
+                if (!p7)
+                        {
+                        BIO_printf(bio_err, "Error reading S/MIME message\n");
+                        goto end;
+                        }
+                if (contfile)
+                        {
+                        BIO_free(indata);
+                        if (!(indata = BIO_new_file(contfile, "rb")))
+                                {
+                                BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+                                goto end;
+                                }
+                        }
+                }
        if (outfile)
                {
                if (!(out = BIO_new_file(outfile, outmode)))
@@ -639,7 +671,7 @@ int MAIN(int argc, char **argv)
                {
                if (!(store = setup_verify(bio_err, CAfile, CApath)))
                        goto end;
-                X509_STORE_set_verify_cb_func(store, smime_cb);
+                X509_STORE_set_verify_cb(store, smime_cb);
                if (vpm)
                        X509_STORE_set1_param(store, vpm);
                }
@@ -648,43 +680,58 @@ int MAIN(int argc, char **argv)
        ret = 3;
        if (operation == SMIME_ENCRYPT)
-                p7 = PKCS7_encrypt(encerts, in, cipher, flags);
-        else if (operation == SMIME_SIGN)
                {
-                /* If detached data and SMIME output enable partial
+                if (indef)
-                 * signing.
-                 */
-                if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
                        flags |= PKCS7_STREAM;
-                p7 = PKCS7_sign(signer, key, other, in, flags);
+                p7 = PKCS7_encrypt(encerts, in, cipher, flags);
                }
-        else
+        else if (operation & SMIME_SIGNERS)
                {
-                if (informat == FORMAT_SMIME) 
+                int i;
-                        p7 = SMIME_read_PKCS7(in, &indata);
+                /* If detached data content we only enable streaming if
-                else if (informat == FORMAT_PEM) 
+                 * S/MIME output format.
-                        p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+                 */
-                else if (informat == FORMAT_ASN1) 
+                if (operation == SMIME_SIGN)
-                        p7 = d2i_PKCS7_bio(in, NULL);
-                else
                        {
-                        BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
+                        if (flags & PKCS7_DETACHED)
-                        goto end;
+                                {
+                                if (outformat == FORMAT_SMIME)
+                                        flags |= PKCS7_STREAM;
+                                }
+                        else if (indef)
+                                flags |= PKCS7_STREAM;
+                        flags |= PKCS7_PARTIAL;
+                        p7 = PKCS7_sign(NULL, NULL, other, in, flags);
+                        if (!p7)
+                                goto end;
                        }
+                else
-                if (!p7)
+                        flags |= PKCS7_REUSE_DIGEST;
-                        {
+                for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
-                        BIO_printf(bio_err, "Error reading S/MIME message\n");
+                        {
-                        goto end;
+                        signerfile = sk_OPENSSL_STRING_value(sksigners, i);
+                        keyfile = sk_OPENSSL_STRING_value(skkeys, i);
+                        signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
+                                        e, "signer certificate");
+                        if (!signer)
+                                goto end;
+                        key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+                               "signing key file");
+                        if (!key)
+                                goto end;
+                        if (!PKCS7_sign_add_signer(p7, signer, key,
+                                                sign_md, flags))
+                                goto end;
+                        X509_free(signer);
+                        signer = NULL;
+                        EVP_PKEY_free(key);
+                        key = NULL;
                        }
-                if (contfile)
+                /* If not streaming or resigning finalize structure */
+                if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM))
                        {
-                        BIO_free(indata);
+                        if (!PKCS7_final(p7, in, flags))
-                        if (!(indata = BIO_new_file(contfile, "rb")))
-                                {
-                                BIO_printf(bio_err, "Can't read content file %s\n", contfile);
                                goto end;
-                                }
                        }
                }
@@ -734,11 +781,16 @@ int MAIN(int argc, char **argv)
                if (subject)
                        BIO_printf(out, "Subject: %s\n", subject);
                if (outformat == FORMAT_SMIME) 
-                        SMIME_write_PKCS7(out, p7, in, flags);
+                        {
+                        if (operation == SMIME_RESIGN)
+                                SMIME_write_PKCS7(out, p7, indata, flags);
+                        else
+                                SMIME_write_PKCS7(out, p7, in, flags);
+                        }
                else if (outformat == FORMAT_PEM) 
-                        PEM_write_bio_PKCS7(out,p7);
+                        PEM_write_bio_PKCS7_stream(out, p7, in, flags);
                else if (outformat == FORMAT_ASN1) 
-                        i2d_PKCS7_bio(out,p7);
+                        i2d_PKCS7_bio_stream(out,p7, in, flags);
                else
                        {
                        BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
@@ -754,6 +806,10 @@ end:
        sk_X509_pop_free(other, X509_free);
        if (vpm)
                X509_VERIFY_PARAM_free(vpm);
+        if (sksigners)
+                sk_OPENSSL_STRING_free(sksigners);
+        if (skkeys)
+                sk_OPENSSL_STRING_free(skkeys);
        X509_STORE_free(store);
        X509_free(cert);
        X509_free(recip);
diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c
index af077b54a8..539bfff220 100644
--- a/src/lib/libssl/src/apps/speed.c
+++ b/src/lib/libssl/src/apps/speed.c
@@ -108,53 +108,8 @@
 #include <signal.h>
 #endif
-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX)
+#ifdef _WIN32
-# define USE_TOD
+#include <windows.h>
-#elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
-# define TIMES
-#endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) && !defined(OPENSSL_SYS_VXWORKS) /* FIXME */
-# define TIMEB
-#endif
-#if defined(OPENSSL_SYS_NETWARE)
-#undef TIMES
-#undef TIMEB
-#include <time.h>
-#endif
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-#ifdef USE_TOD
-# include <sys/time.h>
-# include <sys/resource.h>
-#endif
-/* Depending on the VMS version, the tms structure is perhaps defined.
-   The __TMS macro will show if it was.  If it wasn't defined, we should
-   undefine TIMES, since that tells the rest of the program how things
-   should be handled.                           -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-#ifdef TIMEB
-#include <sys/timeb.h>
-#endif
-#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
-#error "It seems neither struct tms nor struct timeb is supported in this platform!"
-#endif
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
 #endif
 #include <openssl/bn.h>
@@ -189,6 +144,9 @@
 #ifndef OPENSSL_NO_RIPEMD
 #include <openssl/ripemd.h>
 #endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+#include <openssl/whrlpool.h>
+#endif
 #ifndef OPENSSL_NO_RC4
 #include <openssl/rc4.h>
 #endif
@@ -226,43 +184,24 @@
 #include <openssl/ecdh.h>
 #endif
-/*
+#ifndef HAVE_FORK
- * The following "HZ" timing stuff should be sync'd up with the code in
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
- * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think
+#  define HAVE_FORK 0
- * this code is more up to date than libcrypto's so there may be features to
- * migrate over first. This is used in two places further down AFAICS. 
- * The point is that nothing in openssl actually *uses* that tmdiff stuff, so
- * either speed.c should be using it or it should go because it's obviously not
- * useful enough. Anyone want to do a janitorial job on this?
- */
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# if defined(_SC_CLK_TCK) \
-     && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
-#  define HZ sysconf(_SC_CLK_TCK)
 # else
-#  ifndef CLK_TCK
+#  define HAVE_FORK 1
-#   ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#    define HZ  100.0
-#   else /* _BSD_CLK_TCK_ */
-#    define HZ ((double)_BSD_CLK_TCK_)
-#   endif
-#  else /* CLK_TCK */
-#   define HZ ((double)CLK_TCK)
-#  endif
 # endif
 #endif
-#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE)
+#if HAVE_FORK
-# define HAVE_FORK 1
+#undef NO_FORK
+#else
+#define NO_FORK
 #endif
 #undef BUFSIZE
 #define BUFSIZE ((long)1024*8+1)
 int run=0;
-static char ftime_used = 0, times_used = 0, gettimeofday_used = 0, getrusage_used = 0;
 static int mr=0;
 static int usertime=1;
@@ -271,11 +210,11 @@ static void print_message(const char *s,long num,int length);
 static void pkey_print_message(const char *str, const char *str2,
        long num, int bits, int sec);
 static void print_result(int alg,int run_no,int count,double time_used);
-#ifdef HAVE_FORK
+#ifndef NO_FORK
 static int do_multi(int multi);
 #endif
-#define ALGOR_NUM       28
+#define ALGOR_NUM       29
 #define SIZE_NUM        5
 #define RSA_NUM         4
 #define DSA_NUM         3
@@ -289,12 +228,16 @@ static const char *names[ALGOR_NUM]={
  "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
  "aes-128 cbc","aes-192 cbc","aes-256 cbc",
  "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
-  "evp","sha256","sha512",
+  "evp","sha256","sha512","whirlpool",
  "aes-128 ige","aes-192 ige","aes-256 ige"};
 static double results[ALGOR_NUM][SIZE_NUM];
 static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
+#ifndef OPENSSL_NO_RSA
 static double rsa_results[RSA_NUM][2];
+#endif
+#ifndef OPENSSL_NO_DSA
 static double dsa_results[DSA_NUM][2];
+#endif
 #ifndef OPENSSL_NO_ECDSA
 static double ecdsa_results[EC_NUM][2];
 #endif
@@ -328,141 +271,46 @@ static SIGRETTYPE sig_done(int sig)
 #define START   0
 #define STOP    1
-#if defined(OPENSSL_SYS_NETWARE)
+#if defined(_WIN32)
-   /* for NetWare the best we can do is use clock() which returns the
+#define SIGALRM
-    * time, in hundredths of a second, since the NLM began executing
+static unsigned int lapse,schlock;
-   */
+static void alarm(unsigned int secs) { lapse = secs*1000; }
-static double Time_F(int s)
-        {
-        double ret;
-   static clock_t tstart,tend;
-   if (s == START)
-   {
-      tstart=clock();
-      return(0);
-   }
-   else
-   {
-      tend=clock();
-      ret=(double)((double)(tend)-(double)(tstart));
-      return((ret < 0.001)?0.001:ret);
-   }
-   }
-#else
+static DWORD WINAPI sleepy(VOID *arg)
+        {
+        schlock = 1;
+        Sleep(lapse);
+        run = 0;
+        return 0;
+        }
 static double Time_F(int s)
        {
-        double ret;
+        if (s == START)
-#ifdef USE_TOD
-        if(usertime)
-                {
-                static struct rusage tstart,tend;
-                getrusage_used = 1;
-                if (s == START)
-                        {
-                        getrusage(RUSAGE_SELF,&tstart);
-                        return(0);
-                        }
-                else
-                        {
-                        long i;
-                        getrusage(RUSAGE_SELF,&tend);
-                        i=(long)tend.ru_utime.tv_usec-(long)tstart.ru_utime.tv_usec;
-                        ret=((double)(tend.ru_utime.tv_sec-tstart.ru_utime.tv_sec))
-                          +((double)i)/1000000.0;
-                        return((ret < 0.001)?0.001:ret);
-                        }
-                }
-        else
                {
-                static struct timeval tstart,tend;
+                HANDLE  thr;
-                long i;
+                schlock = 0;
+                thr = CreateThread(NULL,4096,sleepy,NULL,0,NULL);
-                gettimeofday_used = 1;
+                if (thr==NULL)
-                if (s == START)
-                        {
-                        gettimeofday(&tstart,NULL);
-                        return(0);
-                        }
-                else
                        {
-                        gettimeofday(&tend,NULL);
+                        DWORD ret=GetLastError();
-                        i=(long)tend.tv_usec-(long)tstart.tv_usec;
+                        BIO_printf(bio_err,"unable to CreateThread (%d)",ret);
-                        ret=((double)(tend.tv_sec-tstart.tv_sec))+((double)i)/1000000.0;
+                        ExitProcess(ret);
-                        return((ret < 0.001)?0.001:ret);
                        }
+                CloseHandle(thr);               /* detach the thread    */
+                while (!schlock) Sleep(0);      /* scheduler spinlock   */
                }
-#else  /* ndef USE_TOD */
-                
-# ifdef TIMES
-        if (usertime)
-                {
-                static struct tms tstart,tend;
-                times_used = 1;
+        return app_tminterval(s,usertime);
-                if (s == START)
+        }
-                        {
+#else
-                        times(&tstart);
-                        return(0);
-                        }
-                else
-                        {
-                        times(&tend);
-                        ret = HZ;
-                        ret=(double)(tend.tms_utime-tstart.tms_utime) / ret;
-                        return((ret < 1e-3)?1e-3:ret);
-                        }
-                }
-# endif /* times() */
-# if defined(TIMES) && defined(TIMEB)
-        else
-# endif
-# ifdef OPENSSL_SYS_VXWORKS
-                {
-                static unsigned long tick_start, tick_end;
-                if( s == START )
-                        {
-                        tick_start = tickGet();
-                        return 0;
-                        }
-                else
-                        {
-                        tick_end = tickGet();
-                        ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
-                        return((ret < 0.001)?0.001:ret);
-                        }
-                }
-# elif defined(TIMEB)
-                {
-                static struct timeb tstart,tend;
-                long i;
-                ftime_used = 1;
+static double Time_F(int s)
-                if (s == START)
+        {
-                        {
+        return app_tminterval(s,usertime);
-                        ftime(&tstart);
-                        return(0);
-                        }
-                else
-                        {
-                        ftime(&tend);
-                        i=(long)tend.millitm-(long)tstart.millitm;
-                        ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
-                        return((ret < 0.001)?0.001:ret);
-                        }
-                }
-# endif
-#endif
        }
-#endif /* if defined(OPENSSL_SYS_NETWARE) */
+#endif
 #ifndef OPENSSL_NO_ECDH
@@ -522,6 +370,9 @@ int MAIN(int argc, char **argv)
        unsigned char sha512[SHA512_DIGEST_LENGTH];
 #endif
 #endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+        unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
+#endif
 #ifndef OPENSSL_NO_RIPEMD
        unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
 #endif
@@ -618,9 +469,10 @@ int MAIN(int argc, char **argv)
 #define D_EVP           22
 #define D_SHA256        23      
 #define D_SHA512        24
-#define D_IGE_128_AES   25
+#define D_WHIRLPOOL     25
-#define D_IGE_192_AES   26
+#define D_IGE_128_AES   26
-#define D_IGE_256_AES   27
+#define D_IGE_192_AES   27
+#define D_IGE_256_AES   28
        double d=0.0;
        long c[ALGOR_NUM][SIZE_NUM];
 #define R_DSA_512       0
@@ -749,7 +601,7 @@ int MAIN(int argc, char **argv)
        const EVP_CIPHER *evp_cipher=NULL;
        const EVP_MD *evp_md=NULL;
        int decrypt=0;
-#ifdef HAVE_FORK
+#ifndef NO_FORK
        int multi=0;
 #endif
@@ -877,7 +729,7 @@ int MAIN(int argc, char **argv)
                        j--;
                        }
 #endif
-#ifdef HAVE_FORK
+#ifndef NO_FORK
                else if ((argc > 0) && (strcmp(*argv,"-multi") == 0))
                        {
                        argc--;
@@ -940,6 +792,10 @@ int MAIN(int argc, char **argv)
                else
 #endif
 #endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+                        if (strcmp(*argv,"whirlpool") == 0) doit[D_WHIRLPOOL]=1;
+                else
+#endif
 #ifndef OPENSSL_NO_RIPEMD
                        if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
                else
@@ -1151,12 +1007,16 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_SHA512
                        BIO_printf(bio_err,"sha512   ");
 #endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+                        BIO_printf(bio_err,"whirlpool");
+#endif
 #ifndef OPENSSL_NO_RIPEMD160
                        BIO_printf(bio_err,"rmd160");
 #endif
 #if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
    !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
-    !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160)
+    !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \
+    !defined(OPENSSL_NO_WHIRLPOOL)
                        BIO_printf(bio_err,"\n");
 #endif
@@ -1257,7 +1117,7 @@ int MAIN(int argc, char **argv)
                        BIO_printf(bio_err,"-evp e          use EVP e.\n");
                        BIO_printf(bio_err,"-decrypt        time decryption instead of encryption (only EVP).\n");
                        BIO_printf(bio_err,"-mr             produce machine readable output.\n");
-#ifdef HAVE_FORK
+#ifndef NO_FORK
                        BIO_printf(bio_err,"-multi n        run n benchmarks in parallel.\n");
 #endif
                        goto end;
@@ -1267,7 +1127,7 @@ int MAIN(int argc, char **argv)
                j++;
                }
-#ifdef HAVE_FORK
+#ifndef NO_FORK
        if(multi && do_multi(multi))
                goto show_res;
 #endif
@@ -1283,17 +1143,20 @@ int MAIN(int argc, char **argv)
                        rsa_doit[i]=1;
                for (i=0; i<DSA_NUM; i++)
                        dsa_doit[i]=1;
+#ifndef OPENSSL_NO_ECDSA
+                for (i=0; i<EC_NUM; i++)
+                        ecdsa_doit[i]=1;
+#endif
+#ifndef OPENSSL_NO_ECDH
+                for (i=0; i<EC_NUM; i++)
+                        ecdh_doit[i]=1;
+#endif
                }
        for (i=0; i<ALGOR_NUM; i++)
                if (doit[i]) pr_header++;
        if (usertime == 0 && !mr)
                BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");
-        if (usertime <= 0 && !mr)
-                {
-                BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
-                BIO_printf(bio_err,"program when this computer is idle.\n");
-                }
 #ifndef OPENSSL_NO_RSA
        for (i=0; i<RSA_NUM; i++)
@@ -1403,6 +1266,7 @@ int MAIN(int argc, char **argv)
        c[D_CBC_256_CML][0]=count;
        c[D_SHA256][0]=count;
        c[D_SHA512][0]=count;
+        c[D_WHIRLPOOL][0]=count;
        c[D_IGE_128_AES][0]=count;
        c[D_IGE_192_AES][0]=count;
        c[D_IGE_256_AES][0]=count;
@@ -1418,6 +1282,7 @@ int MAIN(int argc, char **argv)
                c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];
                c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i];
                c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i];
+                c[D_WHIRLPOOL][i]=c[D_WHIRLPOOL][0]*4*lengths[0]/lengths[i];
                }
        for (i=1; i<SIZE_NUM; i++)
                {
@@ -1601,7 +1466,9 @@ int MAIN(int argc, char **argv)
 #else
 #define COND(c) (run)
 #define COUNT(d) (count)
+#ifndef _WIN32
        signal(SIGALRM,sig_done);
+#endif
 #endif /* SIGALRM */
 #ifndef OPENSSL_NO_MD2
@@ -1731,8 +1598,23 @@ int MAIN(int argc, char **argv)
                        }
                }
 #endif
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+        if (doit[D_WHIRLPOOL])
+                {
+                for (j=0; j<SIZE_NUM; j++)
+                        {
+                        print_message(names[D_WHIRLPOOL],c[D_WHIRLPOOL][j],lengths[j]);
+                        Time_F(START);
+                        for (count=0,run=1; COND(c[D_WHIRLPOOL][j]); count++)
+                                WHIRLPOOL(buf,lengths[j],whirlpool);
+                        d=Time_F(STOP);
+                        print_result(D_WHIRLPOOL,j,count,d);
+                        }
+                }
 #endif
 #ifndef OPENSSL_NO_RIPEMD
        if (doit[D_RMD160])
                {
@@ -1878,6 +1760,8 @@ int MAIN(int argc, char **argv)
                        print_result(D_IGE_256_AES,j,count,d);
                        }
                }
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
        if (doit[D_CBC_128_CML])
@@ -2462,7 +2346,7 @@ int MAIN(int argc, char **argv)
                }
        if (rnd_fake) RAND_cleanup();
 #endif
-#ifdef HAVE_FORK
+#ifndef NO_FORK
 show_res:
 #endif
        if(!mr)
@@ -2490,35 +2374,6 @@ show_res:
                printf("%s ",BF_options());
 #endif
                fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
-                printf("available timing options: ");
-#ifdef TIMES
-                printf("TIMES ");
-#endif
-#ifdef TIMEB
-                printf("TIMEB ");
-#endif
-#ifdef USE_TOD
-                printf("USE_TOD ");
-#endif
-#ifdef HZ
-#define as_string(s) (#s)
-                {
-                double dbl = HZ;
-                printf("HZ=%g", dbl);
-                }
-# ifdef _SC_CLK_TCK
-                printf(" [sysconf value]");
-# endif
-#endif
-                printf("\n");
-                printf("timing function used: %s%s%s%s%s%s%s\n",
-                       (ftime_used ? "ftime" : ""),
-                       (ftime_used + times_used > 1 ? "," : ""),
-                       (times_used ? "times" : ""),
-                       (ftime_used + times_used + gettimeofday_used > 1 ? "," : ""),
-                       (gettimeofday_used ? "gettimeofday" : ""),
-                       (ftime_used + times_used + gettimeofday_used + getrusage_used > 1 ? "," : ""),
-                       (getrusage_used ? "getrusage" : ""));
                }
        if (pr_header)
@@ -2717,7 +2572,7 @@ static void print_result(int alg,int run_no,int count,double time_used)
        results[alg][run_no]=((double)count)/time_used*lengths[run_no];
        }
-#ifdef HAVE_FORK
+#ifndef NO_FORK
 static char *sstrsep(char **string, const char *delim)
    {
    char isdelim[256];
@@ -2775,6 +2630,7 @@ static int do_multi(int multi)
                        close(fd[1]);
                        mr=1;
                        usertime=0;
+                        free(fds);
                        return 0;
                        }
                printf("Forked child %d\n",n);
@@ -2923,7 +2779,10 @@ static int do_multi(int multi)
                        else
                                fprintf(stderr,"Unknown type '%s' from child %d\n",buf,n);
                        }
+                fclose(f);
                }
+        free(fds);
        return 1;
        }
 #endif
diff --git a/src/lib/libssl/src/apps/verify.c b/src/lib/libssl/src/apps/verify.c
index 20cc9e354c..9163997e93 100644
--- a/src/lib/libssl/src/apps/verify.c
+++ b/src/lib/libssl/src/apps/verify.c
@@ -70,8 +70,9 @@
 #define PROG    verify_main
 static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e);
+static int check(X509_STORE *ctx, char *file,
-static STACK_OF(X509) *load_untrusted(char *file);
+                STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
+                STACK_OF(X509_CRL) *crls, ENGINE *e);
 static int v_verbose=0, vflags = 0;
 int MAIN(int, char **);
@@ -80,10 +81,10 @@ int MAIN(int argc, char **argv)
        {
        ENGINE *e = NULL;
        int i,ret=1, badarg = 0;
-        int purpose = -1;
        char *CApath=NULL,*CAfile=NULL;
-        char *untfile = NULL, *trustfile = NULL;
+        char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
        STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
+        STACK_OF(X509_CRL) *crls = NULL;
        X509_STORE *cert_ctx=NULL;
        X509_LOOKUP *lookup=NULL;
        X509_VERIFY_PARAM *vpm = NULL;
@@ -93,7 +94,7 @@ int MAIN(int argc, char **argv)
        cert_ctx=X509_STORE_new();
        if (cert_ctx == NULL) goto end;
-        X509_STORE_set_verify_cb_func(cert_ctx,cb);
+        X509_STORE_set_verify_cb(cert_ctx,cb);
        ERR_load_crypto_strings();
@@ -139,6 +140,11 @@ int MAIN(int argc, char **argv)
                                if (argc-- < 1) goto end;
                                trustfile= *(++argv);
                                }
+                        else if (strcmp(*argv,"-CRLfile") == 0)
+                                {
+                                if (argc-- < 1) goto end;
+                                crlfile= *(++argv);
+                                }
 #ifndef OPENSSL_NO_ENGINE
                        else if (strcmp(*argv,"-engine") == 0)
                                {
@@ -192,26 +198,34 @@ int MAIN(int argc, char **argv)
        ERR_clear_error();
-        if(untfile) {
+        if(untfile)
-                if(!(untrusted = load_untrusted(untfile))) {
+                {
-                        BIO_printf(bio_err, "Error loading untrusted file %s\n", untfile);
+                untrusted = load_certs(bio_err, untfile, FORMAT_PEM,
-                        ERR_print_errors(bio_err);
+                                        NULL, e, "untrusted certificates");
+                if(!untrusted)
                        goto end;
                }
-        }
-        if(trustfile) {
+        if(trustfile)
-                if(!(trusted = load_untrusted(trustfile))) {
+                {
-                        BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile);
+                trusted = load_certs(bio_err, trustfile, FORMAT_PEM,
-                        ERR_print_errors(bio_err);
+                                        NULL, e, "trusted certificates");
+                if(!trusted)
                        goto end;
                }
-        }
-        if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e);
+        if(crlfile)
+                {
+                crls = load_crls(bio_err, crlfile, FORMAT_PEM,
+                                        NULL, e, "other CRLs");
+                if(!crls)
+                        goto end;
+                }
+        if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e);
        else
                for (i=0; i<argc; i++)
-                        check(cert_ctx,argv[i], untrusted, trusted, purpose, e);
+                        check(cert_ctx,argv[i], untrusted, trusted, crls, e);
        ret=0;
 end:
        if (ret == 1) {
@@ -232,11 +246,14 @@ end:
        if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
        sk_X509_pop_free(untrusted, X509_free);
        sk_X509_pop_free(trusted, X509_free);
+        sk_X509_CRL_pop_free(crls, X509_CRL_free);
        apps_shutdown();
        OPENSSL_EXIT(ret);
        }
-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)
+static int check(X509_STORE *ctx, char *file,
+                STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
+                STACK_OF(X509_CRL) *crls, ENGINE *e)
        {
        X509 *x=NULL;
        int i=0,ret=0;
@@ -260,7 +277,8 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X
                goto end;
                }
        if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
-        if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
+        if (crls)
+                X509_STORE_CTX_set0_crls(csc, crls);
        i=X509_verify_cert(csc);
        X509_STORE_CTX_free(csc);
@@ -278,90 +296,53 @@ end:
        return(ret);
        }
-static STACK_OF(X509) *load_untrusted(char *certfile)
-{
-        STACK_OF(X509_INFO) *sk=NULL;
-        STACK_OF(X509) *stack=NULL, *ret=NULL;
-        BIO *in=NULL;
-        X509_INFO *xi;
-        if(!(stack = sk_X509_new_null())) {
-                BIO_printf(bio_err,"memory allocation failure\n");
-                goto end;
-        }
-        if(!(in=BIO_new_file(certfile, "r"))) {
-                BIO_printf(bio_err,"error opening the file, %s\n",certfile);
-                goto end;
-        }
-        /* This loads from a file, a stack of x509/crl/pkey sets */
-        if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL))) {
-                BIO_printf(bio_err,"error reading the file, %s\n",certfile);
-                goto end;
-        }
-        /* scan over it and pull out the certs */
-        while (sk_X509_INFO_num(sk))
-                {
-                xi=sk_X509_INFO_shift(sk);
-                if (xi->x509 != NULL)
-                        {
-                        sk_X509_push(stack,xi->x509);
-                        xi->x509=NULL;
-                        }
-                X509_INFO_free(xi);
-                }
-        if(!sk_X509_num(stack)) {
-                BIO_printf(bio_err,"no certificates in file, %s\n",certfile);
-                sk_X509_free(stack);
-                goto end;
-        }
-        ret=stack;
-end:
-        BIO_free(in);
-        sk_X509_INFO_free(sk);
-        return(ret);
-        }
 static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
        {
-        char buf[256];
+        int cert_error = X509_STORE_CTX_get_error(ctx);
+        X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
        if (!ok)
                {
-                if (ctx->current_cert)
+                if (current_cert)
+                        {
+                        X509_NAME_print_ex_fp(stdout,
+                                X509_get_subject_name(current_cert),
+                                0, XN_FLAG_ONELINE);
+                        printf("\n");
+                        }
+                printf("%serror %d at %d depth lookup:%s\n",
+                        X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
+                        cert_error,
+                        X509_STORE_CTX_get_error_depth(ctx),
+                        X509_verify_cert_error_string(cert_error));
+                switch(cert_error)
                        {
-                        X509_NAME_oneline(
+                        case X509_V_ERR_NO_EXPLICIT_POLICY:
-                                X509_get_subject_name(ctx->current_cert),buf,
+                                policies_print(NULL, ctx);
-                                sizeof buf);
+                        case X509_V_ERR_CERT_HAS_EXPIRED:
-                        printf("%s\n",buf);
+                        /* since we are just checking the certificates, it is
+                         * ok if they are self signed. But we should still warn
+                         * the user.
+                         */
+                        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+                        /* Continue after extension errors too */
+                        case X509_V_ERR_INVALID_CA:
+                        case X509_V_ERR_INVALID_NON_CA:
+                        case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+                        case X509_V_ERR_INVALID_PURPOSE:
+                        case X509_V_ERR_CRL_HAS_EXPIRED:
+                        case X509_V_ERR_CRL_NOT_YET_VALID:
+                        case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+                        ok = 1;
                        }
-                printf("error %d at %d depth lookup:%s\n",ctx->error,
-                        ctx->error_depth,
-                        X509_verify_cert_error_string(ctx->error));
-                if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) ok=1;
-                /* since we are just checking the certificates, it is
-                 * ok if they are self signed. But we should still warn
-                 * the user.
-                 */
-                if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
-                /* Continue after extension errors too */
-                if (ctx->error == X509_V_ERR_INVALID_CA) ok=1;
-                if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1;
-                if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
-                if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
-                if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
-                if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
-                if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
-                if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
-                if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY)
-                        policies_print(NULL, ctx);
                return ok;
                }
-        if ((ctx->error == X509_V_OK) && (ok == 2))
+        if (cert_error == X509_V_OK && ok == 2)
                policies_print(NULL, ctx);
        if (!v_verbose)
                ERR_clear_error();
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
index 6debce4419..e7e46d7b63 100644
--- a/src/lib/libssl/src/apps/x509.c
+++ b/src/lib/libssl/src/apps/x509.c
@@ -99,7 +99,13 @@ static const char *x509_usage[]={
 " -passin arg     - private key password source\n",
 " -serial         - print serial number value\n",
 " -subject_hash   - print subject hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -subject_hash_old   - print old-style (MD5) subject hash value\n",
+#endif
 " -issuer_hash    - print issuer hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -issuer_hash_old    - print old-style (MD5) issuer hash value\n",
+#endif
 " -hash           - synonym for -subject_hash\n",
 " -subject        - print subject DN\n",
 " -issuer         - print issuer DN\n",
@@ -179,6 +185,9 @@ int MAIN(int argc, char **argv)
        int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
        int next_serial=0;
        int subject_hash=0,issuer_hash=0,ocspid=0;
+#ifndef OPENSSL_NO_MD5
+        int subject_hash_old=0,issuer_hash_old=0;
+#endif
        int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
        int ocsp_uri=0;
        int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
@@ -190,7 +199,7 @@ int MAIN(int argc, char **argv)
        X509_REQ *rq=NULL;
        int fingerprint=0;
        char buf[256];
-        const EVP_MD *md_alg,*digest=EVP_sha1();
+        const EVP_MD *md_alg,*digest=NULL;
        CONF *extconf = NULL;
        char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
        int need_rand = 0;
@@ -225,7 +234,7 @@ int MAIN(int argc, char **argv)
        ctx=X509_STORE_new();
        if (ctx == NULL) goto end;
-        X509_STORE_set_verify_cb_func(ctx,callb);
+        X509_STORE_set_verify_cb(ctx,callb);
        argc--;
        argv++;
@@ -397,8 +406,16 @@ int MAIN(int argc, char **argv)
                else if (strcmp(*argv,"-hash") == 0
                        || strcmp(*argv,"-subject_hash") == 0)
                        subject_hash= ++num;
+#ifndef OPENSSL_NO_MD5
+                else if (strcmp(*argv,"-subject_hash_old") == 0)
+                        subject_hash_old= ++num;
+#endif
                else if (strcmp(*argv,"-issuer_hash") == 0)
                        issuer_hash= ++num;
+#ifndef OPENSSL_NO_MD5
+                else if (strcmp(*argv,"-issuer_hash_old") == 0)
+                        issuer_hash_old= ++num;
+#endif
                else if (strcmp(*argv,"-subject") == 0)
                        subject= ++num;
                else if (strcmp(*argv,"-issuer") == 0)
@@ -626,7 +643,7 @@ bad:
                if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
                X509_gmtime_adj(X509_get_notBefore(x),0);
-                X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+                X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL);
                pkey = X509_REQ_get_pubkey(req);
                X509_set_pubkey(x,pkey);
@@ -738,13 +755,14 @@ bad:
                        else if ((email == i) || (ocsp_uri == i))
                                {
                                int j;
-                                STACK *emlst;
+                                STACK_OF(OPENSSL_STRING) *emlst;
                                if (email == i)
                                        emlst = X509_get1_email(x);
                                else
                                        emlst = X509_get1_ocsp(x);
-                                for (j = 0; j < sk_num(emlst); j++)
+                                for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
-                                        BIO_printf(STDout, "%s\n", sk_value(emlst, j));
+                                        BIO_printf(STDout, "%s\n",
+                                                   sk_OPENSSL_STRING_value(emlst, j));
                                X509_email_free(emlst);
                                }
                        else if (aliasout == i)
@@ -758,10 +776,22 @@ bad:
                                {
                                BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
                                }
+#ifndef OPENSSL_NO_MD5
+                        else if (subject_hash_old == i)
+                                {
+                                BIO_printf(STDout,"%08lx\n",X509_subject_name_hash_old(x));
+                                }
+#endif
                        else if (issuer_hash == i)
                                {
                                BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
                                }
+#ifndef OPENSSL_NO_MD5
+                        else if (issuer_hash_old == i)
+                                {
+                                BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash_old(x));
+                                }
+#endif
                        else if (pprint == i)
                                {
                                X509_PURPOSE *ptmp;
@@ -892,14 +922,18 @@ bad:
                                int j;
                                unsigned int n;
                                unsigned char md[EVP_MAX_MD_SIZE];
+                                const EVP_MD *fdig = digest;
+                                if (!fdig)
+                                        fdig = EVP_sha1();
-                                if (!X509_digest(x,digest,md,&n))
+                                if (!X509_digest(x,fdig,md,&n))
                                        {
                                        BIO_printf(bio_err,"out of memory\n");
                                        goto end;
                                        }
                                BIO_printf(STDout,"%s Fingerprint=",
-                                                OBJ_nid2sn(EVP_MD_type(digest)));
+                                                OBJ_nid2sn(EVP_MD_type(fdig)));
                                for (j=0; j<(int)n; j++)
                                        {
                                        BIO_printf(STDout,"%02X%c",md[j],
@@ -919,14 +953,6 @@ bad:
                                                passin, e, "Private key");
                                        if (Upkey == NULL) goto end;
                                        }
-#ifndef OPENSSL_NO_DSA
-                                if (Upkey->type == EVP_PKEY_DSA)
-                                        digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-                                if (Upkey->type == EVP_PKEY_EC)
-                                        digest=EVP_ecdsa();
-#endif
                                assert(need_rand);
                                if (!sign(x,Upkey,days,clrext,digest,
@@ -943,14 +969,6 @@ bad:
                                                "CA Private Key");
                                        if (CApkey == NULL) goto end;
                                        }
-#ifndef OPENSSL_NO_DSA
-                                if (CApkey->type == EVP_PKEY_DSA)
-                                        digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-                                if (CApkey->type == EVP_PKEY_EC)
-                                        digest = EVP_ecdsa();
-#endif
                                
                                assert(need_rand);
                                if (!x509_certify(ctx,CAfile,digest,x,xca,
@@ -978,15 +996,6 @@ bad:
                                BIO_printf(bio_err,"Generating certificate request\n");
-#ifndef OPENSSL_NO_DSA
-                                if (pk->type == EVP_PKEY_DSA)
-                                        digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-                                if (pk->type == EVP_PKEY_EC)
-                                        digest=EVP_ecdsa();
-#endif
                                rq=X509_to_X509_REQ(x,pk,digest);
                                EVP_PKEY_free(pk);
                                if (rq == NULL)
@@ -1040,16 +1049,15 @@ bad:
                }
        else if (outformat == FORMAT_NETSCAPE)
                {
-                ASN1_HEADER ah;
+                NETSCAPE_X509 nx;
-                ASN1_OCTET_STRING os;
+                ASN1_OCTET_STRING hdr;
-                os.data=(unsigned char *)NETSCAPE_CERT_HDR;
+                hdr.data=(unsigned char *)NETSCAPE_CERT_HDR;
-                os.length=strlen(NETSCAPE_CERT_HDR);
+                hdr.length=strlen(NETSCAPE_CERT_HDR);
-                ah.header= &os;
+                nx.header= &hdr;
-                ah.data=(char *)x;
+                nx.cert=x;
-                ah.meth=X509_asn1_meth();
-                i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah);
+                i=ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509),out,&nx);
                }
        else    {
                BIO_printf(bio_err,"bad output format specified for outfile\n");
@@ -1151,6 +1159,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
        /* NOTE: this certificate can/should be self signed, unless it was
         * a certificate request in which case it is not. */
        X509_STORE_CTX_set_cert(&xsc,x);
+        X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
        if (!reqfile && X509_verify_cert(&xsc) <= 0)
                goto end;
@@ -1167,7 +1176,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
                goto end;
        /* hardwired expired */
-        if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+        if (X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL) == NULL)
                goto end;
        if (clrext)
diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config
index 68e7ea1737..965884a627 100644
--- a/src/lib/libssl/src/config
+++ b/src/lib/libssl/src/config
@@ -29,7 +29,7 @@ EXE=""
 for i
 do
 case "$i" in 
-d) PREFIX="debug-";;
+-d*) PREFIX="debug-";;
 -t*) TEST="true";;
 -h*) TEST="true"; cat <<EOF
 Usage: config [options]
@@ -48,10 +48,10 @@ done
 # First get uname entries that we use below
-MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
+[ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
-RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
+[ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
-SYSTEM=`(uname -s) 2>/dev/null`  || SYSTEM="unknown"
+[ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null`  || SYSTEM="unknown"
-VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
+[ "$BUILD" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
 # Now test for ISC and SCO, since it is has a braindamaged uname.
@@ -122,6 +122,14 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
        echo "${MACHINE}-ibm-aix3"; exit 0
        ;;
+    BeOS:*:BePC)
+    if [ -e /boot/develop/headers/be/bone ]; then
+                echo "beos-x86-bone"; exit 0
+        else
+                echo "beos-x86-r5"; exit 0
+        fi
+        ;;
    dgux:*)
        echo "${MACHINE}-dg-dgux"; exit 0
        ;;
@@ -270,7 +278,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
                echo "ppc-apple-darwin${VERSION}"
                ;;
            *)
-                echo "i386-apple-darwin${VERSION}"
+                echo "i686-apple-darwin${VERSION}"
                ;;
        esac
        exit 0
@@ -488,6 +496,12 @@ echo Operating system: $GUESSOS
 # script above so we end up with values in vars but that would take
 # more time that I want to waste at the moment
 case "$GUESSOS" in
+  uClinux*64*)
+    OUT=uClinux-dist64
+        ;;
+  uClinux*)
+    OUT=uClinux-dist
+        ;;
  mips2-sgi-irix)
        CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
        CPU=${CPU:-0}
@@ -523,8 +537,28 @@ case "$GUESSOS" in
        OUT="irix-mips3-$CC"
        ;;
  ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
-  ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
+  ppc-apple-darwin*)
-  i386-apple-darwin*) OUT="darwin-i386-cc" ;;
+        ISA64=`(sysctl -n hw.optional.64bitops) 2>/dev/null`
+        if [ "$ISA64" = "1" ]; then
+            echo "WARNING! If you wish to build 64-bit library, then you have to"
+            echo "         invoke './Configure darwin64-ppc-cc' *manually*."
+            if [ "$TEST" = "false" -a -t 1 ]; then
+              echo "         You have about 5 seconds to press Ctrl-C to abort."
+              (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+            fi
+        fi
+        OUT="darwin-ppc-cc" ;;
+  i?86-apple-darwin*)
+        ISA64=`(sysctl -n hw.optional.x86_64) 2>/dev/null`
+        if [ "$ISA64" = "1" ]; then
+            echo "WARNING! If you wish to build 64-bit library, then you have to"
+            echo "         invoke './Configure darwin64-x86_64-cc' *manually*."
+            if [ "$TEST" = "false" -a -t 1 ]; then
+              echo "         You have about 5 seconds to press Ctrl-C to abort."
+              (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+            fi
+        fi
+        OUT="darwin-i386-cc" ;;
  alpha-*-linux2)
        ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
        case ${ISA:-generic} in
@@ -589,13 +623,13 @@ case "$GUESSOS" in
        options="$options -DB_ENDIAN -mschedule=$CPUSCHEDULE -march=$CPUARCH"
        OUT="linux-generic32" ;;
-  arm*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
+  armv[1-3]*-*-linux2) OUT="linux-generic32" ;;
-  arm*l-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
+  arm*-*-linux2) OUT="linux-armv4" ;;
  sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
  sh*-*-linux2)  OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
  m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
-  s390-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN -DNO_ASM" ;;
+  s390-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
-  s390x-*-linux2) OUT="linux-generic64"; options="$options -DB_ENDIAN" ;;
+  s390x-*-linux2) OUT="linux-s390x" ;;
  x86_64-*-linux?) OUT="linux-x86_64" ;;
  *86-*-linux2) OUT="linux-elf"
        if [ "$GCCVER" -gt 28 ]; then
@@ -741,6 +775,10 @@ case "$GUESSOS" in
        OBJECT_MODE=${OBJECT_MODE:-32}
        if [ "$CC" = "gcc" ]; then
            OUT="aix-gcc"
+          if [ $OBJECT_MODE -eq 64 ]; then
+            echo 'Your $OBJECT_MODE was found to be set to 64'
+            OUT="aix64-gcc"
+          fi
        elif [ $OBJECT_MODE -eq 64 ]; then
            echo 'Your $OBJECT_MODE was found to be set to 64' 
            OUT="aix64-cc"
@@ -769,6 +807,9 @@ case "$GUESSOS" in
  t3e-cray-unicosmk) OUT="cray-t3e" ;;
  j90-cray-unicos) OUT="cray-j90" ;;
  nsr-tandem-nsk) OUT="tandem-c89" ;;
+  beos-*) OUT="$GUESSOS" ;;
+  x86pc-*-qnx6) OUT="QNX6-i386" ;;
+  *-*-qnx6) OUT="QNX6" ;;
  *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
diff --git a/src/lib/libssl/src/crypto/Makefile b/src/lib/libssl/src/crypto/Makefile
index 6557f2b4e1..c1033f6d77 100644
--- a/src/lib/libssl/src/crypto/Makefile
+++ b/src/lib/libssl/src/crypto/Makefile
@@ -5,9 +5,9 @@
 DIR=            crypto
 TOP=            ..
 CC=             cc
-INCLUDE=        -I. -I$(TOP) -I../include
+INCLUDE=        -I. -I$(TOP) -I../include $(ZLIB_INCLUDE)
 # INCLUDES targets sudbirs!
-INCLUDES=       -I.. -I../.. -I../../include
+INCLUDES=       -I.. -I../.. -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE)
 CFLAG=          -g
 MAKEDEPPROG=    makedepend
 MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
@@ -17,7 +17,7 @@ AR=		ar r
 RECURSIVE_MAKE= [ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \
                    (cd $$i && echo "making $$target in $(DIR)/$$i..." && \
-                    $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \
+                    $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='$(INCLUDES)' $$target ) || exit 1; \
                done;
 PEX_LIBS=
@@ -26,6 +26,7 @@ EX_LIBS=
 CFLAGS= $(INCLUDE) $(CFLAG)
 ASFLAGS= $(INCLUDE) $(ASFLAG)
 AFLAGS=$(ASFLAGS)
+CPUID_OBJ=mem_clr.o
 LIBS=
@@ -33,12 +34,12 @@ GENERAL=Makefile README crypto-lib.com install.com
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC= cryptlib.c dyn_lck.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c o_init.c fips_err.c
+LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c
-LIBOBJ= cryptlib.o dyn_lck.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_init.o fips_err.o $(CPUID_OBJ)
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ)
 SRC= $(LIBSRC)
-EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
+EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
        ossl_typ.h
 HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER)
@@ -47,7 +48,7 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
        @(cd ..; $(MAKE) DIRS=$(DIR) all)
-all: lib
+all: shared
 buildinf.h: ../Makefile
        ( echo "#ifndef MK1MF_BUILD"; \
@@ -57,26 +58,26 @@ buildinf.h: ../Makefile
        echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
        echo '#endif' ) >buildinf.h
-x86cpuid-elf.s: x86cpuid.pl perlasm/x86asm.pl
+x86cpuid.s:     x86cpuid.pl perlasm/x86asm.pl
-        $(PERL) x86cpuid.pl elf $(CFLAGS) $(PROCESSOR) > $@
+        $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-x86cpuid-cof.s: x86cpuid.pl perlasm/x86asm.pl
-        $(PERL) x86cpuid.pl coff $(CFLAGS) $(PROCESSOR) > $@
-x86cpuid-out.s: x86cpuid.pl perlasm/x86asm.pl
-        $(PERL) x86cpuid.pl a.out $(CFLAGS) $(PROCESSOR) > $@
-uplink.o:       ../ms/uplink.c
+applink.o:      $(TOP)/ms/applink.c
-        $(CC) $(CFLAGS) -c -o $@ ../ms/uplink.c
+        $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/applink.c
-uplink-cof.s:   ../ms/uplink.pl
+uplink.o:       $(TOP)/ms/uplink.c applink.o
-        $(PERL) ../ms/uplink.pl coff > $@
+        $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/uplink.c
+uplink-cof.s:   $(TOP)/ms/uplink.pl
+        $(PERL) $(TOP)/ms/uplink.pl coff > $@
 x86_64cpuid.s: x86_64cpuid.pl
-        $(PERL) x86_64cpuid.pl $@
+        $(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@
 ia64cpuid.s: ia64cpuid.S
        $(CC) $(CFLAGS) -E ia64cpuid.S > $@
+ppccpuid.s:             ppccpuid.pl;    $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@
 testapps:
-        [ -z "$(THIS)" ] || (   if echo ${SDIRS} | fgrep ' des '; \
+        [ -z "$(THIS)" ] || (   if echo $(SDIRS) | fgrep ' des '; \
                                then cd des && $(MAKE) -e des; fi )
        [ -z "$(THIS)" ] || ( cd pkcs7 && $(MAKE) -e testapps );
        @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
@@ -94,11 +95,11 @@ links:
        @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
        @target=links; $(RECURSIVE_MAKE)
-# lib: and $(LIB): are splitted to avoid end-less loop
+# lib: $(LIB): are splitted to avoid end-less loop
-lib:    buildinf.h $(LIB) subdirs
+lib:    $(LIB)
        @touch lib
 $(LIB): $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
 shared: buildinf.h lib subdirs
@@ -135,6 +136,7 @@ clean:
 dclean:
        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
        mv -f Makefile.new $(MAKEFILE)
+        rm -f opensslconf.h
        @target=dclean; $(RECURSIVE_MAKE)
 # DO NOT DELETE THIS LINE -- make depend depends on it.
@@ -159,13 +161,6 @@ cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 cversion.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
 cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
 cversion.o: cryptlib.h cversion.c
-dyn_lck.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-dyn_lck.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-dyn_lck.o: ../include/openssl/err.h ../include/openssl/lhash.h
-dyn_lck.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dyn_lck.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-dyn_lck.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-dyn_lck.o: dyn_lck.c
 ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
 ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
 ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -174,13 +169,6 @@ ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
 ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 ex_data.o: ex_data.c
-fips_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
-fips_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_err.o: ../include/openssl/fips.h ../include/openssl/lhash.h
-fips_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_err.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-fips_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h fips_err.c
-fips_err.o: fips_err.h
 mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
 mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
@@ -201,23 +189,10 @@ mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 mem_dbg.o: mem_dbg.c
 o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
 o_dir.o: LPdir_unix.c o_dir.c o_dir.h
-o_init.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
-o_init.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-o_init.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-o_init.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-o_init.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-o_init.o: ../include/openssl/symhacks.h o_init.c
 o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
 o_str.o: o_str.c o_str.h
 o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
 o_time.o: o_time.h
-tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h
-tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-tmdiff.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h tmdiff.c
 uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 uid.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
diff --git a/src/lib/libssl/src/crypto/aes/Makefile b/src/lib/libssl/src/crypto/aes/Makefile
index 9d174f4c3e..c501a43a8f 100644
--- a/src/lib/libssl/src/crypto/aes/Makefile
+++ b/src/lib/libssl/src/crypto/aes/Makefile
@@ -11,7 +11,7 @@ CFLAG=-g
 MAKEFILE=       Makefile
 AR=             ar r
-AES_ASM_OBJ=aes_core.o aes_cbc.o
+AES_ENC=aes_core.o aes_cbc.o
 CFLAGS= $(INCLUDES) $(CFLAG)
 ASFLAGS= $(INCLUDES) $(ASFLAG)
@@ -26,7 +26,7 @@ LIB=$(TOP)/libcrypto.a
 LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \
       aes_ctr.c aes_ige.c aes_wrap.c
 LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \
-       $(AES_ASM_OBJ)
+       $(AES_ENC)
 SRC= $(LIBSRC)
@@ -41,24 +41,27 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-$(LIBOBJ): $(LIBSRC)
 aes-ia64.s: asm/aes-ia64.S
        $(CC) $(CFLAGS) -E asm/aes-ia64.S > $@
-ax86-elf.s: asm/aes-586.pl ../perlasm/x86asm.pl
+aes-586.s:      asm/aes-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) aes-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
+        $(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) aes-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
-ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
 aes-x86_64.s: asm/aes-x86_64.pl
-        $(PERL) asm/aes-x86_64.pl $@
+        $(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@
+aes-sparcv9.s: asm/aes-sparcv9.pl
+        $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
+aes-ppc.s:      asm/aes-ppc.pl
+        $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@
+# GNU make "catch all"
+aes-%.s:        asm/aes-%.pl;   $(PERL) $< $(CFLAGS) > $@
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -97,16 +100,14 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
-aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
-aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
+aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c
-aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h
+aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
-aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c
-aes_cfb.o: aes_cfb.c aes_locl.h
 aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
-aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
-aes_core.o: aes_core.c aes_locl.h
+aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
-aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c
-aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
 aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
 aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h
@@ -119,8 +120,8 @@ aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h
 aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_misc.o: ../../include/openssl/opensslconf.h
 aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
-aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
-aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
+aes_ofb.o: ../../include/openssl/opensslconf.h aes_ofb.c
 aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h
 aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/src/lib/libssl/src/crypto/aes/aes.h b/src/lib/libssl/src/crypto/aes/aes.h
index 450f2b4051..d2c99730fe 100644
--- a/src/lib/libssl/src/crypto/aes/aes.h
+++ b/src/lib/libssl/src/crypto/aes/aes.h
@@ -58,6 +58,8 @@
 #error AES is disabled.
 #endif
+#include <stddef.h>
 #define AES_ENCRYPT     1
 #define AES_DECRYPT     0
@@ -66,10 +68,6 @@
 #define AES_MAXNR 14
 #define AES_BLOCK_SIZE 16
-#ifdef OPENSSL_FIPS
-#define FIPS_AES_SIZE_T int
-#endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -100,37 +98,32 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
 void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
        const AES_KEY *key, const int enc);
 void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
        unsigned char *ivec, const int enc);
 void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
        unsigned char *ivec, int *num, const int enc);
 void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
        unsigned char *ivec, int *num, const int enc);
 void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
        unsigned char *ivec, int *num, const int enc);
-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-                            const int nbits,const AES_KEY *key,
-                            unsigned char *ivec,const int enc);
 void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
        unsigned char *ivec, int *num);
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
        unsigned char ivec[AES_BLOCK_SIZE],
        unsigned char ecount_buf[AES_BLOCK_SIZE],
        unsigned int *num);
-/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */
 /* NB: the IV is _two_ blocks long */
 void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
-                     const unsigned long length, const AES_KEY *key,
+                     size_t length, const AES_KEY *key,
                     unsigned char *ivec, const int enc);
 /* NB: the IV is _four_ blocks long */
 void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-                        const unsigned long length, const AES_KEY *key,
+                        size_t length, const AES_KEY *key,
                        const AES_KEY *key2, const unsigned char *ivec,
                        const int enc);
@@ -141,6 +134,7 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
                unsigned char *out,
                const unsigned char *in, unsigned int inlen);
 #ifdef  __cplusplus
 }
 #endif
diff --git a/src/lib/libssl/src/crypto/aes/aes_cbc.c b/src/lib/libssl/src/crypto/aes/aes_cbc.c
index 373864cd4b..227f75625d 100644
--- a/src/lib/libssl/src/crypto/aes/aes_cbc.c
+++ b/src/lib/libssl/src/crypto/aes/aes_cbc.c
@@ -49,85 +49,15 @@
 *
 */
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include <openssl/modes.h>
-#if !defined(OPENSSL_FIPS_AES_ASM)
 void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                     const unsigned long length, const AES_KEY *key,
+                     size_t len, const AES_KEY *key,
                     unsigned char *ivec, const int enc) {
-        unsigned long n;
+        if (enc)
-        unsigned long len = length;
+                CRYPTO_cbc128_encrypt(in,out,len,key,ivec,(block128_f)AES_encrypt);
-        unsigned char tmp[AES_BLOCK_SIZE];
+        else
-        const unsigned char *iv = ivec;
+                CRYPTO_cbc128_decrypt(in,out,len,key,ivec,(block128_f)AES_decrypt);
-        assert(in && out && key && ivec);
-        assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
-        if (AES_ENCRYPT == enc) {
-                while (len >= AES_BLOCK_SIZE) {
-                        for(n=0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = in[n] ^ iv[n];
-                        AES_encrypt(out, out, key);
-                        iv = out;
-                        len -= AES_BLOCK_SIZE;
-                        in += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-                if (len) {
-                        for(n=0; n < len; ++n)
-                                out[n] = in[n] ^ iv[n];
-                        for(n=len; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = iv[n];
-                        AES_encrypt(out, out, key);
-                        iv = out;
-                }
-                memcpy(ivec,iv,AES_BLOCK_SIZE);
-        } else if (in != out) {
-                while (len >= AES_BLOCK_SIZE) {
-                        AES_decrypt(in, out, key);
-                        for(n=0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        iv = in;
-                        len -= AES_BLOCK_SIZE;
-                        in  += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-                if (len) {
-                        AES_decrypt(in,tmp,key);
-                        for(n=0; n < len; ++n)
-                                out[n] = tmp[n] ^ iv[n];
-                        iv = in;
-                }
-                memcpy(ivec,iv,AES_BLOCK_SIZE);
-        } else {
-                while (len >= AES_BLOCK_SIZE) {
-                        memcpy(tmp, in, AES_BLOCK_SIZE);
-                        AES_decrypt(in, out, key);
-                        for(n=0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= ivec[n];
-                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
-                        len -= AES_BLOCK_SIZE;
-                        in += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-                if (len) {
-                        memcpy(tmp, in, AES_BLOCK_SIZE);
-                        AES_decrypt(tmp, out, key);
-                        for(n=0; n < len; ++n)
-                                out[n] ^= ivec[n];
-                        for(n=len; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = tmp[n];
-                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
-                }
-        }
 }
-#endif
diff --git a/src/lib/libssl/src/crypto/aes/aes_cfb.c b/src/lib/libssl/src/crypto/aes/aes_cfb.c
index 49f0411010..0c6d058ce7 100644
--- a/src/lib/libssl/src/crypto/aes/aes_cfb.c
+++ b/src/lib/libssl/src/crypto/aes/aes_cfb.c
@@ -1,6 +1,6 @@
 /* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -48,73 +48,9 @@
 * ====================================================================
 *
 */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include <openssl/modes.h>
-#include "e_os.h"
 /* The input and output encrypted as though 128bit cfb mode is being
 * used.  The extra state information to record how much of the
@@ -122,104 +58,24 @@
 */
 void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
        unsigned char *ivec, int *num, const int enc) {
-        unsigned int n;
+        CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
-        unsigned long l = length;
-        unsigned char c;
-        assert(in && out && key && ivec && num);
-        n = *num;
-        if (enc) {
-                while (l--) {
-                        if (n == 0) {
-                                AES_encrypt(ivec, ivec, key);
-                        }
-                        ivec[n] = *(out++) = *(in++) ^ ivec[n];
-                        n = (n+1) % AES_BLOCK_SIZE;
-                }
-        } else {
-                while (l--) {
-                        if (n == 0) {
-                                AES_encrypt(ivec, ivec, key);
-                        }
-                        c = *(in);
-                        *(out++) = *(in++) ^ ivec[n];
-                        ivec[n] = c;
-                        n = (n+1) % AES_BLOCK_SIZE;
-                }
-        }
-        *num=n;
 }
-/* This expects a single block of size nbits for both in and out. Note that
-   it corrupts any extra bits in the last byte of out */
-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-                            const int nbits,const AES_KEY *key,
-                            unsigned char *ivec,const int enc)
-    {
-    int n,rem,num;
-    unsigned char ovec[AES_BLOCK_SIZE*2];
-    if (nbits<=0 || nbits>128) return;
-        /* fill in the first half of the new IV with the current IV */
-        memcpy(ovec,ivec,AES_BLOCK_SIZE);
-        /* construct the new IV */
-        AES_encrypt(ivec,ivec,key);
-        num = (nbits+7)/8;
-        if (enc)        /* encrypt the input */
-            for(n=0 ; n < num ; ++n)
-                out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
-        else            /* decrypt the input */
-            for(n=0 ; n < num ; ++n)
-                out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
-        /* shift ovec left... */
-        rem = nbits%8;
-        num = nbits/8;
-        if(rem==0)
-            memcpy(ivec,ovec+num,AES_BLOCK_SIZE);
-        else
-            for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-                ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
-    /* it is not necessary to cleanse ovec, since the IV is not secret */
-    }
 /* N.B. This expects the input to be packed, MS bit first */
 void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-                      const unsigned long length, const AES_KEY *key,
+                      size_t length, const AES_KEY *key,
                      unsigned char *ivec, int *num, const int enc)
    {
-    unsigned int n;
+    CRYPTO_cfb128_1_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
-    unsigned char c[1],d[1];
-    assert(in && out && key && ivec && num);
-    assert(*num == 0);
-    memset(out,0,(length+7)/8);
-    for(n=0 ; n < length ; ++n)
-        {
-        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-        AES_cfbr_encrypt_block(c,d,1,key,ivec,enc);
-        out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
-        }
    }
 void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-                      const unsigned long length, const AES_KEY *key,
+                      size_t length, const AES_KEY *key,
                      unsigned char *ivec, int *num, const int enc)
    {
-    unsigned int n;
+    CRYPTO_cfb128_8_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
-    assert(in && out && key && ivec && num);
-    assert(*num == 0);
-    for(n=0 ; n < length ; ++n)
-        AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
    }
diff --git a/src/lib/libssl/src/crypto/aes/aes_core.c b/src/lib/libssl/src/crypto/aes/aes_core.c
index cffdd4daec..a7ec54f4da 100644
--- a/src/lib/libssl/src/crypto/aes/aes_core.c
+++ b/src/lib/libssl/src/crypto/aes/aes_core.c
@@ -37,12 +37,9 @@
 #include <stdlib.h>
 #include <openssl/aes.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "aes_locl.h"
+#ifndef AES_ASM
 /*
 Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
@@ -635,10 +632,6 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
        int i = 0;
        u32 temp;
-#ifdef OPENSSL_FIPS
-        FIPS_selftest_check();
-#endif
        if (!userKey || !key)
                return -1;
        if (bits != 128 && bits != 192 && bits != 256)
@@ -781,7 +774,6 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
        return 0;
 }
-#ifndef AES_ASM
 /*
 * Encrypt a single block
 * in and out can overlap
@@ -1164,4 +1156,203 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
        PUTU32(out + 12, s3);
 }
+#else /* AES_ASM */
+static const u8 Te4[256] = {
+    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
+    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
+    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
+    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
+    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
+    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
+    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
+    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
+    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
+    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
+    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
+    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
+    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
+    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
+    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
+    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
+    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
+    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
+    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
+    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
+    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
+    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
+    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
+    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
+    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
+    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
+    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
+    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
+    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
+    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
+    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
+    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
+};
+static const u32 rcon[] = {
+        0x01000000, 0x02000000, 0x04000000, 0x08000000,
+        0x10000000, 0x20000000, 0x40000000, 0x80000000,
+        0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key) {
+        u32 *rk;
+        int i = 0;
+        u32 temp;
+        if (!userKey || !key)
+                return -1;
+        if (bits != 128 && bits != 192 && bits != 256)
+                return -2;
+        rk = key->rd_key;
+        if (bits==128)
+                key->rounds = 10;
+        else if (bits==192)
+                key->rounds = 12;
+        else
+                key->rounds = 14;
+        rk[0] = GETU32(userKey     );
+        rk[1] = GETU32(userKey +  4);
+        rk[2] = GETU32(userKey +  8);
+        rk[3] = GETU32(userKey + 12);
+        if (bits == 128) {
+                while (1) {
+                        temp  = rk[3];
+                        rk[4] = rk[0] ^
+                                (Te4[(temp >> 16) & 0xff] << 24) ^
+                                (Te4[(temp >>  8) & 0xff] << 16) ^
+                                (Te4[(temp      ) & 0xff] << 8) ^
+                                (Te4[(temp >> 24)       ]) ^
+                                rcon[i];
+                        rk[5] = rk[1] ^ rk[4];
+                        rk[6] = rk[2] ^ rk[5];
+                        rk[7] = rk[3] ^ rk[6];
+                        if (++i == 10) {
+                                return 0;
+                        }
+                        rk += 4;
+                }
+        }
+        rk[4] = GETU32(userKey + 16);
+        rk[5] = GETU32(userKey + 20);
+        if (bits == 192) {
+                while (1) {
+                        temp = rk[ 5];
+                        rk[ 6] = rk[ 0] ^
+                                (Te4[(temp >> 16) & 0xff] << 24) ^
+                                (Te4[(temp >>  8) & 0xff] << 16) ^
+                                (Te4[(temp      ) & 0xff] << 8) ^
+                                (Te4[(temp >> 24)       ]) ^
+                                rcon[i];
+                        rk[ 7] = rk[ 1] ^ rk[ 6];
+                        rk[ 8] = rk[ 2] ^ rk[ 7];
+                        rk[ 9] = rk[ 3] ^ rk[ 8];
+                        if (++i == 8) {
+                                return 0;
+                        }
+                        rk[10] = rk[ 4] ^ rk[ 9];
+                        rk[11] = rk[ 5] ^ rk[10];
+                        rk += 6;
+                }
+        }
+        rk[6] = GETU32(userKey + 24);
+        rk[7] = GETU32(userKey + 28);
+        if (bits == 256) {
+                while (1) {
+                        temp = rk[ 7];
+                        rk[ 8] = rk[ 0] ^
+                                (Te4[(temp >> 16) & 0xff] << 24) ^
+                                (Te4[(temp >>  8) & 0xff] << 16) ^
+                                (Te4[(temp      ) & 0xff] << 8) ^
+                                (Te4[(temp >> 24)       ]) ^
+                                rcon[i];
+                        rk[ 9] = rk[ 1] ^ rk[ 8];
+                        rk[10] = rk[ 2] ^ rk[ 9];
+                        rk[11] = rk[ 3] ^ rk[10];
+                        if (++i == 7) {
+                                return 0;
+                        }
+                        temp = rk[11];
+                        rk[12] = rk[ 4] ^
+                                (Te4[(temp >> 24)       ] << 24) ^
+                                (Te4[(temp >> 16) & 0xff] << 16) ^
+                                (Te4[(temp >>  8) & 0xff] << 8) ^
+                                (Te4[(temp      ) & 0xff]);
+                        rk[13] = rk[ 5] ^ rk[12];
+                        rk[14] = rk[ 6] ^ rk[13];
+                        rk[15] = rk[ 7] ^ rk[14];
+                        rk += 8;
+                }
+        }
+        return 0;
+}
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         AES_KEY *key) {
+        u32 *rk;
+        int i, j, status;
+        u32 temp;
+        /* first, start with an encryption schedule */
+        status = AES_set_encrypt_key(userKey, bits, key);
+        if (status < 0)
+                return status;
+        rk = key->rd_key;
+        /* invert the order of the round keys: */
+        for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+                temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+                temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+                temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+                temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+        }
+        /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+        for (i = 1; i < (key->rounds); i++) {
+                rk += 4;
+                for (j = 0; j < 4; j++) {
+                        u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+                        tp1 = rk[j];
+                        m = tp1 & 0x80808080;
+                        tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                                ((m - (m >> 7)) & 0x1b1b1b1b);
+                        m = tp2 & 0x80808080;
+                        tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                                ((m - (m >> 7)) & 0x1b1b1b1b);
+                        m = tp4 & 0x80808080;
+                        tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                                ((m - (m >> 7)) & 0x1b1b1b1b);
+                        tp9 = tp8 ^ tp1;
+                        tpb = tp9 ^ tp2;
+                        tpd = tp9 ^ tp4;
+                        tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+                        rk[j] = tpe ^ ROTATE(tpd,16) ^
+                                ROTATE(tp9,24) ^ ROTATE(tpb,8);
+#else
+                        rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
+                                (tp9 >> 8) ^ (tp9 << 24) ^
+                                (tpb >> 24) ^ (tpb << 8);
+#endif
+                }
+        }
+        return 0;
+}
 #endif /* AES_ASM */
diff --git a/src/lib/libssl/src/crypto/aes/aes_ctr.c b/src/lib/libssl/src/crypto/aes/aes_ctr.c
index f36982be1e..7c9d165d8a 100644
--- a/src/lib/libssl/src/crypto/aes/aes_ctr.c
+++ b/src/lib/libssl/src/crypto/aes/aes_ctr.c
@@ -49,91 +49,13 @@
 *
 */
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include <openssl/modes.h>
-/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the AES code
- * is endian-neutral. */
-/* increment counter (128-bit int) by 1 */
-static void AES_ctr128_inc(unsigned char *counter) {
-        unsigned long c;
-        /* Grab bottom dword of counter and increment */
-        c = GETU32(counter + 12);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter + 12, c);
-        /* if no overflow, we're done */
-        if (c)
-                return;
-        /* Grab 1st dword of counter and increment */
-        c = GETU32(counter +  8);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  8, c);
-        /* if no overflow, we're done */
-        if (c)
-                return;
-        /* Grab 2nd dword of counter and increment */
-        c = GETU32(counter +  4);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  4, c);
-        /* if no overflow, we're done */
-        if (c)
-                return;
-        /* Grab top dword of counter and increment */
-        c = GETU32(counter +  0);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  0, c);
-}
-/* The input encrypted as though 128bit counter mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num, and the
- * encrypted counter is kept in ecount_buf.  Both *num and
- * ecount_buf must be initialised with zeros before the first
- * call to AES_ctr128_encrypt().
- *
- * This algorithm assumes that the counter is in the x lower bits
- * of the IV (ivec), and that the application has full control over
- * overflow and the rest of the IV.  This implementation takes NO
- * responsability for checking that the counter doesn't overflow
- * into the rest of the IV when incremented.
- */
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+                        size_t length, const AES_KEY *key,
-        unsigned char ivec[AES_BLOCK_SIZE],
+                        unsigned char ivec[AES_BLOCK_SIZE],
-        unsigned char ecount_buf[AES_BLOCK_SIZE],
+                        unsigned char ecount_buf[AES_BLOCK_SIZE],
-        unsigned int *num) {
+                        unsigned int *num) {
+        CRYPTO_ctr128_encrypt(in,out,length,key,ivec,ecount_buf,num,(block128_f)AES_encrypt);
-        unsigned int n;
-        unsigned long l=length;
-        assert(in && out && key && counter && num);
-        assert(*num < AES_BLOCK_SIZE);
-        n = *num;
-        while (l--) {
-                if (n == 0) {
-                        AES_encrypt(ivec, ecount_buf, key);
-                        AES_ctr128_inc(ivec);
-                }
-                *(out++) = *(in++) ^ ecount_buf[n];
-                n = (n+1) % AES_BLOCK_SIZE;
-        }
-        *num=n;
 }
diff --git a/src/lib/libssl/src/crypto/aes/aes_ofb.c b/src/lib/libssl/src/crypto/aes/aes_ofb.c
index f358bb39e2..50bf0b8325 100644
--- a/src/lib/libssl/src/crypto/aes/aes_ofb.c
+++ b/src/lib/libssl/src/crypto/aes/aes_ofb.c
@@ -1,6 +1,6 @@
 /* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -48,95 +48,13 @@
 * ====================================================================
 *
 */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include <openssl/modes.h>
-/* The input and output encrypted as though 128bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
- */
 void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
-        unsigned char *ivec, int *num) {
+        unsigned char *ivec, int *num)
+{
-        unsigned int n;
+        CRYPTO_ofb128_encrypt(in,out,length,key,ivec,num,(block128_f)AES_encrypt);
-        unsigned long l=length;
-        assert(in && out && key && ivec && num);
-        n = *num;
-        while (l--) {
-                if (n == 0) {
-                        AES_encrypt(ivec, ivec, key);
-                }
-                *(out++) = *(in++) ^ ivec[n];
-                n = (n+1) % AES_BLOCK_SIZE;
-        }
-        *num=n;
 }
diff --git a/src/lib/libssl/src/crypto/asn1/Makefile b/src/lib/libssl/src/crypto/asn1/Makefile
index 94a6885804..160544eede 100644
--- a/src/lib/libssl/src/crypto/asn1/Makefile
+++ b/src/lib/libssl/src/crypto/asn1/Makefile
@@ -22,30 +22,32 @@ LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
        a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
        x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
        x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
-        d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+        x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
        t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
        tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+        tasn_prn.c ameth_lib.c \
        f_int.c f_string.c n_pkey.c \
-        f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn_mime.c \
+        f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c \
-        asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
+        asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c \
        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
        a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
        a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
        x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
        x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
-        d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+        x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
        t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
        tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
+        tasn_prn.o ameth_lib.o \
        f_int.o f_string.o n_pkey.o \
-        f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn_mime.o \
+        f_enum.o x_pkey.o a_bool.o x_exten.o bio_asn1.o bio_ndef.o asn_mime.o \
-        asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
+        asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_bytes.o a_strnid.o \
        evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
 SRC= $(LIBSRC)
 EXHEADER=  asn1.h asn1_mac.h asn1t.h
-HEADER= $(EXHEADER)
+HEADER= $(EXHEADER) asn1_locl.h
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -63,7 +65,7 @@ pk:	pk.c
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -142,9 +144,9 @@ a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-a_digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-a_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/opensslconf.h
 a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -173,14 +175,6 @@ a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 a_gentm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_gentm.o: ../cryptlib.h ../o_time.h a_gentm.c
-a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h
-a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_hdr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_hdr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_hdr.c
 a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
 a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_i2d_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -205,13 +199,6 @@ a_mbstr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 a_mbstr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 a_mbstr.o: ../cryptlib.h a_mbstr.c
-a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-a_meth.o: ../../include/openssl/symhacks.h ../cryptlib.h a_meth.c
 a_object.o: ../../e_os.h ../../include/openssl/asn1.h
 a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -250,27 +237,27 @@ a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-a_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_sign.c
+a_sign.o: ../cryptlib.h a_sign.c asn1_locl.h
 a_strex.o: ../../e_os.h ../../include/openssl/asn1.h
 a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-a_strex.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-a_strex.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
+a_strex.o: ../cryptlib.h a_strex.c charmap.h
 a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
 a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -318,14 +305,29 @@ a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_verify.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_verify.o: ../../include/openssl/opensslconf.h
 a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_verify.c
+a_verify.o: asn1_locl.h
+ameth_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+ameth_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+ameth_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ameth_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ameth_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ameth_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ameth_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ameth_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ameth_lib.o: ../../include/openssl/opensslconf.h
+ameth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ameth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ameth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ameth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ameth_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ameth_lib.c
+ameth_lib.o: asn1_locl.h
 asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 asn1_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@@ -339,9 +341,8 @@ asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-asn1_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+asn1_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-asn1_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn1_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-asn1_gen.o: ../../include/openssl/opensslconf.h
 asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -371,24 +372,23 @@ asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-asn_mime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-asn_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-asn_mime.o: ../../include/openssl/opensslconf.h
 asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-asn_mime.o: ../cryptlib.h asn_mime.c
+asn_mime.o: ../cryptlib.h asn1_locl.h asn_mime.c
 asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h
 asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-asn_moid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-asn_moid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/opensslconf.h
 asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -402,28 +402,43 @@ asn_pack.o: ../../include/openssl/opensslconf.h
 asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
+bio_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bio_asn1.o: ../../include/openssl/opensslconf.h
+bio_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_asn1.o: ../../include/openssl/symhacks.h bio_asn1.c
+bio_ndef.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+bio_ndef.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bio_ndef.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_ndef.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_ndef.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_ndef.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_ndef.o: ../../include/openssl/symhacks.h bio_ndef.c
 d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+d2i_pr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+d2i_pr.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-d2i_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+d2i_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pr.c
+d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+d2i_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h d2i_pr.c
 d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-d2i_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pu.c
+d2i_pu.o: ../cryptlib.h d2i_pu.c
 evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
 evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -455,77 +470,76 @@ f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
 i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+i2d_pr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-i2d_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+i2d_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pr.c
+i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+i2d_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h i2d_pr.c
 i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-i2d_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pu.c
+i2d_pu.o: ../cryptlib.h i2d_pu.c
 n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
 n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c
-n_pkey.o: ../cryptlib.h n_pkey.c
 nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-nsseq.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-nsseq.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c
+nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c
 p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
 p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p5_pbe.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbe.c
+p5_pbe.o: ../cryptlib.h p5_pbe.c
 p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h
 p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p5_pbev2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p5_pbev2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_pbev2.o: ../../include/openssl/opensslconf.h
 p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -538,51 +552,48 @@ p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p8_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p8_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p8_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c
-p8_pkey.o: ../cryptlib.h p8_pkey.c
 t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
 t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_bitst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c
+t_bitst.o: ../cryptlib.h t_bitst.c
 t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h t_crl.c
+t_crl.o: ../cryptlib.h t_crl.c
 t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-t_pkey.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+t_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 t_pkey.o: ../cryptlib.h t_pkey.c
 t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
@@ -591,57 +602,57 @@ t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_req.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h t_req.c
+t_req.o: ../cryptlib.h t_req.c
 t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_spki.c
+t_spki.o: ../cryptlib.h t_spki.c
 t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h t_x509.c
+t_x509.o: ../cryptlib.h t_x509.c
 t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
 t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c
+t_x509a.o: ../cryptlib.h t_x509a.c
 tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -675,6 +686,21 @@ tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
+tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h
+tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+tasn_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tasn_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+tasn_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+tasn_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_prn.o: ../../include/openssl/opensslconf.h
+tasn_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tasn_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tasn_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tasn_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+tasn_prn.o: ../cryptlib.h asn1_locl.h tasn_prn.c
 tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 tasn_typ.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
@@ -694,23 +720,21 @@ x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-x_algor.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_algor.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_algor.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c
-x_algor.o: x_algor.c
 x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h
 x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_attrib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_attrib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_attrib.o: ../../include/openssl/opensslconf.h
 x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -727,44 +751,42 @@ x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
 x_crl.o: ../../e_os.h ../../include/openssl/asn1.h
 x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-x_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_crl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_crl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_crl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_crl.o: ../cryptlib.h x_crl.c
+x_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h asn1_locl.h x_crl.c
 x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-x_exten.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_exten.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_exten.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c
-x_exten.o: x_exten.c
 x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c
-x_info.o: ../cryptlib.h x_info.c
 x_long.o: ../../e_os.h ../../include/openssl/asn1.h
 x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -780,125 +802,129 @@ x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_name.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h x_name.c
-x_name.o: ../cryptlib.h x_name.c
+x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_nx509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_nx509.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_nx509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_nx509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_nx509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_nx509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_nx509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_nx509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_nx509.o: ../../include/openssl/x509_vfy.h x_nx509.c
 x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
 x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
-x_pkey.o: ../cryptlib.h x_pkey.c
 x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h
 x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/opensslconf.h
 x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_pubkey.o: ../cryptlib.h x_pubkey.c
+x_pubkey.o: ../cryptlib.h asn1_locl.h x_pubkey.c
 x_req.o: ../../e_os.h ../../include/openssl/asn1.h
 x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
-x_req.o: ../cryptlib.h x_req.c
 x_sig.o: ../../e_os.h ../../include/openssl/asn1.h
 x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_sig.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_sig.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_sig.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
-x_sig.o: ../cryptlib.h x_sig.c
 x_spki.o: ../../e_os.h ../../include/openssl/asn1.h
 x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
-x_spki.o: ../cryptlib.h x_spki.c
 x_val.o: ../../e_os.h ../../include/openssl/asn1.h
 x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_val.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_val.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_val.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
-x_val.o: ../cryptlib.h x_val.c
 x_x509.o: ../../e_os.h ../../include/openssl/asn1.h
 x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
-x_x509.o: ../cryptlib.h x_x509.c
 x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
 x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_x509a.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c
-x_x509a.o: ../cryptlib.h x_x509a.c
diff --git a/src/lib/libssl/src/crypto/asn1/a_bitstr.c b/src/lib/libssl/src/crypto/asn1/a_bitstr.c
index 0fb9ce0c2a..34179960b8 100644
--- a/src/lib/libssl/src/crypto/asn1/a_bitstr.c
+++ b/src/lib/libssl/src/crypto/asn1/a_bitstr.c
@@ -223,3 +223,26 @@ int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
        return((a->data[w]&v) != 0);
        }
+/*
+ * Checks if the given bit string contains only bits specified by 
+ * the flags vector. Returns 0 if there is at least one bit set in 'a'
+ * which is not specified in 'flags', 1 otherwise.
+ * 'len' is the length of 'flags'.
+ */
+int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
+                          unsigned char *flags, int flags_len)
+        {
+        int i, ok;
+        /* Check if there is one bit set at all. */
+        if (!a || !a->data) return 1;
+        /* Check each byte of the internal representation of the bit string. */
+        ok = 1;
+        for (i = 0; i < a->length && ok; ++i)
+                {
+                unsigned char mask = i < flags_len ? ~flags[i] : 0xff;
+                /* We are done if there is an unneeded bit set. */
+                ok = (a->data[i] & mask) == 0;
+                }
+        return ok;
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_dup.c b/src/lib/libssl/src/crypto/asn1/a_dup.c
index 199d50f521..d98992548a 100644
--- a/src/lib/libssl/src/crypto/asn1/a_dup.c
+++ b/src/lib/libssl/src/crypto/asn1/a_dup.c
@@ -62,7 +62,7 @@
 #ifndef NO_OLD_ASN1
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
        {
        unsigned char *b,*p;
        const unsigned char *p2;
diff --git a/src/lib/libssl/src/crypto/asn1/a_gentm.c b/src/lib/libssl/src/crypto/asn1/a_gentm.c
index def79062a5..c79c6f538c 100644
--- a/src/lib/libssl/src/crypto/asn1/a_gentm.c
+++ b/src/lib/libssl/src/crypto/asn1/a_gentm.c
@@ -117,8 +117,8 @@ err:
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
        {
-        static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
+        static const int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
-        static int max[9]={99, 99,12,31,23,59,59,12,59};
+        static const int max[9]={99, 99,12,31,23,59,59,12,59};
        char *a;
        int n,i,l,o;
@@ -176,6 +176,11 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
                        o++;
                        }
                }
+        else
+                {
+                /* Missing time zone information. */
+                goto err;
+                }
        return(o == l);
 err:
        return(0);
@@ -206,6 +211,12 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
             time_t t)
        {
+                return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
+        }
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+             time_t t, int offset_day, long offset_sec)
+        {
        char *p;
        struct tm *ts;
        struct tm data;
@@ -220,13 +231,19 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
        if (ts == NULL)
                return(NULL);
+        if (offset_day || offset_sec)
+                { 
+                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+                        return NULL;
+                }
        p=(char *)s->data;
        if ((p == NULL) || ((size_t)s->length < len))
                {
                p=OPENSSL_malloc(len);
                if (p == NULL)
                        {
-                        ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
+                        ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ,
                                ERR_R_MALLOC_FAILURE);
                        return(NULL);
                        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_int.c b/src/lib/libssl/src/crypto/asn1/a_int.c
index f8d198efb1..c6fd204ae3 100644
--- a/src/lib/libssl/src/crypto/asn1/a_int.c
+++ b/src/lib/libssl/src/crypto/asn1/a_int.c
@@ -61,10 +61,10 @@
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
-ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
+ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
 { return M_ASN1_INTEGER_dup(x);}
-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
        { 
        int neg, ret;
        /* Compare signs */
@@ -373,7 +373,7 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
        return(1);
        }
-long ASN1_INTEGER_get(ASN1_INTEGER *a)
+long ASN1_INTEGER_get(const ASN1_INTEGER *a)
        {
        int neg=0,i;
        long r=0;
@@ -402,7 +402,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
        return(r);
        }
-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
        {
        ASN1_INTEGER *ret;
        int len,j;
@@ -444,7 +444,7 @@ err:
        return(NULL);
        }
-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
        {
        BIGNUM *ret;
diff --git a/src/lib/libssl/src/crypto/asn1/a_mbstr.c b/src/lib/libssl/src/crypto/asn1/a_mbstr.c
index 1bcd046893..1538e0a4fc 100644
--- a/src/lib/libssl/src/crypto/asn1/a_mbstr.c
+++ b/src/lib/libssl/src/crypto/asn1/a_mbstr.c
@@ -93,7 +93,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
        int str_type;
        int ret;
        char free_out;
-        int outform, outlen;
+        int outform, outlen = 0;
        ASN1_STRING *dest;
        unsigned char *p;
        int nchar;
diff --git a/src/lib/libssl/src/crypto/asn1/a_object.c b/src/lib/libssl/src/crypto/asn1/a_object.c
index dc980421d0..e5fbe7cbb1 100644
--- a/src/lib/libssl/src/crypto/asn1/a_object.c
+++ b/src/lib/libssl/src/crypto/asn1/a_object.c
@@ -281,8 +281,6 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
        return ret;
 err:
        ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
-        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-                ASN1_OBJECT_free(ret);
        return(NULL);
 }
 ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
@@ -290,7 +288,19 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
        {
        ASN1_OBJECT *ret=NULL;
        const unsigned char *p;
+        unsigned char *data;
        int i;
+        /* Sanity check OID encoding: can't have leading 0x80 in
+         * subidentifiers, see: X.690 8.19.2
+         */
+        for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
+                {
+                if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
+                        {
+                        ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
+                        return NULL;
+                        }
+                }
        /* only the ASN1_OBJECTs from the 'table' will have values
         * for ->sn or ->ln */
@@ -302,15 +312,22 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
        else    ret=(*a);
        p= *pp;
-        if ((ret->data == NULL) || (ret->length < len))
+        /* detach data from object */
+        data = (unsigned char *)ret->data;
+        ret->data = NULL;
+        /* once detached we can change it */
+        if ((data == NULL) || (ret->length < len))
                {
-                if (ret->data != NULL) OPENSSL_free(ret->data);
+                ret->length=0;
-                ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
+                if (data != NULL) OPENSSL_free(data);
-                ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+                data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
-                if (ret->data == NULL)
+                if (data == NULL)
                        { i=ERR_R_MALLOC_FAILURE; goto err; }
+                ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
                }
-        memcpy(ret->data,p,(int)len);
+        memcpy(data,p,(int)len);
+        /* reattach data to object, after which it remains const */
+        ret->data  =data;
        ret->length=(int)len;
        ret->sn=NULL;
        ret->ln=NULL;
@@ -359,7 +376,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
                }
        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
                {
-                if (a->data != NULL) OPENSSL_free(a->data);
+                if (a->data != NULL) OPENSSL_free((void *)a->data);
                a->data=NULL;
                a->length=0;
                }
diff --git a/src/lib/libssl/src/crypto/asn1/a_octet.c b/src/lib/libssl/src/crypto/asn1/a_octet.c
index 24fd0f8e5a..e8725e44f1 100644
--- a/src/lib/libssl/src/crypto/asn1/a_octet.c
+++ b/src/lib/libssl/src/crypto/asn1/a_octet.c
@@ -60,10 +60,10 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
-ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
 { return M_ASN1_OCTET_STRING_dup(x); }
-int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
+int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b)
 { return M_ASN1_OCTET_STRING_cmp(a, b); }
 int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len)
diff --git a/src/lib/libssl/src/crypto/asn1/a_set.c b/src/lib/libssl/src/crypto/asn1/a_set.c
index 958558c204..d726c8d3a8 100644
--- a/src/lib/libssl/src/crypto/asn1/a_set.c
+++ b/src/lib/libssl/src/crypto/asn1/a_set.c
@@ -85,8 +85,9 @@ static int SetBlobCmp(const void *elem1, const void *elem2 )
    }
 /* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
-int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
-                 int ex_class, int is_set)
+                 i2d_of_void *i2d, int ex_tag, int ex_class,
+                 int is_set)
        {
        int ret=0,r;
        int i;
@@ -96,8 +97,8 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
        int totSize;
        if (a == NULL) return(0);
-        for (i=sk_num(a)-1; i>=0; i--)
+        for (i=sk_OPENSSL_BLOCK_num(a)-1; i>=0; i--)
-                ret+=i2d(sk_value(a,i),NULL);
+                ret+=i2d(sk_OPENSSL_BLOCK_value(a,i),NULL);
        r=ASN1_object_size(1,ret,ex_tag);
        if (pp == NULL) return(r);
@@ -108,10 +109,10 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
        /* And then again by Ben */
        /* And again by Steve */
-        if(!is_set || (sk_num(a) < 2))
+        if(!is_set || (sk_OPENSSL_BLOCK_num(a) < 2))
                {
-                for (i=0; i<sk_num(a); i++)
+                for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
-                        i2d(sk_value(a,i),&p);
+                        i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
                *pp=p;
                return(r);
@@ -119,17 +120,17 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
        pStart  = p; /* Catch the beg of Setblobs*/
                /* In this array we will store the SET blobs */
-                rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
+                rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
                if (rgSetBlob == NULL)
                        {
                        ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
                        return(0);
                        }
-        for (i=0; i<sk_num(a); i++)
+        for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
                {
                rgSetBlob[i].pbData = p;  /* catch each set encode blob */
-                i2d(sk_value(a,i),&p);
+                i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
                rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
 SetBlob
 */
@@ -139,7 +140,7 @@ SetBlob
 /* Now we have to sort the blobs. I am using a simple algo.
    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
-        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
+        qsort( rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
                if (!(pTempMem = OPENSSL_malloc(totSize)))
                        {
                        ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
@@ -148,7 +149,7 @@ SetBlob
 /* Copy to temp mem */
        p = pTempMem;
-        for(i=0; i<sk_num(a); ++i)
+        for(i=0; i<sk_OPENSSL_BLOCK_num(a); ++i)
                {
                memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
                p += rgSetBlob[i].cbData;
@@ -162,16 +163,18 @@ SetBlob
        return(r);
        }
-STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
-                    d2i_of_void *d2i, void (*free_func)(void *), int ex_tag,
+                              const unsigned char **pp,
-                    int ex_class)
+                              long length, d2i_of_void *d2i,
+                              void (*free_func)(OPENSSL_BLOCK), int ex_tag,
+                              int ex_class)
        {
        ASN1_const_CTX c;
-        STACK *ret=NULL;
+        STACK_OF(OPENSSL_BLOCK) *ret=NULL;
        if ((a == NULL) || ((*a) == NULL))
                {
-                if ((ret=sk_new_null()) == NULL)
+                if ((ret=sk_OPENSSL_BLOCK_new_null()) == NULL)
                        {
                        ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
                        goto err;
@@ -216,10 +219,10 @@ STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
                if ((s=d2i(NULL,&c.p,c.slen)) == NULL)
                        {
                        ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);
-                        asn1_add_error(*pp,(int)(c.q- *pp));
+                        asn1_add_error(*pp,(int)(c.p- *pp));
                        goto err;
                        }
-                if (!sk_push(ret,s)) goto err;
+                if (!sk_OPENSSL_BLOCK_push(ret,s)) goto err;
                }
        if (a != NULL) (*a)=ret;
        *pp=c.p;
@@ -228,9 +231,9 @@ err:
        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
                {
                if (free_func != NULL)
-                        sk_pop_free(ret,free_func);
+                        sk_OPENSSL_BLOCK_pop_free(ret,free_func);
                else
-                        sk_free(ret);
+                        sk_OPENSSL_BLOCK_free(ret);
                }
        return(NULL);
        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_sign.c b/src/lib/libssl/src/crypto/asn1/a_sign.c
index 4dee45fbb8..ff63bfc7be 100644
--- a/src/lib/libssl/src/crypto/asn1/a_sign.c
+++ b/src/lib/libssl/src/crypto/asn1/a_sign.c
@@ -123,6 +123,7 @@
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
+#include "asn1_locl.h"
 #ifndef NO_ASN1_OLD
@@ -218,45 +219,47 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
        {
        EVP_MD_CTX ctx;
        unsigned char *buf_in=NULL,*buf_out=NULL;
-        int i,inl=0,outl=0,outll=0;
+        int inl=0,outl=0,outll=0;
-        X509_ALGOR *a;
+        int signid, paramtype;
-        EVP_MD_CTX_init(&ctx);
+        if (type == NULL)
-        for (i=0; i<2; i++)
                {
-                if (i == 0)
+                int def_nid;
-                        a=algor1;
+                if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
-                else
+                        type = EVP_get_digestbynid(def_nid);
-                        a=algor2;
+                }
-                if (a == NULL) continue;
-                if (type->pkey_type == NID_dsaWithSHA1 ||
+        if (type == NULL)
-                        type->pkey_type == NID_ecdsa_with_SHA1)
+                {
-                        {
+                ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST);
-                        /* special case: RFC 3279 tells us to omit 'parameters'
+                return 0;
-                         * with id-dsa-with-sha1 and ecdsa-with-SHA1 */
+                }
-                        ASN1_TYPE_free(a->parameter);
-                        a->parameter = NULL;
+        if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
-                        }
+                {
-                else if ((a->parameter == NULL) || 
+                if (!pkey->ameth ||
-                        (a->parameter->type != V_ASN1_NULL))
+                        !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
-                        {
+                                                pkey->ameth->pkey_id))
-                        ASN1_TYPE_free(a->parameter);
-                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
-                        a->parameter->type=V_ASN1_NULL;
-                        }
-                ASN1_OBJECT_free(a->algorithm);
-                a->algorithm=OBJ_nid2obj(type->pkey_type);
-                if (a->algorithm == NULL)
-                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
-                        goto err;
-                        }
-                if (a->algorithm->length == 0)
                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,
-                        goto err;
+                                ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+                        return 0;
                        }
                }
+        else
+                signid = type->pkey_type;
+        if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
+                paramtype = V_ASN1_NULL;
+        else
+                paramtype = V_ASN1_UNDEF;
+        if (algor1)
+                X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
+        if (algor2)
+                X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
+        EVP_MD_CTX_init(&ctx);
        inl=ASN1_item_i2d(asn,&buf_in, it);
        outll=outl=EVP_PKEY_size(pkey);
        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
@@ -267,12 +270,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                goto err;
                }
-        if (!EVP_SignInit_ex(&ctx,type, NULL))
+        EVP_SignInit_ex(&ctx,type, NULL);
-                {
-                outl=0;
-                ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
-                goto err;
-                }
        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
                        (unsigned int *)&outl,pkey))
diff --git a/src/lib/libssl/src/crypto/asn1/a_strnid.c b/src/lib/libssl/src/crypto/asn1/a_strnid.c
index fe515b52ba..753021a7a2 100644
--- a/src/lib/libssl/src/crypto/asn1/a_strnid.c
+++ b/src/lib/libssl/src/crypto/asn1/a_strnid.c
@@ -67,7 +67,6 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
 static void st_free(ASN1_STRING_TABLE *tbl);
 static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
                        const ASN1_STRING_TABLE * const *b);
-static int table_cmp(const void *a, const void *b);
 /* This is the global mask for the mbstring functions: this is use to
@@ -158,7 +157,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 /* This table must be kept in NID order */
-static ASN1_STRING_TABLE tbl_standard[] = {
+static const ASN1_STRING_TABLE tbl_standard[] = {
 {NID_commonName,                1, ub_common_name, DIRSTRING_TYPE, 0},
 {NID_countryName,               2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
 {NID_localityName,              1, ub_locality_name, DIRSTRING_TYPE, 0},
@@ -186,22 +185,23 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
        return (*a)->nid - (*b)->nid;
 }
-static int table_cmp(const void *a, const void *b)
+DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
+static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
 {
-        const ASN1_STRING_TABLE *sa = a, *sb = b;
+        return a->nid - b->nid;
-        return sa->nid - sb->nid;
 }
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
 ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
 {
        int idx;
        ASN1_STRING_TABLE *ttmp;
        ASN1_STRING_TABLE fnd;
        fnd.nid = nid;
-        ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
+        ttmp = OBJ_bsearch_table(&fnd, tbl_standard, 
-                                        (char *)tbl_standard, 
+                           sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE));
-                        sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
-                        sizeof(ASN1_STRING_TABLE), table_cmp);
        if(ttmp) return ttmp;
        if(!stable) return NULL;
        idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
diff --git a/src/lib/libssl/src/crypto/asn1/a_time.c b/src/lib/libssl/src/crypto/asn1/a_time.c
index 159681fbcb..e2eb9b243e 100644
--- a/src/lib/libssl/src/crypto/asn1/a_time.c
+++ b/src/lib/libssl/src/crypto/asn1/a_time.c
@@ -100,18 +100,29 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
        {
+        return ASN1_TIME_adj(s, t, 0, 0);
+        }
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
+                                int offset_day, long offset_sec)
+        {
        struct tm *ts;
        struct tm data;
        ts=OPENSSL_gmtime(&t,&data);
        if (ts == NULL)
                {
-                ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
+                ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
                return NULL;
                }
+        if (offset_day || offset_sec)
+                { 
+                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+                        return NULL;
+                }
        if((ts->tm_year >= 50) && (ts->tm_year < 150))
-                                        return ASN1_UTCTIME_set(s, t);
+                        return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
-        return ASN1_GENERALIZEDTIME_set(s,t);
+        return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
        }
 int ASN1_TIME_check(ASN1_TIME *t)
@@ -162,3 +173,26 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
        return ret;
        }
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
+        {
+        ASN1_TIME t;
+        t.length = strlen(str);
+        t.data = (unsigned char *)str;
+        t.flags = 0;
+        
+        t.type = V_ASN1_UTCTIME;
+        if (!ASN1_TIME_check(&t))
+                {
+                t.type = V_ASN1_GENERALIZEDTIME;
+                if (!ASN1_TIME_check(&t))
+                        return 0;
+                }
+        
+        if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
+                        return 0;
+        return 1;
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_type.c b/src/lib/libssl/src/crypto/asn1/a_type.c
index 36beceacdb..a45d2f9d12 100644
--- a/src/lib/libssl/src/crypto/asn1/a_type.c
+++ b/src/lib/libssl/src/crypto/asn1/a_type.c
@@ -77,7 +77,10 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
                ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
                }
        a->type=type;
-        a->value.ptr=value;
+        if (type == V_ASN1_BOOLEAN)
+                a->value.boolean = value ? 0xff : 0;
+        else
+                a->value.ptr=value;
        }
 int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
@@ -98,7 +101,7 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
        else
                {
                ASN1_STRING *sdup;
-                sdup = ASN1_STRING_dup((ASN1_STRING *)value);
+                sdup = ASN1_STRING_dup(value);
                if (!sdup)
                        return 0;
                ASN1_TYPE_set(a, type, sdup);
@@ -108,3 +111,49 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
 IMPLEMENT_STACK_OF(ASN1_TYPE)
 IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
+/* Returns 0 if they are equal, != 0 otherwise. */
+int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b)
+        {
+        int result = -1;
+        if (!a || !b || a->type != b->type) return -1;
+        switch (a->type)
+                {
+        case V_ASN1_OBJECT:
+                result = OBJ_cmp(a->value.object, b->value.object);
+                break;
+        case V_ASN1_NULL:
+                result = 0;     /* They do not have content. */
+                break;
+        case V_ASN1_INTEGER:
+        case V_ASN1_NEG_INTEGER:
+        case V_ASN1_ENUMERATED:
+        case V_ASN1_NEG_ENUMERATED:
+        case V_ASN1_BIT_STRING:
+        case V_ASN1_OCTET_STRING:
+        case V_ASN1_SEQUENCE:
+        case V_ASN1_SET:
+        case V_ASN1_NUMERICSTRING:
+        case V_ASN1_PRINTABLESTRING:
+        case V_ASN1_T61STRING:
+        case V_ASN1_VIDEOTEXSTRING:
+        case V_ASN1_IA5STRING:
+        case V_ASN1_UTCTIME:
+        case V_ASN1_GENERALIZEDTIME:
+        case V_ASN1_GRAPHICSTRING:
+        case V_ASN1_VISIBLESTRING:
+        case V_ASN1_GENERALSTRING:
+        case V_ASN1_UNIVERSALSTRING:
+        case V_ASN1_BMPSTRING:
+        case V_ASN1_UTF8STRING:
+        case V_ASN1_OTHER:
+        default:
+                result = ASN1_STRING_cmp((ASN1_STRING *) a->value.ptr,
+                                         (ASN1_STRING *) b->value.ptr);
+                break;
+                }
+        return result;
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/a_utctm.c b/src/lib/libssl/src/crypto/asn1/a_utctm.c
index d31c028193..072e236592 100644
--- a/src/lib/libssl/src/crypto/asn1/a_utctm.c
+++ b/src/lib/libssl/src/crypto/asn1/a_utctm.c
@@ -114,8 +114,8 @@ err:
 int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
        {
-        static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
+        static const int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
-        static int max[8]={99,12,31,23,59,59,12,59};
+        static const int max[8]={99,12,31,23,59,59,12,59};
        char *a;
        int n,i,l,o;
@@ -186,6 +186,12 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
        {
+        return ASN1_UTCTIME_adj(s, t, 0, 0);
+        }
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                                int offset_day, long offset_sec)
+        {
        char *p;
        struct tm *ts;
        struct tm data;
@@ -200,13 +206,22 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
        if (ts == NULL)
                return(NULL);
+        if (offset_day || offset_sec)
+                { 
+                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+                        return NULL;
+                }
+        if((ts->tm_year < 50) || (ts->tm_year >= 150))
+                return NULL;
        p=(char *)s->data;
        if ((p == NULL) || ((size_t)s->length < len))
                {
                p=OPENSSL_malloc(len);
                if (p == NULL)
                        {
-                        ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE);
+                        ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE);
                        return(NULL);
                        }
                if (s->data != NULL)
diff --git a/src/lib/libssl/src/crypto/asn1/a_verify.c b/src/lib/libssl/src/crypto/asn1/a_verify.c
index da3efaaf8d..cecdb13c70 100644
--- a/src/lib/libssl/src/crypto/asn1/a_verify.c
+++ b/src/lib/libssl/src/crypto/asn1/a_verify.c
@@ -60,6 +60,7 @@
 #include <time.h>
 #include "cryptlib.h"
+#include "asn1_locl.h"
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
@@ -100,12 +101,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
        p=buf_in;
        i2d(data,&p);
-        if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+        EVP_VerifyInit_ex(&ctx,type, NULL);
-                {
-                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-                ret=0;
-                goto err;
-                }
        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
        OPENSSL_cleanse(buf_in,(unsigned int)inl);
@@ -134,19 +130,34 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
             void *asn, EVP_PKEY *pkey)
        {
        EVP_MD_CTX ctx;
-        const EVP_MD *type;
+        const EVP_MD *type = NULL;
        unsigned char *buf_in=NULL;
-        int ret= -1,i,inl;
+        int ret= -1,inl;
+        int mdnid, pknid;
        EVP_MD_CTX_init(&ctx);
-        i=OBJ_obj2nid(a->algorithm);
-        type=EVP_get_digestbyname(OBJ_nid2sn(i));
+        /* Convert signature OID into digest and public key OIDs */
+        if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid))
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+                goto err;
+                }
+        type=EVP_get_digestbynid(mdnid);
        if (type == NULL)
                {
                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
                goto err;
                }
+        /* Check public key OID matches public key type */
+        if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
+                goto err;
+                }
        if (!EVP_VerifyInit_ex(&ctx,type, NULL))
                {
                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
diff --git a/src/lib/libssl/src/crypto/asn1/asn1.h b/src/lib/libssl/src/crypto/asn1/asn1.h
index e3385226d4..f7718b5a94 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1.h
+++ b/src/lib/libssl/src/crypto/asn1/asn1.h
@@ -213,7 +213,7 @@ typedef struct asn1_object_st
        const char *sn,*ln;
        int nid;
        int length;
-        unsigned char *data;
+        const unsigned char *data;      /* data remains const after init */
        int flags;      /* Should we free this one */
        } ASN1_OBJECT;
@@ -228,8 +228,12 @@ typedef struct asn1_object_st
 * complete and is a place holder for content when it had all been 
 * accessed. The flag will be reset when content has been written to it.
 */
-#define ASN1_STRING_FLAG_CONT 0x020 
+#define ASN1_STRING_FLAG_CONT 0x020 
+/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
+ * type.
+ */
+#define ASN1_STRING_FLAG_MSTRING 0x040 
 /* This is the base type that holds just about everything :-) */
 typedef struct asn1_string_st
        {
@@ -330,6 +334,13 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
        type *name##_new(void); \
        void name##_free(type *a);
+#define DECLARE_ASN1_PRINT_FUNCTION(stname) \
+        DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
+#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
+        int fname##_print_ctx(BIO *out, stname *x, int indent, \
+                                         const ASN1_PCTX *pctx);
 #define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
 #define I2D_OF(type) int (*)(type *,unsigned char **)
 #define I2D_OF_const(type) int (*)(const type *,unsigned char **)
@@ -534,28 +545,23 @@ typedef struct asn1_type_st
                 * contain the set or sequence bytes */
                ASN1_STRING *           set;
                ASN1_STRING *           sequence;
-                ASN1_VALUE  *           asn1_value;
+                ASN1_VALUE *            asn1_value;
                } value;
        } ASN1_TYPE;
 DECLARE_STACK_OF(ASN1_TYPE)
 DECLARE_ASN1_SET_OF(ASN1_TYPE)
-typedef struct asn1_method_st
+typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
-        {
-        i2d_of_void *i2d;
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
-        d2i_of_void *d2i;
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
-        void *(*create)(void);
-        void (*destroy)(void *);
+typedef struct NETSCAPE_X509_st
-        } ASN1_METHOD;
-/* This is used when parsing some Netscape objects */
-typedef struct asn1_header_st
        {
        ASN1_OCTET_STRING *header;
-        void *data;
+        X509 *cert;
-        ASN1_METHOD *meth;
+        } NETSCAPE_X509;
-        } ASN1_HEADER;
 /* This is used to contain a list of bit names */
 typedef struct BIT_STRING_BITNAME_st {
@@ -575,32 +581,34 @@ typedef struct BIT_STRING_BITNAME_st {
                ASN1_STRING_type_new(V_ASN1_BIT_STRING)
 #define M_ASN1_BIT_STRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
 #define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
-                ASN1_STRING_dup((ASN1_STRING *)a)
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 #define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
 #define M_ASN1_INTEGER_new()    (ASN1_INTEGER *)\
                ASN1_STRING_type_new(V_ASN1_INTEGER)
 #define M_ASN1_INTEGER_free(a)          ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 #define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\
                ASN1_STRING_type_new(V_ASN1_ENUMERATED)
 #define M_ASN1_ENUMERATED_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_ENUMERATED_cmp(a,b)      ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 #define M_ASN1_OCTET_STRING_new()       (ASN1_OCTET_STRING *)\
                ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
 #define M_ASN1_OCTET_STRING_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
 #define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
-                ASN1_STRING_dup((ASN1_STRING *)a)
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 #define M_ASN1_OCTET_STRING_set(a,b,c)  ASN1_STRING_set((ASN1_STRING *)a,b,c)
 #define M_ASN1_OCTET_STRING_print(a,b)  ASN1_STRING_print(a,(ASN1_STRING *)b)
 #define M_i2d_ASN1_OCTET_STRING(a,pp) \
@@ -684,7 +692,7 @@ typedef struct BIT_STRING_BITNAME_st {
                ASN1_STRING_type_new(V_ASN1_IA5STRING)
 #define M_ASN1_IA5STRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
 #define M_ASN1_IA5STRING_dup(a) \
-                        (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)
+                (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_i2d_ASN1_IA5STRING(a,pp) \
                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
                        V_ASN1_UNIVERSAL)
@@ -695,18 +703,20 @@ typedef struct BIT_STRING_BITNAME_st {
 #define M_ASN1_UTCTIME_new()    (ASN1_UTCTIME *)\
                ASN1_STRING_type_new(V_ASN1_UTCTIME)
 #define M_ASN1_UTCTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_GENERALIZEDTIME_new()    (ASN1_GENERALIZEDTIME *)\
                ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
 #define M_ASN1_GENERALIZEDTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
 #define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
-        (ASN1_STRING *)a)
+        (const ASN1_STRING *)a)
 #define M_ASN1_TIME_new()       (ASN1_TIME *)\
                ASN1_STRING_type_new(V_ASN1_UTCTIME)
 #define M_ASN1_TIME_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_TIME_dup(a) (ASN1_TIME *)\
+        ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_GENERALSTRING_new()      (ASN1_GENERALSTRING *)\
                ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
@@ -767,6 +777,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
 int ASN1_TYPE_get(ASN1_TYPE *a);
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+int            ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b);
 ASN1_OBJECT *   ASN1_OBJECT_new(void );
 void            ASN1_OBJECT_free(ASN1_OBJECT *a);
@@ -783,14 +794,15 @@ DECLARE_ASN1_SET_OF(ASN1_OBJECT)
 ASN1_STRING *   ASN1_STRING_new(void);
 void            ASN1_STRING_free(ASN1_STRING *a);
-ASN1_STRING *   ASN1_STRING_dup(ASN1_STRING *a);
+int             ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
+ASN1_STRING *   ASN1_STRING_dup(const ASN1_STRING *a);
 ASN1_STRING *   ASN1_STRING_type_new(int type );
-int             ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+int             ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
  /* Since this is used to store all sorts of things, via macros, for now, make
     its data void * */
 int             ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
 void            ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
-int ASN1_STRING_length(ASN1_STRING *x);
+int ASN1_STRING_length(const ASN1_STRING *x);
 void ASN1_STRING_length_set(ASN1_STRING *x, int n);
 int ASN1_STRING_type(ASN1_STRING *x);
 unsigned char * ASN1_STRING_data(ASN1_STRING *x);
@@ -803,6 +815,8 @@ int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
                        int length );
 int             ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
 int             ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
+int            ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
+                                     unsigned char *flags, int flags_len);
 #ifndef OPENSSL_NO_BIO
 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
@@ -821,13 +835,15 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp,
                        long length);
 ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp,
                        long length);
-ASN1_INTEGER *  ASN1_INTEGER_dup(ASN1_INTEGER *x);
+ASN1_INTEGER *  ASN1_INTEGER_dup(const ASN1_INTEGER *x);
-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
 DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                                int offset_day, long offset_sec);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
 #if 0
@@ -836,11 +852,13 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+             time_t t, int offset_day, long offset_sec);
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
 DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
-ASN1_OCTET_STRING *     ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
+ASN1_OCTET_STRING *     ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
-int     ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
+int     ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b);
 int     ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len);
 DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
@@ -867,14 +885,20 @@ DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
 DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t,
+                                int offset_day, long offset_sec);
 int ASN1_TIME_check(ASN1_TIME *t);
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
-int i2d_ASN1_SET(STACK *a, unsigned char **pp,
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
-                 i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
+                 i2d_of_void *i2d, int ex_tag, int ex_class,
-STACK * d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
+                 int is_set);
-                     d2i_of_void *d2i, void (*free_func)(void *),
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
-                     int ex_tag, int ex_class);
+                              const unsigned char **pp,
+                              long length, d2i_of_void *d2i,
+                              void (*free_func)(OPENSSL_BLOCK), int ex_tag,
+                              int ex_class);
 #ifndef OPENSSL_NO_BIO
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
@@ -892,9 +916,9 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
        const char *sn, const char *ln);
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
-long ASN1_INTEGER_get(ASN1_INTEGER *a);
+long ASN1_INTEGER_get(const ASN1_INTEGER *a);
-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai,BIGNUM *bn);
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
 long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
@@ -928,7 +952,7 @@ int ASN1_put_eoc(unsigned char **pp);
 int ASN1_object_size(int constructed, int length, int tag);
 /* Used to implement other functions */
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
 #define ASN1_dup_of(type,i2d,d2i,x) \
    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
@@ -999,29 +1023,23 @@ int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
                  CHECKED_PTR_OF(const type, x)))
 int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
-int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
+int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
-int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
-int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
+int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
-int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
 int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
+int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
+                                unsigned char *buf, int off);
 int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent);
 int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump);
 #endif
 const char *ASN1_tag2str(int tag);
-/* Used to load and write netscape format cert/key */
+/* Used to load and write netscape format cert */
-int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length);
-ASN1_HEADER *ASN1_HEADER_new(void );
-void ASN1_HEADER_free(ASN1_HEADER *a);
-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509)
-/* Not used that much at this point, except for the first two */
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
-ASN1_METHOD *X509_asn1_meth(void);
-ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
-ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
 int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,
        unsigned char *data, int len);
@@ -1032,9 +1050,9 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
 int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
        unsigned char *data, int max_len);
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
-                       d2i_of_void *d2i, void (*free_func)(void *));
+                                 d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK));
-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
                             unsigned char **buf, int *len );
 void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
 void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
@@ -1077,15 +1095,58 @@ void ASN1_add_oid_module(void);
 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+/* ASN1 Print flags */
-                                        const ASN1_ITEM *it);
+/* Indicate missing OPTIONAL fields */
-int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+#define ASN1_PCTX_FLAGS_SHOW_ABSENT             0x001   
+/* Mark start and end of SEQUENCE */
+#define ASN1_PCTX_FLAGS_SHOW_SEQUENCE           0x002
+/* Mark start and end of SEQUENCE/SET OF */
+#define ASN1_PCTX_FLAGS_SHOW_SSOF               0x004
+/* Show the ASN1 type of primitives */
+#define ASN1_PCTX_FLAGS_SHOW_TYPE               0x008
+/* Don't show ASN1 type of ANY */
+#define ASN1_PCTX_FLAGS_NO_ANY_TYPE             0x010
+/* Don't show ASN1 type of MSTRINGs */
+#define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE         0x020
+/* Don't show field names in SEQUENCE */
+#define ASN1_PCTX_FLAGS_NO_FIELD_NAME           0x040
+/* Show structure names of each SEQUENCE field */
+#define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME  0x080
+/* Don't show structure name even at top level */
+#define ASN1_PCTX_FLAGS_NO_STRUCT_NAME          0x100
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+                                const ASN1_ITEM *it, const ASN1_PCTX *pctx);
+ASN1_PCTX *ASN1_PCTX_new(void);
+void ASN1_PCTX_free(ASN1_PCTX *p);
+unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
+BIO_METHOD *BIO_f_asn1(void);
+BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                                const ASN1_ITEM *it);
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                                const char *hdr,
+                                const ASN1_ITEM *it);
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
                                int ctype_nid, int econt_nid,
                                STACK_OF(X509_ALGOR) *mdalgs,
-                                asn1_output_data_fn *data_fn,
                                const ASN1_ITEM *it);
 ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+int SMIME_text(BIO *in, BIO *out);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -1116,6 +1177,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_ENUMERATED_TO_BN                     113
 #define ASN1_F_ASN1_EX_C2I                               204
 #define ASN1_F_ASN1_FIND_END                             190
+#define ASN1_F_ASN1_GENERALIZEDTIME_ADJ                  216
 #define ASN1_F_ASN1_GENERALIZEDTIME_SET                  185
 #define ASN1_F_ASN1_GENERATE_V3                          178
 #define ASN1_F_ASN1_GET_OBJECT                           114
@@ -1136,7 +1198,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_ITEM_VERIFY                          197
 #define ASN1_F_ASN1_MBSTRING_NCOPY                       122
 #define ASN1_F_ASN1_OBJECT_NEW                           123
-#define ASN1_F_ASN1_OUTPUT_DATA                          207
+#define ASN1_F_ASN1_OUTPUT_DATA                          214
 #define ASN1_F_ASN1_PACK_STRING                          124
 #define ASN1_F_ASN1_PCTX_NEW                             205
 #define ASN1_F_ASN1_PKCS5_PBE_SET                        125
@@ -1150,14 +1212,17 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
 #define ASN1_F_ASN1_TEMPLATE_NEW                         133
 #define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I                   131
+#define ASN1_F_ASN1_TIME_ADJ                             217
 #define ASN1_F_ASN1_TIME_SET                             175
 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
 #define ASN1_F_ASN1_UNPACK_STRING                        136
+#define ASN1_F_ASN1_UTCTIME_ADJ                          218
 #define ASN1_F_ASN1_UTCTIME_SET                          187
 #define ASN1_F_ASN1_VERIFY                               137
-#define ASN1_F_B64_READ_ASN1                             208
+#define ASN1_F_B64_READ_ASN1                             209
-#define ASN1_F_B64_WRITE_ASN1                            209
+#define ASN1_F_B64_WRITE_ASN1                            210
+#define ASN1_F_BIO_NEW_NDEF                              208
 #define ASN1_F_BITSTR_CB                                 180
 #define ASN1_F_BN_TO_ASN1_ENUMERATED                     138
 #define ASN1_F_BN_TO_ASN1_INTEGER                        139
@@ -1176,6 +1241,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_ASN1_TYPE_BYTES                       149
 #define ASN1_F_D2I_ASN1_UINTEGER                         150
 #define ASN1_F_D2I_ASN1_UTCTIME                          151
+#define ASN1_F_D2I_AUTOPRIVATEKEY                        207
 #define ASN1_F_D2I_NETSCAPE_RSA                          152
 #define ASN1_F_D2I_NETSCAPE_RSA_2                        153
 #define ASN1_F_D2I_PRIVATEKEY                            154
@@ -1185,6 +1251,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_X509                                  156
 #define ASN1_F_D2I_X509_CINF                             157
 #define ASN1_F_D2I_X509_PKEY                             159
+#define ASN1_F_I2D_ASN1_BIO_STREAM                       211
 #define ASN1_F_I2D_ASN1_SET                              188
 #define ASN1_F_I2D_ASN1_TIME                             160
 #define ASN1_F_I2D_DSA_PUBKEY                            161
@@ -1196,10 +1263,11 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_LONG_C2I                                  166
 #define ASN1_F_OID_MODULE_INIT                           174
 #define ASN1_F_PARSE_TAGGING                             182
-#define ASN1_F_PKCS5_PBE2_SET                            167
+#define ASN1_F_PKCS5_PBE2_SET_IV                         167
 #define ASN1_F_PKCS5_PBE_SET                             202
-#define ASN1_F_SMIME_READ_ASN1                           210
+#define ASN1_F_PKCS5_PBE_SET0_ALGOR                      215
-#define ASN1_F_SMIME_TEXT                                211
+#define ASN1_F_SMIME_READ_ASN1                           212
+#define ASN1_F_SMIME_TEXT                                213
 #define ASN1_F_X509_CINF_NEW                             168
 #define ASN1_F_X509_CRL_ADD0_REVOKED                     169
 #define ASN1_F_X509_INFO_NEW                             170
@@ -1211,14 +1279,14 @@ void ERR_load_ASN1_strings(void);
 /* Reason codes. */
 #define ASN1_R_ADDING_OBJECT                             171
-#define ASN1_R_ASN1_PARSE_ERROR                          198
+#define ASN1_R_ASN1_PARSE_ERROR                          203
-#define ASN1_R_ASN1_SIG_PARSE_ERROR                      199
+#define ASN1_R_ASN1_SIG_PARSE_ERROR                      204
 #define ASN1_R_AUX_ERROR                                 100
 #define ASN1_R_BAD_CLASS                                 101
 #define ASN1_R_BAD_OBJECT_HEADER                         102
 #define ASN1_R_BAD_PASSWORD_READ                         103
 #define ASN1_R_BAD_TAG                                   104
-#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 210
+#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 214
 #define ASN1_R_BN_LIB                                    105
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
 #define ASN1_R_BUFFER_TOO_SMALL                          107
@@ -1227,6 +1295,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_DECODE_ERROR                              110
 #define ASN1_R_DECODING_ERROR                            111
 #define ASN1_R_DEPTH_EXCEEDED                            174
+#define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED         198
 #define ASN1_R_ENCODE_ERROR                              112
 #define ASN1_R_ERROR_GETTING_TIME                        173
 #define ASN1_R_ERROR_LOADING_SECTION                     172
@@ -1260,9 +1329,10 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
 #define ASN1_R_INVALID_BMPSTRING_LENGTH                  129
 #define ASN1_R_INVALID_DIGIT                             130
-#define ASN1_R_INVALID_MIME_TYPE                         200
+#define ASN1_R_INVALID_MIME_TYPE                         205
 #define ASN1_R_INVALID_MODIFIER                          186
 #define ASN1_R_INVALID_NUMBER                            187
+#define ASN1_R_INVALID_OBJECT_ENCODING                   216
 #define ASN1_R_INVALID_SEPARATOR                         131
 #define ASN1_R_INVALID_TIME_FORMAT                       132
 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
@@ -1270,9 +1340,9 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_IV_TOO_LARGE                              135
 #define ASN1_R_LENGTH_ERROR                              136
 #define ASN1_R_LIST_ERROR                                188
-#define ASN1_R_MIME_NO_CONTENT_TYPE                      201
+#define ASN1_R_MIME_NO_CONTENT_TYPE                      206
-#define ASN1_R_MIME_PARSE_ERROR                          202
+#define ASN1_R_MIME_PARSE_ERROR                          207
-#define ASN1_R_MIME_SIG_PARSE_ERROR                      203
+#define ASN1_R_MIME_SIG_PARSE_ERROR                      208
 #define ASN1_R_MISSING_EOC                               137
 #define ASN1_R_MISSING_SECOND_NUMBER                     138
 #define ASN1_R_MISSING_VALUE                             189
@@ -1282,11 +1352,12 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_NON_HEX_CHARACTERS                        141
 #define ASN1_R_NOT_ASCII_FORMAT                          190
 #define ASN1_R_NOT_ENOUGH_DATA                           142
-#define ASN1_R_NO_CONTENT_TYPE                           204
+#define ASN1_R_NO_CONTENT_TYPE                           209
+#define ASN1_R_NO_DEFAULT_DIGEST                         201
 #define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
-#define ASN1_R_NO_MULTIPART_BODY_FAILURE                 205
+#define ASN1_R_NO_MULTIPART_BODY_FAILURE                 210
-#define ASN1_R_NO_MULTIPART_BOUNDARY                     206
+#define ASN1_R_NO_MULTIPART_BOUNDARY                     211
-#define ASN1_R_NO_SIG_CONTENT_TYPE                       207
+#define ASN1_R_NO_SIG_CONTENT_TYPE                       212
 #define ASN1_R_NULL_IS_WRONG_LENGTH                      144
 #define ASN1_R_OBJECT_NOT_ASCII_FORMAT                   191
 #define ASN1_R_ODD_NUMBER_OF_CHARS                       145
@@ -1296,8 +1367,8 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                  149
 #define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG              192
 #define ASN1_R_SHORT_LINE                                150
-#define ASN1_R_SIG_INVALID_MIME_TYPE                     208
+#define ASN1_R_SIG_INVALID_MIME_TYPE                     213
-#define ASN1_R_STREAMING_NOT_SUPPORTED                   209
+#define ASN1_R_STREAMING_NOT_SUPPORTED                   202
 #define ASN1_R_STRING_TOO_LONG                           151
 #define ASN1_R_STRING_TOO_SHORT                          152
 #define ASN1_R_TAG_VALUE_TOO_HIGH                        153
@@ -1308,11 +1379,12 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                  157
 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY          158
 #define ASN1_R_UNEXPECTED_EOC                            159
-#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH           211
+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH           215
 #define ASN1_R_UNKNOWN_FORMAT                            160
 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
 #define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
 #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   163
+#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM               199
 #define ASN1_R_UNKNOWN_TAG                               194
 #define ASN1_R_UNKOWN_FORMAT                             195
 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE           164
@@ -1320,6 +1392,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM          166
 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
 #define ASN1_R_UNSUPPORTED_TYPE                          196
+#define ASN1_R_WRONG_PUBLIC_KEY_TYPE                     200
 #define ASN1_R_WRONG_TAG                                 168
 #define ASN1_R_WRONG_TYPE                                169
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_err.c b/src/lib/libssl/src/crypto/asn1/asn1_err.c
index 5f5de98eed..6e04d08f31 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_err.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -90,10 +90,11 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN),        "ASN1_ENUMERATED_to_BN"},
 {ERR_FUNC(ASN1_F_ASN1_EX_C2I),  "ASN1_EX_C2I"},
 {ERR_FUNC(ASN1_F_ASN1_FIND_END),        "ASN1_FIND_END"},
+{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ),     "ASN1_GENERALIZEDTIME_adj"},
 {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET),     "ASN1_GENERALIZEDTIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3),     "ASN1_generate_v3"},
 {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT),      "ASN1_get_object"},
-{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW),      "ASN1_HEADER_new"},
+{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW),      "ASN1_HEADER_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
 {ERR_FUNC(ASN1_F_ASN1_I2D_FP),  "ASN1_i2d_fp"},
 {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET),     "ASN1_INTEGER_set"},
@@ -112,7 +113,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),      "ASN1_OBJECT_new"},
 {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA),     "ASN1_OUTPUT_DATA"},
 {ERR_FUNC(ASN1_F_ASN1_PACK_STRING),     "ASN1_pack_string"},
-{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),        "ASN1_PCTX_NEW"},
+{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),        "ASN1_PCTX_new"},
 {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET),   "ASN1_PKCS5_PBE_SET"},
 {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK),        "ASN1_seq_pack"},
 {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK),      "ASN1_seq_unpack"},
@@ -124,14 +125,17 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW),    "ASN1_TEMPLATE_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I),      "ASN1_TEMPLATE_NOEXP_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_TIME_ADJ),        "ASN1_TIME_adj"},
 {ERR_FUNC(ASN1_F_ASN1_TIME_SET),        "ASN1_TIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),        "ASN1_TYPE_get_int_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING),    "ASN1_TYPE_get_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),   "ASN1_unpack_string"},
+{ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ),     "ASN1_UTCTIME_adj"},
 {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET),     "ASN1_UTCTIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_VERIFY),  "ASN1_verify"},
 {ERR_FUNC(ASN1_F_B64_READ_ASN1),        "B64_READ_ASN1"},
 {ERR_FUNC(ASN1_F_B64_WRITE_ASN1),       "B64_WRITE_ASN1"},
+{ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"},
 {ERR_FUNC(ASN1_F_BITSTR_CB),    "BITSTR_CB"},
 {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED),        "BN_to_ASN1_ENUMERATED"},
 {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER),   "BN_to_ASN1_INTEGER"},
@@ -143,13 +147,14 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN),     "d2i_ASN1_BOOLEAN"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES),       "d2i_ASN1_bytes"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME),     "D2I_ASN1_GENERALIZEDTIME"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER),      "d2i_ASN1_HEADER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER),      "D2I_ASN1_HEADER"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER),     "D2I_ASN1_INTEGER"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT),      "d2i_ASN1_OBJECT"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES),  "d2i_ASN1_type_bytes"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER),    "d2i_ASN1_UINTEGER"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME),     "D2I_ASN1_UTCTIME"},
+{ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY),   "d2i_AutoPrivateKey"},
 {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA),     "d2i_Netscape_RSA"},
 {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2),   "D2I_NETSCAPE_RSA_2"},
 {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY),       "d2i_PrivateKey"},
@@ -159,6 +164,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_D2I_X509),     "D2I_X509"},
 {ERR_FUNC(ASN1_F_D2I_X509_CINF),        "D2I_X509_CINF"},
 {ERR_FUNC(ASN1_F_D2I_X509_PKEY),        "d2i_X509_PKEY"},
+{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM),  "i2d_ASN1_bio_stream"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_TIME),        "I2D_ASN1_TIME"},
 {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY),       "i2d_DSA_PUBKEY"},
@@ -170,8 +176,9 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_LONG_C2I),     "LONG_C2I"},
 {ERR_FUNC(ASN1_F_OID_MODULE_INIT),      "OID_MODULE_INIT"},
 {ERR_FUNC(ASN1_F_PARSE_TAGGING),        "PARSE_TAGGING"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET),       "PKCS5_pbe2_set"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV),    "PKCS5_pbe2_set_iv"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE_SET),        "PKCS5_pbe_set"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"},
 {ERR_FUNC(ASN1_F_SMIME_READ_ASN1),      "SMIME_read_ASN1"},
 {ERR_FUNC(ASN1_F_SMIME_TEXT),   "SMIME_text"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),        "X509_CINF_NEW"},
@@ -204,6 +211,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_DECODE_ERROR)         ,"decode error"},
 {ERR_REASON(ASN1_R_DECODING_ERROR)       ,"decoding error"},
 {ERR_REASON(ASN1_R_DEPTH_EXCEEDED)       ,"depth exceeded"},
+{ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED),"digest and key type not supported"},
 {ERR_REASON(ASN1_R_ENCODE_ERROR)         ,"encode error"},
 {ERR_REASON(ASN1_R_ERROR_GETTING_TIME)   ,"error getting time"},
 {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
@@ -240,6 +248,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},
 {ERR_REASON(ASN1_R_INVALID_MODIFIER)     ,"invalid modifier"},
 {ERR_REASON(ASN1_R_INVALID_NUMBER)       ,"invalid number"},
+{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"},
 {ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
 {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT)  ,"invalid time format"},
 {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
@@ -260,6 +269,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT)     ,"not ascii format"},
 {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA)      ,"not enough data"},
 {ERR_REASON(ASN1_R_NO_CONTENT_TYPE)      ,"no content type"},
+{ERR_REASON(ASN1_R_NO_DEFAULT_DIGEST)    ,"no default digest"},
 {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
 {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
 {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
@@ -290,6 +300,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},
 {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
+{ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_TAG)          ,"unknown tag"},
 {ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unkown format"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
@@ -297,6 +308,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE)     ,"unsupported type"},
+{ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE),"wrong public key type"},
 {ERR_REASON(ASN1_R_WRONG_TAG)            ,"wrong tag"},
 {ERR_REASON(ASN1_R_WRONG_TYPE)           ,"wrong type"},
 {0,NULL}
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
index 5af559ef8d..1bcb44aee2 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -340,20 +340,31 @@ int asn1_GetSequence(ASN1_const_CTX *c, long *length)
        return(1);
        }
-ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)
+int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str)
        {
-        ASN1_STRING *ret;
+        if (str == NULL)
+                return 0;
+        dst->type = str->type;
+        if (!ASN1_STRING_set(dst,str->data,str->length))
+                return 0;
+        dst->flags = str->flags;
+        return 1;
+        }
-        if (str == NULL) return(NULL);
+ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str)
-        if ((ret=ASN1_STRING_type_new(str->type)) == NULL)
+        {
-                return(NULL);
+        ASN1_STRING *ret;
-        if (!ASN1_STRING_set(ret,str->data,str->length))
+        if (!str)
+                 return NULL;
+        ret=ASN1_STRING_new();
+        if (!ret)
+                return NULL;
+        if (!ASN1_STRING_copy(ret,str))
                {
                ASN1_STRING_free(ret);
-                return(NULL);
+                return NULL;
                }
-        ret->flags = str->flags;
+        return ret;
-        return(ret);
        }
 int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
@@ -427,11 +438,12 @@ ASN1_STRING *ASN1_STRING_type_new(int type)
 void ASN1_STRING_free(ASN1_STRING *a)
        {
        if (a == NULL) return;
-        if (a->data != NULL) OPENSSL_free(a->data);
+        if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
+                OPENSSL_free(a->data);
        OPENSSL_free(a);
        }
-int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
+int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
        {
        int i;
@@ -457,7 +469,7 @@ void asn1_add_error(const unsigned char *address, int offset)
        ERR_add_error_data(4,"address=",buf1," offset=",buf2);
        }
-int ASN1_STRING_length(ASN1_STRING *x)
+int ASN1_STRING_length(const ASN1_STRING *x)
 { return M_ASN1_STRING_length(x); }
 void ASN1_STRING_length_set(ASN1_STRING *x, int len)
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_mac.h b/src/lib/libssl/src/crypto/asn1/asn1_mac.h
index d958ca60d9..87bd0e9e1d 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_mac.h
+++ b/src/lib/libssl/src/crypto/asn1/asn1_mac.h
@@ -153,6 +153,13 @@ err:\
                M_ASN1_D2I_get(b,func); \
                }
+#define M_ASN1_D2I_get_int_opt(b,func,type) \
+        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
+                == (V_ASN1_UNIVERSAL|(type)))) \
+                { \
+                M_ASN1_D2I_get_int(b,func); \
+                }
 #define M_ASN1_D2I_get_imp(b,func, type) \
        M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
        c.q=c.p; \
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_par.c b/src/lib/libssl/src/crypto/asn1/asn1_par.c
index 8657f73d66..aaca69aebd 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_par.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_par.c
@@ -70,9 +70,8 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
             int indent)
        {
        static const char fmt[]="%-18s";
-        static const char fmt2[]="%2d %-15s";
        char str[128];
-        const char *p,*p2=NULL;
+        const char *p;
        if (constructed & V_ASN1_CONSTRUCTED)
                p="cons: ";
@@ -93,14 +92,8 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
        else
                p = ASN1_tag2str(tag);
-        if (p2 != NULL)
+        if (BIO_printf(bp,fmt,p) <= 0)
-                {
+                goto err;
-                if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;
-                }
-        else
-                {
-                if (BIO_printf(bp,fmt,p) <= 0) goto err;
-                }
        return(1);
 err:
        return(0);
@@ -246,7 +239,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
                                ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
                                if (ii < 0)
                                        {
-                                        if (BIO_write(bp,"Bad boolean\n",12))
+                                        if (BIO_write(bp,"Bad boolean\n",12) <= 0)
                                                goto end;
                                        }
                                BIO_printf(bp,":%d",ii);
@@ -424,7 +417,7 @@ end:
 const char *ASN1_tag2str(int tag)
 {
-        static const char *tag2str[] = {
+        static const char * const tag2str[] = {
         "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
         "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
         "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",      /* 10-13 */
diff --git a/src/lib/libssl/src/crypto/asn1/asn1t.h b/src/lib/libssl/src/crypto/asn1/asn1t.h
index ac14f9415b..d230e4bf70 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1t.h
+++ b/src/lib/libssl/src/crypto/asn1/asn1t.h
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -218,6 +218,18 @@ extern "C" {
                #stname \
        ASN1_ITEM_end(tname)
+#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_NDEF_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
 /* This pair helps declare a CHOICE type. We can do:
 *
@@ -651,8 +663,13 @@ typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM
 typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
 typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, 
+                                                int indent, const char *fname, 
+                                                const ASN1_PCTX *pctx);
 typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
 typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx);
 typedef struct ASN1_COMPAT_FUNCS_st {
        ASN1_new_func *asn1_new;
@@ -668,6 +685,7 @@ typedef struct ASN1_EXTERN_FUNCS_st {
        ASN1_ex_free_func *asn1_ex_clear;
        ASN1_ex_d2i *asn1_ex_d2i;
        ASN1_ex_i2d *asn1_ex_i2d;
+        ASN1_ex_print_func *asn1_ex_print;
 } ASN1_EXTERN_FUNCS;
 typedef struct ASN1_PRIMITIVE_FUNCS_st {
@@ -678,6 +696,7 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st {
        ASN1_ex_free_func *prim_clear;
        ASN1_primitive_c2i *prim_c2i;
        ASN1_primitive_i2c *prim_i2c;
+        ASN1_primitive_print *prim_print;
 } ASN1_PRIMITIVE_FUNCS;
 /* This is the ASN1_AUX structure: it handles various
@@ -697,7 +716,8 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st {
 * then an external type is more appropriate.
 */
-typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
+                                void *exarg);
 typedef struct ASN1_AUX_st {
        void *app_data;
@@ -708,6 +728,23 @@ typedef struct ASN1_AUX_st {
        int enc_offset;         /* Offset of ASN1_ENCODING structure */
 } ASN1_AUX;
+/* For print related callbacks exarg points to this structure */
+typedef struct ASN1_PRINT_ARG_st {
+        BIO *out;
+        int indent;
+        const ASN1_PCTX *pctx;
+} ASN1_PRINT_ARG;
+/* For streaming related callbacks exarg points to this structure */
+typedef struct ASN1_STREAM_ARG_st {
+        /* BIO to stream through */
+        BIO *out;
+        /* BIO with filters appended */
+        BIO *ndef_bio;
+        /* Streaming I/O boundary */
+        unsigned char **boundary;
+} ASN1_STREAM_ARG;
 /* Flags in ASN1_AUX */
 /* Use a reference count */
@@ -727,6 +764,12 @@ typedef struct ASN1_AUX_st {
 #define ASN1_OP_D2I_POST        5
 #define ASN1_OP_I2D_PRE         6
 #define ASN1_OP_I2D_POST        7
+#define ASN1_OP_PRINT_PRE       8
+#define ASN1_OP_PRINT_POST      9
+#define ASN1_OP_STREAM_PRE      10
+#define ASN1_OP_STREAM_POST     11
+#define ASN1_OP_DETACHED_PRE    12
+#define ASN1_OP_DETACHED_POST   13
 /* Macro to implement a primitive type */
 #define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
@@ -782,9 +825,22 @@ typedef struct ASN1_AUX_st {
 #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
                        IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
+                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
 #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
+#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
+        pre stname *fname##_new(void) \
+        { \
+                return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+        } \
+        pre void fname##_free(stname *a) \
+        { \
+                ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+        }
 #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
        stname *fname##_new(void) \
        { \
@@ -834,6 +890,17 @@ typedef struct ASN1_AUX_st {
        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
        }
+#define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \
+        IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname)
+#define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \
+        int fname##_print_ctx(BIO *out, stname *x, int indent, \
+                                                const ASN1_PCTX *pctx) \
+        { \
+                return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
+                        ASN1_ITEM_rptr(itname), pctx); \
+        } 
 #define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
                IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
diff --git a/src/lib/libssl/src/crypto/asn1/asn_pack.c b/src/lib/libssl/src/crypto/asn1/asn_pack.c
index f1a5a05632..ad738217d7 100644
--- a/src/lib/libssl/src/crypto/asn1/asn_pack.c
+++ b/src/lib/libssl/src/crypto/asn1/asn_pack.c
@@ -66,10 +66,10 @@
 /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
-                       d2i_of_void *d2i,void (*free_func)(void *))
+                         d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK))
 {
-    STACK *sk;
+    STACK_OF(OPENSSL_BLOCK) *sk;
    const unsigned char *pbuf;
    pbuf =  buf;
    if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
@@ -82,7 +82,7 @@ STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
 * OPENSSL_malloc'ed buffer
 */
-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
                             unsigned char **buf, int *len)
 {
        int safelen;
diff --git a/src/lib/libssl/src/crypto/asn1/charmap.h b/src/lib/libssl/src/crypto/asn1/charmap.h
index bd020a9562..b55e638725 100644
--- a/src/lib/libssl/src/crypto/asn1/charmap.h
+++ b/src/lib/libssl/src/crypto/asn1/charmap.h
@@ -2,7 +2,7 @@
 * Mask of various character properties
 */
-static unsigned char char_type[] = {
+static const unsigned char char_type[] = {
 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
 120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,
diff --git a/src/lib/libssl/src/crypto/asn1/d2i_pr.c b/src/lib/libssl/src/crypto/asn1/d2i_pr.c
index 207ccda5ac..2828944777 100644
--- a/src/lib/libssl/src/crypto/asn1/d2i_pr.c
+++ b/src/lib/libssl/src/crypto/asn1/d2i_pr.c
@@ -61,16 +61,12 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
-#ifndef OPENSSL_NO_RSA
+#include <openssl/engine.h>
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
 #endif
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include "asn1_locl.h"
 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
             long length)
@@ -85,47 +81,43 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
                        return(NULL);
                        }
                }
-        else    ret= *a;
+        else
-        ret->save_type=type;
-        ret->type=EVP_PKEY_type(type);
-        switch (ret->type)
                {
-#ifndef OPENSSL_NO_RSA
+                ret= *a;
-        case EVP_PKEY_RSA:
+#ifndef OPENSSL_NO_ENGINE
-                if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
+                if (ret->engine)
-                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
                        {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+                        ENGINE_finish(ret->engine);
-                        goto err;
+                        ret->engine = NULL;
                        }
-                break;
 #endif
-#ifndef OPENSSL_NO_DSA
+                }
-        case EVP_PKEY_DSA:
-                if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
+        if (!EVP_PKEY_set_type(ret, type))
-                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+                {
+                ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+                goto err;
+                }
+        if (!ret->ameth->old_priv_decode ||
+                        !ret->ameth->old_priv_decode(ret, pp, length))
+                {
+                if (ret->ameth->priv_decode) 
                        {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+                        PKCS8_PRIV_KEY_INFO *p8=NULL;
-                        goto err;
+                        p8=d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length);
-                        }
+                        if (!p8) goto err;
-                break;
+                        EVP_PKEY_free(ret);
-#endif
+                        ret = EVP_PKCS82PKEY(p8);
-#ifndef OPENSSL_NO_EC
+                        PKCS8_PRIV_KEY_INFO_free(p8);
-        case EVP_PKEY_EC:
-                if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, 
+                        } 
-                        (const unsigned char **)pp, length)) == NULL)
+                else 
                        {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
                        goto err;
                        }
-                break;
+                }       
-#endif
-        default:
-                ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
-                goto err;
-                /* break; */
-                }
        if (a != NULL) (*a)=ret;
        return(ret);
 err:
@@ -146,8 +138,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
         * by analyzing it we can determine the passed structure: this
         * assumes the input is surrounded by an ASN1 SEQUENCE.
         */
-        inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, 
+        inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
-                        ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
        /* Since we only need to discern "traditional format" RSA and DSA
         * keys we can just count the elements.
         */
@@ -155,6 +146,24 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
                keytype = EVP_PKEY_DSA;
        else if (sk_ASN1_TYPE_num(inkey) == 4)
                keytype = EVP_PKEY_EC;
+        else if (sk_ASN1_TYPE_num(inkey) == 3)  
+                { /* This seems to be PKCS8, not traditional format */
+                        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length);
+                        EVP_PKEY *ret;
+                        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+                        if (!p8) 
+                                {
+                                ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+                                return NULL;
+                                }
+                        ret = EVP_PKCS82PKEY(p8);
+                        PKCS8_PRIV_KEY_INFO_free(p8);
+                        if (a) {
+                                *a = ret;
+                        }       
+                        return ret;
+                }
        else keytype = EVP_PKEY_RSA;
        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
        return d2i_PrivateKey(keytype, a, pp, length);
diff --git a/src/lib/libssl/src/crypto/asn1/d2i_pu.c b/src/lib/libssl/src/crypto/asn1/d2i_pu.c
index 3694f51a8c..c8f39ceb03 100644
--- a/src/lib/libssl/src/crypto/asn1/d2i_pu.c
+++ b/src/lib/libssl/src/crypto/asn1/d2i_pu.c
@@ -87,9 +87,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
                }
        else    ret= *a;
-        ret->save_type=type;
+        if (!EVP_PKEY_set_type(ret, type))
-        ret->type=EVP_PKEY_type(type);
+                {
-        switch (ret->type)
+                ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
+                goto err;
+                }
+        switch (EVP_PKEY_id(ret))
                {
 #ifndef OPENSSL_NO_RSA
        case EVP_PKEY_RSA:
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_pr.c b/src/lib/libssl/src/crypto/asn1/i2d_pr.c
index 0be52c5b76..e398b62666 100644
--- a/src/lib/libssl/src/crypto/asn1/i2d_pr.c
+++ b/src/lib/libssl/src/crypto/asn1/i2d_pr.c
@@ -58,41 +58,22 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/bn.h>
 #include <openssl/evp.h>
-#include <openssl/objects.h>
+#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
+#include "asn1_locl.h"
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
        {
-#ifndef OPENSSL_NO_RSA
+        if (a->ameth && a->ameth->old_priv_encode)
-        if (a->type == EVP_PKEY_RSA)
                {
-                return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
+                return a->ameth->old_priv_encode(a, pp);
                }
-        else
+        if (a->ameth && a->ameth->priv_encode) {
-#endif
+                PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
-#ifndef OPENSSL_NO_DSA
+                int ret = i2d_PKCS8_PRIV_KEY_INFO(p8,pp);
-        if (a->type == EVP_PKEY_DSA)
+                PKCS8_PRIV_KEY_INFO_free(p8);
-                {
+                return ret;
-                return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
+        }       
-                }
-#endif
-#ifndef OPENSSL_NO_EC
-        if (a->type == EVP_PKEY_EC)
-                {
-                return(i2d_ECPrivateKey(a->pkey.ec, pp));
-                }
-#endif
        ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
        return(-1);
        }
diff --git a/src/lib/libssl/src/crypto/asn1/nsseq.c b/src/lib/libssl/src/crypto/asn1/nsseq.c
index e551c57d59..b8c4202230 100644
--- a/src/lib/libssl/src/crypto/asn1/nsseq.c
+++ b/src/lib/libssl/src/crypto/asn1/nsseq.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -62,7 +62,8 @@
 #include <openssl/x509.h>
 #include <openssl/objects.h>
-static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
 {
        if(operation == ASN1_OP_NEW_POST) {
                NETSCAPE_CERT_SEQUENCE *nsseq;
diff --git a/src/lib/libssl/src/crypto/asn1/p5_pbe.c b/src/lib/libssl/src/crypto/asn1/p5_pbe.c
index c4582f8041..94bc38b99f 100644
--- a/src/lib/libssl/src/crypto/asn1/p5_pbe.c
+++ b/src/lib/libssl/src/crypto/asn1/p5_pbe.c
@@ -71,61 +71,78 @@ ASN1_SEQUENCE(PBEPARAM) = {
 IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
-/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
+/* Set an algorithm identifier for a PKCS#5 PBE algorithm */
-             int saltlen)
-{
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                                const unsigned char *salt, int saltlen)
+        {
        PBEPARAM *pbe=NULL;
-        ASN1_OBJECT *al;
+        ASN1_STRING *pbe_str=NULL;
-        X509_ALGOR *algor;
+        unsigned char *sstr;
-        ASN1_TYPE *astype=NULL;
-        if (!(pbe = PBEPARAM_new ())) {
+        pbe = PBEPARAM_new();
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+        if (!pbe)
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                goto err;
-        }
+                }
-        if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+        if(iter <= 0)
-        if (!ASN1_INTEGER_set(pbe->iter, iter)) {
+                iter = PKCS5_DEFAULT_ITER;
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+        if (!ASN1_INTEGER_set(pbe->iter, iter))
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                goto err;
-        }
+                }
-        if (!saltlen) saltlen = PKCS5_SALT_LEN;
+        if (!saltlen)
-        if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
+                saltlen = PKCS5_SALT_LEN;
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+        if (!ASN1_STRING_set(pbe->salt, NULL, saltlen))
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                goto err;
-        }
+                }
-        pbe->salt->length = saltlen;
+        sstr = ASN1_STRING_data(pbe->salt);
-        if (salt) memcpy (pbe->salt->data, salt, saltlen);
+        if (salt)
-        else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
+                memcpy(sstr, salt, saltlen);
+        else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
                goto err;
-        if (!(astype = ASN1_TYPE_new())) {
+        if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str))
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                goto err;
-        }
+                }
-        astype->type = V_ASN1_SEQUENCE;
+        PBEPARAM_free(pbe);
-        if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM,
-                                &astype->value.sequence)) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        PBEPARAM_free (pbe);
        pbe = NULL;
-        
-        al = OBJ_nid2obj(alg); /* never need to free al */
-        if (!(algor = X509_ALGOR_new())) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        ASN1_OBJECT_free(algor->algorithm);
-        algor->algorithm = al;
-        algor->parameter = astype;
-        return (algor);
+        if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
+                return 1;
 err:
-        if (pbe != NULL) PBEPARAM_free(pbe);
+        if (pbe != NULL)
-        if (astype != NULL) ASN1_TYPE_free(astype);
+                PBEPARAM_free(pbe);
+        if (pbe_str != NULL)
+                ASN1_STRING_free(pbe_str);
+        return 0;
+        }
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                                const unsigned char *salt, int saltlen)
+        {
+        X509_ALGOR *ret;
+        ret = X509_ALGOR_new();
+        if (!ret)
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen)) 
+                return ret;
+        X509_ALGOR_free(ret);
        return NULL;
-}
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/p5_pbev2.c b/src/lib/libssl/src/crypto/asn1/p5_pbev2.c
index 2b0516afee..cb49b6651d 100644
--- a/src/lib/libssl/src/crypto/asn1/p5_pbev2.c
+++ b/src/lib/libssl/src/crypto/asn1/p5_pbev2.c
@@ -82,10 +82,13 @@ IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
 /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
 * yes I know this is horrible!
+ *
+ * Extended version to allow application supplied PRF NID and IV.
 */
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
-                                 unsigned char *salt, int saltlen)
+                                 unsigned char *salt, int saltlen,
+                                 unsigned char *aiv, int prf_nid)
 {
        X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
        int alg_nid;
@@ -98,7 +101,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        alg_nid = EVP_CIPHER_type(cipher);
        if(alg_nid == NID_undef) {
-                ASN1err(ASN1_F_PKCS5_PBE2_SET,
+                ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
                                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
                goto err;
        }
@@ -113,20 +116,33 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
        /* Create random IV */
-        if (EVP_CIPHER_iv_length(cipher) &&
+        if (EVP_CIPHER_iv_length(cipher))
-                RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+                {
-                goto err;
+                if (aiv)
+                        memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
+                else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+                        goto err;
+                }
        EVP_CIPHER_CTX_init(&ctx);
-        /* Dummy cipherinit to just setup the IV */
+        /* Dummy cipherinit to just setup the IV, and PRF */
        EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
        if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
-                ASN1err(ASN1_F_PKCS5_PBE2_SET,
+                ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
                                        ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
                EVP_CIPHER_CTX_cleanup(&ctx);
                goto err;
        }
+        /* If prf NID unspecified see if cipher has a preference.
+         * An error is OK here: just means use default PRF.
+         */
+        if ((prf_nid == -1) && 
+        EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0)
+                {
+                ERR_clear_error();
+                prf_nid = NID_hmacWithSHA1;
+                }
        EVP_CIPHER_CTX_cleanup(&ctx);
        if(!(kdf = PBKDF2PARAM_new())) goto merr;
@@ -154,7 +170,15 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
                                 EVP_CIPHER_key_length(cipher))) goto merr;
        }
-        /* prf can stay NULL because we are using hmacWithSHA1 */
+        /* prf can stay NULL if we are using hmacWithSHA1 */
+        if (prf_nid != NID_hmacWithSHA1)
+                {
+                kdf->prf = X509_ALGOR_new();
+                if (!kdf->prf)
+                        goto merr;
+                X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
+                                        V_ASN1_NULL, NULL);
+                }
        /* Now setup the PBE2PARAM keyfunc structure */
@@ -164,7 +188,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
-        if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM,
+        if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
                         &pbe2->keyfunc->parameter->value.sequence)) goto merr;
        pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
@@ -180,7 +204,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        /* Encode PBE2PARAM into parameter */
-        if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM,
+        if(!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
                                 &ret->parameter->value.sequence)) goto merr;
        ret->parameter->type = V_ASN1_SEQUENCE;
@@ -190,7 +214,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        return ret;
        merr:
-        ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE);
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,ERR_R_MALLOC_FAILURE);
        err:
        PBE2PARAM_free(pbe2);
@@ -203,3 +227,9 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        return NULL;
 }
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                                 unsigned char *salt, int saltlen)
+        {
+        return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/p8_pkey.c b/src/lib/libssl/src/crypto/asn1/p8_pkey.c
index 0a1957556e..17b68d386d 100644
--- a/src/lib/libssl/src/crypto/asn1/p8_pkey.c
+++ b/src/lib/libssl/src/crypto/asn1/p8_pkey.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -62,7 +62,8 @@
 #include <openssl/x509.h>
 /* Minor tweak to operation: zero private key data */
-static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
 {
        /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
        if(operation == ASN1_OP_FREE_PRE) {
@@ -82,3 +83,73 @@ ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
 } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
 IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
+int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+                                        int version,
+                                        int ptype, void *pval,
+                                        unsigned char *penc, int penclen)
+        {
+        unsigned char **ppenc = NULL;
+        if (version >= 0)
+                {
+                if (!ASN1_INTEGER_set(priv->version, version))
+                        return 0;
+                }
+        if (penc)
+                {
+                int pmtype;
+                ASN1_OCTET_STRING *oct;
+                oct = ASN1_OCTET_STRING_new();
+                if (!oct)
+                        return 0;
+                oct->data = penc;
+                ppenc = &oct->data;
+                oct->length = penclen;
+                if (priv->broken == PKCS8_NO_OCTET)
+                        pmtype = V_ASN1_SEQUENCE;
+                else
+                        pmtype = V_ASN1_OCTET_STRING;
+                ASN1_TYPE_set(priv->pkey, pmtype, oct);
+                }
+        if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval))
+                {
+                /* If call fails do not swallow 'enc' */
+                if (ppenc)
+                        *ppenc = NULL;
+                return 0;
+                }
+        return 1;
+        }
+int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
+                const unsigned char **pk, int *ppklen,
+                X509_ALGOR **pa,
+                PKCS8_PRIV_KEY_INFO *p8)
+        {
+        if (ppkalg)
+                *ppkalg = p8->pkeyalg->algorithm;
+        if(p8->pkey->type == V_ASN1_OCTET_STRING)
+                {
+                p8->broken = PKCS8_OK;
+                if (pk)
+                        {
+                        *pk = p8->pkey->value.octet_string->data;
+                        *ppklen = p8->pkey->value.octet_string->length;
+                        }
+                }
+        else if (p8->pkey->type == V_ASN1_SEQUENCE)
+                {
+                p8->broken = PKCS8_NO_OCTET;
+                if (pk)
+                        {
+                        *pk = p8->pkey->value.sequence->data;
+                        *ppklen = p8->pkey->value.sequence->length;
+                        }
+                }
+        else
+                return 0;
+        if (pa)
+                *pa = p8->pkeyalg;
+        return 1;
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/t_pkey.c b/src/lib/libssl/src/crypto/asn1/t_pkey.c
index afb95d6712..9dd18f6579 100644
--- a/src/lib/libssl/src/crypto/asn1/t_pkey.c
+++ b/src/lib/libssl/src/crypto/asn1/t_pkey.c
@@ -55,520 +55,15 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-static int print(BIO *fp,const char *str, const BIGNUM *num,
-                unsigned char *buf,int off);
-#ifndef OPENSSL_NO_EC
-static int print_bin(BIO *fp, const char *str, const unsigned char *num,
-                size_t len, int off);
-#endif
-#ifndef OPENSSL_NO_RSA
-#ifndef OPENSSL_NO_FP_API
-int RSA_print_fp(FILE *fp, const RSA *x, int off)
-        {
-        BIO *b;
-        int ret;
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=RSA_print(b,x,off);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-int RSA_print(BIO *bp, const RSA *x, int off)
-        {
-        char str[128];
-        const char *s;
-        unsigned char *m=NULL;
-        int ret=0, mod_len = 0;
-        size_t buf_len=0, i;
-        if (x->n)
-                buf_len = (size_t)BN_num_bytes(x->n);
-        if (x->e)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
-                        buf_len = i;
-        if (x->d)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
-                        buf_len = i;
-        if (x->p)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
-                        buf_len = i;
-        if (x->q)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-                        buf_len = i;
-        if (x->dmp1)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
-                        buf_len = i;
-        if (x->dmq1)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
-                        buf_len = i;
-        if (x->iqmp)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
-                        buf_len = i;
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        if (x->n != NULL)
-                mod_len = BN_num_bits(x->n);
-        if (x->d != NULL)
-                {
-                if(!BIO_indent(bp,off,128))
-                   goto err;
-                if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
-                        <= 0) goto err;
-                }
-        if (x->d == NULL)
-                BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len);
-        else
-                BUF_strlcpy(str,"modulus:",sizeof str);
-        if (!print(bp,str,x->n,m,off)) goto err;
-        s=(x->d == NULL)?"Exponent:":"publicExponent:";
-        if ((x->e != NULL) && !print(bp,s,x->e,m,off))
-                goto err;
-        if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off))
-                goto err;
-        if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off))
-                goto err;
-        if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off))
-                goto err;
-        if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off))
-                goto err;
-        if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off))
-                goto err;
-        if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off))
-                goto err;
-        ret=1;
-err:
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-#endif /* OPENSSL_NO_RSA */
-#ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
-int DSA_print_fp(FILE *fp, const DSA *x, int off)
-        {
-        BIO *b;
-        int ret;
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DSA_print(b,x,off);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-int DSA_print(BIO *bp, const DSA *x, int off)
-        {
-        unsigned char *m=NULL;
-        int ret=0;
-        size_t buf_len=0,i;
-        if (x->p)
-                buf_len = (size_t)BN_num_bytes(x->p);
-        else
-                {
-                DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
-                goto err;
-                }
-        if (x->q)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-                        buf_len = i;
-        if (x->g)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-                        buf_len = i;
-        if (x->priv_key)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
-                        buf_len = i;
-        if (x->pub_key)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
-                        buf_len = i;
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        if (x->priv_key != NULL)
-                {
-                if(!BIO_indent(bp,off,128))
-                   goto err;
-                if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
-                        <= 0) goto err;
-                }
-        if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off))
-                goto err;
-        if ((x->pub_key  != NULL) && !print(bp,"pub: ",x->pub_key,m,off))
-                goto err;
-        if ((x->p != NULL) && !print(bp,"P:   ",x->p,m,off)) goto err;
-        if ((x->q != NULL) && !print(bp,"Q:   ",x->q,m,off)) goto err;
-        if ((x->g != NULL) && !print(bp,"G:   ",x->g,m,off)) goto err;
-        ret=1;
-err:
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-#endif /* !OPENSSL_NO_DSA */
-#ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
-int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
-        {
-        BIO *b;
-        int ret;
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b, fp, BIO_NOCLOSE);
-        ret = ECPKParameters_print(b, x, off);
-        BIO_free(b);
-        return(ret);
-        }
-int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
-        {
-        BIO *b;
-        int ret;
- 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
-                return(0);
-                }
-        BIO_set_fp(b, fp, BIO_NOCLOSE);
-        ret = EC_KEY_print(b, x, off);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
-        {
-        unsigned char *buffer=NULL;
-        size_t  buf_len=0, i;
-        int     ret=0, reason=ERR_R_BIO_LIB;
-        BN_CTX  *ctx=NULL;
-        const EC_POINT *point=NULL;
-        BIGNUM  *p=NULL, *a=NULL, *b=NULL, *gen=NULL,
-                *order=NULL, *cofactor=NULL;
-        const unsigned char *seed;
-        size_t  seed_len=0;
-        
-        static const char *gen_compressed = "Generator (compressed):";
-        static const char *gen_uncompressed = "Generator (uncompressed):";
-        static const char *gen_hybrid = "Generator (hybrid):";
- 
-        if (!x)
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;
-                goto err;
-                }
-        if (EC_GROUP_get_asn1_flag(x))
-                {
-                /* the curve parameter are given by an asn1 OID */
-                int nid;
-                if (!BIO_indent(bp, off, 128))
-                        goto err;
-                nid = EC_GROUP_get_curve_name(x);
-                if (nid == 0)
-                        goto err;
-                if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
-                        goto err;
-                if (BIO_printf(bp, "\n") <= 0)
-                        goto err;
-                }
-        else
-                {
-                /* explicit parameters */
-                int is_char_two = 0;
-                point_conversion_form_t form;
-                int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
-                if (tmp_nid == NID_X9_62_characteristic_two_field)
-                        is_char_two = 1;
-                if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
-                        (b = BN_new()) == NULL || (order = BN_new()) == NULL ||
-                        (cofactor = BN_new()) == NULL)
-                        {
-                        reason = ERR_R_MALLOC_FAILURE;
-                        goto err;
-                        }
-                if (is_char_two)
-                        {
-                        if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
-                                {
-                                reason = ERR_R_EC_LIB;
-                                goto err;
-                                }
-                        }
-                else /* prime field */
-                        {
-                        if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
-                                {
-                                reason = ERR_R_EC_LIB;
-                                goto err;
-                                }
-                        }
-                if ((point = EC_GROUP_get0_generator(x)) == NULL)
-                        {
-                        reason = ERR_R_EC_LIB;
-                        goto err;
-                        }
-                if (!EC_GROUP_get_order(x, order, NULL) || 
-                        !EC_GROUP_get_cofactor(x, cofactor, NULL))
-                        {
-                        reason = ERR_R_EC_LIB;
-                        goto err;
-                        }
-                
-                form = EC_GROUP_get_point_conversion_form(x);
-                if ((gen = EC_POINT_point2bn(x, point, 
-                                form, NULL, ctx)) == NULL)
-                        {
-                        reason = ERR_R_EC_LIB;
-                        goto err;
-                        }
-                buf_len = (size_t)BN_num_bytes(p);
-                if (buf_len < (i = (size_t)BN_num_bytes(a)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(b)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(gen)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(order)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) 
-                        buf_len = i;
-                if ((seed = EC_GROUP_get0_seed(x)) != NULL)
-                        seed_len = EC_GROUP_get_seed_len(x);
-                buf_len += 10;
-                if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-                        {
-                        reason = ERR_R_MALLOC_FAILURE;
-                        goto err;
-                        }
-                if (!BIO_indent(bp, off, 128))
-                        goto err;
-                /* print the 'short name' of the field type */
-                if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
-                        <= 0)
-                        goto err;  
-                if (is_char_two)
-                        {
-                        /* print the 'short name' of the base type OID */
-                        int basis_type = EC_GROUP_get_basis_type(x);
-                        if (basis_type == 0)
-                                goto err;
-                        if (!BIO_indent(bp, off, 128))
-                                goto err;
-                        if (BIO_printf(bp, "Basis Type: %s\n", 
-                                OBJ_nid2sn(basis_type)) <= 0)
-                                goto err;
-                        /* print the polynomial */
-                        if ((p != NULL) && !print(bp, "Polynomial:", p, buffer,
-                                off))
-                                goto err;
-                        }
-                else
-                        {
-                        if ((p != NULL) && !print(bp, "Prime:", p, buffer,off))
-                                goto err;
-                        }
-                if ((a != NULL) && !print(bp, "A:   ", a, buffer, off)) 
-                        goto err;
-                if ((b != NULL) && !print(bp, "B:   ", b, buffer, off))
-                        goto err;
-                if (form == POINT_CONVERSION_COMPRESSED)
-                        {
-                        if ((gen != NULL) && !print(bp, gen_compressed, gen,
-                                buffer, off))
-                                goto err;
-                        }
-                else if (form == POINT_CONVERSION_UNCOMPRESSED)
-                        {
-                        if ((gen != NULL) && !print(bp, gen_uncompressed, gen,
-                                buffer, off))
-                                goto err;
-                        }
-                else /* form == POINT_CONVERSION_HYBRID */
-                        {
-                        if ((gen != NULL) && !print(bp, gen_hybrid, gen,
-                                buffer, off))
-                                goto err;
-                        }
-                if ((order != NULL) && !print(bp, "Order: ", order, 
-                        buffer, off)) goto err;
-                if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, 
-                        buffer, off)) goto err;
-                if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
-                        goto err;
-                }
-        ret=1;
-err:
-        if (!ret)
-                ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
-        if (p) 
-                BN_free(p);
-        if (a) 
-                BN_free(a);
-        if (b)
-                BN_free(b);
-        if (gen)
-                BN_free(gen);
-        if (order)
-                BN_free(order);
-        if (cofactor)
-                BN_free(cofactor);
-        if (ctx)
-                BN_CTX_free(ctx);
-        if (buffer != NULL) 
-                OPENSSL_free(buffer);
-        return(ret);    
-        }
-int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
+int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
-        {
+                        unsigned char *buf, int off)
-        unsigned char *buffer=NULL;
-        size_t  buf_len=0, i;
-        int     ret=0, reason=ERR_R_BIO_LIB;
-        BIGNUM  *pub_key=NULL, *order=NULL;
-        BN_CTX  *ctx=NULL;
-        const EC_GROUP *group;
-        const EC_POINT *public_key;
-        const BIGNUM *priv_key;
- 
-        if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;
-                goto err;
-                }
-        public_key = EC_KEY_get0_public_key(x);
-        if ((pub_key = EC_POINT_point2bn(group, public_key,
-                EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
-                {
-                reason = ERR_R_EC_LIB;
-                goto err;
-                }
-        buf_len = (size_t)BN_num_bytes(pub_key);
-        priv_key = EC_KEY_get0_private_key(x);
-        if (priv_key != NULL)
-                {
-                if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len)
-                        buf_len = i;
-                }
-        buf_len += 10;
-        if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-                {
-                reason = ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-        if (priv_key != NULL)
-                {
-                if (!BIO_indent(bp, off, 128))
-                        goto err;
-                if ((order = BN_new()) == NULL)
-                        goto err;
-                if (!EC_GROUP_get_order(group, order, NULL))
-                        goto err;
-                if (BIO_printf(bp, "Private-Key: (%d bit)\n", 
-                        BN_num_bits(order)) <= 0) goto err;
-                }
-  
-        if ((priv_key != NULL) && !print(bp, "priv:", priv_key, 
-                buffer, off))
-                goto err;
-        if ((pub_key != NULL) && !print(bp, "pub: ", pub_key,
-                buffer, off))
-                goto err;
-        if (!ECPKParameters_print(bp, group, off))
-                goto err;
-        ret=1;
-err:
-        if (!ret)
-                ECerr(EC_F_EC_KEY_PRINT, reason);
-        if (pub_key) 
-                BN_free(pub_key);
-        if (order)
-                BN_free(order);
-        if (ctx)
-                BN_CTX_free(ctx);
-        if (buffer != NULL)
-                OPENSSL_free(buffer);
-        return(ret);
-        }
-#endif /* OPENSSL_NO_EC */
-static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf,
-             int off)
        {
        int n,i;
        const char *neg;
@@ -617,223 +112,3 @@ static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *
                }
        return(1);
        }
-#ifndef OPENSSL_NO_EC
-static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
-                size_t len, int off)
-        {
-        size_t i;
-        char str[128];
-        if (buf == NULL)
-                return 1;
-        if (off)
-                {
-                if (off > 128)
-                        off=128;
-                memset(str,' ',off);
-                if (BIO_write(fp, str, off) <= 0)
-                        return 0;
-                }
-        if (BIO_printf(fp,"%s", name) <= 0)
-                return 0;
-        for (i=0; i<len; i++)
-                {
-                if ((i%15) == 0)
-                        {
-                        str[0]='\n';
-                        memset(&(str[1]),' ',off+4);
-                        if (BIO_write(fp, str, off+1+4) <= 0)
-                                return 0;
-                        }
-                if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0)
-                        return 0;
-                }
-        if (BIO_write(fp,"\n",1) <= 0)
-                return 0;
-        return 1;
-        }
-#endif
-#ifndef OPENSSL_NO_DH
-#ifndef OPENSSL_NO_FP_API
-int DHparams_print_fp(FILE *fp, const DH *x)
-        {
-        BIO *b;
-        int ret;
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DHparams_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-int DHparams_print(BIO *bp, const DH *x)
-        {
-        unsigned char *m=NULL;
-        int reason=ERR_R_BUF_LIB,ret=0;
-        size_t buf_len=0, i;
-        if (x->p)
-                buf_len = (size_t)BN_num_bytes(x->p);
-        else
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;
-                goto err;
-                }
-        if (x->g)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-                        buf_len = i;
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                reason=ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-        if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n",
-                BN_num_bits(x->p)) <= 0)
-                goto err;
-        if (!print(bp,"prime:",x->p,m,4)) goto err;
-        if (!print(bp,"generator:",x->g,m,4)) goto err;
-        if (x->length != 0)
-                {
-                if (BIO_printf(bp,"    recommended-private-length: %d bits\n",
-                        (int)x->length) <= 0) goto err;
-                }
-        ret=1;
-        if (0)
-                {
-err:
-                DHerr(DH_F_DHPARAMS_PRINT,reason);
-                }
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-#endif
-#ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
-int DSAparams_print_fp(FILE *fp, const DSA *x)
-        {
-        BIO *b;
-        int ret;
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DSAparams_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-int DSAparams_print(BIO *bp, const DSA *x)
-        {
-        unsigned char *m=NULL;
-        int ret=0;
-        size_t buf_len=0,i;
-        if (x->p)
-                buf_len = (size_t)BN_num_bytes(x->p);
-        else
-                {
-                DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS);
-                goto err;
-                }
-        if (x->q)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-                        buf_len = i;
-        if (x->g)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-                        buf_len = i;
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n",
-                BN_num_bits(x->p)) <= 0)
-                goto err;
-        if (!print(bp,"p:",x->p,m,4)) goto err;
-        if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err;
-        if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err;
-        ret=1;
-err:
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-#endif /* !OPENSSL_NO_DSA */
-#ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
-int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
-        {
-        BIO *b;
-        int ret;
- 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
-                return(0);
-                }
-        BIO_set_fp(b, fp, BIO_NOCLOSE);
-        ret = ECParameters_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-int ECParameters_print(BIO *bp, const EC_KEY *x)
-        {
-        int     reason=ERR_R_EC_LIB, ret=0;
-        BIGNUM  *order=NULL;
-        const EC_GROUP *group;
- 
-        if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;;
-                goto err;
-                }
-        if ((order = BN_new()) == NULL)
-                {
-                reason = ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-        if (!EC_GROUP_get_order(group, order, NULL))
-                {
-                reason = ERR_R_EC_LIB;
-                goto err;
-                }
- 
-        if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", 
-                BN_num_bits(order)) <= 0)
-                goto err;
-        if (!ECPKParameters_print(bp, group, 4))
-                goto err;
-        ret=1;
-err:
-        if (order)
-                BN_free(order);
-        ECerr(EC_F_ECPARAMETERS_PRINT, reason);
-        return(ret);
-        }
-  
-#endif
diff --git a/src/lib/libssl/src/crypto/asn1/t_req.c b/src/lib/libssl/src/crypto/asn1/t_req.c
index 5557e06584..ea1794e3e0 100644
--- a/src/lib/libssl/src/crypto/asn1/t_req.c
+++ b/src/lib/libssl/src/crypto/asn1/t_req.c
@@ -149,34 +149,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
                        ERR_print_errors(bp);
                        }
                else
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                        {
-                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-                        BN_num_bits(pkey->pkey.rsa->n));
-                        RSA_print(bp,pkey->pkey.rsa,16);
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
                        {
-                        BIO_printf(bp,"%12sDSA Public Key:\n","");
+                        EVP_PKEY_print_public(bp, pkey, 16, NULL);
-                        DSA_print(bp,pkey->pkey.dsa,16);
+                        EVP_PKEY_free(pkey);
                        }
-                else
-#endif
-#ifndef OPENSSL_NO_EC
-                if (pkey->type == EVP_PKEY_EC)
-                {
-                        BIO_printf(bp, "%12sEC Public Key: \n","");
-                        EC_KEY_print(bp, pkey->pkey.ec, 16);
-                }
-        else
-#endif
-                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
-                EVP_PKEY_free(pkey);
                }
        if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
diff --git a/src/lib/libssl/src/crypto/asn1/t_spki.c b/src/lib/libssl/src/crypto/asn1/t_spki.c
index a73369b949..079c081a81 100644
--- a/src/lib/libssl/src/crypto/asn1/t_spki.c
+++ b/src/lib/libssl/src/crypto/asn1/t_spki.c
@@ -82,36 +82,11 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
                                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
        pkey = X509_PUBKEY_get(spki->spkac->pubkey);
        if(!pkey) BIO_printf(out, "  Unable to load public key\n");
-        else {
+        else
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                        {
-                        BIO_printf(out,"  RSA Public Key: (%d bit)\n",
-                                BN_num_bits(pkey->pkey.rsa->n));
-                        RSA_print(out,pkey->pkey.rsa,2);
-                        }
-                else 
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                {
-                BIO_printf(out,"  DSA Public Key:\n");
-                DSA_print(out,pkey->pkey.dsa,2);
-                }
-                else
-#endif
-#ifndef OPENSSL_NO_EC
-                if (pkey->type == EVP_PKEY_EC)
                {
-                        BIO_printf(out, "  EC Public Key:\n");
+                EVP_PKEY_print_public(out, pkey, 4, NULL);
-                        EC_KEY_print(out, pkey->pkey.ec,2);
-                }
-                else
-#endif
-                        BIO_printf(out,"  Unknown Public Key:\n");
                EVP_PKEY_free(pkey);
-        }
+                }
        chal = spki->spkac->challenge;
        if(chal->length)
                BIO_printf(out, "  Challenge String: %s\n", chal->data);
diff --git a/src/lib/libssl/src/crypto/asn1/t_x509.c b/src/lib/libssl/src/crypto/asn1/t_x509.c
index 8f746f9c05..e061f2ffad 100644
--- a/src/lib/libssl/src/crypto/asn1/t_x509.c
+++ b/src/lib/libssl/src/crypto/asn1/t_x509.c
@@ -111,7 +111,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
        ASN1_INTEGER *bs;
        EVP_PKEY *pkey=NULL;
        const char *neg;
-        ASN1_STRING *str=NULL;
        if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
                        mlch = '\n';
@@ -215,34 +214,10 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
                        ERR_print_errors(bp);
                        }
                else
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                        {
-                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-                        BN_num_bits(pkey->pkey.rsa->n));
-                        RSA_print(bp,pkey->pkey.rsa,16);
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                        {
-                        BIO_printf(bp,"%12sDSA Public Key:\n","");
-                        DSA_print(bp,pkey->pkey.dsa,16);
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_EC
-                if (pkey->type == EVP_PKEY_EC)
                        {
-                        BIO_printf(bp, "%12sEC Public Key:\n","");
+                        EVP_PKEY_print_public(bp, pkey, 16, NULL);
-                        EC_KEY_print(bp, pkey->pkey.ec, 16);
+                        EVP_PKEY_free(pkey);
                        }
-                else
-#endif
-                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
-                EVP_PKEY_free(pkey);
                }
        if (!(cflag & X509_FLAG_NO_EXTENSIONS))
@@ -259,7 +234,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
                }
        ret=1;
 err:
-        if (str != NULL) ASN1_STRING_free(str);
        if (m != NULL) OPENSSL_free(m);
        return(ret);
        }
@@ -329,14 +303,15 @@ int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
        return 1;
 }
-int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
        {
        int i,n;
-        char buf[80],*p;
+        char buf[80];
+        const char *p;
        if (v == NULL) return(0);
        n=0;
-        p=(char *)v->data;
+        p=(const char *)v->data;
        for (i=0; i<v->length; i++)
                {
                if ((p[i] > '~') || ((p[i] < ' ') &&
@@ -358,7 +333,7 @@ int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
        return(1);
        }
-int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm)
+int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
 {
        if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
        if(tm->type == V_ASN1_GENERALIZEDTIME)
@@ -373,12 +348,14 @@ static const char *mon[12]=
    "Jul","Aug","Sep","Oct","Nov","Dec"
    };
-int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
+int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
        {
        char *v;
        int gmt=0;
        int i;
        int y=0,M=0,d=0,h=0,m=0,s=0;
+        char *f = NULL;
+        int f_len = 0;
        i=tm->length;
        v=(char *)tm->data;
@@ -396,10 +373,21 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
        if (tm->length >= 14 &&
            (v[12] >= '0') && (v[12] <= '9') &&
            (v[13] >= '0') && (v[13] <= '9'))
+                {
                s=  (v[12]-'0')*10+(v[13]-'0');
+                /* Check for fractions of seconds. */
+                if (tm->length >= 15 && v[14] == '.')
+                        {
+                        int l = tm->length;
+                        f = &v[14];     /* The decimal point. */
+                        f_len = 1;
+                        while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
+                                ++f_len;
+                        }
+                }
-        if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
+        if (BIO_printf(bp,"%s %2d %02d:%02d:%02d%.*s %d%s",
-                mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0)
+                mon[M-1],d,h,m,s,f_len,f,y,(gmt)?" GMT":"") <= 0)
                return(0);
        else
                return(1);
@@ -408,15 +396,15 @@ err:
        return(0);
        }
-int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
+int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
        {
-        char *v;
+        const char *v;
        int gmt=0;
        int i;
        int y=0,M=0,d=0,h=0,m=0,s=0;
        i=tm->length;
-        v=(char *)tm->data;
+        v=(const char *)tm->data;
        if (i < 10) goto err;
        if (v[i-1] == 'Z') gmt=1;
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index 48bc1c0d4d..3bee439968 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -114,6 +114,8 @@ unsigned long ASN1_tag2bit(int tag)
 /* Macro to initialize and invalidate the cache */
 #define asn1_tlc_clear(c)       if (c) (c)->valid = 0
+/* Version to avoid compiler warning about 'c' always non-NULL */
+#define asn1_tlc_clear_nc(c)    (c)->valid = 0
 /* Decode an ASN1 item, this currently behaves just 
 * like a standard 'd2i' function. 'in' points to 
@@ -130,7 +132,7 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
        ASN1_VALUE *ptmpval = NULL;
        if (!pval)
                pval = &ptmpval;
-        c.valid = 0;
+        asn1_tlc_clear_nc(&c);
        if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
                return *pval;
        return NULL;
@@ -140,7 +142,7 @@ int ASN1_template_d2i(ASN1_VALUE **pval,
                const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
        {
        ASN1_TLC c;
-        c.valid = 0;
+        asn1_tlc_clear_nc(&c);
        return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
        }
@@ -306,7 +308,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                case ASN1_ITYPE_CHOICE:
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
                                goto auxerr;
                /* Allocate structure */
@@ -356,7 +358,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                asn1_set_choice_selector(pval, i, it);
                *in = p;
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
                                goto auxerr;
                return 1;
@@ -403,7 +405,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                        goto err;
                        }
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
                                goto auxerr;
                /* Get each field entry */
@@ -505,7 +507,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                if (!asn1_enc_save(pval, *in, p - *in, it))
                        goto auxerr;
                *in = p;
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
                                goto auxerr;
                return 1;
@@ -665,11 +667,12 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
                else
                        {
                        /* We've got a valid STACK: free up any items present */
-                        STACK *sktmp = (STACK *)*val;
+                        STACK_OF(ASN1_VALUE) *sktmp
+                            = (STACK_OF(ASN1_VALUE) *)*val;
                        ASN1_VALUE *vtmp;
-                        while(sk_num(sktmp) > 0)
+                        while(sk_ASN1_VALUE_num(sktmp) > 0)
                                {
-                                vtmp = (ASN1_VALUE *)sk_pop(sktmp);
+                                vtmp = sk_ASN1_VALUE_pop(sktmp);
                                ASN1_item_ex_free(&vtmp,
                                                ASN1_ITEM_ptr(tt->item));
                                }
@@ -710,7 +713,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
                                goto err;
                                }
                        len -= p - q;
-                        if (!sk_push((STACK *)*val, (char *)skfield))
+                        if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val,
+                                                skfield))
                                {
                                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
                                                ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_enc.c b/src/lib/libssl/src/crypto/asn1/tasn_enc.c
index 2721f904a6..936ad1f767 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_enc.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_enc.c
@@ -158,7 +158,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
                case ASN1_ITYPE_CHOICE:
-                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
                                return 0;
                i = asn1_get_choice_selector(pval, it);
                if ((i >= 0) && (i < it->tcount))
@@ -171,7 +171,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                                                                -1, aclass);
                        }
                /* Fixme: error condition if selector out of range */
-                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
                                return 0;
                break;
@@ -216,7 +216,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                        aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
                                        | V_ASN1_UNIVERSAL;
                        }
-                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
                                return 0;
                /* First work out sequence content length */
                for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
@@ -250,7 +250,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                        }
                if (ndef == 2)
                        ASN1_put_eoc(out);
-                if (asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
                                return 0;
                return seqlen;
@@ -569,7 +569,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
        ASN1_STRING *strtmp;
        ASN1_OBJECT *otmp;
        int utype;
-        unsigned char *cont, c;
+        const unsigned char *cont;
+        unsigned char c;
        int len;
        const ASN1_PRIMITIVE_FUNCS *pf;
        pf = it->funcs;
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_fre.c b/src/lib/libssl/src/crypto/asn1/tasn_fre.c
index d7c017fa1d..77d3092d31 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_fre.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_fre.c
@@ -110,7 +110,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                case ASN1_ITYPE_CHOICE:
                if (asn1_cb)
                        {
-                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
                        if (i == 2)
                                return;
                        }
@@ -123,7 +123,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                        ASN1_template_free(pchval, tt);
                        }
                if (asn1_cb)
-                        asn1_cb(ASN1_OP_FREE_POST, pval, it);
+                        asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
                if (!combine)
                        {
                        OPENSSL_free(*pval);
@@ -149,7 +149,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                        return;
                if (asn1_cb)
                        {
-                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
                        if (i == 2)
                                return;
                        }               
@@ -170,7 +170,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                        ASN1_template_free(pseqval, seqtt);
                        }
                if (asn1_cb)
-                        asn1_cb(ASN1_OP_FREE_POST, pval, it);
+                        asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
                if (!combine)
                        {
                        OPENSSL_free(*pval);
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_new.c b/src/lib/libssl/src/crypto/asn1/tasn_new.c
index 5c6a2ebd4d..0d9e78cc7c 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_new.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_new.c
@@ -68,7 +68,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                                                                int combine);
 static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
 ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
        {
@@ -146,7 +146,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                case ASN1_ITYPE_CHOICE:
                if (asn1_cb)
                        {
-                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
                        if (!i)
                                goto auxerr;
                        if (i==2)
@@ -166,7 +166,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                        memset(*pval, 0, it->size);
                        }
                asn1_set_choice_selector(pval, -1, it);
-                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
                                goto auxerr;
                break;
@@ -174,7 +174,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                case ASN1_ITYPE_SEQUENCE:
                if (asn1_cb)
                        {
-                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
                        if (!i)
                                goto auxerr;
                        if (i==2)
@@ -201,7 +201,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                        if (!ASN1_template_new(pseqval, tt))
                                goto memerr;
                        }
-                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
                                goto auxerr;
                break;
        }
@@ -325,6 +325,7 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
        {
        ASN1_TYPE *typ;
+        ASN1_STRING *str;
        int utype;
        if (it && it->funcs)
@@ -345,10 +346,7 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
                return 1;
                case V_ASN1_BOOLEAN:
-                if (it)
+                *(ASN1_BOOLEAN *)pval = it->size;
-                        *(ASN1_BOOLEAN *)pval = it->size;
-                else
-                        *(ASN1_BOOLEAN *)pval = -1;
                return 1;
                case V_ASN1_NULL:
@@ -365,7 +363,10 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
                break;
                default:
-                *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
+                str = ASN1_STRING_type_new(utype);
+                if (it->itype == ASN1_ITYPE_MSTRING && str)
+                        str->flags |= ASN1_STRING_FLAG_MSTRING;
+                *pval = (ASN1_VALUE *)str;
                break;
                }
        if (*pval)
@@ -373,7 +374,7 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
        return 0;
        }
-void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
        {
        int utype;
        if (it && it->funcs)
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_prn.c b/src/lib/libssl/src/crypto/asn1/tasn_prn.c
index b9c96a6dbe..453698012d 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_prn.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_prn.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000,2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -58,141 +58,570 @@
 #include <stddef.h>
+#include "cryptlib.h"
 #include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/err.h>
-#include <openssl/nasn.h>
+#include <openssl/x509v3.h>
+#include "asn1_locl.h"
-/* Print routines. Print out a whole structure from a template.
+/* Print routines.
 */
-static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name);
+/* ASN1_PCTX routines */
-int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it)
+ASN1_PCTX default_pctx = 
-{
+        {
-        return asn1_item_print_nm(out, fld, indent, it, it->sname);
+        ASN1_PCTX_FLAGS_SHOW_ABSENT,    /* flags */
-}
+        0,      /* nm_flags */
+        0,      /* cert_flags */
+        0,      /* oid_flags */
+        0       /* str_flags */
+        };
+        
-static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name)
+ASN1_PCTX *ASN1_PCTX_new(void)
-{
+        {
-        ASN1_STRING *str;
+        ASN1_PCTX *ret;
+        ret = OPENSSL_malloc(sizeof(ASN1_PCTX));
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        ret->flags = 0;
+        ret->nm_flags = 0;
+        ret->cert_flags = 0;
+        ret->oid_flags = 0;
+        ret->str_flags = 0;
+        return ret;
+        }
+void ASN1_PCTX_free(ASN1_PCTX *p)
+        {
+        OPENSSL_free(p);
+        }
+unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p)
+        {
+        return p->flags;
+        }
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->flags = flags;
+        }
+unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p)
+        {
+        return p->nm_flags;
+        }
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->nm_flags = flags;
+        }
+unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p)
+        {
+        return p->cert_flags;
+        }
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->cert_flags = flags;
+        }
+unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p)
+        {
+        return p->oid_flags;
+        }
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->oid_flags = flags;
+        }
+unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p)
+        {
+        return p->str_flags;
+        }
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->str_flags = flags;
+        }
+/* Main print routines */
+static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                                const ASN1_ITEM *it,
+                                const char *fname, const char *sname,
+                                int nohdr, const ASN1_PCTX *pctx);
+int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                                const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx);
+static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
+                                const ASN1_ITEM *it, int indent,
+                                const char *fname, const char *sname,
+                                const ASN1_PCTX *pctx);
+static int asn1_print_fsname(BIO *out, int indent,
+                        const char *fname, const char *sname,
+                        const ASN1_PCTX *pctx);
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+                                const ASN1_ITEM *it, const ASN1_PCTX *pctx)
+        {
+        const char *sname;
+        if (pctx == NULL)
+                pctx = &default_pctx;
+        if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
+                sname = NULL;
+        else
+                sname = it->sname;
+        return asn1_item_print_ctx(out, &ifld, indent, it,
+                                                        NULL, sname, 0, pctx);
+        }
+static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                                const ASN1_ITEM *it,
+                                const char *fname, const char *sname,
+                                int nohdr, const ASN1_PCTX *pctx)
+        {
        const ASN1_TEMPLATE *tt;
-        void *tmpfld;
+        const ASN1_EXTERN_FUNCS *ef;
+        ASN1_VALUE **tmpfld;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb;
+        ASN1_PRINT_ARG parg;
        int i;
-        if(!fld) {
+        if (aux && aux->asn1_cb)
-                BIO_printf(out, "%*s%s ABSENT\n", indent, "", name);
+                {
+                parg.out = out;
+                parg.indent = indent;
+                parg.pctx = pctx;
+                asn1_cb = aux->asn1_cb;
+                }
+        else asn1_cb = 0;
+        if(*fld == NULL)
+                {
+                if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT)
+                        {
+                        if (!nohdr && !asn1_print_fsname(out, indent,
+                                                        fname, sname, pctx))
+                                return 0;
+                        if (BIO_puts(out, "<ABSENT>\n") <= 0)
+                                return 0;
+                        }
                return 1;
-        }
+                }
-        switch(it->itype) {
+        switch(it->itype)
+                {
                case ASN1_ITYPE_PRIMITIVE:
                if(it->templates)
-                        return ASN1_template_print(out, fld, indent, it->templates);
+                        {
-                return asn1_primitive_print(out, fld, it->utype, indent, name);
+                        if (!asn1_template_print_ctx(out, fld, indent,
-                break;
+                                                        it->templates, pctx))
+                                return 0;
+                        }
+                /* fall thru */
                case ASN1_ITYPE_MSTRING:
-                str = fld;
+                if (!asn1_primitive_print(out, fld, it,
-                return asn1_primitive_print(out, fld, str->type, indent, name);
+                                indent, fname, sname,pctx))
+                        return 0;
+                break;
                case ASN1_ITYPE_EXTERN:
-                BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+                if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
-                return 1;
+                        return 0;
-                case ASN1_ITYPE_COMPAT:
+                /* Use new style print routine if possible */
-                BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+                ef = it->funcs;
-                return 1;
+                if (ef && ef->asn1_ex_print)
+                        {
+                        i = ef->asn1_ex_print(out, fld, indent, "", pctx);
+                        if (!i)
+                                return 0;
+                        if ((i == 2) && (BIO_puts(out, "\n") <= 0))
+                                return 0;
+                        return 1;
+                        }
+                else if (sname && 
+                        BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0)
+                        return 0;
+                break;
                case ASN1_ITYPE_CHOICE:
+#if 0
+                if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+                        return 0;
+#endif
                /* CHOICE type, get selector */
                i = asn1_get_choice_selector(fld, it);
                /* This should never happen... */
-                if((i < 0) || (i >= it->tcount)) {
+                if((i < 0) || (i >= it->tcount))
-                        BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i);
+                        {
+                        if (BIO_printf(out,
+                                "ERROR: selector [%d] invalid\n", i) <= 0)
+                                return 0;
                        return 1;
-                }
+                        }
                tt = it->templates + i;
-                tmpfld = asn1_get_field(fld, tt);
+                tmpfld = asn1_get_field_ptr(fld, tt);
-                return ASN1_template_print(out, tmpfld, indent, tt);
+                if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx))
+                        return 0;
+                break;
                case ASN1_ITYPE_SEQUENCE:
-                BIO_printf(out, "%*s%s {\n", indent, "", name);
+                case ASN1_ITYPE_NDEF_SEQUENCE:
-                /* Get each field entry */
+                if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
-                for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+                        return 0;
-                        tmpfld = asn1_get_field(fld, tt);
+                if (fname || sname)
-                        ASN1_template_print(out, tmpfld, indent + 2, tt);
+                        {
-                }
+                        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE)
-                BIO_printf(out, "%*s}\n", indent, "");
+                                {
-                return 1;
+                                if (BIO_puts(out, " {\n") <= 0)
+                                        return 0;
+                                }
+                        else
+                                {
+                                if (BIO_puts(out, "\n") <= 0)
+                                        return 0;
+                                }
+                        }
+                if (asn1_cb)
+                        {
+                        i = asn1_cb(ASN1_OP_PRINT_PRE, fld, it, &parg);
+                        if (i == 0)
+                                return 0;
+                        if (i == 2)
+                                return 1;
+                        }
+                /* Print each field entry */
+                for(i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+                        {
+                        const ASN1_TEMPLATE *seqtt;
+                        seqtt = asn1_do_adb(fld, tt, 1);
+                        tmpfld = asn1_get_field_ptr(fld, seqtt);
+                        if (!asn1_template_print_ctx(out, tmpfld,
+                                                indent + 2, seqtt, pctx))
+                                return 0;
+                        }
+                if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE)
+                        {
+                        if (BIO_printf(out, "%*s}\n", indent, "") < 0)
+                                return 0;
+                        }
+                if (asn1_cb)
+                        {
+                        i = asn1_cb(ASN1_OP_PRINT_POST, fld, it, &parg);
+                        if (i == 0)
+                                return 0;
+                        }
+                break;
                default:
+                BIO_printf(out, "Unprocessed type %d\n", it->itype);
                return 0;
+                }
+        return 1;
        }
-}
-int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt)
+int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
-{
+                                const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx)
+        {
        int i, flags;
-#if 0
+        const char *sname, *fname;
-        if(!fld) return 0; 
-#endif
        flags = tt->flags;
-        if(flags & ASN1_TFLG_SK_MASK) {
+        if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
+                sname = ASN1_ITEM_ptr(tt->item)->sname;
+        else
+                sname = NULL;
+        if(pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
+                fname = NULL;
+        else
+                fname = tt->field_name;
+        if(flags & ASN1_TFLG_SK_MASK)
+                {
                char *tname;
-                void *skitem;
+                ASN1_VALUE *skitem;
+                STACK_OF(ASN1_VALUE) *stack;
                /* SET OF, SEQUENCE OF */
-                if(flags & ASN1_TFLG_SET_OF) tname = "SET";
+                if (fname)
-                else tname = "SEQUENCE";
+                        {
-                if(fld) {
+                        if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_SSOF)
-                        BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name);
+                                {
-                        for(i = 0; i < sk_num(fld); i++) {
+                                if(flags & ASN1_TFLG_SET_OF)
-                                skitem = sk_value(fld, i);
+                                        tname = "SET";
-                                asn1_item_print_nm(out, skitem, indent + 2, tt->item, "");
+                                else
+                                        tname = "SEQUENCE";
+                                if (BIO_printf(out, "%*s%s OF %s {\n",
+                                        indent, "", tname, tt->field_name) <= 0)
+                                        return 0;
+                                }
+                        else if (BIO_printf(out, "%*s%s:\n", indent, "",
+                                        fname) <= 0)
+                                return 0;
+                        }
+                stack = (STACK_OF(ASN1_VALUE) *)*fld;
+                for(i = 0; i < sk_ASN1_VALUE_num(stack); i++)
+                        {
+                        if ((i > 0) && (BIO_puts(out, "\n") <= 0))
+                                return 0;
+                        skitem = sk_ASN1_VALUE_value(stack, i);
+                        if (!asn1_item_print_ctx(out, &skitem, indent + 2,
+                                ASN1_ITEM_ptr(tt->item), NULL, NULL, 1, pctx))
+                                return 0;
+                        }
+                if (!i && BIO_printf(out, "%*s<EMPTY>\n", indent + 2, "") <= 0)
+                                return 0;
+                if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE)
+                        {
+                        if (BIO_printf(out, "%*s}\n", indent, "") <= 0)
+                                return 0;
                        }
-                        BIO_printf(out, "%*s}\n", indent, "");
-                } else 
-                        BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name);
                return 1;
+                }
+        return asn1_item_print_ctx(out, fld, indent, ASN1_ITEM_ptr(tt->item),
+                                                        fname, sname, 0, pctx);
        }
-        return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name);
-}
+static int asn1_print_fsname(BIO *out, int indent,
+                        const char *fname, const char *sname,
-static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name)
+                        const ASN1_PCTX *pctx)
-{
+        {
-        ASN1_STRING *str = fld;
+        static char spaces[] = "                    ";
-        if(fld) {
+        const int nspaces = sizeof(spaces) - 1;
-                if(utype == V_ASN1_BOOLEAN) {
-                        int *bool = fld;
+#if 0
-if(*bool == -1) printf("BOOL MISSING\n");
+        if (!sname && !fname)
-                        BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE");
+                return 1;
-                } else if((utype == V_ASN1_INTEGER) 
+#endif
-                          || (utype == V_ASN1_ENUMERATED)) {
-                        char *s, *nm;
+        while (indent > nspaces)
-                        s = i2s_ASN1_INTEGER(NULL, fld);
+                {
-                        if(utype == V_ASN1_INTEGER) nm = "INTEGER";
+                if (BIO_write(out, spaces, nspaces) != nspaces)
-                        else nm = "ENUMERATED";
+                        return 0;
-                        BIO_printf(out, "%*s%s:%s", indent, "", nm, s);
+                indent -= nspaces;
-                        OPENSSL_free(s);
+                }
-                } else if(utype == V_ASN1_NULL) {
+        if (BIO_write(out, spaces, indent) != indent)
-                        BIO_printf(out, "%*s%s", indent, "", "NULL");
+                return 0;
-                } else if(utype == V_ASN1_UTCTIME) {
+        if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
-                        BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME");
+                sname = NULL;
-                        ASN1_UTCTIME_print(out, str);
+        if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
-                } else if(utype == V_ASN1_GENERALIZEDTIME) {
+                fname = NULL;
-                        BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME");
+        if (!sname && !fname)
-                        ASN1_GENERALIZEDTIME_print(out, str);
+                return 1;
-                } else if(utype == V_ASN1_OBJECT) {
+        if (fname)
-                        char objbuf[80], *ln;
+                {
-                        ln = OBJ_nid2ln(OBJ_obj2nid(fld));
+                if (BIO_puts(out, fname) <= 0)
-                        if(!ln) ln = "";
+                        return 0;
-                        OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
-                        BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
-                } else {
-                        BIO_printf(out, "%*s%s:", indent, "", name);
-                        ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE);
                }
-                BIO_printf(out, "\n");
+        if (sname)
-        } else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name);
+                {
+                if (fname)
+                        {
+                        if (BIO_printf(out, " (%s)", sname) <= 0)
+                                return 0;
+                        }
+                else
+                        {
+                        if (BIO_puts(out, sname) <= 0)
+                                return 0;
+                        }
+                }
+        if (BIO_write(out, ": ", 2) != 2)
+                return 0;
        return 1;
-}
+        }
+static int asn1_print_boolean_ctx(BIO *out, const int bool,
+                                                        const ASN1_PCTX *pctx)
+        {
+        const char *str;
+        switch (bool)
+                {
+                case -1:
+                str = "BOOL ABSENT";
+                break;
+                case 0:
+                str = "FALSE";
+                break;
+                default:
+                str = "TRUE";
+                break;
+                }
+        if (BIO_puts(out, str) <= 0)
+                return 0;
+        return 1;
+        }
+static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str,
+                                                const ASN1_PCTX *pctx)
+        {
+        char *s;
+        int ret = 1;
+        s = i2s_ASN1_INTEGER(NULL, str);
+        if (BIO_puts(out, s) <= 0)
+                ret = 0;
+        OPENSSL_free(s);
+        return ret;
+        }
+static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
+                                                const ASN1_PCTX *pctx)
+        {
+        char objbuf[80];
+        const char *ln;
+        ln = OBJ_nid2ln(OBJ_obj2nid(oid));
+        if(!ln)
+                ln = "";
+        OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1);
+        if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
+                return 0;
+        return 1;
+        }
+static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent,
+                                                const ASN1_PCTX *pctx)
+        {
+        if (str->type == V_ASN1_BIT_STRING)
+                {
+                if (BIO_printf(out, " (%ld unused bits)\n",
+                                        str->flags & 0x7) <= 0)
+                                return 0;
+                }
+        else if (BIO_puts(out, "\n") <= 0)
+                return 0;
+        if ((str->length > 0)
+                && BIO_dump_indent(out, (char *)str->data, str->length,
+                                indent + 2) <= 0)
+                return 0;
+        return 1;
+        }
+static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
+                                const ASN1_ITEM *it, int indent,
+                                const char *fname, const char *sname,
+                                const ASN1_PCTX *pctx)
+        {
+        long utype;
+        ASN1_STRING *str;
+        int ret = 1, needlf = 1;
+        const char *pname;
+        const ASN1_PRIMITIVE_FUNCS *pf;
+        pf = it->funcs;
+        if (!asn1_print_fsname(out, indent, fname, sname, pctx))
+                        return 0;
+        if (pf && pf->prim_print)
+                return pf->prim_print(out, fld, it, indent, pctx);
+        str = (ASN1_STRING *)*fld;
+        if (it->itype == ASN1_ITYPE_MSTRING)
+                utype = str->type & ~V_ASN1_NEG;
+        else
+                utype = it->utype;
+        if (utype == V_ASN1_ANY)
+                {
+                ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
+                utype = atype->type;
+                fld = &atype->value.asn1_value;
+                str = (ASN1_STRING *)*fld;
+                if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE)
+                        pname = NULL;
+                else 
+                        pname = ASN1_tag2str(utype);
+                }
+        else
+                {
+                if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_TYPE)
+                        pname = ASN1_tag2str(utype);
+                else 
+                        pname = NULL;
+                }
+        if (utype == V_ASN1_NULL)
+                {
+                if (BIO_puts(out, "NULL\n") <= 0)
+                        return 0;
+                return 1;
+                }
+        if (pname)
+                {
+                if (BIO_puts(out, pname) <= 0)
+                        return 0;
+                if (BIO_puts(out, ":") <= 0)
+                        return 0;
+                }
+        switch (utype)
+                {
+                case V_ASN1_BOOLEAN:
+                        {
+                        int bool = *(int *)fld;
+                        if (bool == -1)
+                                bool = it->size;
+                        ret = asn1_print_boolean_ctx(out, bool, pctx);
+                        }
+                break;
+                case V_ASN1_INTEGER:
+                case V_ASN1_ENUMERATED:
+                ret = asn1_print_integer_ctx(out, str, pctx);
+                break;
+                case V_ASN1_UTCTIME:
+                ret = ASN1_UTCTIME_print(out, str);
+                break;
+                case V_ASN1_GENERALIZEDTIME:
+                ret = ASN1_GENERALIZEDTIME_print(out, str);
+                break;
+                case V_ASN1_OBJECT:
+                ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx);
+                break;
+                case V_ASN1_OCTET_STRING:
+                case V_ASN1_BIT_STRING:
+                ret = asn1_print_obstring_ctx(out, str, indent, pctx);
+                needlf = 0;
+                break;
+                case V_ASN1_SEQUENCE:
+                case V_ASN1_SET:
+                case V_ASN1_OTHER:
+                if (BIO_puts(out, "\n") <= 0)
+                        return 0;
+                if (ASN1_parse_dump(out, str->data, str->length,
+                                                indent, 0) <= 0)
+                        ret = 0;
+                needlf = 0;
+                break;
+                default:
+                ret = ASN1_STRING_print_ex(out, str, pctx->str_flags);
+                }
+        if (!ret)
+                return 0;
+        if (needlf && BIO_puts(out, "\n") <= 0)
+                return 0;
+        return 1;
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_typ.c b/src/lib/libssl/src/crypto/asn1/tasn_typ.c
index 6252213d15..6fb1c372da 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_typ.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_typ.c
@@ -135,3 +135,14 @@ IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
 /* Special, OCTET STRING with indefinite length constructed support */
 IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
+ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY)
+ASN1_ITEM_TEMPLATE_END(ASN1_SEQUENCE_ANY)
+ASN1_ITEM_TEMPLATE(ASN1_SET_ANY) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ASN1_SET_ANY, ASN1_ANY)
+ASN1_ITEM_TEMPLATE_END(ASN1_SET_ANY)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SET_ANY, ASN1_SET_ANY)
diff --git a/src/lib/libssl/src/crypto/asn1/x_crl.c b/src/lib/libssl/src/crypto/asn1/x_crl.c
index 70d56a67f2..c51c690ba9 100644
--- a/src/lib/libssl/src/crypto/asn1/x_crl.c
+++ b/src/lib/libssl/src/crypto/asn1/x_crl.c
@@ -58,11 +58,14 @@
 #include <stdio.h>
 #include "cryptlib.h"
+#include "asn1_locl.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
                                const X509_REVOKED * const *b);
+static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
 ASN1_SEQUENCE(X509_REVOKED) = {
        ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
@@ -70,11 +73,26 @@ ASN1_SEQUENCE(X509_REVOKED) = {
        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
 } ASN1_SEQUENCE_END(X509_REVOKED)
+static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
+static int def_crl_lookup(X509_CRL *crl,
+                X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer);
+static X509_CRL_METHOD int_crl_meth =
+        {
+        0,
+        0,0,
+        def_crl_lookup,
+        def_crl_verify
+        };
+static const X509_CRL_METHOD *default_crl_method = &int_crl_meth;
 /* The X509_CRL_INFO structure needs a bit of customisation.
 * Since we cache the original encoding the signature wont be affected by
 * reordering of the revoked field.
 */
-static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
 {
        X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
@@ -101,7 +119,237 @@ ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
        ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
 } ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
-ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
+/* Set CRL entry issuer according to CRL certificate issuer extension.
+ * Check for unhandled critical CRL entry extensions.
+ */
+static int crl_set_issuers(X509_CRL *crl)
+        {
+        int i, j;
+        GENERAL_NAMES *gens, *gtmp;
+        STACK_OF(X509_REVOKED) *revoked;
+        revoked = X509_CRL_get_REVOKED(crl);
+        gens = NULL;
+        for (i = 0; i < sk_X509_REVOKED_num(revoked); i++)
+                {
+                X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i);
+                STACK_OF(X509_EXTENSION) *exts;
+                ASN1_ENUMERATED *reason;
+                X509_EXTENSION *ext;
+                gtmp = X509_REVOKED_get_ext_d2i(rev, 
+                                                NID_certificate_issuer,
+                                                &j, NULL);
+                if (!gtmp && (j != -1))
+                        {
+                        crl->flags |= EXFLAG_INVALID;
+                        return 1;
+                        }
+                if (gtmp)
+                        {
+                        gens = gtmp;
+                        if (!crl->issuers)
+                                {
+                                crl->issuers = sk_GENERAL_NAMES_new_null();
+                                if (!crl->issuers)
+                                        return 0;
+                                }
+                        if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp))
+                                return 0;
+                        }
+                rev->issuer = gens;
+                reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason,
+                                                                &j, NULL);
+                if (!reason && (j != -1))
+                        {
+                        crl->flags |= EXFLAG_INVALID;
+                        return 1;
+                        }
+                if (reason)
+                        {
+                        rev->reason = ASN1_ENUMERATED_get(reason);
+                        ASN1_ENUMERATED_free(reason);
+                        }
+                else
+                        rev->reason = CRL_REASON_NONE;  
+                /* Check for critical CRL entry extensions */
+                exts = rev->extensions;
+                for (j = 0; j < sk_X509_EXTENSION_num(exts); j++)
+                        {
+                        ext = sk_X509_EXTENSION_value(exts, j);
+                        if (ext->critical > 0)
+                                {
+                                if (OBJ_obj2nid(ext->object) ==
+                                        NID_certificate_issuer)
+                                        continue;
+                                crl->flags |= EXFLAG_CRITICAL;
+                                break;
+                                }
+                        }
+                }
+        return 1;
+        }
+/* The X509_CRL structure needs a bit of customisation. Cache some extensions
+ * and hash of the whole CRL.
+ */
+static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
+        {
+        X509_CRL *crl = (X509_CRL *)*pval;
+        STACK_OF(X509_EXTENSION) *exts;
+        X509_EXTENSION *ext;
+        int idx;
+        switch(operation)
+                {
+                case ASN1_OP_NEW_POST:
+                crl->idp = NULL;
+                crl->akid = NULL;
+                crl->flags = 0;
+                crl->idp_flags = 0;
+                crl->idp_reasons = CRLDP_ALL_REASONS;
+                crl->meth = default_crl_method;
+                crl->meth_data = NULL;
+                crl->issuers = NULL;
+                crl->crl_number = NULL;
+                crl->base_crl_number = NULL;
+                break;
+                case ASN1_OP_D2I_POST:
+#ifndef OPENSSL_NO_SHA
+                X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
+#endif
+                crl->idp = X509_CRL_get_ext_d2i(crl,
+                                NID_issuing_distribution_point, NULL, NULL);
+                if (crl->idp)
+                        setup_idp(crl, crl->idp);
+                crl->akid = X509_CRL_get_ext_d2i(crl,
+                                NID_authority_key_identifier, NULL, NULL);      
+                crl->crl_number = X509_CRL_get_ext_d2i(crl,
+                                NID_crl_number, NULL, NULL);    
+                crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
+                                NID_delta_crl, NULL, NULL);     
+                /* Delta CRLs must have CRL number */
+                if (crl->base_crl_number && !crl->crl_number)
+                        crl->flags |= EXFLAG_INVALID;
+                /* See if we have any unhandled critical CRL extensions and 
+                 * indicate this in a flag. We only currently handle IDP so
+                 * anything else critical sets the flag.
+                 *
+                 * This code accesses the X509_CRL structure directly:
+                 * applications shouldn't do this.
+                 */
+                exts = crl->crl->extensions;
+                for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
+                        {
+                        int nid;
+                        ext = sk_X509_EXTENSION_value(exts, idx);
+                        nid = OBJ_obj2nid(ext->object);
+                        if (nid == NID_freshest_crl)
+                                crl->flags |= EXFLAG_FRESHEST;
+                        if (ext->critical > 0)
+                                {
+                                /* We handle IDP and deltas */
+                                if ((nid == NID_issuing_distribution_point)
+                                        || (nid == NID_delta_crl))
+                                        break;;
+                                crl->flags |= EXFLAG_CRITICAL;
+                                break;
+                                }
+                        }
+                if (!crl_set_issuers(crl))
+                        return 0;
+                if (crl->meth->crl_init)
+                        {
+                        if (crl->meth->crl_init(crl) == 0)
+                                return 0;
+                        }
+                break;
+                case ASN1_OP_FREE_POST:
+                if (crl->meth->crl_free)
+                        {
+                        if (!crl->meth->crl_free(crl))
+                                return 0;
+                        }
+                if (crl->akid)
+                        AUTHORITY_KEYID_free(crl->akid);
+                if (crl->idp)
+                        ISSUING_DIST_POINT_free(crl->idp);
+                ASN1_INTEGER_free(crl->crl_number);
+                ASN1_INTEGER_free(crl->base_crl_number);
+                sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+                break;
+                }
+        return 1;
+        }
+/* Convert IDP into a more convenient form */
+static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
+        {
+        int idp_only = 0;
+        /* Set various flags according to IDP */
+        crl->idp_flags |= IDP_PRESENT;
+        if (idp->onlyuser > 0)
+                {
+                idp_only++;
+                crl->idp_flags |= IDP_ONLYUSER;
+                }
+        if (idp->onlyCA > 0)
+                {
+                idp_only++;
+                crl->idp_flags |= IDP_ONLYCA;
+                }
+        if (idp->onlyattr > 0)
+                {
+                idp_only++;
+                crl->idp_flags |= IDP_ONLYATTR;
+                }
+        if (idp_only > 1)
+                crl->idp_flags |= IDP_INVALID;
+        if (idp->indirectCRL > 0)
+                crl->idp_flags |= IDP_INDIRECT;
+        if (idp->onlysomereasons)
+                {
+                crl->idp_flags |= IDP_REASONS;
+                if (idp->onlysomereasons->length > 0)
+                        crl->idp_reasons = idp->onlysomereasons->data[0];
+                if (idp->onlysomereasons->length > 1)
+                        crl->idp_reasons |=
+                                (idp->onlysomereasons->data[1] << 8);
+                crl->idp_reasons &= CRLDP_ALL_REASONS;
+                }
+        DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
+        }
+ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = {
        ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
        ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
        ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
@@ -134,6 +382,145 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
        return 1;
 }
+int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
+        {
+        if (crl->meth->crl_verify)
+                return crl->meth->crl_verify(crl, r);
+        return 0;
+        }
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                X509_REVOKED **ret, ASN1_INTEGER *serial)
+        {
+        if (crl->meth->crl_lookup)
+                return crl->meth->crl_lookup(crl, ret, serial, NULL);
+        return 0;
+        }
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
+        {
+        if (crl->meth->crl_lookup)
+                return crl->meth->crl_lookup(crl, ret,
+                                                X509_get_serialNumber(x),
+                                                X509_get_issuer_name(x));
+        return 0;
+        }
+static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
+        {
+        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
+                crl->sig_alg, crl->signature,crl->crl,r));
+        }
+static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
+                                                X509_REVOKED *rev)
+        {
+        int i;
+        if (!rev->issuer)
+                {
+                if (!nm)
+                        return 1;
+                if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
+                        return 1;
+                return 0;
+                }
+        if (!nm)
+                nm = X509_CRL_get_issuer(crl);
+        for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++)
+                {
+                GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i);
+                if (gen->type != GEN_DIRNAME)
+                        continue;
+                if (!X509_NAME_cmp(nm, gen->d.directoryName))
+                        return 1;
+                }
+        return 0;
+        }
+static int def_crl_lookup(X509_CRL *crl,
+                X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer)
+        {
+        X509_REVOKED rtmp, *rev;
+        int idx;
+        rtmp.serialNumber = serial;
+        /* Sort revoked into serial number order if not already sorted.
+         * Do this under a lock to avoid race condition.
+         */
+        if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
+                sk_X509_REVOKED_sort(crl->crl->revoked);
+                CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
+                }
+        idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
+        if(idx < 0)
+                return 0;
+        /* Need to look for matching name */
+        for(;idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++)
+                {
+                rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
+                if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
+                        return 0;
+                if (crl_revoked_issuer_match(crl, issuer, rev))
+                        {
+                        if (ret)
+                                *ret = rev;
+                        if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
+                                return 2;
+                        return 1;
+                        }
+                }
+        return 0;
+        }
+void X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
+        {
+        if (meth == NULL)
+                default_crl_method = &int_crl_meth;
+        else 
+                default_crl_method = meth;
+        }
+X509_CRL_METHOD *X509_CRL_METHOD_new(
+        int (*crl_init)(X509_CRL *crl),
+        int (*crl_free)(X509_CRL *crl),
+        int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
+                                ASN1_INTEGER *ser, X509_NAME *issuer),
+        int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk))
+        {
+        X509_CRL_METHOD *m;
+        m = OPENSSL_malloc(sizeof(X509_CRL_METHOD));
+        if (!m)
+                return NULL;
+        m->crl_init = crl_init;
+        m->crl_free = crl_free;
+        m->crl_lookup = crl_lookup;
+        m->crl_verify = crl_verify;
+        m->flags = X509_CRL_METHOD_DYNAMIC;
+        return m;
+        }
+void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
+        {
+        if (!(m->flags & X509_CRL_METHOD_DYNAMIC))
+                return;
+        OPENSSL_free(m);
+        }
+void X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
+        {
+        crl->meth_data = dat;
+        }
+void *X509_CRL_get_meth_data(X509_CRL *crl)
+        {
+        return crl->meth_data;
+        }
 IMPLEMENT_STACK_OF(X509_REVOKED)
 IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
 IMPLEMENT_STACK_OF(X509_CRL)
diff --git a/src/lib/libssl/src/crypto/asn1/x_long.c b/src/lib/libssl/src/crypto/asn1/x_long.c
index bf35457c1f..75317418e1 100644
--- a/src/lib/libssl/src/crypto/asn1/x_long.c
+++ b/src/lib/libssl/src/crypto/asn1/x_long.c
@@ -71,6 +71,7 @@ static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
 static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx);
 static ASN1_PRIMITIVE_FUNCS long_pf = {
        NULL, 0,
@@ -78,7 +79,8 @@ static ASN1_PRIMITIVE_FUNCS long_pf = {
        long_free,
        long_free,      /* Clear should set to initial value */
        long_c2i,
-        long_i2c
+        long_i2c,
+        long_print
 };
 ASN1_ITEM_start(LONG)
@@ -169,3 +171,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
        memcpy(cp, &ltmp, sizeof(long));
        return 1;
 }
+static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                        int indent, const ASN1_PCTX *pctx)
+        {
+        return BIO_printf(out, "%ld\n", *(long *)pval);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_name.c b/src/lib/libssl/src/crypto/asn1/x_name.c
index 04380abc3f..caa4409feb 100644
--- a/src/lib/libssl/src/crypto/asn1/x_name.c
+++ b/src/lib/libssl/src/crypto/asn1/x_name.c
@@ -57,18 +57,36 @@
 */
 #include <stdio.h>
+#include <ctype.h>
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include "asn1_locl.h"
-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
+typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
-                                        int tag, int aclass, char opt, ASN1_TLC *ctx);
+DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_d2i(ASN1_VALUE **val,
+                                const unsigned char **in, long len,
+                                const ASN1_ITEM *it,
+                                int tag, int aclass, char opt, ASN1_TLC *ctx);
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+                                const ASN1_ITEM *it, int tag, int aclass);
 static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
 static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
 static int x509_name_encode(X509_NAME *a);
+static int x509_name_canon(X509_NAME *a);
+static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname,
+                          unsigned char **in);
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+                                                int indent,
+                                                const char *fname, 
+                                                const ASN1_PCTX *pctx);
 ASN1_SEQUENCE(X509_NAME_ENTRY) = {
        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
@@ -102,7 +120,8 @@ const ASN1_EXTERN_FUNCS x509_name_ff = {
        x509_name_ex_free,
        0,      /* Default clear behaviour is OK */
        x509_name_ex_d2i,
-        x509_name_ex_i2d
+        x509_name_ex_i2d,
+        x509_name_ex_print
 };
 IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
@@ -118,6 +137,8 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
        if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
                goto memerr;
        if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
+        ret->canon_enc = NULL;
+        ret->canon_enclen = 0;
        ret->modified=1;
        *val = (ASN1_VALUE *)ret;
        return 1;
@@ -142,25 +163,19 @@ static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
        BUF_MEM_free(a->bytes);
        sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+        if (a->canon_enc)
+                OPENSSL_free(a->canon_enc);
        OPENSSL_free(a);
        *pval = NULL;
 }
-/* Used with sk_pop_free() to free up the internal representation.
+static int x509_name_ex_d2i(ASN1_VALUE **val,
- * NB: we only free the STACK and not its contents because it is
+                        const unsigned char **in, long len, const ASN1_ITEM *it,
- * already present in the X509_NAME structure.
+                                int tag, int aclass, char opt, ASN1_TLC *ctx)
- */
-static void sk_internal_free(void *a)
-{
-        sk_free(a);
-}
-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
-                                        int tag, int aclass, char opt, ASN1_TLC *ctx)
 {
        const unsigned char *p = *in, *q;
-        union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+        union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+                ASN1_VALUE *a; } intname = {NULL};
        union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
        int i, j, ret;
        STACK_OF(X509_NAME_ENTRY) *entries;
@@ -181,8 +196,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len
        memcpy(nm.x->bytes->data, q, p - q);
        /* Convert internal representation to X509_NAME structure */
-        for(i = 0; i < sk_num(intname.s); i++) {
+        for(i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
-                entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i);
+                entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
                for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
                        entry = sk_X509_NAME_ENTRY_value(entries, j);
                        entry->set = i;
@@ -191,7 +206,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len
                }
                sk_X509_NAME_ENTRY_free(entries);
        }
-        sk_free(intname.s);
+        sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
+        ret = x509_name_canon(nm.x);
+        if (!ret)
+                goto err;
        nm.x->modified = 0;
        *val = nm.a;
        *in = p;
@@ -206,8 +224,12 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT
        int ret;
        X509_NAME *a = (X509_NAME *)*val;
        if(a->modified) {
-                ret = x509_name_encode((X509_NAME *)a);
+                ret = x509_name_encode(a);
-                if(ret < 0) return ret;
+                if(ret < 0)
+                        return ret;
+                ret = x509_name_canon(a);
+                if(ret < 0)
+                        return ret;
        }
        ret = a->bytes->length;
        if(out != NULL) {
@@ -217,22 +239,35 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT
        return ret;
 }
+static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
+        {
+        sk_X509_NAME_ENTRY_free(ne);
+        }
+static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
+        {
+        sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
+        }
 static int x509_name_encode(X509_NAME *a)
 {
-        union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+        union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+                ASN1_VALUE *a; } intname = {NULL};
        int len;
        unsigned char *p;
        STACK_OF(X509_NAME_ENTRY) *entries = NULL;
        X509_NAME_ENTRY *entry;
        int i, set = -1;
-        intname.s = sk_new_null();
+        intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
        if(!intname.s) goto memerr;
        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
                entry = sk_X509_NAME_ENTRY_value(a->entries, i);
                if(entry->set != set) {
                        entries = sk_X509_NAME_ENTRY_new_null();
                        if(!entries) goto memerr;
-                        if(!sk_push(intname.s, (char *)entries)) goto memerr;
+                        if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
+                                                             entries))
+                                goto memerr;
                        set = entry->set;
                }
                if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
@@ -243,15 +278,222 @@ static int x509_name_encode(X509_NAME *a)
        p=(unsigned char *)a->bytes->data;
        ASN1_item_ex_i2d(&intname.a,
                         &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-        sk_pop_free(intname.s, sk_internal_free);
+        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                             local_sk_X509_NAME_ENTRY_free);
        a->modified = 0;
        return len;
-        memerr:
+memerr:
-        sk_pop_free(intname.s, sk_internal_free);
+        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                             local_sk_X509_NAME_ENTRY_free);
        ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
        return -1;
 }
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+                                                int indent,
+                                                const char *fname, 
+                                                const ASN1_PCTX *pctx)
+        {
+        if (X509_NAME_print_ex(out, (X509_NAME *)*pval,
+                                        indent, pctx->nm_flags) <= 0)
+                return 0;
+        return 2;
+        }
+/* This function generates the canonical encoding of the Name structure.
+ * In it all strings are converted to UTF8, leading, trailing and
+ * multiple spaces collapsed, converted to lower case and the leading
+ * SEQUENCE header removed.
+ *
+ * In future we could also normalize the UTF8 too.
+ *
+ * By doing this comparison of Name structures can be rapidly
+ * perfomed by just using memcmp() of the canonical encoding.
+ * By omitting the leading SEQUENCE name constraints of type
+ * dirName can also be checked with a simple memcmp().
+ */
+static int x509_name_canon(X509_NAME *a)
+        {
+        unsigned char *p;
+        STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
+        STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+        X509_NAME_ENTRY *entry, *tmpentry = NULL;
+        int i, set = -1, ret = 0;
+        if (a->canon_enc)
+                {
+                OPENSSL_free(a->canon_enc);
+                a->canon_enc = NULL;
+                }
+        /* Special case: empty X509_NAME => null encoding */
+        if (sk_X509_NAME_ENTRY_num(a->entries) == 0)
+                {
+                a->canon_enclen = 0;
+                return 1;
+                }
+        intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
+        if(!intname)
+                goto err;
+        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++)
+                {
+                entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+                if(entry->set != set)
+                        {
+                        entries = sk_X509_NAME_ENTRY_new_null();
+                        if(!entries)
+                                goto err;
+                        if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
+                                goto err;
+                        set = entry->set;
+                        }
+                tmpentry = X509_NAME_ENTRY_new();
+                tmpentry->object = OBJ_dup(entry->object);
+                if (!asn1_string_canon(tmpentry->value, entry->value))
+                        goto err;
+                if(!sk_X509_NAME_ENTRY_push(entries, tmpentry))
+                        goto err;
+                tmpentry = NULL;
+                }
+        /* Finally generate encoding */
+        a->canon_enclen = i2d_name_canon(intname, NULL);
+        p = OPENSSL_malloc(a->canon_enclen);
+        if (!p)
+                goto err;
+        a->canon_enc = p;
+        i2d_name_canon(intname, &p);
+        ret = 1;
+        err:
+        if (tmpentry)
+                X509_NAME_ENTRY_free(tmpentry);
+        if (intname)
+                sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
+                                        local_sk_X509_NAME_ENTRY_pop_free);
+        return ret;
+        }
+/* Bitmap of all the types of string that will be canonicalized. */
+#define ASN1_MASK_CANON \
+        (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
+        | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
+        | B_ASN1_VISIBLESTRING)
+        
+static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
+        {
+        unsigned char *to, *from;
+        int len, i;
+        /* If type not in bitmask just copy string across */
+        if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON))
+                {
+                out->type = in->type;
+                if (!ASN1_STRING_set(out, in->data, in->length))
+                        return 0;
+                return 1;
+                }
+        out->type = V_ASN1_UTF8STRING;
+        out->length = ASN1_STRING_to_UTF8(&out->data, in);
+        if (out->length == -1)
+                return 0;
+        to = out->data;
+        from = to;
+        len = out->length;
+        /* Convert string in place to canonical form.
+         * Ultimately we may need to handle a wider range of characters
+         * but for now ignore anything with MSB set and rely on the
+         * isspace() and tolower() functions.
+         */
+        /* Ignore leading spaces */
+        while((len > 0) && !(*from & 0x80) && isspace(*from))
+                {
+                from++;
+                len--;
+                }
+        to = from + len - 1;
+        /* Ignore trailing spaces */
+        while ((len > 0) && !(*to & 0x80) && isspace(*to))
+                {
+                to--;
+                len--;
+                }
+        to = out->data;
+        i = 0;
+        while(i < len)
+                {
+                /* If MSB set just copy across */
+                if (*from & 0x80)
+                        {
+                        *to++ = *from++;
+                        i++;
+                        }
+                /* Collapse multiple spaces */
+                else if (isspace(*from))
+                        {
+                        /* Copy one space across */
+                        *to++ = ' ';
+                        /* Ignore subsequent spaces. Note: don't need to
+                         * check len here because we know the last 
+                         * character is a non-space so we can't overflow.
+                         */
+                        do
+                                {
+                                from++;
+                                i++;
+                                }
+                        while(!(*from & 0x80) && isspace(*from));
+                        }
+                else
+                        {
+                        *to++ = tolower(*from++);
+                        i++;
+                        }
+                }
+        out->length = to - out->data;
+        return 1;
+        }
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
+                          unsigned char **in)
+        {
+        int i, len, ltmp;
+        ASN1_VALUE *v;
+        STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname;
+        len = 0;
+        for (i = 0; i < sk_ASN1_VALUE_num(intname); i++)
+                {
+                v = sk_ASN1_VALUE_value(intname, i);
+                ltmp = ASN1_item_ex_i2d(&v, in,
+                        ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
+                if (ltmp < 0)
+                        return ltmp;
+                len += ltmp;
+                }
+        return len;
+        }
 int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
        {
diff --git a/src/lib/libssl/src/crypto/asn1/x_pubkey.c b/src/lib/libssl/src/crypto/asn1/x_pubkey.c
index 91c2756116..d42b6a2c54 100644
--- a/src/lib/libssl/src/crypto/asn1/x_pubkey.c
+++ b/src/lib/libssl/src/crypto/asn1/x_pubkey.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include "asn1_locl.h"
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
@@ -68,7 +69,8 @@
 #endif
 /* Minor tweak to operation: free up EVP_PKEY */
-static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                        void *exarg)
        {
        if (operation == ASN1_OP_FREE_POST)
                {
@@ -88,169 +90,42 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
 int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
        {
        X509_PUBKEY *pk=NULL;
-        X509_ALGOR *a;
-        ASN1_OBJECT *o;
-        unsigned char *s,*p = NULL;
-        int i;
        if (x == NULL) return(0);
-        if ((pk=X509_PUBKEY_new()) == NULL) goto err;
+        if ((pk=X509_PUBKEY_new()) == NULL) goto error;
-        a=pk->algor;
-        /* set the algorithm id */
+        if (pkey->ameth)
-        if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
-        ASN1_OBJECT_free(a->algorithm);
-        a->algorithm=o;
-        /* Set the parameter list */
-        if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
                {
-                if ((a->parameter == NULL) ||
+                if (pkey->ameth->pub_encode)
-                        (a->parameter->type != V_ASN1_NULL))
                        {
-                        ASN1_TYPE_free(a->parameter);
+                        if (!pkey->ameth->pub_encode(pk, pkey))
-                        if (!(a->parameter=ASN1_TYPE_new()))
                                {
-                                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                                X509err(X509_F_X509_PUBKEY_SET,
-                                goto err;
+                                        X509_R_PUBLIC_KEY_ENCODE_ERROR);
+                                goto error;
                                }
-                        a->parameter->type=V_ASN1_NULL;
-                        }
-                }
-#ifndef OPENSSL_NO_DSA
-        else if (pkey->type == EVP_PKEY_DSA)
-                {
-                unsigned char *pp;
-                DSA *dsa;
-                
-                dsa=pkey->pkey.dsa;
-                dsa->write_params=0;
-                ASN1_TYPE_free(a->parameter);
-                if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
-                        goto err;
-                if (!(p=(unsigned char *)OPENSSL_malloc(i)))
-                        {
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                pp=p;
-                i2d_DSAparams(dsa,&pp);
-                if (!(a->parameter=ASN1_TYPE_new()))
-                        {
-                        OPENSSL_free(p);
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                a->parameter->type=V_ASN1_SEQUENCE;
-                if (!(a->parameter->value.sequence=ASN1_STRING_new()))
-                        {
-                        OPENSSL_free(p);
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
                        }
-                if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
+                else
                        {
-                        OPENSSL_free(p);
+                        X509err(X509_F_X509_PUBKEY_SET,
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                                X509_R_METHOD_NOT_SUPPORTED);
-                        goto err;
+                        goto error;
                        }
-                OPENSSL_free(p);
                }
-#endif
+        else
-#ifndef OPENSSL_NO_EC
-        else if (pkey->type == EVP_PKEY_EC)
-                {
-                int nid=0;
-                unsigned char *pp;
-                EC_KEY *ec_key;
-                const EC_GROUP *group;
-                
-                ec_key = pkey->pkey.ec;
-                ASN1_TYPE_free(a->parameter);
-                if ((a->parameter = ASN1_TYPE_new()) == NULL)
-                        {
-                        X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-                        goto err;
-                        }
-                group = EC_KEY_get0_group(ec_key);
-                if (EC_GROUP_get_asn1_flag(group)
-                     && (nid = EC_GROUP_get_curve_name(group)))
-                        {
-                        /* just set the OID */
-                        a->parameter->type = V_ASN1_OBJECT;
-                        a->parameter->value.object = OBJ_nid2obj(nid);
-                        }
-                else /* explicit parameters */
-                        {
-                        if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
-                                goto err;
-                                }
-                        if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }       
-                        pp = p;
-                        if (!i2d_ECParameters(ec_key, &pp))
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
-                                OPENSSL_free(p);
-                                goto err;
-                                }
-                        a->parameter->type = V_ASN1_SEQUENCE;
-                        if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-                                OPENSSL_free(p);
-                                goto err;
-                                }
-                        ASN1_STRING_set(a->parameter->value.sequence, p, i);
-                        OPENSSL_free(p);
-                        }
-                }
-#endif
-        else if (1)
                {
                X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
-                goto err;
+                goto error;
                }
-        if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
-        if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
-                {
-                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        p=s;
-        i2d_PublicKey(pkey,&p);
-        if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
-                {
-                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        /* Set number of unused bits to zero */
-        pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-        pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-        OPENSSL_free(s);
-#if 0
-        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-        pk->pkey=pkey;
-#endif
        if (*x != NULL)
                X509_PUBKEY_free(*x);
        *x=pk;
        return 1;
-err:
+error:
        if (pk != NULL) X509_PUBKEY_free(pk);
        return 0;
        }
@@ -258,119 +133,50 @@ err:
 EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
        {
        EVP_PKEY *ret=NULL;
-        long j;
-        int type;
-        const unsigned char *p;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-        const unsigned char *cp;
-        X509_ALGOR *a;
-#endif
-        if (key == NULL) goto err;
+        if (key == NULL) goto error;
        if (key->pkey != NULL)
                {
                CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-                return(key->pkey);
+                return key->pkey;
                }
-        if (key->public_key == NULL) goto err;
+        if (key->public_key == NULL) goto error;
-        type=OBJ_obj2nid(key->algor->algorithm);
        if ((ret = EVP_PKEY_new()) == NULL)
                {
                X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-                goto err;
+                goto error;
                }
-        ret->type = EVP_PKEY_type(type);
-        /* the parameters must be extracted before the public key (ECDSA!) */
-        
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-        a=key->algor;
-#endif
-        if (0)
+        if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm)))
-                ;
-#ifndef OPENSSL_NO_DSA
-        else if (ret->type == EVP_PKEY_DSA)
                {
-                if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
+                X509err(X509_F_X509_PUBKEY_GET,X509_R_UNSUPPORTED_ALGORITHM);
-                        {
+                goto error;
-                        if ((ret->pkey.dsa = DSA_new()) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        ret->pkey.dsa->write_params=0;
-                        cp=p=a->parameter->value.sequence->data;
-                        j=a->parameter->value.sequence->length;
-                        if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
-                                goto err;
-                        }
-                ret->save_parameters=1;
                }
-#endif
-#ifndef OPENSSL_NO_EC
+        if (ret->ameth->pub_decode)
-        else if (ret->type == EVP_PKEY_EC)
                {
-                if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
+                if (!ret->ameth->pub_decode(ret, key))
                        {
-                        /* type == V_ASN1_SEQUENCE => we have explicit parameters
+                        X509err(X509_F_X509_PUBKEY_GET,
-                         * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
+                                                X509_R_PUBLIC_KEY_DECODE_ERROR);
-                         */
+                        goto error;
-                        if ((ret->pkey.ec= EC_KEY_new()) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_GET, 
-                                        ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        cp = p = a->parameter->value.sequence->data;
-                        j = a->parameter->value.sequence->length;
-                        if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j))
-                                {
-                                X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
-                                goto err;
-                                }
-                        }
-                else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
-                        {
-                        /* type == V_ASN1_OBJECT => the parameters are given
-                         * by an asn1 OID
-                         */
-                        EC_KEY   *ec_key;
-                        EC_GROUP *group;
-                        if (ret->pkey.ec == NULL)
-                                ret->pkey.ec = EC_KEY_new();
-                        ec_key = ret->pkey.ec;
-                        if (ec_key == NULL)
-                                goto err;
-                        group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
-                        if (group == NULL)
-                                goto err;
-                        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-                        if (EC_KEY_set_group(ec_key, group) == 0)
-                                goto err;
-                        EC_GROUP_free(group);
                        }
-                        /* the case implicitlyCA is currently not implemented */
-                ret->save_parameters = 1;
                }
-#endif
+        else
-        p=key->public_key->data;
-        j=key->public_key->length;
-        if (!d2i_PublicKey(type, &ret, &p, (long)j))
                {
-                X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
+                X509err(X509_F_X509_PUBKEY_GET, X509_R_METHOD_NOT_SUPPORTED);
-                goto err;
+                goto error;
                }
        key->pkey = ret;
        CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
-        return(ret);
-err:
+        return ret;
+        error:
        if (ret != NULL)
                EVP_PKEY_free(ret);
        return(NULL);
@@ -529,3 +335,39 @@ int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
        return(ret);
        }
 #endif
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                                        int ptype, void *pval,
+                                        unsigned char *penc, int penclen)
+        {
+        if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
+                return 0;
+        if (penc)
+                {
+                if (pub->public_key->data)
+                        OPENSSL_free(pub->public_key->data);
+                pub->public_key->data = penc;
+                pub->public_key->length = penclen;
+                /* Set number of unused bits to zero */
+                pub->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+                pub->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+                }
+        return 1;
+        }
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                const unsigned char **pk, int *ppklen,
+                X509_ALGOR **pa,
+                X509_PUBKEY *pub)
+        {
+        if (ppkalg)
+                *ppkalg = pub->algor->algorithm;
+        if (pk)
+                {
+                *pk = pub->public_key->data;
+                *ppklen = pub->public_key->length;
+                }
+        if (pa)
+                *pa = pub->algor;
+        return 1;
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_req.c b/src/lib/libssl/src/crypto/asn1/x_req.c
index 59ca8ce329..d57555827c 100644
--- a/src/lib/libssl/src/crypto/asn1/x_req.c
+++ b/src/lib/libssl/src/crypto/asn1/x_req.c
@@ -79,7 +79,8 @@
 *
 */
-static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
 {
        X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
diff --git a/src/lib/libssl/src/crypto/asn1/x_x509.c b/src/lib/libssl/src/crypto/asn1/x_x509.c
index e118696625..dafd3cc921 100644
--- a/src/lib/libssl/src/crypto/asn1/x_x509.c
+++ b/src/lib/libssl/src/crypto/asn1/x_x509.c
@@ -81,7 +81,8 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 extern void policy_cache_free(X509_POLICY_CACHE *cache);
-static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
 {
        X509 *ret = (X509 *)*pval;
@@ -99,6 +100,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
                ret->rfc3779_asid = NULL;
 #endif
                ret->aux = NULL;
+                ret->crldp = NULL;
                CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
                break;
@@ -112,7 +114,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
                X509_CERT_AUX_free(ret->aux);
                ASN1_OCTET_STRING_free(ret->skid);
                AUTHORITY_KEYID_free(ret->akid);
+                CRL_DIST_POINTS_free(ret->crldp);
                policy_cache_free(ret->policy_cache);
+                GENERAL_NAMES_free(ret->altname);
+                NAME_CONSTRAINTS_free(ret->nc);
 #ifndef OPENSSL_NO_RFC3779
                sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
                ASIdentifiers_free(ret->rfc3779_asid);
@@ -136,19 +141,6 @@ ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509)
-static ASN1_METHOD meth=
-    {
-    (I2D_OF(void))  i2d_X509,
-    (D2I_OF(void)) d2i_X509,
-    (void *(*)(void))X509_new,
-    (void (*)(void *)) X509_free
-    };
-ASN1_METHOD *X509_asn1_meth(void)
-        {
-        return(&meth);
-        }
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
        {
diff --git a/src/lib/libssl/src/crypto/bf/Makefile b/src/lib/libssl/src/crypto/bf/Makefile
index 7f4f03eb82..dd2c2c708e 100644
--- a/src/lib/libssl/src/crypto/bf/Makefile
+++ b/src/lib/libssl/src/crypto/bf/Makefile
@@ -12,8 +12,6 @@ MAKEFILE=	Makefile
 AR=             ar r
 BF_ENC=         bf_enc.o
-# or use
-#DES_ENC=       bx86-elf.o
 CFLAGS= $(INCLUDES) $(CFLAG)
 ASFLAGS= $(INCLUDES) $(ASFLAG)
@@ -40,19 +38,12 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+bf-586.s:       asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/bf-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-        (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
-# COFF
-bx86-cof.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) bf-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
-# a.out
-bx86-out.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) bf-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -103,9 +94,5 @@ bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
 bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
 bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
 bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
-bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
-bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c
-bf_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bf_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-bf_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bf_skey.o: bf_locl.h bf_pi.h bf_skey.c
diff --git a/src/lib/libssl/src/crypto/bf/asm/bf-586.pl b/src/lib/libssl/src/crypto/bf/asm/bf-586.pl
index b556642c94..b74cfbafd4 100644
--- a/src/lib/libssl/src/crypto/bf/asm/bf-586.pl
+++ b/src/lib/libssl/src/crypto/bf/asm/bf-586.pl
@@ -1,6 +1,7 @@
 #!/usr/local/bin/perl
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 require "cbc.pl";
diff --git a/src/lib/libssl/src/crypto/bf/bf_skey.c b/src/lib/libssl/src/crypto/bf/bf_skey.c
index 6ac2aeb279..3673cdee6e 100644
--- a/src/lib/libssl/src/crypto/bf/bf_skey.c
+++ b/src/lib/libssl/src/crypto/bf/bf_skey.c
@@ -59,15 +59,10 @@
 #include <stdio.h>
 #include <string.h>
 #include <openssl/blowfish.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "bf_locl.h"
 #include "bf_pi.h"
-FIPS_NON_FIPS_VCIPHER_Init(BF)
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
        {
        int i;
        BF_LONG *p,ri,in[2];
diff --git a/src/lib/libssl/src/crypto/bf/blowfish.h b/src/lib/libssl/src/crypto/bf/blowfish.h
index d24ffccb65..b97e76f9a3 100644
--- a/src/lib/libssl/src/crypto/bf/blowfish.h
+++ b/src/lib/libssl/src/crypto/bf/blowfish.h
@@ -79,7 +79,7 @@ extern "C" {
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#if defined(__LP32__)
 #define BF_LONG unsigned long
 #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define BF_LONG unsigned long
@@ -104,9 +104,7 @@ typedef struct bf_key_st
        BF_LONG S[4*256];
        } BF_KEY;
-#ifdef OPENSSL_FIPS 
+ 
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-#endif
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
 void BF_encrypt(BF_LONG *data,const BF_KEY *key);
diff --git a/src/lib/libssl/src/crypto/bio/Makefile b/src/lib/libssl/src/crypto/bio/Makefile
index 1cd76ce7a2..c395d80496 100644
--- a/src/lib/libssl/src/crypto/bio/Makefile
+++ b/src/lib/libssl/src/crypto/bio/Makefile
@@ -45,7 +45,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -102,11 +102,12 @@ b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h b_print.c
 b_sock.o: ../../e_os.h ../../include/openssl/bio.h
 b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_sock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_sock.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+b_sock.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-b_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_sock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-b_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h b_sock.c
+b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_sock.o: ../cryptlib.h b_sock.c
 bf_buff.o: ../../e_os.h ../../include/openssl/bio.h
 bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c
index 3a87b0ec0b..143a7cfefa 100644
--- a/src/lib/libssl/src/crypto/bio/b_print.c
+++ b/src/lib/libssl/src/crypto/bio/b_print.c
@@ -115,8 +115,8 @@
 #define LDOUBLE double
 #endif
-#if HAVE_LONG_LONG
+#ifdef HAVE_LONG_LONG
-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
+# if defined(_WIN32) && !defined(__GNUC__)
 # define LLONG __int64
 # else
 # define LLONG long long
diff --git a/src/lib/libssl/src/crypto/bio/b_sock.c b/src/lib/libssl/src/crypto/bio/b_sock.c
index ead477d8a2..12b0a53a81 100644
--- a/src/lib/libssl/src/crypto/bio/b_sock.c
+++ b/src/lib/libssl/src/crypto/bio/b_sock.c
@@ -72,11 +72,9 @@ NETDB_DEFINE_CONTEXT
 #ifndef OPENSSL_NO_SOCK
-#ifdef OPENSSL_SYS_WIN16
+#include <openssl/dso.h>
-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
-#else
 #define SOCKET_PROTOCOL IPPROTO_TCP
-#endif
 #ifdef SO_MAXCONN
 #define MAX_LISTEN  SO_MAXCONN
@@ -90,6 +88,17 @@ NETDB_DEFINE_CONTEXT
 static int wsa_init_done=0;
 #endif
+/*
+ * WSAAPI specifier is required to make indirect calls to run-time
+ * linked WinSock 2 functions used in this module, to be specific
+ * [get|free]addrinfo and getnameinfo. This is because WinSock uses
+ * uses non-C calling convention, __stdcall vs. __cdecl, on x86
+ * Windows. On non-WinSock platforms WSAAPI needs to be void.
+ */
+#ifndef WSAAPI
+#define WSAAPI
+#endif
 #if 0
 static unsigned long BIO_ghbn_hits=0L;
 static unsigned long BIO_ghbn_miss=0L;
@@ -226,6 +235,10 @@ int BIO_sock_error(int sock)
        int j,i;
        int size;
                 
+#if defined(OPENSSL_SYS_BEOS_R5)
+        return 0;
+#endif
+                 
        size=sizeof(int);
        /* Note: under Windows the third parameter is of type (char *)
         * whereas under other systems it is (void *) if you don't have
@@ -466,7 +479,12 @@ int BIO_sock_init(void)
          
                wsa_init_done=1;
                memset(&wsa_state,0,sizeof(wsa_state));
-                if (WSAStartup(0x0101,&wsa_state)!=0)
+                /* Not making wsa_state available to the rest of the
+                 * code is formally wrong. But the structures we use
+                 * are [beleived to be] invariable among Winsock DLLs,
+                 * while API availability is [expected to be] probed
+                 * at run-time with DSO_global_lookup. */
+                if (WSAStartup(0x0202,&wsa_state)!=0)
                        {
                        err=WSAGetLastError();
                        SYSerr(SYS_F_WSASTARTUP,err);
@@ -510,8 +528,8 @@ void BIO_sock_cleanup(void)
        if (wsa_init_done)
                {
                wsa_init_done=0;
-#ifndef OPENSSL_SYS_WINCE
+#if 0           /* this call is claimed to be non-present in Winsock2 */
-                WSACancelBlockingCall();        /* Winsock 1.1 specific */
+                WSACancelBlockingCall();
 #endif
                WSACleanup();
                }
@@ -581,12 +599,18 @@ static int get_ip(const char *str, unsigned char ip[4])
 int BIO_get_accept_socket(char *host, int bind_mode)
        {
        int ret=0;
-        struct sockaddr_in server,client;
+        union {
-        int s=INVALID_SOCKET,cs;
+                struct sockaddr sa;
+                struct sockaddr_in sa_in;
+#if OPENSSL_USE_IPV6
+                struct sockaddr_in6 sa_in6;
+#endif
+        } server,client;
+        int s=INVALID_SOCKET,cs,addrlen;
        unsigned char ip[4];
        unsigned short port;
        char *str=NULL,*e;
-        const char *h,*p;
+        char *h,*p;
        unsigned long l;
        int err_num;
@@ -600,8 +624,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
                {
                if (*e == ':')
                        {
-                        p= &(e[1]);
+                        p=e;
-                        *e='\0';
                        }
                else if (*e == '/')
                        {
@@ -609,21 +632,70 @@ int BIO_get_accept_socket(char *host, int bind_mode)
                        break;
                        }
                }
+        if (p)  *p++='\0';      /* points at last ':', '::port' is special [see below] */
-        if (p == NULL)
+        else    p=h,h=NULL;
+#ifdef EAI_FAMILY
+        do {
+        static union {  void *p;
+                        int (WSAAPI *f)(const char *,const char *,
+                                 const struct addrinfo *,
+                                 struct addrinfo **);
+                        } p_getaddrinfo = {NULL};
+        static union {  void *p;
+                        void (WSAAPI *f)(struct addrinfo *);
+                        } p_freeaddrinfo = {NULL};
+        struct addrinfo *res,hint;
+        if (p_getaddrinfo.p==NULL)
+                {
+                if ((p_getaddrinfo.p=DSO_global_lookup("getaddrinfo"))==NULL ||
+                    (p_freeaddrinfo.p=DSO_global_lookup("freeaddrinfo"))==NULL)
+                        p_getaddrinfo.p=(void*)-1;
+                }
+        if (p_getaddrinfo.p==(void *)-1) break;
+        /* '::port' enforces IPv6 wildcard listener. Some OSes,
+         * e.g. Solaris, default to IPv6 without any hint. Also
+         * note that commonly IPv6 wildchard socket can service
+         * IPv4 connections just as well...  */
+        memset(&hint,0,sizeof(hint));
+        if (h)
                {
-                p=h;
+                if (strchr(h,':'))
-                h="*";
+                        {
+                        if (h[1]=='\0') h=NULL;
+#if OPENSSL_USE_IPV6
+                        hint.ai_family = AF_INET6;
+#else
+                        h=NULL;
+#endif
+                        }
+                else if (h[0]=='*' && h[1]=='\0')
+                        h=NULL;
                }
+        if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break;
+        addrlen = res->ai_addrlen<=sizeof(server) ?
+                        res->ai_addrlen :
+                        sizeof(server);
+        memcpy(&server, res->ai_addr, addrlen);
+        (*p_freeaddrinfo.f)(res);
+        goto again;
+        } while (0);
+#endif
        if (!BIO_get_port(p,&port)) goto err;
        memset((char *)&server,0,sizeof(server));
-        server.sin_family=AF_INET;
+        server.sa_in.sin_family=AF_INET;
-        server.sin_port=htons(port);
+        server.sa_in.sin_port=htons(port);
+        addrlen = sizeof(server.sa_in);
-        if (strcmp(h,"*") == 0)
+        if (h == NULL || strcmp(h,"*") == 0)
-                server.sin_addr.s_addr=INADDR_ANY;
+                server.sa_in.sin_addr.s_addr=INADDR_ANY;
        else
                {
                if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
@@ -632,11 +704,11 @@ int BIO_get_accept_socket(char *host, int bind_mode)
                        ((unsigned long)ip[1]<<16L)|
                        ((unsigned long)ip[2]<< 8L)|
                        ((unsigned long)ip[3]);
-                server.sin_addr.s_addr=htonl(l);
+                server.sa_in.sin_addr.s_addr=htonl(l);
                }
 again:
-        s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+        s=socket(server.sa.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
        if (s == INVALID_SOCKET)
                {
                SYSerr(SYS_F_SOCKET,get_last_socket_error());
@@ -654,22 +726,42 @@ again:
                bind_mode=BIO_BIND_NORMAL;
                }
 #endif
-        if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+        if (bind(s,&server.sa,addrlen) == -1)
                {
 #ifdef SO_REUSEADDR
                err_num=get_last_socket_error();
                if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
+#ifdef OPENSSL_SYS_WINDOWS
+                        /* Some versions of Windows define EADDRINUSE to
+                         * a dummy value.
+                         */
+                        (err_num == WSAEADDRINUSE))
+#else
                        (err_num == EADDRINUSE))
+#endif
                        {
-                        memcpy((char *)&client,(char *)&server,sizeof(server));
+                        client = server;
-                        if (strcmp(h,"*") == 0)
+                        if (h == NULL || strcmp(h,"*") == 0)
-                                client.sin_addr.s_addr=htonl(0x7F000001);
+                                {
-                        cs=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+#if OPENSSL_USE_IPV6
+                                if (client.sa.sa_family == AF_INET6)
+                                        {
+                                        memset(&client.sa_in6.sin6_addr,0,sizeof(client.sa_in6.sin6_addr));
+                                        client.sa_in6.sin6_addr.s6_addr[15]=1;
+                                        }
+                                else
+#endif
+                                if (client.sa.sa_family == AF_INET)
+                                        {
+                                        client.sa_in.sin_addr.s_addr=htonl(0x7F000001);
+                                        }
+                                else    goto err;
+                                }
+                        cs=socket(client.sa.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
                        if (cs != INVALID_SOCKET)
                                {
                                int ii;
-                                ii=connect(cs,(struct sockaddr *)&client,
+                                ii=connect(cs,&client.sa,addrlen);
-                                        sizeof(client));
                                closesocket(cs);
                                if (ii == INVALID_SOCKET)
                                        {
@@ -708,20 +800,52 @@ err:
 int BIO_accept(int sock, char **addr)
        {
        int ret=INVALID_SOCKET;
-        static struct sockaddr_in from;
        unsigned long l;
        unsigned short port;
-        int len;
        char *p;
-        memset((char *)&from,0,sizeof(from));
+        struct {
-        len=sizeof(from);
+        /*
-        /* Note: under VMS with SOCKETSHR the fourth parameter is currently
+         * As for following union. Trouble is that there are platforms
-         * of type (int *) whereas under other systems it is (void *) if
+         * that have socklen_t and there are platforms that don't, on
-         * you don't have a cast it will choke the compiler: if you do
+         * some platforms socklen_t is int and on some size_t. So what
-         * have a cast then you can either go for (int *) or (void *).
+         * one can do? One can cook #ifdef spaghetti, which is nothing
+         * but masochistic. Or one can do union between int and size_t.
+         * One naturally does it primarily for 64-bit platforms where
+         * sizeof(int) != sizeof(size_t). But would it work? Note that
+         * if size_t member is initialized to 0, then later int member
+         * assignment naturally does the job on little-endian platforms
+         * regardless accept's expectations! What about big-endians?
+         * If accept expects int*, then it works, and if size_t*, then
+         * length value would appear as unreasonably large. But this
+         * won't prevent it from filling in the address structure. The
+         * trouble of course would be if accept returns more data than
+         * actual buffer can accomodate and overwrite stack... That's
+         * where early OPENSSL_assert comes into picture. Besides, the
+         * only 64-bit big-endian platform found so far that expects
+         * size_t* is HP-UX, where stack grows towards higher address.
+         * <appro>
         */
-        ret=accept(sock,(struct sockaddr *)&from,(void *)&len);
+        union { size_t s; int i; } len;
+        union {
+                struct sockaddr sa;
+                struct sockaddr_in sa_in;
+#if OPENSSL_USE_IPV6
+                struct sockaddr_in6 sa_in6;
+#endif
+                } from;
+        } sa;
+        sa.len.s=0;
+        sa.len.i=sizeof(sa.from);
+        memset(&sa.from,0,sizeof(sa.from));
+        ret=accept(sock,&sa.from.sa,(void *)&sa.len);
+        if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
+                {
+                OPENSSL_assert(sa.len.s<=sizeof(sa.from));
+                sa.len.i = (int)sa.len.s;
+                /* use sa.len.i from this point */
+                }
        if (ret == INVALID_SOCKET)
                {
                if(BIO_sock_should_retry(ret)) return -2;
@@ -732,8 +856,46 @@ int BIO_accept(int sock, char **addr)
        if (addr == NULL) goto end;
-        l=ntohl(from.sin_addr.s_addr);
+#ifdef EAI_FAMILY
-        port=ntohs(from.sin_port);
+        do {
+        char   h[NI_MAXHOST],s[NI_MAXSERV];
+        size_t nl;
+        static union {  void *p;
+                        int (WSAAPI *f)(const struct sockaddr *,size_t/*socklen_t*/,
+                                 char *,size_t,char *,size_t,int);
+                        } p_getnameinfo = {NULL};
+                        /* 2nd argument to getnameinfo is specified to
+                         * be socklen_t. Unfortunately there is a number
+                         * of environments where socklen_t is not defined.
+                         * As it's passed by value, it's safe to pass it
+                         * as size_t... <appro> */
+        if (p_getnameinfo.p==NULL)
+                {
+                if ((p_getnameinfo.p=DSO_global_lookup("getnameinfo"))==NULL)
+                        p_getnameinfo.p=(void*)-1;
+                }
+        if (p_getnameinfo.p==(void *)-1) break;
+        if ((*p_getnameinfo.f)(&sa.from.sa,sa.len.i,h,sizeof(h),s,sizeof(s),
+            NI_NUMERICHOST|NI_NUMERICSERV)) break;
+        nl = strlen(h)+strlen(s)+2;
+        p = *addr;
+        if (p)  { *p = '\0'; p = OPENSSL_realloc(p,nl); }
+        else    { p = OPENSSL_malloc(nl);               }
+        if (p==NULL)
+                {
+                BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE);
+                goto end;
+                }
+        *addr = p;
+        BIO_snprintf(*addr,nl,"%s:%s",h,s);
+        goto end;
+        } while(0);
+#endif
+        if (sa.from.sa.sa_family != AF_INET) goto end;
+        l=ntohl(sa.from.sa_in.sin_addr.s_addr);
+        port=ntohs(sa.from.sa_in.sin_port);
        if (*addr == NULL)
                {
                if ((p=OPENSSL_malloc(24)) == NULL)
diff --git a/src/lib/libssl/src/crypto/bio/bio.h b/src/lib/libssl/src/crypto/bio/bio.h
index cecb6a7207..152802fbdf 100644
--- a/src/lib/libssl/src/crypto/bio/bio.h
+++ b/src/lib/libssl/src/crypto/bio/bio.h
@@ -95,6 +95,7 @@ extern "C" {
 #define BIO_TYPE_BIO            (19|0x0400)             /* (half a) BIO pair */
 #define BIO_TYPE_LINEBUFFER     (20|0x0200)             /* filter */
 #define BIO_TYPE_DGRAM          (21|0x0400|0x0100)
+#define BIO_TYPE_ASN1           (22|0x0200)             /* filter */
 #define BIO_TYPE_COMP           (23|0x0200)             /* filter */
 #define BIO_TYPE_DESCRIPTOR     0x0100  /* socket, fd, connect or accept */
@@ -156,8 +157,11 @@ extern "C" {
                                              * previous write
                                              * operation */
+#define BIO_CTRL_DGRAM_GET_PEER           46
 #define BIO_CTRL_DGRAM_SET_PEER           44 /* Destination for the data */
+#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45 /* Next DTLS handshake timeout to
+                                                                                          * adjust socket timeouts */
 /* modifiers */
 #define BIO_FP_READ             0x02
@@ -262,7 +266,6 @@ int BIO_method_type(const BIO *b);
 typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
-#ifndef OPENSSL_SYS_WIN16
 typedef struct bio_method_st
        {
        int type;
@@ -276,21 +279,6 @@ typedef struct bio_method_st
        int (*destroy)(BIO *);
        long (*callback_ctrl)(BIO *, int, bio_info_cb *);
        } BIO_METHOD;
-#else
-typedef struct bio_method_st
-        {
-        int type;
-        const char *name;
-        int (_far *bwrite)();
-        int (_far *bread)();
-        int (_far *bputs)();
-        int (_far *bgets)();
-        long (_far *ctrl)();
-        int (_far *create)();
-        int (_far *destroy)();
-        long (_far *callback_ctrl)();
-        } BIO_METHOD;
-#endif
 struct bio_st
        {
@@ -331,6 +319,9 @@ typedef struct bio_f_buffer_ctx_struct
        int obuf_off;           /* write/read offset */
        } BIO_F_BUFFER_CTX;
+/* Prefix and suffix callback in ASN1 BIO */
+typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg);
 /* connect BIO stuff */
 #define BIO_CONN_S_BEFORE               1
 #define BIO_CONN_S_GET_IP               2
@@ -393,6 +384,13 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_C_RESET_READ_REQUEST                147
 #define BIO_C_SET_MD_CTX                        148
+#define BIO_C_SET_PREFIX                        149
+#define BIO_C_GET_PREFIX                        150
+#define BIO_C_SET_SUFFIX                        151
+#define BIO_C_GET_SUFFIX                        152
+#define BIO_C_SET_EX_ARG                        153
+#define BIO_C_GET_EX_ARG                        154
 #define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 #define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
@@ -405,7 +403,7 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
 #define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
 #define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3)
+#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
 #define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
@@ -414,7 +412,7 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
 #define BIO_get_accept_port(b)  BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
 /* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
-#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
+#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL)
 #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
 #define BIO_BIND_NORMAL                 0
@@ -541,6 +539,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
 #define BIO_dgram_send_timedout(b) \
         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
+#define BIO_dgram_get_peer(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
 #define BIO_dgram_set_peer(b,peer) \
         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
@@ -554,22 +554,21 @@ int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 unsigned long BIO_number_read(BIO *bio);
 unsigned long BIO_number_written(BIO *bio);
+/* For BIO_f_asn1() */
+int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
+                                        asn1_ps_func *prefix_free);
+int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
+                                        asn1_ps_func **pprefix_free);
+int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
+                                        asn1_ps_func *suffix_free);
+int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+                                        asn1_ps_func **psuffix_free);
 # ifndef OPENSSL_NO_FP_API
-#  if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL)
-BIO_METHOD *BIO_s_file_internal(void);
-BIO *BIO_new_file_internal(char *filename, char *mode);
-BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
-#    define BIO_s_file  BIO_s_file_internal
-#    define BIO_new_file        BIO_new_file_internal
-#    define BIO_new_fp  BIO_new_fp_internal
-#  else /* FP_API */
 BIO_METHOD *BIO_s_file(void );
 BIO *BIO_new_file(const char *filename, const char *mode);
 BIO *BIO_new_fp(FILE *stream, int close_flag);
-#    define BIO_s_file_internal         BIO_s_file
+# define BIO_s_file_internal    BIO_s_file
-#    define BIO_new_file_internal       BIO_new_file
-#    define BIO_new_fp_internal         BIO_s_file
-#  endif /* FP_API */
 # endif
 BIO *   BIO_new(BIO_METHOD *type);
 int     BIO_set(BIO *a,BIO_METHOD *type);
@@ -598,13 +597,8 @@ int BIO_nread(BIO *bio, char **buf, int num);
 int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
-#ifndef OPENSSL_SYS_WIN16
 long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
        long argl,long ret);
-#else
-long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
-        long argl,long ret);
-#endif
 BIO_METHOD *BIO_s_mem(void);
 BIO *BIO_new_mem_buf(void *buf, int len);
diff --git a/src/lib/libssl/src/crypto/bio/bio_cb.c b/src/lib/libssl/src/crypto/bio/bio_cb.c
index 6f4254a114..9bcbc321d9 100644
--- a/src/lib/libssl/src/crypto/bio/bio_cb.c
+++ b/src/lib/libssl/src/crypto/bio/bio_cb.c
@@ -85,28 +85,32 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
                break;
        case BIO_CB_READ:
                if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-                        BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
+                        BIO_snprintf(p,p_maxlen,"read(%d,%lu) - %s fd=%d\n",
-                                 bio->num,argi,bio->method->name,bio->num);
+                                 bio->num,(unsigned long)argi,
+                                 bio->method->name,bio->num);
                else
-                        BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
+                        BIO_snprintf(p,p_maxlen,"read(%d,%lu) - %s\n",
-                                 bio->num,argi,bio->method->name);
+                                 bio->num,(unsigned long)argi,
+                                 bio->method->name);
                break;
        case BIO_CB_WRITE:
                if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-                        BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
+                        BIO_snprintf(p,p_maxlen,"write(%d,%lu) - %s fd=%d\n",
-                                 bio->num,argi,bio->method->name,bio->num);
+                                 bio->num,(unsigned long)argi,
+                                 bio->method->name,bio->num);
                else
-                        BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
+                        BIO_snprintf(p,p_maxlen,"write(%d,%lu) - %s\n",
-                                 bio->num,argi,bio->method->name);
+                                 bio->num,(unsigned long)argi,
+                                 bio->method->name);
                break;
        case BIO_CB_PUTS:
                BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
                break;
        case BIO_CB_GETS:
-                BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
+                BIO_snprintf(p,p_maxlen,"gets(%lu) - %s\n",(unsigned long)argi,bio->method->name);
                break;
        case BIO_CB_CTRL:
-                BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
+                BIO_snprintf(p,p_maxlen,"ctrl(%lu) - %s\n",(unsigned long)argi,bio->method->name);
                break;
        case BIO_CB_RETURN|BIO_CB_READ:
                BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
diff --git a/src/lib/libssl/src/crypto/bio/bio_err.c b/src/lib/libssl/src/crypto/bio/bio_err.c
index 6603f1c74d..a224edd5a0 100644
--- a/src/lib/libssl/src/crypto/bio/bio_err.c
+++ b/src/lib/libssl/src/crypto/bio/bio_err.c
@@ -1,6 +1,6 @@
 /* crypto/bio/bio_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/src/crypto/bio/bio_lib.c b/src/lib/libssl/src/crypto/bio/bio_lib.c
index 3f52ae953c..77f4de9c32 100644
--- a/src/lib/libssl/src/crypto/bio/bio_lib.c
+++ b/src/lib/libssl/src/crypto/bio/bio_lib.c
@@ -429,7 +429,7 @@ BIO *BIO_push(BIO *b, BIO *bio)
        if (bio != NULL)
                bio->prev_bio=lb;
        /* called to do internal processing */
-        BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL);
+        BIO_ctrl(b,BIO_CTRL_PUSH,0,lb);
        return(b);
        }
@@ -441,7 +441,7 @@ BIO *BIO_pop(BIO *b)
        if (b == NULL) return(NULL);
        ret=b->next_bio;
-        BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
+        BIO_ctrl(b,BIO_CTRL_POP,0,b);
        if (b->prev_bio != NULL)
                b->prev_bio->next_bio=b->next_bio;
diff --git a/src/lib/libssl/src/crypto/bio/bss_acpt.c b/src/lib/libssl/src/crypto/bio/bss_acpt.c
index d090b7272f..826f761143 100644
--- a/src/lib/libssl/src/crypto/bio/bss_acpt.c
+++ b/src/lib/libssl/src/crypto/bio/bss_acpt.c
@@ -100,8 +100,8 @@ static int acpt_new(BIO *h);
 static int acpt_free(BIO *data);
 static int acpt_state(BIO *b, BIO_ACCEPT *c);
 static void acpt_close_socket(BIO *data);
-BIO_ACCEPT *BIO_ACCEPT_new(void );
+static BIO_ACCEPT *BIO_ACCEPT_new(void );
-void BIO_ACCEPT_free(BIO_ACCEPT *a);
+static void BIO_ACCEPT_free(BIO_ACCEPT *a);
 #define ACPT_S_BEFORE                   1
 #define ACPT_S_GET_ACCEPT_SOCKET        2
@@ -141,7 +141,7 @@ static int acpt_new(BIO *bi)
        return(1);
        }
-BIO_ACCEPT *BIO_ACCEPT_new(void)
+static BIO_ACCEPT *BIO_ACCEPT_new(void)
        {
        BIO_ACCEPT *ret;
@@ -154,7 +154,7 @@ BIO_ACCEPT *BIO_ACCEPT_new(void)
        return(ret);
        }
-void BIO_ACCEPT_free(BIO_ACCEPT *a)
+static void BIO_ACCEPT_free(BIO_ACCEPT *a)
        {
        if(a == NULL)
            return;
diff --git a/src/lib/libssl/src/crypto/bio/bss_fd.c b/src/lib/libssl/src/crypto/bio/bss_fd.c
index 4c229bf641..d1bf85aae1 100644
--- a/src/lib/libssl/src/crypto/bio/bss_fd.c
+++ b/src/lib/libssl/src/crypto/bio/bss_fd.c
@@ -60,6 +60,13 @@
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
+#if defined(OPENSSL_NO_POSIX_IO)
+/*
+ * One can argue that one should implement dummy placeholder for
+ * BIO_s_fd here...
+ */
+#else
 /*
 * As for unconditional usage of "UPLINK" interface in this module.
 * Trouble is that unlike Unix file descriptors [which are indexes
@@ -77,6 +84,7 @@
 static int fd_write(BIO *h, const char *buf, int num);
 static int fd_read(BIO *h, char *buf, int size);
 static int fd_puts(BIO *h, const char *str);
+static int fd_gets(BIO *h, char *buf, int size);
 static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int fd_new(BIO *h);
 static int fd_free(BIO *data);
@@ -88,7 +96,7 @@ static BIO_METHOD methods_fdp=
        fd_write,
        fd_read,
        fd_puts,
-        NULL, /* fd_gets, */
+        fd_gets,
        fd_ctrl,
        fd_new,
        fd_free,
@@ -227,6 +235,22 @@ static int fd_puts(BIO *bp, const char *str)
        return(ret);
        }
+static int fd_gets(BIO *bp, char *buf, int size)
+        {
+        int ret=0;
+        char *ptr=buf;
+        char *end=buf+size-1;
+        while ( (ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n') )
+                ptr++;
+        ptr[0]='\0';
+        if (buf[0] != '\0')
+                ret=strlen(buf);
+        return(ret);
+        }
 int BIO_fd_should_retry(int i)
        {
        int err;
@@ -292,3 +316,4 @@ int BIO_fd_non_fatal_error(int err)
                }
        return(0);
        }
+#endif
diff --git a/src/lib/libssl/src/crypto/bio/bss_file.c b/src/lib/libssl/src/crypto/bio/bss_file.c
index 9ad46fa081..8bfa0bcd97 100644
--- a/src/lib/libssl/src/crypto/bio/bss_file.c
+++ b/src/lib/libssl/src/crypto/bio/bss_file.c
@@ -118,10 +118,47 @@ static BIO_METHOD methods_filep=
 BIO *BIO_new_file(const char *filename, const char *mode)
        {
-        BIO *ret;
+        BIO  *ret;
-        FILE *file;
+        FILE *file=NULL;
+#if defined(_WIN32) && defined(CP_UTF8)
+        int sz, len_0 = (int)strlen(filename)+1;
-        if ((file=fopen(filename,mode)) == NULL)
+        /*
+         * Basically there are three cases to cover: a) filename is
+         * pure ASCII string; b) actual UTF-8 encoded string and
+         * c) locale-ized string, i.e. one containing 8-bit
+         * characters that are meaningful in current system locale.
+         * If filename is pure ASCII or real UTF-8 encoded string,
+         * MultiByteToWideChar succeeds and _wfopen works. If
+         * filename is locale-ized string, chances are that
+         * MultiByteToWideChar fails reporting
+         * ERROR_NO_UNICODE_TRANSLATION, in which case we fall
+         * back to fopen...
+         */
+        if ((sz=MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS,
+                                        filename,len_0,NULL,0))>0)
+                {
+                WCHAR  wmode[8];
+                WCHAR *wfilename = _alloca(sz*sizeof(WCHAR));
+                if (MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS,
+                                        filename,len_0,wfilename,sz) &&
+                    MultiByteToWideChar(CP_UTF8,0,mode,strlen(mode)+1,
+                                        wmode,sizeof(wmode)/sizeof(wmode[0])) &&
+                    (file=_wfopen(wfilename,wmode))==NULL && errno==ENOENT
+                   )    /* UTF-8 decode succeeded, but no file, filename
+                         * could still have been locale-ized... */
+                        file = fopen(filename,mode);
+                }
+        else if (GetLastError()==ERROR_NO_UNICODE_TRANSLATION)
+                {
+                file = fopen(filename,mode);
+                }
+#else
+        file=fopen(filename,mode);      
+#endif
+        if (file == NULL)
                {
                SYSerr(SYS_F_FOPEN,get_last_sys_error());
                ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
@@ -131,7 +168,7 @@ BIO *BIO_new_file(const char *filename, const char *mode)
                        BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
                return(NULL);
                }
-        if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
+        if ((ret=BIO_new(BIO_s_file())) == NULL)
                {
                fclose(file);
                return(NULL);
@@ -272,9 +309,9 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                        BIO_clear_flags(b,BIO_FLAGS_UPLINK);
 #endif
 #endif
-#ifdef UP_fsetmode
+#ifdef UP_fsetmod
                if (b->flags&BIO_FLAGS_UPLINK)
-                        UP_fsetmode(b->ptr,num&BIO_FP_TEXT?'t':'b');
+                        UP_fsetmod(b->ptr,(char)((num&BIO_FP_TEXT)?'t':'b'));
                else
 #endif
                {
@@ -286,8 +323,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                        _setmode(fd,_O_BINARY);
 #elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
                int fd = fileno((FILE*)ptr);
-         /* Under CLib there are differences in file modes
+                /* Under CLib there are differences in file modes */
-         */
                if (num & BIO_FP_TEXT)
                        setmode(fd,O_TEXT);
                else
@@ -308,7 +344,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                        else
                                _setmode(fd,_O_BINARY);
                        }
-#elif defined(OPENSSL_SYS_OS2)
+#elif defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
                int fd = fileno((FILE*)ptr);
                if (num & BIO_FP_TEXT)
                        setmode(fd, O_TEXT);
@@ -404,11 +440,18 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
        buf[0]='\0';
        if (bp->flags&BIO_FLAGS_UPLINK)
-                UP_fgets(buf,size,bp->ptr);
+                {
+                if (!UP_fgets(buf,size,bp->ptr))
+                        goto err;
+                }
        else
-                fgets(buf,size,(FILE *)bp->ptr);
+                {
+                if (!fgets(buf,size,(FILE *)bp->ptr))
+                        goto err;
+                }
        if (buf[0] != '\0')
                ret=strlen(buf);
+        err:
        return(ret);
        }
diff --git a/src/lib/libssl/src/crypto/bio/bss_log.c b/src/lib/libssl/src/crypto/bio/bss_log.c
index 6360dbc820..7ead044b37 100644
--- a/src/lib/libssl/src/crypto/bio/bss_log.c
+++ b/src/lib/libssl/src/crypto/bio/bss_log.c
@@ -70,7 +70,6 @@
 #if defined(OPENSSL_SYS_WINCE)
 #elif defined(OPENSSL_SYS_WIN32)
-#  include <process.h>
 #elif defined(OPENSSL_SYS_VMS)
 #  include <opcdef.h>
 #  include <descrip.h>
@@ -122,18 +121,6 @@ static int MS_CALLBACK slg_free(BIO *data);
 static void xopenlog(BIO* bp, char* name, int level);
 static void xsyslog(BIO* bp, int priority, const char* string);
 static void xcloselog(BIO* bp);
-#ifdef OPENSSL_SYS_WIN32
-LONG    (WINAPI *go_for_advapi)()       = RegOpenKeyEx;
-HANDLE  (WINAPI *register_event_source)()       = NULL;
-BOOL    (WINAPI *deregister_event_source)()     = NULL;
-BOOL    (WINAPI *report_event)()        = NULL;
-#define DL_PROC(m,f)    (GetProcAddress( m, f ))
-#ifdef UNICODE
-#define DL_PROC_X(m,f) DL_PROC( m, f "W" )
-#else
-#define DL_PROC_X(m,f) DL_PROC( m, f "A" )
-#endif
-#endif
 static BIO_METHOD methods_slg=
        {
@@ -175,7 +162,7 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
        char* buf;
        char* pp;
        int priority, i;
-        static struct
+        static const struct
                {
                int strl;
                char str[10];
@@ -249,35 +236,20 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
 static void xopenlog(BIO* bp, char* name, int level)
 {
-        if ( !register_event_source )
+        if (GetVersion() < 0x80000000)
-                {
+                bp->ptr = RegisterEventSourceA(NULL,name);
-                HANDLE  advapi;
+        else
-                if ( !(advapi = GetModuleHandle("advapi32")) )
+                bp->ptr = NULL;
-                        return;
-                register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi,
-                        "RegisterEventSource" );
-                deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi,
-                        "DeregisterEventSource");
-                report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi,
-                        "ReportEvent" );
-                if ( !(register_event_source && deregister_event_source &&
-                                report_event) )
-                        {
-                        register_event_source = NULL;
-                        deregister_event_source = NULL;
-                        report_event = NULL;
-                        return;
-                        }
-                }
-        bp->ptr= (char *)register_event_source(NULL, name);
 }
 static void xsyslog(BIO *bp, int priority, const char *string)
 {
        LPCSTR lpszStrings[2];
        WORD evtype= EVENTLOG_ERROR_TYPE;
-        int pid = _getpid();
+        char pidbuf[DECIMAL_SIZE(DWORD)+4];
-        char pidbuf[DECIMAL_SIZE(pid)+4];
+        if (bp->ptr == NULL)
+                return;
        switch (priority)
                {
@@ -301,19 +273,18 @@ static void xsyslog(BIO *bp, int priority, const char *string)
                break;
                }
-        sprintf(pidbuf, "[%d] ", pid);
+        sprintf(pidbuf, "[%u] ", GetCurrentProcessId());
        lpszStrings[0] = pidbuf;
        lpszStrings[1] = string;
-        if(report_event && bp->ptr)
+        ReportEventA(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
-                report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
                                lpszStrings, NULL);
 }
        
 static void xcloselog(BIO* bp)
 {
-        if(deregister_event_source && bp->ptr)
+        if(bp->ptr)
-                deregister_event_source((HANDLE)(bp->ptr));
+                DeregisterEventSource((HANDLE)(bp->ptr));
        bp->ptr= NULL;
 }
diff --git a/src/lib/libssl/src/crypto/bio/bss_mem.c b/src/lib/libssl/src/crypto/bio/bss_mem.c
index e7ab9cb3a3..37d4194e4b 100644
--- a/src/lib/libssl/src/crypto/bio/bss_mem.c
+++ b/src/lib/libssl/src/crypto/bio/bss_mem.c
@@ -94,16 +94,18 @@ BIO *BIO_new_mem_buf(void *buf, int len)
 {
        BIO *ret;
        BUF_MEM *b;
+        size_t sz;
        if (!buf) {
                BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER);
                return NULL;
        }
-        if(len == -1) len = strlen(buf);
+        sz = (len<0) ? strlen(buf) : (size_t)len;
        if(!(ret = BIO_new(BIO_s_mem())) ) return NULL;
        b = (BUF_MEM *)ret->ptr;
        b->data = buf;
-        b->length = len;
+        b->length = sz;
-        b->max = len;
+        b->max = sz;
        ret->flags |= BIO_FLAGS_MEM_RDONLY;
        /* Since this is static data retrying wont help */
        ret->num = 0;
@@ -144,22 +146,16 @@ static int mem_read(BIO *b, char *out, int outl)
        {
        int ret= -1;
        BUF_MEM *bm;
-        int i;
-        char *from,*to;
        bm=(BUF_MEM *)b->ptr;
        BIO_clear_retry_flags(b);
-        ret=(outl > bm->length)?bm->length:outl;
+        ret=(outl >=0 && (size_t)outl > bm->length)?(int)bm->length:outl;
        if ((out != NULL) && (ret > 0)) {
                memcpy(out,bm->data,ret);
                bm->length-=ret;
-                /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */
                if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret;
                else {
-                        from=(char *)&(bm->data[ret]);
+                        memmove(&(bm->data[0]),&(bm->data[ret]),bm->length);
-                        to=(char *)&(bm->data[0]);
-                        for (i=0; i<bm->length; i++)
-                                to[i]=from[i];
                }
        } else if (bm->length == 0)
                {
diff --git a/src/lib/libssl/src/crypto/bio/bss_sock.c b/src/lib/libssl/src/crypto/bio/bss_sock.c
index 30c3ceab46..3df31938c1 100644
--- a/src/lib/libssl/src/crypto/bio/bss_sock.c
+++ b/src/lib/libssl/src/crypto/bio/bss_sock.c
@@ -172,15 +172,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
        switch (cmd)
                {
-        case BIO_CTRL_RESET:
-                num=0;
-        case BIO_C_FILE_SEEK:
-                ret=0;
-                break;
-        case BIO_C_FILE_TELL:
-        case BIO_CTRL_INFO:
-                ret=0;
-                break;
        case BIO_C_SET_FD:
                sock_free(b);
                b->num= *((int *)ptr);
@@ -203,10 +194,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
        case BIO_CTRL_SET_CLOSE:
                b->shutdown=(int)num;
                break;
-        case BIO_CTRL_PENDING:
-        case BIO_CTRL_WPENDING:
-                ret=0;
-                break;
        case BIO_CTRL_DUP:
        case BIO_CTRL_FLUSH:
                ret=1;
diff --git a/src/lib/libssl/src/crypto/bn/Makefile b/src/lib/libssl/src/crypto/bn/Makefile
index f5e8f65a46..aabc4f56b8 100644
--- a/src/lib/libssl/src/crypto/bn/Makefile
+++ b/src/lib/libssl/src/crypto/bn/Makefile
@@ -12,8 +12,6 @@ MAKEFILE=	Makefile
 AR=             ar r
 BN_ASM=         bn_asm.o
-# or use
-#BN_ASM=        bn86-elf.o
 CFLAGS= $(INCLUDES) $(CFLAG)
 ASFLAGS= $(INCLUDES) $(ASFLAG)
@@ -28,13 +26,13 @@ LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
        bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
        bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
        bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
-        bn_depr.c bn_x931p.c bn_const.c bn_opt.c
+        bn_depr.c bn_const.c
 LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
        bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
        bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
        bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
-        bn_depr.o bn_x931p.o bn_const.o bn_opt.o
+        bn_depr.o bn_const.o
 SRC= $(LIBSRC)
@@ -58,36 +56,25 @@ bnbug: bnbug.c ../../libcrypto.a top
        cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+bn-586.s:       asm/bn-586.pl ../perlasm/x86asm.pl
-bn86-elf.s:     asm/bn-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/bn-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-        (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > ../$@)
+co-586.s:       asm/co-586.pl ../perlasm/x86asm.pl
-co86-elf.s:     asm/co-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/co-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-        (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > ../$@)
+x86-mont.s:     asm/x86-mont.pl ../perlasm/x86asm.pl
-mo86-elf.s:     asm/mo-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/x86-mont.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-        (cd asm; $(PERL) mo-586.pl elf $(CFLAGS) > ../$@)
-# COFF
-bn86-cof.s: asm/bn-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) bn-586.pl coff $(CFLAGS) > ../$@)
-co86-cof.s: asm/co-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) co-586.pl coff $(CFLAGS) > ../$@)
-mo86-cof.s: asm/mo-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) mo-586.pl coff $(CFLAGS) > ../$@)
-# a.out
-bn86-out.s: asm/bn-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) bn-586.pl a.out $(CFLAGS) > ../$@)
-co86-out.s: asm/co-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) co-586.pl a.out $(CFLAGS) > ../$@)
-mo86-out.s: asm/mo-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) mo-586.pl a.out $(CFLAGS) > ../$@)
 sparcv8.o:      asm/sparcv8.S
        $(CC) $(CFLAGS) -c asm/sparcv8.S
-sparcv8plus.o:  asm/sparcv8plus.S
+bn-sparcv9.o:   asm/sparcv8plus.S
-        $(CC) $(CFLAGS) -c asm/sparcv8plus.S
+        $(CC) $(CFLAGS) -c -o $@ asm/sparcv8plus.S
+sparcv9a-mont.s:        asm/sparcv9a-mont.pl
+        $(PERL) asm/sparcv9a-mont.pl $(CFLAGS) > $@
+sparcv9-mont.s:         asm/sparcv9-mont.pl
+        $(PERL) asm/sparcv9-mont.pl $(CFLAGS) > $@
 bn-mips3.o:     asm/mips3.s
        @if [ "$(CC)" = "gcc" ]; then \
@@ -95,10 +82,13 @@ bn-mips3.o:	asm/mips3.s
                as -$$ABI -O -o $@ asm/mips3.s; \
        else    $(CC) -c $(CFLAGS) -o $@ asm/mips3.s; fi
+bn-s390x.o:     asm/s390x.S
+        $(CC) $(CFLAGS) -c -o $@ asm/s390x.S
 x86_64-gcc.o:   asm/x86_64-gcc.c
        $(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c
 x86_64-mont.s:  asm/x86_64-mont.pl
-        $(PERL) asm/x86_64-mont.pl $@
+        $(PERL) asm/x86_64-mont.pl $(PERLASM_SCHEME) > $@
 bn-ia64.s:      asm/ia64.S
        $(CC) $(CFLAGS) -E asm/ia64.S > $@
@@ -111,12 +101,14 @@ pa-risc2.o: asm/pa-risc2.s
        /usr/ccs/bin/as -o pa-risc2.o asm/pa-risc2.s
 # ppc - AIX, Linux, MacOS X...
-linux_ppc32.s: asm/ppc.pl;      $(PERL) $< $@
+bn-ppc.s:       asm/ppc.pl;     $(PERL) asm/ppc.pl $(PERLASM_SCHEME) $@
-linux_ppc64.s: asm/ppc.pl;      $(PERL) $< $@
+ppc-mont.s:     asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@
-aix_ppc32.s: asm/ppc.pl;        $(PERL) asm/ppc.pl $@
-aix_ppc64.s: asm/ppc.pl;        $(PERL) asm/ppc.pl $@
+alpha-mont.s:   asm/alpha-mont.pl
-osx_ppc32.s: asm/ppc.pl;        $(PERL) $< $@
+        $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
-osx_ppc64.s: asm/ppc.pl;        $(PERL) $< $@
+# GNU make "catch all"
+%-mont.s:       asm/%-mont.pl;  $(PERL) $< $(CFLAGS) > $@
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -184,8 +176,11 @@ bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h
-bn_const.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-bn_const.o: ../../include/openssl/ossl_typ.h bn.h bn_const.c
+bn_const.o: ../../include/openssl/opensslconf.h
+bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_const.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_const.o: ../../include/openssl/symhacks.h bn.h bn_const.c
 bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -292,13 +287,6 @@ bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c
-bn_opt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_opt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_opt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_opt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_opt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_opt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_opt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_opt.c
 bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -357,6 +345,3 @@ bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c
-bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
-bn_x931p.o: ../../include/openssl/opensslconf.h
-bn_x931p.o: ../../include/openssl/ossl_typ.h bn_x931p.c
diff --git a/src/lib/libssl/src/crypto/bn/asm/bn-586.pl b/src/lib/libssl/src/crypto/bn/asm/bn-586.pl
index 26c2685a72..332ef3e91d 100644
--- a/src/lib/libssl/src/crypto/bn/asm/bn-586.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/bn-586.pl
@@ -1,6 +1,7 @@
 #!/usr/local/bin/perl
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],$0);
@@ -24,38 +25,25 @@ sub bn_mul_add_words
        {
        local($name)=@_;
-        &function_begin($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
+        &function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
-        &comment("");
+        $r="eax";
-        $Low="eax";
+        $a="edx";
-        $High="edx";
+        $c="ecx";
-        $a="ebx";
-        $w="ebp";
-        $r="edi";
-        $c="esi";
-        &xor($c,$c);            # clear carry
-        &mov($r,&wparam(0));    #
-        &mov("ecx",&wparam(2)); #
-        &mov($a,&wparam(1));    #
-        &and("ecx",0xfffffff8); # num / 8
-        &mov($w,&wparam(3));    #
-        &push("ecx");           # Up the stack for a tmp variable
-        &jz(&label("maw_finish"));
        if ($sse2) {
                &picmeup("eax","OPENSSL_ia32cap_P");
                &bt(&DWP(0,"eax"),26);
-                &jnc(&label("maw_loop"));
+                &jnc(&label("maw_non_sse2"));
-                &movd("mm0",$w);                # mm0 = w
+                &mov($r,&wparam(0));
+                &mov($a,&wparam(1));
+                &mov($c,&wparam(2));
+                &movd("mm0",&wparam(3));        # mm0 = w
                &pxor("mm1","mm1");             # mm1 = carry_in
+                &jmp(&label("maw_sse2_entry"));
-                &set_label("maw_sse2_loop",0);
+                
+        &set_label("maw_sse2_unrolled",16);
                &movd("mm3",&DWP(0,$r,"",0));   # mm3 = r[0]
                &paddq("mm1","mm3");            # mm1 = carry_in + r[0]
                &movd("mm2",&DWP(0,$a,"",0));   # mm2 = a[0]
@@ -112,42 +100,82 @@ sub bn_mul_add_words
                &psrlq("mm1",32);               # mm1 = carry6
                &paddq("mm1","mm3");            # mm1 = carry6 + r[7] + w*a[7]
                &movd(&DWP(28,$r,"",0),"mm1");
-                &add($r,32);
+                &lea($r,&DWP(32,$r));
                &psrlq("mm1",32);               # mm1 = carry_out
-                &sub("ecx",8);
+                &sub($c,8);
+                &jz(&label("maw_sse2_exit"));
+        &set_label("maw_sse2_entry");
+                &test($c,0xfffffff8);
+                &jnz(&label("maw_sse2_unrolled"));
+        &set_label("maw_sse2_loop",4);
+                &movd("mm2",&DWP(0,$a));        # mm2 = a[i]
+                &movd("mm3",&DWP(0,$r));        # mm3 = r[i]
+                &pmuludq("mm2","mm0");          # a[i] *= w
+                &lea($a,&DWP(4,$a));
+                &paddq("mm1","mm3");            # carry += r[i]
+                &paddq("mm1","mm2");            # carry += a[i]*w
+                &movd(&DWP(0,$r),"mm1");        # r[i] = carry_low
+                &sub($c,1);
+                &psrlq("mm1",32);               # carry = carry_high
+                &lea($r,&DWP(4,$r));
                &jnz(&label("maw_sse2_loop"));
+        &set_label("maw_sse2_exit");
-                &movd($c,"mm1");                # c = carry_out
+                &movd("eax","mm1");             # c = carry_out
                &emms();
+                &ret();
-                &jmp(&label("maw_finish"));
+        &set_label("maw_non_sse2",16);
        }
-        &set_label("maw_loop",0);
+        # function_begin prologue
+        &push("ebp");
+        &push("ebx");
+        &push("esi");
+        &push("edi");
+        &comment("");
+        $Low="eax";
+        $High="edx";
+        $a="ebx";
+        $w="ebp";
+        $r="edi";
+        $c="esi";
+        &xor($c,$c);            # clear carry
+        &mov($r,&wparam(0));    #
+        &mov("ecx",&wparam(2)); #
+        &mov($a,&wparam(1));    #
+        &and("ecx",0xfffffff8); # num / 8
+        &mov($w,&wparam(3));    #
-        &mov(&swtmp(0),"ecx");  #
+        &push("ecx");           # Up the stack for a tmp variable
+        &jz(&label("maw_finish"));
+        &set_label("maw_loop",16);
        for ($i=0; $i<32; $i+=4)
                {
                &comment("Round $i");
-                 &mov("eax",&DWP($i,$a,"",0));  # *a
+                 &mov("eax",&DWP($i,$a));       # *a
                &mul($w);                       # *a * w
-                &add("eax",$c);         # L(t)+= *r
+                &add("eax",$c);                 # L(t)+= c
-                 &mov($c,&DWP($i,$r,"",0));     # L(t)+= *r
                &adc("edx",0);                  # H(t)+=carry
-                 &add("eax",$c);                # L(t)+=c
+                 &add("eax",&DWP($i,$r));       # L(t)+= *r
                &adc("edx",0);                  # H(t)+=carry
-                 &mov(&DWP($i,$r,"",0),"eax");  # *r= L(t);
+                 &mov(&DWP($i,$r),"eax");       # *r= L(t);
                &mov($c,"edx");                 # c=  H(t);
                }
        &comment("");
-        &mov("ecx",&swtmp(0));  #
-        &add($a,32);
-        &add($r,32);
        &sub("ecx",8);
+        &lea($a,&DWP(32,$a));
+        &lea($r,&DWP(32,$r));
        &jnz(&label("maw_loop"));
        &set_label("maw_finish",0);
@@ -160,16 +188,15 @@ sub bn_mul_add_words
        for ($i=0; $i<7; $i++)
                {
                &comment("Tail Round $i");
-                 &mov("eax",&DWP($i*4,$a,"",0));# *a
+                 &mov("eax",&DWP($i*4,$a));     # *a
                &mul($w);                       # *a * w
                &add("eax",$c);                 # L(t)+=c
-                 &mov($c,&DWP($i*4,$r,"",0));   # L(t)+= *r
                &adc("edx",0);                  # H(t)+=carry
-                 &add("eax",$c);
+                 &add("eax",&DWP($i*4,$r));     # L(t)+= *r
                &adc("edx",0);                  # H(t)+=carry
                 &dec("ecx") if ($i != 7-1);
-                &mov(&DWP($i*4,$r,"",0),"eax"); # *r= L(t);
+                &mov(&DWP($i*4,$r),"eax");      # *r= L(t);
-                 &mov($c,"edx");                        # c=  H(t);
+                 &mov($c,"edx");                # c=  H(t);
                &jz(&label("maw_end")) if ($i != 7-1);
                }
        &set_label("maw_end",0);
@@ -184,7 +211,45 @@ sub bn_mul_words
        {
        local($name)=@_;
-        &function_begin($name,"");
+        &function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
+        $r="eax";
+        $a="edx";
+        $c="ecx";
+        if ($sse2) {
+                &picmeup("eax","OPENSSL_ia32cap_P");
+                &bt(&DWP(0,"eax"),26);
+                &jnc(&label("mw_non_sse2"));
+                &mov($r,&wparam(0));
+                &mov($a,&wparam(1));
+                &mov($c,&wparam(2));
+                &movd("mm0",&wparam(3));        # mm0 = w
+                &pxor("mm1","mm1");             # mm1 = carry = 0
+        &set_label("mw_sse2_loop",16);
+                &movd("mm2",&DWP(0,$a));        # mm2 = a[i]
+                &pmuludq("mm2","mm0");          # a[i] *= w
+                &lea($a,&DWP(4,$a));
+                &paddq("mm1","mm2");            # carry += a[i]*w
+                &movd(&DWP(0,$r),"mm1");        # r[i] = carry_low
+                &sub($c,1);
+                &psrlq("mm1",32);               # carry = carry_high
+                &lea($r,&DWP(4,$r));
+                &jnz(&label("mw_sse2_loop"));
+                &movd("eax","mm1");             # return carry
+                &emms();
+                &ret();
+        &set_label("mw_non_sse2",16);
+        }
+        # function_begin prologue
+        &push("ebp");
+        &push("ebx");
+        &push("esi");
+        &push("edi");
        &comment("");
        $Low="eax";
@@ -257,7 +322,40 @@ sub bn_sqr_words
        {
        local($name)=@_;
-        &function_begin($name,"");
+        &function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
+        $r="eax";
+        $a="edx";
+        $c="ecx";
+        if ($sse2) {
+                &picmeup("eax","OPENSSL_ia32cap_P");
+                &bt(&DWP(0,"eax"),26);
+                &jnc(&label("sqr_non_sse2"));
+                &mov($r,&wparam(0));
+                &mov($a,&wparam(1));
+                &mov($c,&wparam(2));
+        &set_label("sqr_sse2_loop",16);
+                &movd("mm0",&DWP(0,$a));        # mm0 = a[i]
+                &pmuludq("mm0","mm0");          # a[i] *= a[i]
+                &lea($a,&DWP(4,$a));            # a++
+                &movq(&QWP(0,$r),"mm0");        # r[i] = a[i]*a[i]
+                &sub($c,1);
+                &lea($r,&DWP(8,$r));            # r += 2
+                &jnz(&label("sqr_sse2_loop"));
+                &emms();
+                &ret();
+        &set_label("sqr_non_sse2",16);
+        }
+        # function_begin prologue
+        &push("ebp");
+        &push("ebx");
+        &push("esi");
+        &push("edi");
        &comment("");
        $r="esi";
@@ -313,12 +411,13 @@ sub bn_div_words
        {
        local($name)=@_;
-        &function_begin($name,"");
+        &function_begin_B($name,"");
        &mov("edx",&wparam(0)); #
        &mov("eax",&wparam(1)); #
-        &mov("ebx",&wparam(2)); #
+        &mov("ecx",&wparam(2)); #
-        &div("ebx");
+        &div("ecx");
-        &function_end($name);
+        &ret();
+        &function_end_B($name);
        }
 sub bn_add_words
diff --git a/src/lib/libssl/src/crypto/bn/asm/co-586.pl b/src/lib/libssl/src/crypto/bn/asm/co-586.pl
index 5d962cb957..57101a6bd7 100644
--- a/src/lib/libssl/src/crypto/bn/asm/co-586.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/co-586.pl
@@ -1,6 +1,7 @@
 #!/usr/local/bin/perl
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],$0);
diff --git a/src/lib/libssl/src/crypto/bn/asm/ppc.pl b/src/lib/libssl/src/crypto/bn/asm/ppc.pl
index 08e0053473..37c65d3511 100644
--- a/src/lib/libssl/src/crypto/bn/asm/ppc.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/ppc.pl
@@ -100,9 +100,9 @@
 #       me a note at schari@us.ibm.com
 #
-$opf = shift;
+$flavour = shift;
-if ($opf =~ /32\.s/) {
+if ($flavour =~ /32/) {
        $BITS=  32;
        $BNSZ=  $BITS/8;
        $ISA=   "\"ppc\"";
@@ -125,7 +125,7 @@ if ($opf =~ /32\.s/) {
        $INSR=  "insrwi";       # insert right
        $ROTL=  "rotlwi";       # rotate left by immediate
        $TR=    "tw";           # conditional trap
-} elsif ($opf =~ /64\.s/) {
+} elsif ($flavour =~ /64/) {
        $BITS=  64;
        $BNSZ=  $BITS/8;
        $ISA=   "\"ppc64\"";
@@ -149,93 +149,16 @@ if ($opf =~ /32\.s/) {
        $INSR=  "insrdi";       # insert right 
        $ROTL=  "rotldi";       # rotate left by immediate
        $TR=    "td";           # conditional trap
-} else { die "nonsense $opf"; }
+} else { die "nonsense $flavour"; }
-( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!";
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
-# function entry points from the AIX code
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
-#
-# There are other, more elegant, ways to handle this. We (IBM) chose
-# this approach as it plays well with scripts we run to 'namespace'
-# OpenSSL .i.e. we add a prefix to all the public symbols so we can
-# co-exist in the same process with other implementations of OpenSSL.
-# 'cleverer' ways of doing these substitutions tend to hide data we
-# need to be obvious.
-#
-my @items = ("bn_sqr_comba4",
-             "bn_sqr_comba8",
-             "bn_mul_comba4",
-             "bn_mul_comba8",
-             "bn_sub_words",
-             "bn_add_words",
-             "bn_div_words",
-             "bn_sqr_words",
-             "bn_mul_words",
-             "bn_mul_add_words");
-if    ($opf =~ /linux/) {  do_linux();  }
+$data=<<EOF;
-elsif ($opf =~ /aix/)   {  do_aix();    }
-elsif ($opf =~ /osx/)   {  do_osx();    }
-else                    {  do_bsd();    }
-sub do_linux {
-    $d=&data();
-    if ($BITS==64) {
-      foreach $t (@items) {
-        $d =~ s/\.$t:/\
-\t.section\t".opd","aw"\
-\t.align\t3\
-\t.globl\t$t\
-$t:\
-\t.quad\t.$t,.TOC.\@tocbase,0\
-\t.size\t$t,24\
-\t.previous\n\
-\t.type\t.$t,\@function\
-\t.globl\t.$t\
-.$t:/g;
-      }
-    }
-    else {
-      foreach $t (@items) {
-        $d=~s/\.$t/$t/g;
-      }
-    }
-    # hide internal labels to avoid pollution of name table...
-    $d=~s/Lppcasm_/.Lppcasm_/gm;
-    print $d;
-}
-sub do_aix {
-    # AIX assembler is smart enough to please the linker without
-    # making us do something special...
-    print &data();
-}
-# MacOSX 32 bit
-sub do_osx {
-    $d=&data();
-    # Change the bn symbol prefix from '.' to '_'
-    foreach $t (@items) {
-      $d=~s/\.$t/_$t/g;
-    }
-    # Change .machine to something OS X asm will accept
-    $d=~s/\.machine.*/.text/g;
-    $d=~s/\#/;/g; # change comment from '#' to ';'
-    print $d;
-}
-# BSD (Untested)
-sub do_bsd {
-    $d=&data();
-    foreach $t (@items) {
-      $d=~s/\.$t/_$t/g;
-    }
-    print $d;
-}
-sub data {
-        local($data)=<<EOF;
 #--------------------------------------------------------------------
 #
 #
@@ -297,33 +220,20 @@ sub data {
 #
 #       Defines to be used in the assembly code.
 #       
-.set r0,0       # we use it as storage for value of 0
+#.set r0,0      # we use it as storage for value of 0
-.set SP,1       # preserved
+#.set SP,1      # preserved
-.set RTOC,2     # preserved 
+#.set RTOC,2    # preserved 
-.set r3,3       # 1st argument/return value
+#.set r3,3      # 1st argument/return value
-.set r4,4       # 2nd argument/volatile register
+#.set r4,4      # 2nd argument/volatile register
-.set r5,5       # 3rd argument/volatile register
+#.set r5,5      # 3rd argument/volatile register
-.set r6,6       # ...
+#.set r6,6      # ...
-.set r7,7
+#.set r7,7
-.set r8,8
+#.set r8,8
-.set r9,9
+#.set r9,9
-.set r10,10
+#.set r10,10
-.set r11,11
+#.set r11,11
-.set r12,12
+#.set r12,12
-.set r13,13     # not used, nor any other "below" it...
+#.set r13,13    # not used, nor any other "below" it...
-.set BO_IF_NOT,4
-.set BO_IF,12
-.set BO_dCTR_NZERO,16
-.set BO_dCTR_ZERO,18
-.set BO_ALWAYS,20
-.set CR0_LT,0;
-.set CR0_GT,1;
-.set CR0_EQ,2
-.set CR1_FX,4;
-.set CR1_FEX,5;
-.set CR1_VX,6
-.set LR,8
 #       Declare function names to be global
 #       NOTE:   For gcc these names MUST be changed to remove
@@ -344,7 +254,7 @@ sub data {
        
 # .text section
        
-        .machine        $ISA
+        .machine        "any"
 #
 #       NOTE:   The following label name should be changed to
@@ -478,7 +388,7 @@ sub data {
        $ST             r9,`6*$BNSZ`(r3)        #r[6]=c1
        $ST             r10,`7*$BNSZ`(r3)       #r[7]=c2
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
 #
@@ -903,7 +813,7 @@ sub data {
        $ST             r9, `15*$BNSZ`(r3)      #r[15]=c1;
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
@@ -1055,7 +965,7 @@ sub data {
        $ST     r10,`6*$BNSZ`(r3)       #r[6]=c1
        $ST     r11,`7*$BNSZ`(r3)       #r[7]=c2
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
 #
@@ -1591,7 +1501,7 @@ sub data {
        adde    r10,r10,r9
        $ST     r12,`14*$BNSZ`(r3)      #r[14]=c3;
        $ST     r10,`15*$BNSZ`(r3)      #r[15]=c1;
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
 #
@@ -1623,7 +1533,7 @@ sub data {
        subfc.  r7,r0,r6        # If r6 is 0 then result is 0.
                                # if r6 > 0 then result !=0
                                # In either case carry bit is set.
-        bc      BO_IF,CR0_EQ,Lppcasm_sub_adios
+        beq     Lppcasm_sub_adios
        addi    r4,r4,-$BNSZ
        addi    r3,r3,-$BNSZ
        addi    r5,r5,-$BNSZ
@@ -1635,11 +1545,11 @@ Lppcasm_sub_mainloop:
                                # if carry = 1 this is r7-r8. Else it
                                # is r7-r8 -1 as we need.
        $STU    r6,$BNSZ(r3)
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_sub_mainloop
+        bdnz-   Lppcasm_sub_mainloop
 Lppcasm_sub_adios:      
        subfze  r3,r0           # if carry bit is set then r3 = 0 else -1
        andi.   r3,r3,1         # keep only last bit.
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
@@ -1670,7 +1580,7 @@ Lppcasm_sub_adios:
 #       check for r6 = 0. Is this needed?
 #
        addic.  r6,r6,0         #test r6 and clear carry bit.
-        bc      BO_IF,CR0_EQ,Lppcasm_add_adios
+        beq     Lppcasm_add_adios
        addi    r4,r4,-$BNSZ
        addi    r3,r3,-$BNSZ
        addi    r5,r5,-$BNSZ
@@ -1680,10 +1590,10 @@ Lppcasm_add_mainloop:
        $LDU    r8,$BNSZ(r5)
        adde    r8,r7,r8
        $STU    r8,$BNSZ(r3)
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_add_mainloop
+        bdnz-   Lppcasm_add_mainloop
 Lppcasm_add_adios:      
        addze   r3,r0                   #return carry bit.
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
 #
@@ -1707,24 +1617,24 @@ Lppcasm_add_adios:
 #       r5 = d
        
        $UCMPI  0,r5,0                  # compare r5 and 0
-        bc      BO_IF_NOT,CR0_EQ,Lppcasm_div1   # proceed if d!=0
+        bne     Lppcasm_div1            # proceed if d!=0
        li      r3,-1                   # d=0 return -1
-        bclr    BO_ALWAYS,CR0_LT        
+        blr
 Lppcasm_div1:
        xor     r0,r0,r0                #r0=0
        li      r8,$BITS
        $CNTLZ. r7,r5                   #r7 = num leading 0s in d.
-        bc      BO_IF,CR0_EQ,Lppcasm_div2       #proceed if no leading zeros
+        beq     Lppcasm_div2            #proceed if no leading zeros
        subf    r8,r7,r8                #r8 = BN_num_bits_word(d)
        $SHR.   r9,r3,r8                #are there any bits above r8'th?
        $TR     16,r9,r0                #if there're, signal to dump core...
 Lppcasm_div2:
        $UCMP   0,r3,r5                 #h>=d?
-        bc      BO_IF,CR0_LT,Lppcasm_div3       #goto Lppcasm_div3 if not
+        blt     Lppcasm_div3            #goto Lppcasm_div3 if not
        subf    r3,r5,r3                #h-=d ; 
 Lppcasm_div3:                           #r7 = BN_BITS2-i. so r7=i
        cmpi    0,0,r7,0                # is (i == 0)?
-        bc      BO_IF,CR0_EQ,Lppcasm_div4
+        beq     Lppcasm_div4
        $SHL    r3,r3,r7                # h = (h<< i)
        $SHR    r8,r4,r8                # r8 = (l >> BN_BITS2 -i)
        $SHL    r5,r5,r7                # d<<=i
@@ -1741,7 +1651,7 @@ Lppcasm_divouterloop:
        $SHRI   r11,r4,`$BITS/2`        #r11= (l&BN_MASK2h)>>BN_BITS4
                                        # compute here for innerloop.
        $UCMP   0,r8,r9                 # is (h>>BN_BITS4)==dh
-        bc      BO_IF_NOT,CR0_EQ,Lppcasm_div5   # goto Lppcasm_div5 if not
+        bne     Lppcasm_div5            # goto Lppcasm_div5 if not
        li      r8,-1
        $CLRU   r8,r8,`$BITS/2`         #q = BN_MASK2l 
@@ -1762,9 +1672,9 @@ Lppcasm_divinnerloop:
                                        # the following 2 instructions do that
        $SHLI   r7,r10,`$BITS/2`        # r7 = (t<<BN_BITS4)
        or      r7,r7,r11               # r7|=((l&BN_MASK2h)>>BN_BITS4)
-        $UCMP   1,r6,r7                 # compare (tl <= r7)
+        $UCMP   cr1,r6,r7               # compare (tl <= r7)
-        bc      BO_IF_NOT,CR0_EQ,Lppcasm_divinnerexit
+        bne     Lppcasm_divinnerexit
-        bc      BO_IF_NOT,CR1_FEX,Lppcasm_divinnerexit
+        ble     cr1,Lppcasm_divinnerexit
        addi    r8,r8,-1                #q--
        subf    r12,r9,r12              #th -=dh
        $CLRU   r10,r5,`$BITS/2`        #r10=dl. t is no longer needed in loop.
@@ -1773,14 +1683,14 @@ Lppcasm_divinnerloop:
 Lppcasm_divinnerexit:
        $SHRI   r10,r6,`$BITS/2`        #t=(tl>>BN_BITS4)
        $SHLI   r11,r6,`$BITS/2`        #tl=(tl<<BN_BITS4)&BN_MASK2h;
-        $UCMP   1,r4,r11                # compare l and tl
+        $UCMP   cr1,r4,r11              # compare l and tl
        add     r12,r12,r10             # th+=t
-        bc      BO_IF_NOT,CR1_FX,Lppcasm_div7  # if (l>=tl) goto Lppcasm_div7
+        bge     cr1,Lppcasm_div7        # if (l>=tl) goto Lppcasm_div7
        addi    r12,r12,1               # th++
 Lppcasm_div7:
        subf    r11,r11,r4              #r11=l-tl
-        $UCMP   1,r3,r12                #compare h and th
+        $UCMP   cr1,r3,r12              #compare h and th
-        bc      BO_IF_NOT,CR1_FX,Lppcasm_div8   #if (h>=th) goto Lppcasm_div8
+        bge     cr1,Lppcasm_div8        #if (h>=th) goto Lppcasm_div8
        addi    r8,r8,-1                # q--
        add     r3,r5,r3                # h+=d
 Lppcasm_div8:
@@ -1791,12 +1701,12 @@ Lppcasm_div8:
                                        # the following 2 instructions will do this.
        $INSR   r11,r12,`$BITS/2`,`$BITS/2`     # r11 is the value we want rotated $BITS/2.
        $ROTL   r3,r11,`$BITS/2`        # rotate by $BITS/2 and store in r3
-        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_div9#if (count==0) break ;
+        bdz     Lppcasm_div9            #if (count==0) break ;
        $SHLI   r0,r8,`$BITS/2`         #ret =q<<BN_BITS4
        b       Lppcasm_divouterloop
 Lppcasm_div9:
        or      r3,r8,r0
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
 #
@@ -1822,7 +1732,7 @@ Lppcasm_div9:
 #       No unrolling done here. Not performance critical.
        addic.  r5,r5,0                 #test r5.
-        bc      BO_IF,CR0_EQ,Lppcasm_sqr_adios
+        beq     Lppcasm_sqr_adios
        addi    r4,r4,-$BNSZ
        addi    r3,r3,-$BNSZ
        mtctr   r5
@@ -1833,9 +1743,9 @@ Lppcasm_sqr_mainloop:
        $UMULH  r8,r6,r6
        $STU    r7,$BNSZ(r3)
        $STU    r8,$BNSZ(r3)
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_sqr_mainloop
+        bdnz-   Lppcasm_sqr_mainloop
 Lppcasm_sqr_adios:      
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
@@ -1858,7 +1768,7 @@ Lppcasm_sqr_adios:
        xor     r0,r0,r0
        xor     r12,r12,r12             # used for carry
        rlwinm. r7,r5,30,2,31           # num >> 2
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_REM
+        beq     Lppcasm_mw_REM
        mtctr   r7
 Lppcasm_mw_LOOP:        
                                        #mul(rp[0],ap[0],w,c1);
@@ -1896,11 +1806,11 @@ Lppcasm_mw_LOOP:
        
        addi    r3,r3,`4*$BNSZ`
        addi    r4,r4,`4*$BNSZ`
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_mw_LOOP
+        bdnz-   Lppcasm_mw_LOOP
 Lppcasm_mw_REM:
        andi.   r5,r5,0x3
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
+        beq     Lppcasm_mw_OVER
                                        #mul(rp[0],ap[0],w,c1);
        $LD     r8,`0*$BNSZ`(r4)
        $UMULL  r9,r6,r8
@@ -1912,7 +1822,7 @@ Lppcasm_mw_REM:
        
        addi    r5,r5,-1
        cmpli   0,0,r5,0
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
+        beq     Lppcasm_mw_OVER
        
                                        #mul(rp[1],ap[1],w,c1);
@@ -1926,7 +1836,7 @@ Lppcasm_mw_REM:
        
        addi    r5,r5,-1
        cmpli   0,0,r5,0
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
+        beq     Lppcasm_mw_OVER
        
                                        #mul_add(rp[2],ap[2],w,c1);
        $LD     r8,`2*$BNSZ`(r4)
@@ -1939,7 +1849,7 @@ Lppcasm_mw_REM:
                
 Lppcasm_mw_OVER:        
        addi    r3,r12,0
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
 #
@@ -1964,7 +1874,7 @@ Lppcasm_mw_OVER:
        xor     r0,r0,r0                #r0 = 0
        xor     r12,r12,r12             #r12 = 0 . used for carry               
        rlwinm. r7,r5,30,2,31           # num >> 2
-        bc      BO_IF,CR0_EQ,Lppcasm_maw_leftover       # if (num < 4) go LPPCASM_maw_leftover
+        beq     Lppcasm_maw_leftover    # if (num < 4) go LPPCASM_maw_leftover
        mtctr   r7
 Lppcasm_maw_mainloop:   
                                        #mul_add(rp[0],ap[0],w,c1);
@@ -2017,11 +1927,11 @@ Lppcasm_maw_mainloop:
        $ST     r11,`3*$BNSZ`(r3)
        addi    r3,r3,`4*$BNSZ`
        addi    r4,r4,`4*$BNSZ`
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_maw_mainloop
+        bdnz-   Lppcasm_maw_mainloop
        
 Lppcasm_maw_leftover:
        andi.   r5,r5,0x3
-        bc      BO_IF,CR0_EQ,Lppcasm_maw_adios
+        beq     Lppcasm_maw_adios
        addi    r3,r3,-$BNSZ
        addi    r4,r4,-$BNSZ
                                        #mul_add(rp[0],ap[0],w,c1);
@@ -2036,7 +1946,7 @@ Lppcasm_maw_leftover:
        addze   r12,r10
        $ST     r9,0(r3)
        
-        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
+        bdz     Lppcasm_maw_adios
                                        #mul_add(rp[1],ap[1],w,c1);
        $LDU    r8,$BNSZ(r4)    
        $UMULL  r9,r6,r8
@@ -2048,7 +1958,7 @@ Lppcasm_maw_leftover:
        addze   r12,r10
        $ST     r9,0(r3)
        
-        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
+        bdz     Lppcasm_maw_adios
                                        #mul_add(rp[2],ap[2],w,c1);
        $LDU    r8,$BNSZ(r4)
        $UMULL  r9,r6,r8
@@ -2062,17 +1972,10 @@ Lppcasm_maw_leftover:
                
 Lppcasm_maw_adios:      
        addi    r3,r12,0
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
        .align  4
 EOF
-        $data =~ s/\`([^\`]*)\`/eval $1/gem;
+$data =~ s/\`([^\`]*)\`/eval $1/gem;
+print $data;
-        # if some assembler chokes on some simplified mnemonic,
+close STDOUT;
-        # this is the spot to fix it up, e.g.:
-        # GNU as doesn't seem to accept cmplw, 32-bit unsigned compare
-        $data =~ s/^(\s*)cmplw(\s+)([^,]+),(.*)/$1cmpl$2$3,0,$4/gm;
-        # assembler X doesn't accept li, load immediate value
-        #$data =~ s/^(\s*)li(\s+)([^,]+),(.*)/$1addi$2$3,0,$4/gm;
-        return($data);
-}
diff --git a/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S b/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S
index 8c56e2e7e7..63de1860f2 100644
--- a/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S
+++ b/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S
@@ -144,6 +144,19 @@
 *          }
 */
+#if defined(__SUNPRO_C) && defined(__sparcv9)
+  /* They've said -xarch=v9 at command line */
+  .register     %g2,#scratch
+  .register     %g3,#scratch
+# define        FRAME_SIZE      -192
+#elif defined(__GNUC__) && defined(__arch64__)
+  /* They've said -m64 at command line */
+  .register     %g2,#scratch
+  .register     %g3,#scratch
+# define        FRAME_SIZE      -192
+#else 
+# define        FRAME_SIZE      -96
+#endif 
 /*
 * GNU assembler can't stand stuw:-(
 */
@@ -619,8 +632,6 @@ bn_sub_words:
 *                                                      Andy.
 */
-#define FRAME_SIZE      -96
 /*
 * Here is register usage map for *all* routines below.
 */
diff --git a/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c b/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c
index f13f52dd85..acb0b40118 100644
--- a/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c
+++ b/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c
@@ -1,4 +1,5 @@
-#ifdef __SUNPRO_C
+#include "../bn_lcl.h"
+#if !(defined(__GNUC__) && __GNUC__>=2)
 # include "../bn_asm.c" /* kind of dirty hack for Sun Studio */
 #else
 /*
@@ -54,7 +55,15 @@
 *    machine.
 */
+#ifdef _WIN64
+#define BN_ULONG unsigned long long
+#else
 #define BN_ULONG unsigned long
+#endif
+#undef mul
+#undef mul_add
+#undef sqr
 /*
 * "m"(a), "+m"(r)      is the way to favor DirectPath �-code;
@@ -97,7 +106,7 @@
                : "a"(a)                \
                : "cc");
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
        {
        BN_ULONG c1=0;
@@ -121,7 +130,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
        return(c1);
        } 
-BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
        {
        BN_ULONG c1=0;
@@ -144,7 +153,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
        return(c1);
        } 
-void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
        {
        if (n <= 0) return;
@@ -175,14 +184,14 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
        return ret;
 }
-BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
+BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n)
 { BN_ULONG ret=0,i=0;
        if (n <= 0) return 0;
        asm (
        "       subq    %2,%2           \n"
-        ".align 16                      \n"
+        ".p2align 4                     \n"
        "1:     movq    (%4,%2,8),%0    \n"
        "       adcq    (%5,%2,8),%0    \n"
        "       movq    %0,(%3,%2,8)    \n"
@@ -198,14 +207,14 @@ BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
 }
 #ifndef SIMICS
-BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
+BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n)
 { BN_ULONG ret=0,i=0;
        if (n <= 0) return 0;
        asm (
        "       subq    %2,%2           \n"
-        ".align 16                      \n"
+        ".p2align 4                     \n"
        "1:     movq    (%4,%2,8),%0    \n"
        "       sbbq    (%5,%2,8),%0    \n"
        "       movq    %0,(%3,%2,8)    \n"
@@ -485,7 +494,7 @@ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
        r[7]=c2;
        }
-void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
        {
        BN_ULONG t1,t2;
        BN_ULONG c1,c2,c3;
@@ -561,7 +570,7 @@ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
        r[15]=c1;
        }
-void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
        {
        BN_ULONG t1,t2;
        BN_ULONG c1,c2,c3;
diff --git a/src/lib/libssl/src/crypto/bn/bn.h b/src/lib/libssl/src/crypto/bn/bn.h
index f1719a5877..e484b7fc11 100644
--- a/src/lib/libssl/src/crypto/bn/bn.h
+++ b/src/lib/libssl/src/crypto/bn/bn.h
@@ -56,6 +56,59 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * Portions of the attached software ("Contribution") are developed by 
@@ -77,6 +130,7 @@
 #include <stdio.h> /* FILE */
 #endif
 #include <openssl/ossl_typ.h>
+#include <openssl/crypto.h>
 #ifdef  __cplusplus
 extern "C" {
@@ -94,9 +148,11 @@ extern "C" {
 /* #define BN_DEBUG */
 /* #define BN_DEBUG_RAND */
+#ifndef OPENSSL_SMALL_FOOTPRINT
 #define BN_MUL_COMBA
 #define BN_SQR_COMBA
 #define BN_RECURSION
+#endif
 /* This next option uses the C libraries (2 word)/(1 word) function.
 * If it is not defined, I use my C version (which is slower).
@@ -137,6 +193,8 @@ extern "C" {
 #define BN_DEC_FMT1     "%lu"
 #define BN_DEC_FMT2     "%019lu"
 #define BN_DEC_NUM      19
+#define BN_HEX_FMT1     "%lX"
+#define BN_HEX_FMT2     "%016lX"
 #endif
 /* This is where the long long data type is 64 bits, but long is 32.
@@ -162,83 +220,37 @@ extern "C" {
 #define BN_DEC_FMT1     "%llu"
 #define BN_DEC_FMT2     "%019llu"
 #define BN_DEC_NUM      19
+#define BN_HEX_FMT1     "%llX"
+#define BN_HEX_FMT2     "%016llX"
 #endif
 #ifdef THIRTY_TWO_BIT
 #ifdef BN_LLONG
-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
+# if defined(_WIN32) && !defined(__GNUC__)
 #  define BN_ULLONG     unsigned __int64
+#  define BN_MASK       (0xffffffffffffffffI64)
 # else
 #  define BN_ULLONG     unsigned long long
+#  define BN_MASK       (0xffffffffffffffffLL)
 # endif
 #endif
-#define BN_ULONG        unsigned long
+#define BN_ULONG        unsigned int
-#define BN_LONG         long
+#define BN_LONG         int
 #define BN_BITS         64
 #define BN_BYTES        4
 #define BN_BITS2        32
 #define BN_BITS4        16
-#ifdef OPENSSL_SYS_WIN32
-/* VC++ doesn't like the LL suffix */
-#define BN_MASK         (0xffffffffffffffffL)
-#else
-#define BN_MASK         (0xffffffffffffffffLL)
-#endif
 #define BN_MASK2        (0xffffffffL)
 #define BN_MASK2l       (0xffff)
 #define BN_MASK2h1      (0xffff8000L)
 #define BN_MASK2h       (0xffff0000L)
 #define BN_TBIT         (0x80000000L)
 #define BN_DEC_CONV     (1000000000L)
-#define BN_DEC_FMT1     "%lu"
-#define BN_DEC_FMT2     "%09lu"
-#define BN_DEC_NUM      9
-#endif
-#ifdef SIXTEEN_BIT
-#ifndef BN_DIV2W
-#define BN_DIV2W
-#endif
-#define BN_ULLONG       unsigned long
-#define BN_ULONG        unsigned short
-#define BN_LONG         short
-#define BN_BITS         32
-#define BN_BYTES        2
-#define BN_BITS2        16
-#define BN_BITS4        8
-#define BN_MASK         (0xffffffff)
-#define BN_MASK2        (0xffff)
-#define BN_MASK2l       (0xff)
-#define BN_MASK2h1      (0xff80)
-#define BN_MASK2h       (0xff00)
-#define BN_TBIT         (0x8000)
-#define BN_DEC_CONV     (100000)
 #define BN_DEC_FMT1     "%u"
-#define BN_DEC_FMT2     "%05u"
+#define BN_DEC_FMT2     "%09u"
-#define BN_DEC_NUM      5
+#define BN_DEC_NUM      9
-#endif
+#define BN_HEX_FMT1     "%X"
+#define BN_HEX_FMT2     "%08X"
-#ifdef EIGHT_BIT
-#ifndef BN_DIV2W
-#define BN_DIV2W
-#endif
-#define BN_ULLONG       unsigned short
-#define BN_ULONG        unsigned char
-#define BN_LONG         char
-#define BN_BITS         16
-#define BN_BYTES        1
-#define BN_BITS2        8
-#define BN_BITS4        4
-#define BN_MASK         (0xffff)
-#define BN_MASK2        (0xff)
-#define BN_MASK2l       (0xf)
-#define BN_MASK2h1      (0xf8)
-#define BN_MASK2h       (0xf0)
-#define BN_TBIT         (0x80)
-#define BN_DEC_CONV     (100)
-#define BN_DEC_FMT1     "%u"
-#define BN_DEC_FMT2     "%02u"
-#define BN_DEC_NUM      2
 #endif
 #define BN_DEFAULT_BITS 1280
@@ -303,12 +315,8 @@ struct bn_mont_ctx_st
        BIGNUM N;      /* The modulus */
        BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1
                        * (Ni is only stored for bignum algorithm) */
-#if 0
+        BN_ULONG n0[2];/* least significant word(s) of Ni;
-        /* OpenSSL 0.9.9 preview: */
+                          (type changed with 0.9.9, was "BN_ULONG n0;" before) */
-        BN_ULONG n0[2];/* least significant word(s) of Ni */
-#else
-        BN_ULONG n0;   /* least significant word of Ni */
-#endif
        int flags;
        };
@@ -504,6 +512,7 @@ char *	BN_bn2hex(const BIGNUM *a);
 char *  BN_bn2dec(const BIGNUM *a);
 int     BN_hex2bn(BIGNUM **a, const char *str);
 int     BN_dec2bn(BIGNUM **a, const char *str);
+int     BN_asc2bn(BIGNUM **a, const char *str);
 int     BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);
 int     BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
 BIGNUM *BN_mod_inverse(BIGNUM *ret,
@@ -531,17 +540,6 @@ int	BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
 int     BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
                int do_trial_division, BN_GENCB *cb);
-int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
-int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-                        const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
-                        const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
-int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-                        BIGNUM *Xp1, BIGNUM *Xp2,
-                        const BIGNUM *Xp,
-                        const BIGNUM *e, BN_CTX *ctx,
-                        BN_GENCB *cb);
 BN_MONT_CTX *BN_MONT_CTX_new(void );
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
 int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
@@ -560,19 +558,22 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
 #define BN_BLINDING_NO_UPDATE   0x00000001
 #define BN_BLINDING_NO_RECREATE 0x00000002
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod);
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
 void BN_BLINDING_free(BN_BLINDING *b);
 int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
 int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
 int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
 int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
 int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
+#ifndef OPENSSL_NO_DEPRECATED
 unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
 void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+#endif
+CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
 unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
 void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
 BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-        const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
+        const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
        BN_MONT_CTX *m_ctx);
@@ -625,24 +626,24 @@ int	BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 *     t^p[0] + t^p[1] + ... + t^p[k]
 * where m = p[0] > p[1] > ... > p[k] = 0.
 */
-int     BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]);
+int     BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
        /* r = a mod p */
 int     BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-        const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */
+        const int p[], BN_CTX *ctx); /* r = (a * b) mod p */
-int     BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],
+int     BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
        BN_CTX *ctx); /* r = (a * a) mod p */
-int     BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[],
+int     BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
        BN_CTX *ctx); /* r = (1 / b) mod p */
 int     BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-        const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */
+        const int p[], BN_CTX *ctx); /* r = (a / b) mod p */
 int     BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-        const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */
+        const int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */
 int     BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
-        const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */
+        const int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */
 int     BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
-        const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */
+        const int p[], BN_CTX *ctx); /* r^2 + r = a mod p */
-int     BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max);
+int     BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
-int     BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a);
+int     BN_GF2m_arr2poly(const int p[], BIGNUM *a);
 /* faster mod functions for the 'NIST primes' 
 * 0 <= a < p^2 */
@@ -751,10 +752,12 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
 #define bn_correct_top(a) \
        { \
        BN_ULONG *ftl; \
-        if ((a)->top > 0) \
+        int tmp_top = (a)->top; \
+        if (tmp_top > 0) \
                { \
-                for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
+                for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \
-                if (*(ftl--)) break; \
+                        if (*(ftl--)) break; \
+                (a)->top = tmp_top; \
                } \
        bn_pollute(a); \
        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_asm.c b/src/lib/libssl/src/crypto/bn/bn_asm.c
index 99bc2de491..c43c91cc09 100644
--- a/src/lib/libssl/src/crypto/bn/bn_asm.c
+++ b/src/lib/libssl/src/crypto/bn/bn_asm.c
@@ -75,6 +75,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
        assert(num >= 0);
        if (num <= 0) return(c1);
+#ifndef OPENSSL_SMALL_FOOTPRINT
        while (num&~3)
                {
                mul_add(rp[0],ap[0],w,c1);
@@ -83,11 +84,11 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
                mul_add(rp[3],ap[3],w,c1);
                ap+=4; rp+=4; num-=4;
                }
-        if (num)
+#endif
+        while (num)
                {
-                mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
+                mul_add(rp[0],ap[0],w,c1);
-                mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
+                ap++; rp++; num--;
-                mul_add(rp[2],ap[2],w,c1); return c1;
                }
        
        return(c1);
@@ -100,6 +101,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
        assert(num >= 0);
        if (num <= 0) return(c1);
+#ifndef OPENSSL_SMALL_FOOTPRINT
        while (num&~3)
                {
                mul(rp[0],ap[0],w,c1);
@@ -108,11 +110,11 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
                mul(rp[3],ap[3],w,c1);
                ap+=4; rp+=4; num-=4;
                }
-        if (num)
+#endif
+        while (num)
                {
-                mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
+                mul(rp[0],ap[0],w,c1);
-                mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
+                ap++; rp++; num--;
-                mul(rp[2],ap[2],w,c1);
                }
        return(c1);
        } 
@@ -121,6 +123,8 @@ void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
        {
        assert(n >= 0);
        if (n <= 0) return;
+#ifndef OPENSSL_SMALL_FOOTPRINT
        while (n&~3)
                {
                sqr(r[0],r[1],a[0]);
@@ -129,11 +133,11 @@ void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
                sqr(r[6],r[7],a[3]);
                a+=4; r+=8; n-=4;
                }
-        if (n)
+#endif
+        while (n)
                {
-                sqr(r[0],r[1],a[0]); if (--n == 0) return;
+                sqr(r[0],r[1],a[0]);
-                sqr(r[2],r[3],a[1]); if (--n == 0) return;
+                a++; r+=2; n--;
-                sqr(r[4],r[5],a[2]);
                }
        }
@@ -150,18 +154,20 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
        bl=LBITS(w);
        bh=HBITS(w);
-        for (;;)
+#ifndef OPENSSL_SMALL_FOOTPRINT
+        while (num&~3)
                {
                mul_add(rp[0],ap[0],bl,bh,c);
-                if (--num == 0) break;
                mul_add(rp[1],ap[1],bl,bh,c);
-                if (--num == 0) break;
                mul_add(rp[2],ap[2],bl,bh,c);
-                if (--num == 0) break;
                mul_add(rp[3],ap[3],bl,bh,c);
-                if (--num == 0) break;
+                ap+=4; rp+=4; num-=4;
-                ap+=4;
+                }
-                rp+=4;
+#endif
+        while (num)
+                {
+                mul_add(rp[0],ap[0],bl,bh,c);
+                ap++; rp++; num--;
                }
        return(c);
        } 
@@ -177,18 +183,20 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
        bl=LBITS(w);
        bh=HBITS(w);
-        for (;;)
+#ifndef OPENSSL_SMALL_FOOTPRINT
+        while (num&~3)
                {
                mul(rp[0],ap[0],bl,bh,carry);
-                if (--num == 0) break;
                mul(rp[1],ap[1],bl,bh,carry);
-                if (--num == 0) break;
                mul(rp[2],ap[2],bl,bh,carry);
-                if (--num == 0) break;
                mul(rp[3],ap[3],bl,bh,carry);
-                if (--num == 0) break;
+                ap+=4; rp+=4; num-=4;
-                ap+=4;
+                }
-                rp+=4;
+#endif
+        while (num)
+                {
+                mul(rp[0],ap[0],bl,bh,carry);
+                ap++; rp++; num--;
                }
        return(carry);
        } 
@@ -197,22 +205,21 @@ void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
        {
        assert(n >= 0);
        if (n <= 0) return;
-        for (;;)
+#ifndef OPENSSL_SMALL_FOOTPRINT
+        while (n&~3)
                {
                sqr64(r[0],r[1],a[0]);
-                if (--n == 0) break;
                sqr64(r[2],r[3],a[1]);
-                if (--n == 0) break;
                sqr64(r[4],r[5],a[2]);
-                if (--n == 0) break;
                sqr64(r[6],r[7],a[3]);
-                if (--n == 0) break;
+                a+=4; r+=8; n-=4;
+                }
-                a+=4;
+#endif
-                r+=8;
+        while (n)
+                {
+                sqr64(r[0],r[1],a[0]);
+                a++; r+=2; n--;
                }
        }
@@ -303,31 +310,30 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
        assert(n >= 0);
        if (n <= 0) return((BN_ULONG)0);
-        for (;;)
+#ifndef OPENSSL_SMALL_FOOTPRINT
+        while (n&~3)
                {
                ll+=(BN_ULLONG)a[0]+b[0];
                r[0]=(BN_ULONG)ll&BN_MASK2;
                ll>>=BN_BITS2;
-                if (--n <= 0) break;
                ll+=(BN_ULLONG)a[1]+b[1];
                r[1]=(BN_ULONG)ll&BN_MASK2;
                ll>>=BN_BITS2;
-                if (--n <= 0) break;
                ll+=(BN_ULLONG)a[2]+b[2];
                r[2]=(BN_ULONG)ll&BN_MASK2;
                ll>>=BN_BITS2;
-                if (--n <= 0) break;
                ll+=(BN_ULLONG)a[3]+b[3];
                r[3]=(BN_ULONG)ll&BN_MASK2;
                ll>>=BN_BITS2;
-                if (--n <= 0) break;
+                a+=4; b+=4; r+=4; n-=4;
+                }
-                a+=4;
+#endif
-                b+=4;
+        while (n)
-                r+=4;
+                {
+                ll+=(BN_ULLONG)a[0]+b[0];
+                r[0]=(BN_ULONG)ll&BN_MASK2;
+                ll>>=BN_BITS2;
+                a++; b++; r++; n--;
                }
        return((BN_ULONG)ll);
        }
@@ -340,7 +346,8 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
        if (n <= 0) return((BN_ULONG)0);
        c=0;
-        for (;;)
+#ifndef OPENSSL_SMALL_FOOTPRINT
+        while (n&~3)
                {
                t=a[0];
                t=(t+c)&BN_MASK2;
@@ -348,35 +355,36 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
                l=(t+b[0])&BN_MASK2;
                c+=(l < t);
                r[0]=l;
-                if (--n <= 0) break;
                t=a[1];
                t=(t+c)&BN_MASK2;
                c=(t < c);
                l=(t+b[1])&BN_MASK2;
                c+=(l < t);
                r[1]=l;
-                if (--n <= 0) break;
                t=a[2];
                t=(t+c)&BN_MASK2;
                c=(t < c);
                l=(t+b[2])&BN_MASK2;
                c+=(l < t);
                r[2]=l;
-                if (--n <= 0) break;
                t=a[3];
                t=(t+c)&BN_MASK2;
                c=(t < c);
                l=(t+b[3])&BN_MASK2;
                c+=(l < t);
                r[3]=l;
-                if (--n <= 0) break;
+                a+=4; b+=4; r+=4; n-=4;
+                }
-                a+=4;
+#endif
-                b+=4;
+        while(n)
-                r+=4;
+                {
+                t=a[0];
+                t=(t+c)&BN_MASK2;
+                c=(t < c);
+                l=(t+b[0])&BN_MASK2;
+                c+=(l < t);
+                r[0]=l;
+                a++; b++; r++; n--;
                }
        return((BN_ULONG)c);
        }
@@ -390,36 +398,35 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
        assert(n >= 0);
        if (n <= 0) return((BN_ULONG)0);
-        for (;;)
+#ifndef OPENSSL_SMALL_FOOTPRINT
+        while (n&~3)
                {
                t1=a[0]; t2=b[0];
                r[0]=(t1-t2-c)&BN_MASK2;
                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
                t1=a[1]; t2=b[1];
                r[1]=(t1-t2-c)&BN_MASK2;
                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
                t1=a[2]; t2=b[2];
                r[2]=(t1-t2-c)&BN_MASK2;
                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
                t1=a[3]; t2=b[3];
                r[3]=(t1-t2-c)&BN_MASK2;
                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
+                a+=4; b+=4; r+=4; n-=4;
+                }
-                a+=4;
+#endif
-                b+=4;
+        while (n)
-                r+=4;
+                {
+                t1=a[0]; t2=b[0];
+                r[0]=(t1-t2-c)&BN_MASK2;
+                if (t1 != t2) c=(t1 < t2);
+                a++; b++; r++; n--;
                }
        return(c);
        }
-#ifdef BN_MUL_COMBA
+#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT)
 #undef bn_mul_comba8
 #undef bn_mul_comba4
@@ -820,18 +827,134 @@ void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
        r[6]=c1;
        r[7]=c2;
        }
+#ifdef OPENSSL_NO_ASM
+#ifdef OPENSSL_BN_ASM_MONT
+#include <alloca.h>
+/*
+ * This is essentially reference implementation, which may or may not
+ * result in performance improvement. E.g. on IA-32 this routine was
+ * observed to give 40% faster rsa1024 private key operations and 10%
+ * faster rsa4096 ones, while on AMD64 it improves rsa1024 sign only
+ * by 10% and *worsens* rsa4096 sign by 15%. Once again, it's a
+ * reference implementation, one to be used as starting point for
+ * platform-specific assembler. Mentioned numbers apply to compiler
+ * generated code compiled with and without -DOPENSSL_BN_ASM_MONT and
+ * can vary not only from platform to platform, but even for compiler
+ * versions. Assembler vs. assembler improvement coefficients can
+ * [and are known to] differ and are to be documented elsewhere.
+ */
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0p, int num)
+        {
+        BN_ULONG c0,c1,ml,*tp,n0;
+#ifdef mul64
+        BN_ULONG mh;
+#endif
+        volatile BN_ULONG *vp;
+        int i=0,j;
+#if 0   /* template for platform-specific implementation */
+        if (ap==bp)     return bn_sqr_mont(rp,ap,np,n0p,num);
+#endif
+        vp = tp = alloca((num+2)*sizeof(BN_ULONG));
+        n0 = *n0p;
+        c0 = 0;
+        ml = bp[0];
+#ifdef mul64
+        mh = HBITS(ml);
+        ml = LBITS(ml);
+        for (j=0;j<num;++j)
+                mul(tp[j],ap[j],ml,mh,c0);
+#else
+        for (j=0;j<num;++j)
+                mul(tp[j],ap[j],ml,c0);
+#endif
+        tp[num]   = c0;
+        tp[num+1] = 0;
+        goto enter;
+        for(i=0;i<num;i++)
+                {
+                c0 = 0;
+                ml = bp[i];
+#ifdef mul64
+                mh = HBITS(ml);
+                ml = LBITS(ml);
+                for (j=0;j<num;++j)
+                        mul_add(tp[j],ap[j],ml,mh,c0);
+#else
+                for (j=0;j<num;++j)
+                        mul_add(tp[j],ap[j],ml,c0);
+#endif
+                c1 = (tp[num] + c0)&BN_MASK2;
+                tp[num]   = c1;
+                tp[num+1] = (c1<c0?1:0);
+        enter:
+                c1  = tp[0];
+                ml = (c1*n0)&BN_MASK2;
+                c0 = 0;
+#ifdef mul64
+                mh = HBITS(ml);
+                ml = LBITS(ml);
+                mul_add(c1,np[0],ml,mh,c0);
+#else
+                mul_add(c1,ml,np[0],c0);
+#endif
+                for(j=1;j<num;j++)
+                        {
+                        c1 = tp[j];
+#ifdef mul64
+                        mul_add(c1,np[j],ml,mh,c0);
+#else
+                        mul_add(c1,ml,np[j],c0);
+#endif
+                        tp[j-1] = c1&BN_MASK2;
+                        }
+                c1        = (tp[num] + c0)&BN_MASK2;
+                tp[num-1] = c1;
+                tp[num]   = tp[num+1] + (c1<c0?1:0);
+                }
+        if (tp[num]!=0 || tp[num-1]>=np[num-1])
+                {
+                c0 = bn_sub_words(rp,tp,np,num);
+                if (tp[num]!=0 || c0==0)
+                        {
+                        for(i=0;i<num+2;i++)    vp[i] = 0;
+                        return 1;
+                        }
+                }
+        for(i=0;i<num;i++)      rp[i] = tp[i],  vp[i] = 0;
+        vp[num]   = 0;
+        vp[num+1] = 0;
+        return 1;
+        }
+#else
+/*
+ * Return value of 0 indicates that multiplication/convolution was not
+ * performed to signal the caller to fall down to alternative/original
+ * code-path.
+ */
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
+{       return 0;       }
+#endif /* OPENSSL_BN_ASM_MONT */
+#endif
 #else /* !BN_MUL_COMBA */
 /* hmm... is it faster just to do a multiply? */
 #undef bn_sqr_comba4
-void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
        {
        BN_ULONG t[8];
        bn_sqr_normal(r,a,4,t);
        }
 #undef bn_sqr_comba8
-void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
        {
        BN_ULONG t[16];
        bn_sqr_normal(r,a,8,t);
@@ -857,4 +980,51 @@ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
        r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
        }
+#ifdef OPENSSL_NO_ASM
+#ifdef OPENSSL_BN_ASM_MONT
+#include <alloca.h>
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0p, int num)
+        {
+        BN_ULONG c0,c1,*tp,n0=*n0p;
+        volatile BN_ULONG *vp;
+        int i=0,j;
+        vp = tp = alloca((num+2)*sizeof(BN_ULONG));
+        for(i=0;i<=num;i++)     tp[i]=0;
+        for(i=0;i<num;i++)
+                {
+                c0         = bn_mul_add_words(tp,ap,num,bp[i]);
+                c1         = (tp[num] + c0)&BN_MASK2;
+                tp[num]    = c1;
+                tp[num+1]  = (c1<c0?1:0);
+                c0         = bn_mul_add_words(tp,np,num,tp[0]*n0);
+                c1         = (tp[num] + c0)&BN_MASK2;
+                tp[num]    = c1;
+                tp[num+1] += (c1<c0?1:0);
+                for(j=0;j<=num;j++)     tp[j]=tp[j+1];
+                }
+        if (tp[num]!=0 || tp[num-1]>=np[num-1])
+                {
+                c0 = bn_sub_words(rp,tp,np,num);
+                if (tp[num]!=0 || c0==0)
+                        {
+                        for(i=0;i<num+2;i++)    vp[i] = 0;
+                        return 1;
+                        }
+                }
+        for(i=0;i<num;i++)      rp[i] = tp[i],  vp[i] = 0;
+        vp[num]   = 0;
+        vp[num+1] = 0;
+        return 1;
+        }
+#else
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
+{       return 0;       }
+#endif /* OPENSSL_BN_ASM_MONT */
+#endif
 #endif /* !BN_MUL_COMBA */
diff --git a/src/lib/libssl/src/crypto/bn/bn_blind.c b/src/lib/libssl/src/crypto/bn/bn_blind.c
index c11fb4ccc2..e060592fdc 100644
--- a/src/lib/libssl/src/crypto/bn/bn_blind.c
+++ b/src/lib/libssl/src/crypto/bn/bn_blind.c
@@ -1,6 +1,6 @@
 /* crypto/bn/bn_blind.c */
 /* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -121,8 +121,11 @@ struct bn_blinding_st
        BIGNUM *Ai;
        BIGNUM *e;
        BIGNUM *mod; /* just a reference */
+#ifndef OPENSSL_NO_DEPRECATED
        unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
                                  * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
+#endif
+        CRYPTO_THREADID tid;
        unsigned int  counter;
        unsigned long flags;
        BN_MONT_CTX *m_ctx;
@@ -131,7 +134,7 @@ struct bn_blinding_st
                          BN_MONT_CTX *m_ctx);
        };
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod)
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
        {
        BN_BLINDING *ret=NULL;
@@ -158,6 +161,7 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGN
                BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
        ret->counter = BN_BLINDING_COUNTER;
+        CRYPTO_THREADID_current(&ret->tid);
        return(ret);
 err:
        if (ret != NULL) BN_BLINDING_free(ret);
@@ -263,6 +267,7 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ct
        return(ret);
        }
+#ifndef OPENSSL_NO_DEPRECATED
 unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)
        {
        return b->thread_id;
@@ -272,6 +277,12 @@ void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
        {
        b->thread_id = n;
        }
+#endif
+CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b)
+        {
+        return &b->tid;
+        }
 unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
        {
@@ -284,7 +295,7 @@ void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
        }
 BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-        const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
+        const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
        BN_MONT_CTX *m_ctx)
diff --git a/src/lib/libssl/src/crypto/bn/bn_ctx.c b/src/lib/libssl/src/crypto/bn/bn_ctx.c
index b3452f1a91..3f2256f675 100644
--- a/src/lib/libssl/src/crypto/bn/bn_ctx.c
+++ b/src/lib/libssl/src/crypto/bn/bn_ctx.c
@@ -161,7 +161,7 @@ static void ctxdbg(BN_CTX *ctx)
        fprintf(stderr,"(%08x): ", (unsigned int)ctx);
        while(bnidx < ctx->used)
                {
-                fprintf(stderr,"%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
+                fprintf(stderr,"%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
                if(!(bnidx % BN_CTX_POOL_SIZE))
                        item = item->next;
                }
@@ -171,8 +171,8 @@ static void ctxdbg(BN_CTX *ctx)
        while(fpidx < stack->depth)
                {
                while(bnidx++ < stack->indexes[fpidx])
-                        fprintf(stderr,"   ");
+                        fprintf(stderr,"    ");
-                fprintf(stderr,"^^ ");
+                fprintf(stderr,"^^^ ");
                bnidx++;
                fpidx++;
                }
diff --git a/src/lib/libssl/src/crypto/bn/bn_div.c b/src/lib/libssl/src/crypto/bn/bn_div.c
index 1e8e57626b..802a43d642 100644
--- a/src/lib/libssl/src/crypto/bn/bn_div.c
+++ b/src/lib/libssl/src/crypto/bn/bn_div.c
@@ -102,7 +102,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
        /* The next 2 are needed so we can do a dv->d[0]|=1 later
         * since BN_lshift1 will only work once there is a value :-) */
        BN_zero(dv);
-        bn_wexpand(dv,1);
+        if(bn_wexpand(dv,1) == NULL) goto end;
        dv->top=1;
        if (!BN_lshift(D,D,nm-nd)) goto end;
@@ -229,7 +229,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
        if (dv == NULL)
                res=BN_CTX_get(ctx);
        else    res=dv;
-        if (sdiv == NULL || res == NULL) goto err;
+        if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
+                goto err;
        /* First we normalise the numbers */
        norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
@@ -336,7 +337,7 @@ X) -> 0x%08X\n",
                                t2 -= d1;
                                }
 #else /* !BN_LLONG */
-                        BN_ULONG t2l,t2h,ql,qh;
+                        BN_ULONG t2l,t2h;
                        q=bn_div_words(n0,n1,d0);
 #ifdef BN_DEBUG_LEVITTE
@@ -354,9 +355,12 @@ X) -> 0x%08X\n",
                        t2l = d1 * q;
                        t2h = BN_UMULT_HIGH(d1,q);
 #else
+                        {
+                        BN_ULONG ql, qh;
                        t2l=LBITS(d1); t2h=HBITS(d1);
                        ql =LBITS(q);  qh =HBITS(q);
                        mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+                        }
 #endif
                        for (;;)
@@ -560,7 +564,7 @@ X) -> 0x%08X\n",
                                t2 -= d1;
                                }
 #else /* !BN_LLONG */
-                        BN_ULONG t2l,t2h,ql,qh;
+                        BN_ULONG t2l,t2h;
                        q=bn_div_words(n0,n1,d0);
 #ifdef BN_DEBUG_LEVITTE
@@ -578,9 +582,12 @@ X) -> 0x%08X\n",
                        t2l = d1 * q;
                        t2h = BN_UMULT_HIGH(d1,q);
 #else
+                        {
+                        BN_ULONG ql, qh;
                        t2l=LBITS(d1); t2h=HBITS(d1);
                        ql =LBITS(q);  qh =HBITS(q);
                        mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+                        }
 #endif
                        for (;;)
diff --git a/src/lib/libssl/src/crypto/bn/bn_exp.c b/src/lib/libssl/src/crypto/bn/bn_exp.c
index 70a33f0d93..d9b6c737fc 100644
--- a/src/lib/libssl/src/crypto/bn/bn_exp.c
+++ b/src/lib/libssl/src/crypto/bn/bn_exp.c
@@ -134,7 +134,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                rr = BN_CTX_get(ctx);
        else
                rr = r;
-        if ((v = BN_CTX_get(ctx)) == NULL) goto err;
+        v = BN_CTX_get(ctx);
+        if (rr == NULL || v == NULL) goto err;
        if (BN_copy(v,a) == NULL) goto err;
        bits=BN_num_bits(p);
diff --git a/src/lib/libssl/src/crypto/bn/bn_lcl.h b/src/lib/libssl/src/crypto/bn/bn_lcl.h
index 27ac4397a1..8e5e98e3f2 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lcl.h
+++ b/src/lib/libssl/src/crypto/bn/bn_lcl.h
@@ -255,7 +255,8 @@ extern "C" {
             : "r"(a), "r"(b));         \
        ret;                    })
 #  endif        /* compiler */
-# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
+# elif (defined(__x86_64) || defined(__x86_64__)) && \
+       (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
 #  if defined(__GNUC__)
 #   define BN_UMULT_HIGH(a,b)   ({      \
        register BN_ULONG ret,discard;  \
diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c
index 32a8fbaf51..5470fbe6ef 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lib.c
+++ b/src/lib/libssl/src/crypto/bn/bn_lib.c
@@ -133,15 +133,34 @@ int BN_get_params(int which)
 const BIGNUM *BN_value_one(void)
        {
-        static BN_ULONG data_one=1L;
+        static const BN_ULONG data_one=1L;
-        static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA};
+        static const BIGNUM const_one={(BN_ULONG *)&data_one,1,1,0,BN_FLG_STATIC_DATA};
        return(&const_one);
        }
+char *BN_options(void)
+        {
+        static int init=0;
+        static char data[16];
+        if (!init)
+                {
+                init++;
+#ifdef BN_LLONG
+                BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+                             (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
+#else
+                BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+                             (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
+#endif
+                }
+        return(data);
+        }
 int BN_num_bits_word(BN_ULONG l)
        {
-        static const char bits[256]={
+        static const unsigned char bits[256]={
                0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
                5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
                6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
@@ -216,7 +235,7 @@ int BN_num_bits_word(BN_ULONG l)
                else
 #endif
                        {
-#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
                        if (l & 0xff00L)
                                return(bits[(int)(l>>8)]+8);
                        else    
@@ -744,7 +763,7 @@ int BN_is_bit_set(const BIGNUM *a, int n)
        i=n/BN_BITS2;
        j=n%BN_BITS2;
        if (a->top <= i) return 0;
-        return(((a->d[i])>>j)&((BN_ULONG)1));
+        return (int)(((a->d[i])>>j)&((BN_ULONG)1));
        }
 int BN_mask_bits(BIGNUM *a, int n)
diff --git a/src/lib/libssl/src/crypto/bn/bn_mont.c b/src/lib/libssl/src/crypto/bn/bn_mont.c
index 4799b152dd..7224637ab3 100644
--- a/src/lib/libssl/src/crypto/bn/bn_mont.c
+++ b/src/lib/libssl/src/crypto/bn/bn_mont.c
@@ -122,26 +122,10 @@
 #define MONT_WORD /* use the faster word-based algorithm */
-#if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
+#ifdef MONT_WORD
-/* This condition means we have a specific non-default build:
- * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any
- * BN_BITS2<=32 platform; an explicit "enable-montasm" is required.
- * I.e., if we are here, the user intentionally deviates from the
- * normal stable build to get better Montgomery performance from
- * the 0.9.9-dev backport.
- *
- * In this case only, we also enable BN_from_montgomery_word()
- * (another non-stable feature from 0.9.9-dev).
- */
-#define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
-#endif
-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
 static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
 #endif
 int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
                          BN_MONT_CTX *mont, BN_CTX *ctx)
        {
@@ -153,11 +137,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
        if (num>1 && a->top==num && b->top==num)
                {
                if (bn_wexpand(r,num) == NULL) return(0);
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
                if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num))
-#else
-                if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num))
-#endif
                        {
                        r->neg = a->neg^b->neg;
                        r->top = num;
@@ -181,7 +161,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
                if (!BN_mul(tmp,a,b,ctx)) goto err;
                }
        /* reduce from aRR to aR */
-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
+#ifdef MONT_WORD
        if (!BN_from_montgomery_word(r,tmp,mont)) goto err;
 #else
        if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
@@ -193,7 +173,7 @@ err:
        return(ret);
        }
-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
+#ifdef MONT_WORD
 static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
        {
        BIGNUM *n;
@@ -217,15 +197,15 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
        nrp= &(r->d[nl]);
        /* clear the top words of T */
+#if 1
        for (i=r->top; i<max; i++) /* memset? XXX */
                r->d[i]=0;
+#else
+        memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
+#endif
        r->top=max;
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
        n0=mont->n0[0];
-#else
-        n0=mont->n0;
-#endif
 #ifdef BN_COUNT
        fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl);
@@ -270,6 +250,8 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
                }
        al=r->top-ri;
+#define BRANCH_FREE 1
+#if BRANCH_FREE
        if (bn_wexpand(ret,ri) == NULL) return(0);
        x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
        ret->top=x=(ri&~x)|(al&x);      /* min(ri,al) */
@@ -317,164 +299,8 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
                rp[i]=nrp[i], ap[i]=0;
        bn_correct_top(r);
        bn_correct_top(ret);
-        bn_check_top(ret);
-        return(1);
-        }
-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
-             BN_CTX *ctx)
-        {
-        int retn=0;
-        BIGNUM *t;
-        BN_CTX_start(ctx);
-        if ((t = BN_CTX_get(ctx)) && BN_copy(t,a))
-                retn = BN_from_montgomery_word(ret,t,mont);
-        BN_CTX_end(ctx);
-        return retn;
-        }
-#else /* !MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
-             BN_CTX *ctx)
-        {
-        int retn=0;
-#ifdef MONT_WORD
-        BIGNUM *n,*r;
-        BN_ULONG *ap,*np,*rp,n0,v,*nrp;
-        int al,nl,max,i,x,ri;
-        BN_CTX_start(ctx);
-        if ((r = BN_CTX_get(ctx)) == NULL) goto err;
-        if (!BN_copy(r,a)) goto err;
-        n= &(mont->N);
-        ap=a->d;
-        /* mont->ri is the size of mont->N in bits (rounded up
-           to the word size) */
-        al=ri=mont->ri/BN_BITS2;
-        
-        nl=n->top;
-        if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
-        max=(nl+al+1); /* allow for overflow (no?) XXX */
-        if (bn_wexpand(r,max) == NULL) goto err;
-        r->neg=a->neg^n->neg;
-        np=n->d;
-        rp=r->d;
-        nrp= &(r->d[nl]);
-        /* clear the top words of T */
-#if 1
-        for (i=r->top; i<max; i++) /* memset? XXX */
-                r->d[i]=0;
 #else
-        memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
+        if (bn_wexpand(ret,al) == NULL) return(0);
-#endif
-        r->top=max;
-        n0=mont->n0;
-#ifdef BN_COUNT
-        fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl);
-#endif
-        for (i=0; i<nl; i++)
-                {
-#ifdef __TANDEM
-                {
-                   long long t1;
-                   long long t2;
-                   long long t3;
-                   t1 = rp[0] * (n0 & 0177777);
-                   t2 = 037777600000l;
-                   t2 = n0 & t2;
-                   t3 = rp[0] & 0177777;
-                   t2 = (t3 * t2) & BN_MASK2;
-                   t1 = t1 + t2;
-                   v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
-                }
-#else
-                v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
-#endif
-                nrp++;
-                rp++;
-                if (((nrp[-1]+=v)&BN_MASK2) >= v)
-                        continue;
-                else
-                        {
-                        if (((++nrp[0])&BN_MASK2) != 0) continue;
-                        if (((++nrp[1])&BN_MASK2) != 0) continue;
-                        for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
-                        }
-                }
-        bn_correct_top(r);
-        
-        /* mont->ri will be a multiple of the word size and below code
-         * is kind of BN_rshift(ret,r,mont->ri) equivalent */
-        if (r->top <= ri)
-                {
-                ret->top=0;
-                retn=1;
-                goto err;
-                }
-        al=r->top-ri;
-# define BRANCH_FREE 1
-# if BRANCH_FREE
-        if (bn_wexpand(ret,ri) == NULL) goto err;
-        x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
-        ret->top=x=(ri&~x)|(al&x);      /* min(ri,al) */
-        ret->neg=r->neg;
-        rp=ret->d;
-        ap=&(r->d[ri]);
-        {
-        size_t m1,m2;
-        v=bn_sub_words(rp,ap,np,ri);
-        /* this ----------------^^ works even in al<ri case
-         * thanks to zealous zeroing of top of the vector in the
-         * beginning. */
-        /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
-        /* in other words if subtraction result is real, then
-         * trick unconditional memcpy below to perform in-place
-         * "refresh" instead of actual copy. */
-        m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1);   /* al<ri */
-        m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1);   /* al>ri */
-        m1|=m2;                 /* (al!=ri) */
-        m1|=(0-(size_t)v);      /* (al!=ri || v) */
-        m1&=~m2;                /* (al!=ri || v) && !al>ri */
-        nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
-        }
-        /* 'i<ri' is chosen to eliminate dependency on input data, even
-         * though it results in redundant copy in al<ri case. */
-        for (i=0,ri-=4; i<ri; i+=4)
-                {
-                BN_ULONG t1,t2,t3,t4;
-                
-                t1=nrp[i+0];
-                t2=nrp[i+1];
-                t3=nrp[i+2];    ap[i+0]=0;
-                t4=nrp[i+3];    ap[i+1]=0;
-                rp[i+0]=t1;     ap[i+2]=0;
-                rp[i+1]=t2;     ap[i+3]=0;
-                rp[i+2]=t3;
-                rp[i+3]=t4;
-                }
-        for (ri+=4; i<ri; i++)
-                rp[i]=nrp[i], ap[i]=0;
-        bn_correct_top(r);
-        bn_correct_top(ret);
-# else
-        if (bn_wexpand(ret,al) == NULL) goto err;
        ret->top=al;
        ret->neg=r->neg;
@@ -497,8 +323,30 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
        al+=4;
        for (; i<al; i++)
                rp[i]=ap[i];
-# endif
-#else /* !MONT_WORD */ 
+        if (BN_ucmp(ret, &(mont->N)) >= 0)
+                {
+                if (!BN_usub(ret,ret,&(mont->N))) return(0);
+                }
+#endif
+        bn_check_top(ret);
+        return(1);
+        }
+#endif  /* MONT_WORD */
+int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+             BN_CTX *ctx)
+        {
+        int retn=0;
+#ifdef MONT_WORD
+        BIGNUM *t;
+        BN_CTX_start(ctx);
+        if ((t = BN_CTX_get(ctx)) && BN_copy(t,a))
+                retn = BN_from_montgomery_word(ret,t,mont);
+        BN_CTX_end(ctx);
+#else /* !MONT_WORD */
        BIGNUM *t1,*t2;
        BN_CTX_start(ctx);
@@ -515,21 +363,18 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
        if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
        if (!BN_add(t2,a,t1)) goto err;
        if (!BN_rshift(ret,t2,mont->ri)) goto err;
-#endif /* MONT_WORD */
-#if !defined(BRANCH_FREE) || BRANCH_FREE==0
        if (BN_ucmp(ret, &(mont->N)) >= 0)
                {
                if (!BN_usub(ret,ret,&(mont->N))) goto err;
                }
-#endif
        retn=1;
        bn_check_top(ret);
 err:
        BN_CTX_end(ctx);
+#endif /* MONT_WORD */
        return(retn);
        }
-#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
 BN_MONT_CTX *BN_MONT_CTX_new(void)
        {
@@ -549,11 +394,7 @@ void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
        BN_init(&(ctx->RR));
        BN_init(&(ctx->N));
        BN_init(&(ctx->Ni));
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
        ctx->n0[0] = ctx->n0[1] = 0;
-#else
-        ctx->n0 = 0;
-#endif
        ctx->flags=0;
        }
@@ -585,26 +426,22 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
                BIGNUM tmod;
                BN_ULONG buf[2];
-                mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-                BN_zero(R);
-#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)",
-         only certain BN_BITS2<=32 platforms actually need this */
-                if (!(BN_set_bit(R,2*BN_BITS2))) goto err;      /* R */
-#else
-                if (!(BN_set_bit(R,BN_BITS2))) goto err;        /* R */
-#endif
-                buf[0]=mod->d[0]; /* tmod = N mod word size */
-                buf[1]=0;
                BN_init(&tmod);
                tmod.d=buf;
-                tmod.top = buf[0] != 0 ? 1 : 0;
                tmod.dmax=2;
                tmod.neg=0;
-#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)";
+                mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-         only certain BN_BITS2<=32 platforms actually need this */
+#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
+                /* Only certain BN_BITS2<=32 platforms actually make use of
+                 * n0[1], and we could use the #else case (with a shorter R
+                 * value) for the others.  However, currently only the assembler
+                 * files do know which is which. */
+                BN_zero(R);
+                if (!(BN_set_bit(R,2*BN_BITS2))) goto err;
                                                                tmod.top=0;
                if ((buf[0] = mod->d[0]))                       tmod.top=1;
                if ((buf[1] = mod->top>1 ? mod->d[1] : 0))      tmod.top=2;
@@ -632,6 +469,12 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
                mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
                mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
 #else
+                BN_zero(R);
+                if (!(BN_set_bit(R,BN_BITS2))) goto err;        /* R */
+                buf[0]=mod->d[0]; /* tmod = N mod word size */
+                buf[1]=0;
+                tmod.top = buf[0] != 0 ? 1 : 0;
                                                        /* Ri = R^-1 mod N*/
                if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
                        goto err;
@@ -647,12 +490,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
                if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
                /* Ni = (R*Ri-1)/N,
                 * keep only least significant word: */
-# if 0 /* for OpenSSL 0.9.9 mont->n0 */
                mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
                mont->n0[1] = 0;
-# else
-                mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0;
-# endif
 #endif
                }
 #else /* !MONT_WORD */
@@ -689,12 +528,8 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
        if (!BN_copy(&(to->N),&(from->N))) return NULL;
        if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;
        to->ri=from->ri;
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
        to->n0[0]=from->n0[0];
        to->n0[1]=from->n0[1];
-#else
-        to->n0=from->n0;
-#endif
        return(to);
        }
diff --git a/src/lib/libssl/src/crypto/bn/bn_mul.c b/src/lib/libssl/src/crypto/bn/bn_mul.c
index b848c8cc60..a0e9ec3b46 100644
--- a/src/lib/libssl/src/crypto/bn/bn_mul.c
+++ b/src/lib/libssl/src/crypto/bn/bn_mul.c
@@ -1028,17 +1028,19 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
                        assert(j <= al || j <= bl);
                        k = j+j;
                        t = BN_CTX_get(ctx);
+                        if (t == NULL)
+                                goto err;
                        if (al > j || bl > j)
                                {
-                                bn_wexpand(t,k*4);
+                                if (bn_wexpand(t,k*4) == NULL) goto err;
-                                bn_wexpand(rr,k*4);
+                                if (bn_wexpand(rr,k*4) == NULL) goto err;
                                bn_mul_part_recursive(rr->d,a->d,b->d,
                                        j,al-j,bl-j,t->d);
                                }
                        else    /* al <= j || bl <= j */
                                {
-                                bn_wexpand(t,k*2);
+                                if (bn_wexpand(t,k*2) == NULL) goto err;
-                                bn_wexpand(rr,k*2);
+                                if (bn_wexpand(rr,k*2) == NULL) goto err;
                                bn_mul_recursive(rr->d,a->d,b->d,
                                        j,al-j,bl-j,t->d);
                                }
diff --git a/src/lib/libssl/src/crypto/bn/bn_print.c b/src/lib/libssl/src/crypto/bn/bn_print.c
index 810dde34e1..bebb466d08 100644
--- a/src/lib/libssl/src/crypto/bn/bn_print.c
+++ b/src/lib/libssl/src/crypto/bn/bn_print.c
@@ -294,6 +294,27 @@ err:
        return(0);
        }
+int BN_asc2bn(BIGNUM **bn, const char *a)
+        {
+        const char *p = a;
+        if (*p == '-')
+                p++;
+        if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x'))
+                {               
+                if (!BN_hex2bn(bn, p + 2))
+                        return 0;
+                }
+        else
+                {
+                if (!BN_dec2bn(bn, p))
+                        return 0;
+                }
+        if (*a == '-')
+                (*bn)->neg = 1;
+        return 1;
+        }
 #ifndef OPENSSL_NO_BIO
 #ifndef OPENSSL_NO_FP_API
 int BN_print_fp(FILE *fp, const BIGNUM *a)
diff --git a/src/lib/libssl/src/crypto/bn/bntest.c b/src/lib/libssl/src/crypto/bn/bntest.c
index cf190380f5..0cd99c5b4b 100644
--- a/src/lib/libssl/src/crypto/bn/bntest.c
+++ b/src/lib/libssl/src/crypto/bn/bntest.c
@@ -486,7 +486,7 @@ static void print_word(BIO *bp,BN_ULONG w)
                return;
                }
 #endif
-        BIO_printf(bp,"%lX",w);
+        BIO_printf(bp,BN_HEX_FMT1,w);
        }
 int test_div_word(BIO *bp)
@@ -732,6 +732,8 @@ int test_mont(BIO *bp, BN_CTX *ctx)
        BN_init(&n);
        mont=BN_MONT_CTX_new();
+        if (mont == NULL)
+                return 0;
        BN_bntest_rand(&a,100,0,0); /**/
        BN_bntest_rand(&b,100,0,0); /**/
@@ -1027,7 +1029,7 @@ int test_exp(BIO *bp, BN_CTX *ctx)
                BN_bntest_rand(a,20+i*5,0,0); /**/
                BN_bntest_rand(b,2+i,0,0); /**/
-                if (!BN_exp(d,a,b,ctx))
+                if (BN_exp(d,a,b,ctx) <= 0)
                        return(0);
                if (bp != NULL)
@@ -1116,8 +1118,8 @@ int test_gf2m_mod(BIO *bp)
        {
        BIGNUM *a,*b[2],*c,*d,*e;
        int i, j, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
@@ -1174,8 +1176,8 @@ int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
        {
        BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
        int i, j, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
@@ -1245,8 +1247,8 @@ int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
        {
        BIGNUM *a,*b[2],*c,*d;
        int i, j, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
@@ -1304,8 +1306,8 @@ int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
        {
        BIGNUM *a,*b[2],*c,*d;
        int i, j, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
@@ -1359,8 +1361,8 @@ int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
        {
        BIGNUM *a,*b[2],*c,*d,*e,*f;
        int i, j, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
@@ -1422,8 +1424,8 @@ int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
        {
        BIGNUM *a,*b[2],*c,*d,*e,*f;
        int i, j, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
@@ -1493,8 +1495,8 @@ int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
        {
        BIGNUM *a,*b[2],*c,*d,*e,*f;
        int i, j, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
@@ -1552,8 +1554,8 @@ int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
        {
        BIGNUM *a,*b[2],*c,*d,*e;
        int i, j, s = 0, t, ret = 0;
-        unsigned int p0[] = {163,7,6,3,0};
+        int p0[] = {163,7,6,3,0,-1};
-        unsigned int p1[] = {193,15,0};
+        int p1[] = {193,15,0,-1};
        a=BN_new();
        b[0]=BN_new();
diff --git a/src/lib/libssl/src/crypto/bn/exptest.c b/src/lib/libssl/src/crypto/bn/exptest.c
index f598a07cf5..074a8e882a 100644
--- a/src/lib/libssl/src/crypto/bn/exptest.c
+++ b/src/lib/libssl/src/crypto/bn/exptest.c
@@ -163,7 +163,7 @@ int main(int argc, char *argv[])
                        {
                        if (BN_cmp(r_simple,r_mont) != 0)
                                printf("\nsimple and mont results differ\n");
-                        if (BN_cmp(r_simple,r_mont) != 0)
+                        if (BN_cmp(r_simple,r_mont_const) != 0)
                                printf("\nsimple and mont const time results differ\n");
                        if (BN_cmp(r_simple,r_recp) != 0)
                                printf("\nsimple and recp results differ\n");
@@ -187,7 +187,7 @@ int main(int argc, char *argv[])
        BN_free(b);
        BN_free(m);
        BN_CTX_free(ctx);
-        ERR_remove_state(0);
+        ERR_remove_thread_state(NULL);
        CRYPTO_mem_leaks(out);
        BIO_free(out);
        printf(" done\n");
diff --git a/src/lib/libssl/src/crypto/buffer/Makefile b/src/lib/libssl/src/crypto/buffer/Makefile
index 9e0f46e19a..9f3a88d2d6 100644
--- a/src/lib/libssl/src/crypto/buffer/Makefile
+++ b/src/lib/libssl/src/crypto/buffer/Makefile
@@ -17,8 +17,8 @@ TEST=
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC= buffer.c buf_str.c buf_err.c
+LIBSRC= buffer.c buf_err.c
-LIBOBJ= buffer.o buf_str.o buf_err.o
+LIBOBJ= buffer.o buf_err.o
 SRC= $(LIBSRC)
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -81,13 +81,6 @@ buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 buf_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 buf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 buf_err.o: buf_err.c
-buf_str.o: ../../e_os.h ../../include/openssl/bio.h
-buf_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-buf_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-buf_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-buf_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-buf_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-buf_str.o: ../../include/openssl/symhacks.h ../cryptlib.h buf_str.c
 buffer.o: ../../e_os.h ../../include/openssl/bio.h
 buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --git a/src/lib/libssl/src/crypto/buffer/buf_err.c b/src/lib/libssl/src/crypto/buffer/buf_err.c
index 3e25bbe879..8f1de6192b 100644
--- a/src/lib/libssl/src/crypto/buffer/buf_err.c
+++ b/src/lib/libssl/src/crypto/buffer/buf_err.c
@@ -1,6 +1,6 @@
 /* crypto/buffer/buf_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/src/crypto/buffer/buffer.c b/src/lib/libssl/src/crypto/buffer/buffer.c
index b3e947771d..620ea8d536 100644
--- a/src/lib/libssl/src/crypto/buffer/buffer.c
+++ b/src/lib/libssl/src/crypto/buffer/buffer.c
@@ -89,10 +89,10 @@ void BUF_MEM_free(BUF_MEM *a)
        OPENSSL_free(a);
        }
-int BUF_MEM_grow(BUF_MEM *str, int len)
+int BUF_MEM_grow(BUF_MEM *str, size_t len)
        {
        char *ret;
-        unsigned int n;
+        size_t n;
        if (str->length >= len)
                {
@@ -125,10 +125,10 @@ int BUF_MEM_grow(BUF_MEM *str, int len)
        return(len);
        }
-int BUF_MEM_grow_clean(BUF_MEM *str, int len)
+int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
        {
        char *ret;
-        unsigned int n;
+        size_t n;
        if (str->length >= len)
                {
@@ -161,3 +161,84 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len)
                }
        return(len);
        }
+char *BUF_strdup(const char *str)
+        {
+        if (str == NULL) return(NULL);
+        return BUF_strndup(str, strlen(str));
+        }
+char *BUF_strndup(const char *str, size_t siz)
+        {
+        char *ret;
+        if (str == NULL) return(NULL);
+        ret=OPENSSL_malloc(siz+1);
+        if (ret == NULL) 
+                {
+                BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        BUF_strlcpy(ret,str,siz+1);
+        return(ret);
+        }
+void *BUF_memdup(const void *data, size_t siz)
+        {
+        void *ret;
+        if (data == NULL) return(NULL);
+        ret=OPENSSL_malloc(siz);
+        if (ret == NULL) 
+                {
+                BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        return memcpy(ret, data, siz);
+        }       
+size_t BUF_strlcpy(char *dst, const char *src, size_t size)
+        {
+        size_t l = 0;
+        for(; size > 1 && *src; size--)
+                {
+                *dst++ = *src++;
+                l++;
+                }
+        if (size)
+                *dst = '\0';
+        return l + strlen(src);
+        }
+size_t BUF_strlcat(char *dst, const char *src, size_t size)
+        {
+        size_t l = 0;
+        for(; size > 0 && *dst; size--, dst++)
+                l++;
+        return l + BUF_strlcpy(dst, src, size);
+        }
+void BUF_reverse(unsigned char *out, unsigned char *in, size_t size)
+        {
+        size_t i;
+        if (in)
+                {
+                out += size - 1;
+                for (i = 0; i < size; i++)
+                        *in++ = *out--;
+                }
+        else
+                {
+                unsigned char *q;
+                char c;
+                q = out + size - 1;
+                for (i = 0; i < size/2; i++)
+                        {
+                        c = *q;
+                        *q-- = *out;
+                        *out++ = c;
+                        }
+                }
+        }
diff --git a/src/lib/libssl/src/crypto/buffer/buffer.h b/src/lib/libssl/src/crypto/buffer/buffer.h
index 1db9607450..178e418282 100644
--- a/src/lib/libssl/src/crypto/buffer/buffer.h
+++ b/src/lib/libssl/src/crypto/buffer/buffer.h
@@ -76,18 +76,19 @@ extern "C" {
 struct buf_mem_st
        {
-        int length;     /* current number of bytes */
+        size_t length;  /* current number of bytes */
        char *data;
-        int max;        /* size of buffer */
+        size_t max;     /* size of buffer */
        };
 BUF_MEM *BUF_MEM_new(void);
 void    BUF_MEM_free(BUF_MEM *a);
-int     BUF_MEM_grow(BUF_MEM *str, int len);
+int     BUF_MEM_grow(BUF_MEM *str, size_t len);
-int     BUF_MEM_grow_clean(BUF_MEM *str, int len);
+int     BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
 char *  BUF_strdup(const char *str);
 char *  BUF_strndup(const char *str, size_t siz);
 void *  BUF_memdup(const void *data, size_t siz);
+void    BUF_reverse(unsigned char *out, unsigned char *in, size_t siz);
 /* safe string functions */
 size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
diff --git a/src/lib/libssl/src/crypto/cast/Makefile b/src/lib/libssl/src/crypto/cast/Makefile
index 2e026dbe0d..0acc38f28d 100644
--- a/src/lib/libssl/src/crypto/cast/Makefile
+++ b/src/lib/libssl/src/crypto/cast/Makefile
@@ -38,19 +38,12 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+cast-586.s:     asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/cast-586.pl $(PERLASM_SCHEME) $(CLAGS) $(PROCESSOR) > $@
-        (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > ../$@)
-# COFF
-cx86-cof.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) cast-586.pl coff $(CLAGS) $(PROCESSOR) > ../$@)
-# a.out
-cx86-out.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) cast-586.pl a.out $(CLAGS) $(PROCESSOR) > ../$@)
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -102,8 +95,5 @@ c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
 c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 c_ofb64.o: c_ofb64.c cast_lcl.h
 c_skey.o: ../../e_os.h ../../include/openssl/cast.h
-c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-c_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+c_skey.o: c_skey.c cast_lcl.h cast_s.h
-c_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-c_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-c_skey.o: ../../include/openssl/symhacks.h c_skey.c cast_lcl.h cast_s.h
diff --git a/src/lib/libssl/src/crypto/cast/asm/cast-586.pl b/src/lib/libssl/src/crypto/cast/asm/cast-586.pl
index 6be0bfe572..bf6810d335 100644
--- a/src/lib/libssl/src/crypto/cast/asm/cast-586.pl
+++ b/src/lib/libssl/src/crypto/cast/asm/cast-586.pl
@@ -3,7 +3,8 @@
 # define for pentium pro friendly version
 $ppro=1;
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 require "cbc.pl";
diff --git a/src/lib/libssl/src/crypto/cast/c_cfb64.c b/src/lib/libssl/src/crypto/cast/c_cfb64.c
index 514c005c32..dcec13a201 100644
--- a/src/lib/libssl/src/crypto/cast/c_cfb64.c
+++ b/src/lib/libssl/src/crypto/cast/c_cfb64.c
@@ -65,7 +65,7 @@
 */
 void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, CAST_KEY *schedule, unsigned char *ivec,
+                        long length, const CAST_KEY *schedule, unsigned char *ivec,
                        int *num, int enc)
        {
        register CAST_LONG v0,v1,t;
@@ -119,4 +119,3 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
        v0=v1=ti[0]=ti[1]=t=c=cc=0;
        *num=n;
        }
diff --git a/src/lib/libssl/src/crypto/cast/c_ecb.c b/src/lib/libssl/src/crypto/cast/c_ecb.c
index f2dc606226..b6a3b1fff9 100644
--- a/src/lib/libssl/src/crypto/cast/c_ecb.c
+++ b/src/lib/libssl/src/crypto/cast/c_ecb.c
@@ -63,7 +63,7 @@
 const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT;
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                      CAST_KEY *ks, int enc)
+                      const CAST_KEY *ks, int enc)
        {
        CAST_LONG l,d[2];
@@ -77,4 +77,3 @@ void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
        l=d[1]; l2n(l,out);
        l=d[0]=d[1]=0;
        }
diff --git a/src/lib/libssl/src/crypto/cast/c_enc.c b/src/lib/libssl/src/crypto/cast/c_enc.c
index 0fe2cffecc..357c41ebf0 100644
--- a/src/lib/libssl/src/crypto/cast/c_enc.c
+++ b/src/lib/libssl/src/crypto/cast/c_enc.c
@@ -59,9 +59,10 @@
 #include <openssl/cast.h>
 #include "cast_lcl.h"
-void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
        {
-        register CAST_LONG l,r,*k,t;
+        register CAST_LONG l,r,t;
+        const register CAST_LONG *k;
        k= &(key->data[0]);
        l=data[0];
@@ -91,9 +92,10 @@ void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
        data[0]=r&0xffffffffL;
        }
-void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
        {
-        register CAST_LONG l,r,*k,t;
+        register CAST_LONG l,r,t;
+        const register CAST_LONG *k;
        k= &(key->data[0]);
        l=data[0];
@@ -124,7 +126,7 @@ void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
        }
 void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-             CAST_KEY *ks, unsigned char *iv, int enc)
+             const CAST_KEY *ks, unsigned char *iv, int enc)
        {
        register CAST_LONG tin0,tin1;
        register CAST_LONG tout0,tout1,xor0,xor1;
@@ -204,4 +206,3 @@ void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
        tin0=tin1=tout0=tout1=xor0=xor1=0;
        tin[0]=tin[1]=0;
        }
diff --git a/src/lib/libssl/src/crypto/cast/c_ofb64.c b/src/lib/libssl/src/crypto/cast/c_ofb64.c
index fd0469a62f..cb3222456c 100644
--- a/src/lib/libssl/src/crypto/cast/c_ofb64.c
+++ b/src/lib/libssl/src/crypto/cast/c_ofb64.c
@@ -64,7 +64,7 @@
 * 64bit block we have used is contained in *num;
 */
 void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, CAST_KEY *schedule, unsigned char *ivec,
+                        long length, const CAST_KEY *schedule, unsigned char *ivec,
                        int *num)
        {
        register CAST_LONG v0,v1,t;
@@ -108,4 +108,3 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
        t=v0=v1=ti[0]=ti[1]=0;
        *num=n;
        }
diff --git a/src/lib/libssl/src/crypto/cast/c_skey.c b/src/lib/libssl/src/crypto/cast/c_skey.c
index 68e690a60c..76e40005c9 100644
--- a/src/lib/libssl/src/crypto/cast/c_skey.c
+++ b/src/lib/libssl/src/crypto/cast/c_skey.c
@@ -57,11 +57,6 @@
 */
 #include <openssl/cast.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "cast_lcl.h"
 #include "cast_s.h"
@@ -77,7 +72,7 @@
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7
-FIPS_NON_FIPS_VCIPHER_Init(CAST)
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
        {
        CAST_LONG x[16];
        CAST_LONG z[16];
diff --git a/src/lib/libssl/src/crypto/cast/cast.h b/src/lib/libssl/src/crypto/cast/cast.h
index 1faf5806aa..1a264f8143 100644
--- a/src/lib/libssl/src/crypto/cast/cast.h
+++ b/src/lib/libssl/src/crypto/cast/cast.h
@@ -72,7 +72,7 @@ extern "C" {
 #define CAST_ENCRYPT    1
 #define CAST_DECRYPT    0
-#define CAST_LONG unsigned long
+#define CAST_LONG unsigned int
 #define CAST_BLOCK      8
 #define CAST_KEY_LENGTH 16
@@ -83,21 +83,19 @@ typedef struct cast_key_st
        int short_key;  /* Use reduced rounds for short key */
        } CAST_KEY;
-#ifdef OPENSSL_FIPS 
+ 
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-#endif
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
                      int enc);
-void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
-void CAST_decrypt(CAST_LONG *data,CAST_KEY *key);
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
 void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-                      CAST_KEY *ks, unsigned char *iv, int enc);
+                      const CAST_KEY *ks, unsigned char *iv, int enc);
 void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, CAST_KEY *schedule, unsigned char *ivec,
+                        long length, const CAST_KEY *schedule, unsigned char *ivec,
                        int *num, int enc);
 void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
-                        long length, CAST_KEY *schedule, unsigned char *ivec,
+                        long length, const CAST_KEY *schedule, unsigned char *ivec,
                        int *num);
 #ifdef  __cplusplus
diff --git a/src/lib/libssl/src/crypto/comp/Makefile b/src/lib/libssl/src/crypto/comp/Makefile
index 5d364b8513..efda832dce 100644
--- a/src/lib/libssl/src/crypto/comp/Makefile
+++ b/src/lib/libssl/src/crypto/comp/Makefile
@@ -36,7 +36,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
diff --git a/src/lib/libssl/src/crypto/comp/c_zlib.c b/src/lib/libssl/src/crypto/comp/c_zlib.c
index eccfd09137..8adf35f3fc 100644
--- a/src/lib/libssl/src/crypto/comp/c_zlib.c
+++ b/src/lib/libssl/src/crypto/comp/c_zlib.c
@@ -136,15 +136,6 @@ struct zlib_state
 static int zlib_stateful_ex_idx = -1;
-static void zlib_stateful_free_ex_data(void *obj, void *item,
-        CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
-        {
-        struct zlib_state *state = (struct zlib_state *)item;
-        inflateEnd(&state->istream);
-        deflateEnd(&state->ostream);
-        OPENSSL_free(state);
-        }
 static int zlib_stateful_init(COMP_CTX *ctx)
        {
        int err;
@@ -188,6 +179,12 @@ static int zlib_stateful_init(COMP_CTX *ctx)
 static void zlib_stateful_finish(COMP_CTX *ctx)
        {
+        struct zlib_state *state =
+                (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+                        zlib_stateful_ex_idx);
+        inflateEnd(&state->istream);
+        deflateEnd(&state->ostream);
+        OPENSSL_free(state);
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
        }
@@ -402,7 +399,7 @@ COMP_METHOD *COMP_zlib(void)
                        if (zlib_stateful_ex_idx == -1)
                                zlib_stateful_ex_idx =
                                        CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
-                                                0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
+                                                0,NULL,NULL,NULL,NULL);
                        CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
                        if (zlib_stateful_ex_idx == -1)
                                goto err;
@@ -784,6 +781,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
        default:
                ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
                break;
                }
        return ret;
diff --git a/src/lib/libssl/src/crypto/comp/comp_err.c b/src/lib/libssl/src/crypto/comp/comp_err.c
index 187d68b725..661c94c3a4 100644
--- a/src/lib/libssl/src/crypto/comp/comp_err.c
+++ b/src/lib/libssl/src/crypto/comp/comp_err.c
@@ -1,6 +1,6 @@
 /* crypto/comp/comp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/src/crypto/conf/Makefile b/src/lib/libssl/src/crypto/conf/Makefile
index ccd0721332..78bb324106 100644
--- a/src/lib/libssl/src/crypto/conf/Makefile
+++ b/src/lib/libssl/src/crypto/conf/Makefile
@@ -36,7 +36,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -114,8 +114,8 @@ conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 conf_mall.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 conf_mall.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-conf_mall.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-conf_mall.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_mall.o: ../../include/openssl/objects.h
 conf_mall.o: ../../include/openssl/opensslconf.h
 conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -128,9 +128,9 @@ conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 conf_mod.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 conf_mod.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-conf_mod.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-conf_mod.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+conf_mod.o: ../../include/openssl/opensslconf.h
 conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 conf_mod.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -143,9 +143,8 @@ conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 conf_sap.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-conf_sap.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-conf_sap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-conf_sap.o: ../../include/openssl/opensslconf.h
 conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/src/lib/libssl/src/crypto/conf/README b/src/lib/libssl/src/crypto/conf/README
index ca58d0240f..96e53b34ed 100644
--- a/src/lib/libssl/src/crypto/conf/README
+++ b/src/lib/libssl/src/crypto/conf/README
@@ -1,8 +1,3 @@
-WARNING WARNING WARNING!!!
-This stuff is experimental, may change radically or be deleted altogether
-before OpenSSL 0.9.7 release. You have been warned!
 Configuration modules. These are a set of modules which can perform
 various configuration functions.
@@ -13,7 +8,7 @@ The routines read a configuration file set up like this:
 -----
 #default section
-openssl_init=init_section
+openssl_conf=init_section
 [init_section]
@@ -30,29 +25,27 @@ path=/some/path/to/some/dso.so
 other_stuff=other_value
 ----
-When this file is loaded a configuration module with the specified
+When this file is loaded a configuration module with the specified string
-string (module* in the above example) is looked up and its init
+(module* in the above example) is looked up and its init function called as:
-function called as:
 int conf_init_func(CONF_IMODULE *md, CONF *cnf);
-The function can then take whatever action is appropriate, for example
+The function can then take whatever action is appropriate, for example further
-further lookups based on the value. Multiple instances of the same 
+lookups based on the value. Multiple instances of the same config module can be
-config module can be loaded.
+loaded.
-When the application closes down the modules are cleaned up by calling
+When the application closes down the modules are cleaned up by calling an
-an optional finish function:
+optional finish function:
 void conf_finish_func(CONF_IMODULE *md);
 The finish functions are called in reverse order: that is the last module
 loaded is the first one cleaned up.
-If no module exists with a given name then an attempt is made to load
+If no module exists with a given name then an attempt is made to load a DSO
-a DSO with the supplied name. This might mean that "module3" attempts
+with the supplied name. This might mean that "module3" attempts to load a DSO
-to load a DSO called libmodule3.so or module3.dll for example. An explicit
+called libmodule3.so or module3.dll for example. An explicit DSO name can be
-DSO name can be given by including a separate section as in the module4 example
+given by including a separate section as in the module4 example above.
-above.
 The DSO is expected to at least contain an initialization function:
@@ -64,15 +57,17 @@ void OPENSSL_finish(CONF_IMODULE *md);
 Static modules can also be added using,
-int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func *ffunc);
+int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func
+*ffunc);
-where "name" is the name in the configuration file this function corresponds to.
+where "name" is the name in the configuration file this function corresponds
+to.
-A set of builtin modules (currently only an ASN1 non functional test module) can be 
+A set of builtin modules (currently only an ASN1 non functional test module)
-added by calling OPENSSL_load_builtin_modules(). 
+can be added by calling OPENSSL_load_builtin_modules(). 
-The function OPENSSL_config() is intended as a simple configuration function that
+The function OPENSSL_config() is intended as a simple configuration function
-any application can call to perform various default configuration tasks. It uses the
+that any application can call to perform various default configuration tasks.
-file openssl.cnf in the usual locations.
+It uses the file openssl.cnf in the usual locations.
diff --git a/src/lib/libssl/src/crypto/conf/conf.h b/src/lib/libssl/src/crypto/conf/conf.h
index 8aa06bc5ec..c2199978a3 100644
--- a/src/lib/libssl/src/crypto/conf/conf.h
+++ b/src/lib/libssl/src/crypto/conf/conf.h
@@ -79,8 +79,7 @@ typedef struct
        } CONF_VALUE;
 DECLARE_STACK_OF(CONF_VALUE)
-DECLARE_STACK_OF(CONF_MODULE)
+DECLARE_LHASH_OF(CONF_VALUE);
-DECLARE_STACK_OF(CONF_IMODULE)
 struct conf_st;
 struct conf_method_st;
@@ -105,6 +104,9 @@ struct conf_method_st
 typedef struct conf_imodule_st CONF_IMODULE;
 typedef struct conf_module_st CONF_MODULE;
+DECLARE_STACK_OF(CONF_MODULE)
+DECLARE_STACK_OF(CONF_IMODULE)
 /* DSO module function typedefs */
 typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf);
 typedef void conf_finish_func(CONF_IMODULE *md);
@@ -117,18 +119,23 @@ typedef void conf_finish_func(CONF_IMODULE *md);
 #define CONF_MFLAGS_DEFAULT_SECTION     0x20
 int CONF_set_default_method(CONF_METHOD *meth);
-void CONF_set_nconf(CONF *conf,LHASH *hash);
+void CONF_set_nconf(CONF *conf,LHASH_OF(CONF_VALUE) *hash);
-LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
+LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf,const char *file,
+                                long *eline);
 #ifndef OPENSSL_NO_FP_API
-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
+LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
+                                   long *eline);
 #endif
-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
+LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,long *eline);
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
-char *CONF_get_string(LHASH *conf,const char *group,const char *name);
+                                       const char *section);
-long CONF_get_number(LHASH *conf,const char *group,const char *name);
+char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf,const char *group,
-void CONF_free(LHASH *conf);
+                      const char *name);
-int CONF_dump_fp(LHASH *conf, FILE *out);
+long CONF_get_number(LHASH_OF(CONF_VALUE) *conf,const char *group,
-int CONF_dump_bio(LHASH *conf, BIO *out);
+                     const char *name);
+void CONF_free(LHASH_OF(CONF_VALUE) *conf);
+int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
+int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
 void OPENSSL_config(const char *config_name);
 void OPENSSL_no_config(void);
@@ -140,7 +147,7 @@ struct conf_st
        {
        CONF_METHOD *meth;
        void *meth_data;
-        LHASH *data;
+        LHASH_OF(CONF_VALUE) *data;
        };
 CONF *NCONF_new(CONF_METHOD *meth);
@@ -214,6 +221,7 @@ void ERR_load_CONF_strings(void);
 #define CONF_F_CONF_LOAD_BIO                             102
 #define CONF_F_CONF_LOAD_FP                              103
 #define CONF_F_CONF_MODULES_LOAD                         116
+#define CONF_F_CONF_PARSE_LIST                           119
 #define CONF_F_DEF_LOAD                                  120
 #define CONF_F_DEF_LOAD_BIO                              121
 #define CONF_F_MODULE_INIT                               115
@@ -233,6 +241,7 @@ void ERR_load_CONF_strings(void);
 /* Reason codes. */
 #define CONF_R_ERROR_LOADING_DSO                         110
+#define CONF_R_LIST_CANNOT_BE_NULL                       115
 #define CONF_R_MISSING_CLOSE_SQUARE_BRACKET              100
 #define CONF_R_MISSING_EQUAL_SIGN                        101
 #define CONF_R_MISSING_FINISH_FUNCTION                   111
diff --git a/src/lib/libssl/src/crypto/conf/conf_api.c b/src/lib/libssl/src/crypto/conf/conf_api.c
index 909d72b4b8..22617e5fa1 100644
--- a/src/lib/libssl/src/crypto/conf/conf_api.c
+++ b/src/lib/libssl/src/crypto/conf/conf_api.c
@@ -69,16 +69,12 @@
 #include <openssl/conf_api.h>
 #include "e_os.h"
-static void value_free_hash(CONF_VALUE *a, LHASH *conf);
+static void value_free_hash_doall_arg(CONF_VALUE *a,
-static void value_free_stack(CONF_VALUE *a,LHASH *conf);
+                                      LHASH_OF(CONF_VALUE) *conf);
-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *)
+static void value_free_stack_doall(CONF_VALUE *a);
-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE,
-/* We don't use function pointer casting or wrapper functions - but cast each
+                                    LHASH_OF(CONF_VALUE))
- * callback parameter inside the callback functions. */
+static IMPLEMENT_LHASH_DOALL_FN(value_free_stack, CONF_VALUE)
-/* static unsigned long hash(CONF_VALUE *v); */
-static unsigned long hash(const void *v_void);
-/* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */
-static int cmp_conf(const void *a_void,const void *b_void);
 /* Up until OpenSSL 0.9.5a, this was get_section */
 CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
@@ -88,7 +84,7 @@ CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
        if ((conf == NULL) || (section == NULL)) return(NULL);
        vv.name=NULL;
        vv.section=(char *)section;
-        v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+        v=lh_CONF_VALUE_retrieve(conf->data,&vv);
        return(v);
        }
@@ -118,7 +114,7 @@ int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
                return 0;
                }
-        v = (CONF_VALUE *)lh_insert(conf->data, value);
+        v = lh_CONF_VALUE_insert(conf->data, value);
        if (v != NULL)
                {
                (void)sk_CONF_VALUE_delete_ptr(ts,v);
@@ -141,24 +137,24 @@ char *_CONF_get_string(const CONF *conf, const char *section, const char *name)
                        {
                        vv.name=(char *)name;
                        vv.section=(char *)section;
-                        v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+                        v=lh_CONF_VALUE_retrieve(conf->data,&vv);
                        if (v != NULL) return(v->value);
                        if (strcmp(section,"ENV") == 0)
                                {
-                                p=Getenv(name);
+                                p=getenv(name);
                                if (p != NULL) return(p);
                                }
                        }
                vv.section="default";
                vv.name=(char *)name;
-                v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+                v=lh_CONF_VALUE_retrieve(conf->data,&vv);
                if (v != NULL)
                        return(v->value);
                else
                        return(NULL);
                }
        else
-                return(Getenv(name));
+                return(getenv(name));
        }
 #if 0 /* There's no way to provide error checking with this function, so
@@ -182,6 +178,34 @@ long _CONF_get_number(CONF *conf, char *section, char *name)
        }
 #endif
+static unsigned long conf_value_hash(const CONF_VALUE *v)
+        {
+        return (lh_strhash(v->section)<<2)^lh_strhash(v->name);
+        }
+static IMPLEMENT_LHASH_HASH_FN(conf_value, CONF_VALUE)
+static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b)
+        {
+        int i;
+        if (a->section != b->section)
+                {
+                i=strcmp(a->section,b->section);
+                if (i) return(i);
+                }
+        if ((a->name != NULL) && (b->name != NULL))
+                {
+                i=strcmp(a->name,b->name);
+                return(i);
+                }
+        else if (a->name == b->name)
+                return(0);
+        else
+                return((a->name == NULL)?-1:1);
+        }
+static IMPLEMENT_LHASH_COMP_FN(conf_value, CONF_VALUE)
 int _CONF_new_data(CONF *conf)
        {
        if (conf == NULL)
@@ -189,7 +213,7 @@ int _CONF_new_data(CONF *conf)
                return 0;
                }
        if (conf->data == NULL)
-                if ((conf->data = lh_new(hash, cmp_conf)) == NULL)
+                if ((conf->data = lh_CONF_VALUE_new()) == NULL)
                        {
                        return 0;
                        }
@@ -200,105 +224,73 @@ void _CONF_free_data(CONF *conf)
        {
        if (conf == NULL || conf->data == NULL) return;
-        conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()'
+        lh_CONF_VALUE_down_load(conf->data)=0; /* evil thing to make
-                                  * works as expected */
+                                  * sure the 'OPENSSL_free()' works as
-        lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash),
+                                  * expected */
-                        conf->data);
+        lh_CONF_VALUE_doall_arg(conf->data,
+                                LHASH_DOALL_ARG_FN(value_free_hash),
+                                LHASH_OF(CONF_VALUE), conf->data);
        /* We now have only 'section' entries in the hash table.
         * Due to problems with */
-        lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack),
+        lh_CONF_VALUE_doall(conf->data, LHASH_DOALL_FN(value_free_stack));
-                        conf->data);
+        lh_CONF_VALUE_free(conf->data);
-        lh_free(conf->data);
        }
-static void value_free_hash(CONF_VALUE *a, LHASH *conf)
+static void value_free_hash_doall_arg(CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf)
        {
        if (a->name != NULL)
-                {
+                (void)lh_CONF_VALUE_delete(conf,a);
-                a=(CONF_VALUE *)lh_delete(conf,a);
-                }
        }
-static void value_free_stack(CONF_VALUE *a, LHASH *conf)
+static void value_free_stack_doall(CONF_VALUE *a)
        {
        CONF_VALUE *vv;
-        STACK *sk;
+        STACK_OF(CONF_VALUE) *sk;
        int i;
        if (a->name != NULL) return;
-        sk=(STACK *)a->value;
+        sk=(STACK_OF(CONF_VALUE) *)a->value;
-        for (i=sk_num(sk)-1; i>=0; i--)
+        for (i=sk_CONF_VALUE_num(sk)-1; i>=0; i--)
                {
-                vv=(CONF_VALUE *)sk_value(sk,i);
+                vv=sk_CONF_VALUE_value(sk,i);
                OPENSSL_free(vv->value);
                OPENSSL_free(vv->name);
                OPENSSL_free(vv);
                }
-        if (sk != NULL) sk_free(sk);
+        if (sk != NULL) sk_CONF_VALUE_free(sk);
        OPENSSL_free(a->section);
        OPENSSL_free(a);
        }
-/* static unsigned long hash(CONF_VALUE *v) */
-static unsigned long hash(const void *v_void)
-        {
-        CONF_VALUE *v = (CONF_VALUE *)v_void;
-        return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
-        }
-/* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */
-static int cmp_conf(const void *a_void,const  void *b_void)
-        {
-        int i;
-        CONF_VALUE *a = (CONF_VALUE *)a_void;
-        CONF_VALUE *b = (CONF_VALUE *)b_void;
-        if (a->section != b->section)
-                {
-                i=strcmp(a->section,b->section);
-                if (i) return(i);
-                }
-        if ((a->name != NULL) && (b->name != NULL))
-                {
-                i=strcmp(a->name,b->name);
-                return(i);
-                }
-        else if (a->name == b->name)
-                return(0);
-        else
-                return((a->name == NULL)?-1:1);
-        }
 /* Up until OpenSSL 0.9.5a, this was new_section */
 CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
        {
-        STACK *sk=NULL;
+        STACK_OF(CONF_VALUE) *sk=NULL;
        int ok=0,i;
        CONF_VALUE *v=NULL,*vv;
-        if ((sk=sk_new_null()) == NULL)
+        if ((sk=sk_CONF_VALUE_new_null()) == NULL)
                goto err;
-        if ((v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
+        if ((v=OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
                goto err;
        i=strlen(section)+1;
-        if ((v->section=(char *)OPENSSL_malloc(i)) == NULL)
+        if ((v->section=OPENSSL_malloc(i)) == NULL)
                goto err;
        memcpy(v->section,section,i);
        v->name=NULL;
        v->value=(char *)sk;
        
-        vv=(CONF_VALUE *)lh_insert(conf->data,v);
+        vv=lh_CONF_VALUE_insert(conf->data,v);
        assert(vv == NULL);
        ok=1;
 err:
        if (!ok)
                {
-                if (sk != NULL) sk_free(sk);
+                if (sk != NULL) sk_CONF_VALUE_free(sk);
                if (v != NULL) OPENSSL_free(v);
                v=NULL;
                }
diff --git a/src/lib/libssl/src/crypto/conf/conf_def.c b/src/lib/libssl/src/crypto/conf/conf_def.c
index d8bce8732a..0b571b0394 100644
--- a/src/lib/libssl/src/crypto/conf/conf_def.c
+++ b/src/lib/libssl/src/crypto/conf/conf_def.c
@@ -129,7 +129,7 @@ static CONF *def_create(CONF_METHOD *meth)
        {
        CONF *ret;
-        ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
+        ret = OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
        if (ret)
                if (meth->init(ret) == 0)
                        {
@@ -145,7 +145,7 @@ static int def_init_default(CONF *conf)
                return 0;
        conf->meth = &default_method;
-        conf->meth_data = (void *)CONF_type_default;
+        conf->meth_data = CONF_type_default;
        conf->data = NULL;
        return 1;
@@ -722,7 +722,7 @@ static char *scan_dquote(CONF *conf, char *p)
        return(p);
        }
-static void dump_value(CONF_VALUE *a, BIO *out)
+static void dump_value_doall_arg(CONF_VALUE *a, BIO *out)
        {
        if (a->name)
                BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
@@ -730,11 +730,12 @@ static void dump_value(CONF_VALUE *a, BIO *out)
                BIO_printf(out, "[[%s]]\n", a->section);
        }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE, BIO)
 static int def_dump(const CONF *conf, BIO *out)
        {
-        lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out);
+        lh_CONF_VALUE_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value),
+                                BIO, out);
        return 1;
        }
diff --git a/src/lib/libssl/src/crypto/conf/conf_err.c b/src/lib/libssl/src/crypto/conf/conf_err.c
index a16a5e0bd4..25bb5dc9aa 100644
--- a/src/lib/libssl/src/crypto/conf/conf_err.c
+++ b/src/lib/libssl/src/crypto/conf/conf_err.c
@@ -1,6 +1,6 @@
 /* crypto/conf/conf_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -75,6 +75,7 @@ static ERR_STRING_DATA CONF_str_functs[]=
 {ERR_FUNC(CONF_F_CONF_LOAD_BIO),        "CONF_load_bio"},
 {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
 {ERR_FUNC(CONF_F_CONF_MODULES_LOAD),    "CONF_modules_load"},
+{ERR_FUNC(CONF_F_CONF_PARSE_LIST),      "CONF_parse_list"},
 {ERR_FUNC(CONF_F_DEF_LOAD),     "DEF_LOAD"},
 {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"},
 {ERR_FUNC(CONF_F_MODULE_INIT),  "MODULE_INIT"},
@@ -97,6 +98,7 @@ static ERR_STRING_DATA CONF_str_functs[]=
 static ERR_STRING_DATA CONF_str_reasons[]=
        {
 {ERR_REASON(CONF_R_ERROR_LOADING_DSO)    ,"error loading dso"},
+{ERR_REASON(CONF_R_LIST_CANNOT_BE_NULL)  ,"list cannot be null"},
 {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"},
 {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN)   ,"missing equal sign"},
 {ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"},
diff --git a/src/lib/libssl/src/crypto/conf/conf_lib.c b/src/lib/libssl/src/crypto/conf/conf_lib.c
index 2a3399d269..54046defca 100644
--- a/src/lib/libssl/src/crypto/conf/conf_lib.c
+++ b/src/lib/libssl/src/crypto/conf/conf_lib.c
@@ -69,7 +69,7 @@ static CONF_METHOD *default_CONF_method=NULL;
 /* Init a 'CONF' structure from an old LHASH */
-void CONF_set_nconf(CONF *conf, LHASH *hash)
+void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash)
        {
        if (default_CONF_method == NULL)
                default_CONF_method = NCONF_default();
@@ -87,9 +87,10 @@ int CONF_set_default_method(CONF_METHOD *meth)
        return 1;
        }
-LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
+LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
+                                long *eline)
        {
-        LHASH *ltmp;
+        LHASH_OF(CONF_VALUE) *ltmp;
        BIO *in=NULL;
 #ifdef OPENSSL_SYS_VMS
@@ -110,10 +111,11 @@ LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
        }
 #ifndef OPENSSL_NO_FP_API
-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline)
+LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
+                                   long *eline)
        {
        BIO *btmp;
-        LHASH *ltmp;
+        LHASH_OF(CONF_VALUE) *ltmp;
        if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
                CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
                return NULL;
@@ -124,7 +126,8 @@ LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline)
        }
 #endif
-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
+LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,
+                                    long *eline)
        {
        CONF ctmp;
        int ret;
@@ -137,7 +140,8 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
        return NULL;
        }
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section)
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
+                                       const char *section)
        {
        if (conf == NULL)
                {
@@ -151,7 +155,8 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section)
                }
        }
-char *CONF_get_string(LHASH *conf,const char *group,const char *name)
+char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf,const char *group,
+                      const char *name)
        {
        if (conf == NULL)
                {
@@ -165,7 +170,8 @@ char *CONF_get_string(LHASH *conf,const char *group,const char *name)
                }
        }
-long CONF_get_number(LHASH *conf,const char *group,const char *name)
+long CONF_get_number(LHASH_OF(CONF_VALUE) *conf,const char *group,
+                     const char *name)
        {
        int status;
        long result = 0;
@@ -189,7 +195,7 @@ long CONF_get_number(LHASH *conf,const char *group,const char *name)
        return result;
        }
-void CONF_free(LHASH *conf)
+void CONF_free(LHASH_OF(CONF_VALUE) *conf)
        {
        CONF ctmp;
        CONF_set_nconf(&ctmp, conf);
@@ -197,7 +203,7 @@ void CONF_free(LHASH *conf)
        }
 #ifndef OPENSSL_NO_FP_API
-int CONF_dump_fp(LHASH *conf, FILE *out)
+int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out)
        {
        BIO *btmp;
        int ret;
@@ -212,7 +218,7 @@ int CONF_dump_fp(LHASH *conf, FILE *out)
        }
 #endif
-int CONF_dump_bio(LHASH *conf, BIO *out)
+int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out)
        {
        CONF ctmp;
        CONF_set_nconf(&ctmp, conf);
diff --git a/src/lib/libssl/src/crypto/conf/conf_mall.c b/src/lib/libssl/src/crypto/conf/conf_mall.c
index 1cc1fd5534..c6f4cb2d55 100644
--- a/src/lib/libssl/src/crypto/conf/conf_mall.c
+++ b/src/lib/libssl/src/crypto/conf/conf_mall.c
@@ -63,7 +63,6 @@
 #include <openssl/dso.h>
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
-#include <openssl/evp.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
@@ -77,6 +76,5 @@ void OPENSSL_load_builtin_modules(void)
 #ifndef OPENSSL_NO_ENGINE
        ENGINE_add_conf_module();
 #endif
-        EVP_add_alg_module();
        }
diff --git a/src/lib/libssl/src/crypto/conf/conf_mod.c b/src/lib/libssl/src/crypto/conf/conf_mod.c
index ee9c677d9b..df1642a0a5 100644
--- a/src/lib/libssl/src/crypto/conf/conf_mod.c
+++ b/src/lib/libssl/src/crypto/conf/conf_mod.c
@@ -582,8 +582,14 @@ int CONF_parse_list(const char *list_, int sep, int nospc,
        {
        int ret;
        const char *lstart, *tmpend, *p;
-        lstart = list_;
+        if(list_ == NULL)
+                {
+                CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL);
+                return 0;
+                }
+        lstart = list_;
        for(;;)
                {
                if (nospc)
diff --git a/src/lib/libssl/src/crypto/cpt_err.c b/src/lib/libssl/src/crypto/cpt_err.c
index 9fd41fff8c..139b9284e4 100644
--- a/src/lib/libssl/src/crypto/cpt_err.c
+++ b/src/lib/libssl/src/crypto/cpt_err.c
@@ -1,6 +1,6 @@
 /* crypto/cpt_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/src/crypto/cryptlib.c b/src/lib/libssl/src/crypto/cryptlib.c
index 8f9e88e403..b4449b86d6 100644
--- a/src/lib/libssl/src/crypto/cryptlib.c
+++ b/src/lib/libssl/src/crypto/cryptlib.c
@@ -1,6 +1,6 @@
 /* crypto/cryptlib.c */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -121,17 +121,279 @@
 static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
 #endif
+DECLARE_STACK_OF(CRYPTO_dynlock)
+/* real #defines in crypto.h, keep these upto date */
+static const char* const lock_names[CRYPTO_NUM_LOCKS] =
+        {
+        "<<ERROR>>",
+        "err",
+        "ex_data",
+        "x509",
+        "x509_info",
+        "x509_pkey",
+        "x509_crl",
+        "x509_req",
+        "dsa",
+        "rsa",
+        "evp_pkey",
+        "x509_store",
+        "ssl_ctx",
+        "ssl_cert",
+        "ssl_session",
+        "ssl_sess_cert",
+        "ssl",
+        "ssl_method",
+        "rand",
+        "rand2",
+        "debug_malloc",
+        "BIO",
+        "gethostbyname",
+        "getservbyname",
+        "readdir",
+        "RSA_blinding",
+        "dh",
+        "debug_malloc2",
+        "dso",
+        "dynlock",
+        "engine",
+        "ui",
+        "ecdsa",
+        "ec",
+        "ecdh",
+        "bn",
+        "ec_pre_comp",
+        "store",
+        "comp",
+        "fips",
+        "fips2",
+#if CRYPTO_NUM_LOCKS != 41
+# error "Inconsistency between crypto.h and cryptlib.c"
+#endif
+        };
+/* This is for applications to allocate new type names in the non-dynamic
+   array of lock names.  These are numbered with positive numbers.  */
+static STACK_OF(OPENSSL_STRING) *app_locks=NULL;
+/* For applications that want a more dynamic way of handling threads, the
+   following stack is used.  These are externally numbered with negative
+   numbers.  */
+static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
 static void (MS_FAR *locking_callback)(int mode,int type,
-        const char *file,int line)=NULL;
+        const char *file,int line)=0;
 static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
-        int type,const char *file,int line)=NULL;
+        int type,const char *file,int line)=0;
-static unsigned long (MS_FAR *id_callback)(void)=NULL;
+#ifndef OPENSSL_NO_DEPRECATED
+static unsigned long (MS_FAR *id_callback)(void)=0;
+#endif
+static void (MS_FAR *threadid_callback)(CRYPTO_THREADID *)=0;
+static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
+        (const char *file,int line)=0;
+static void (MS_FAR *dynlock_lock_callback)(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file,int line)=0;
+static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
+        const char *file,int line)=0;
+int CRYPTO_get_new_lockid(char *name)
+        {
+        char *str;
+        int i;
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+        /* A hack to make Visual C++ 5.0 work correctly when linking as
+         * a DLL using /MT. Without this, the application cannot use
+         * any floating point printf's.
+         * It also seems to be needed for Visual C 1.5 (win16) */
+        SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
+#endif
+        if ((app_locks == NULL) && ((app_locks=sk_OPENSSL_STRING_new_null()) == NULL))
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        if ((str=BUF_strdup(name)) == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        i=sk_OPENSSL_STRING_push(app_locks,str);
+        if (!i)
+                OPENSSL_free(str);
+        else
+                i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
+        return(i);
+        }
 int CRYPTO_num_locks(void)
        {
        return CRYPTO_NUM_LOCKS;
        }
+int CRYPTO_get_new_dynlockid(void)
+        {
+        int i = 0;
+        CRYPTO_dynlock *pointer = NULL;
+        if (dynlock_create_callback == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
+                return(0);
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        if ((dyn_locks == NULL)
+                && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL))
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+        pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock));
+        if (pointer == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        pointer->references = 1;
+        pointer->data = dynlock_create_callback(__FILE__,__LINE__);
+        if (pointer->data == NULL)
+                {
+                OPENSSL_free(pointer);
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        /* First, try to find an existing empty slot */
+        i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+        /* If there was none, push, thereby creating a new one */
+        if (i == -1)
+                /* Since sk_push() returns the number of items on the
+                   stack, not the location of the pushed item, we need
+                   to transform the returned number into a position,
+                   by decreasing it.  */
+                i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
+        else
+                /* If we found a place with a NULL pointer, put our pointer
+                   in it.  */
+                (void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+        if (i == -1)
+                {
+                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+                OPENSSL_free(pointer);
+                }
+        else
+                i += 1; /* to avoid 0 */
+        return -i;
+        }
+void CRYPTO_destroy_dynlockid(int i)
+        {
+        CRYPTO_dynlock *pointer = NULL;
+        if (i)
+                i = -i-1;
+        if (dynlock_destroy_callback == NULL)
+                return;
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+                return;
+                }
+        pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+        if (pointer != NULL)
+                {
+                --pointer->references;
+#ifdef REF_CHECK
+                if (pointer->references < 0)
+                        {
+                        fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n");
+                        abort();
+                        }
+                else
+#endif
+                        if (pointer->references <= 0)
+                                {
+                                (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
+                                }
+                        else
+                                pointer = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+        if (pointer)
+                {
+                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+                OPENSSL_free(pointer);
+                }
+        }
+struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)
+        {
+        CRYPTO_dynlock *pointer = NULL;
+        if (i)
+                i = -i-1;
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
+                pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+        if (pointer)
+                pointer->references++;
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+        if (pointer)
+                return pointer->data;
+        return NULL;
+        }
+struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))
+        (const char *file,int line)
+        {
+        return(dynlock_create_callback);
+        }
+void (*CRYPTO_get_dynlock_lock_callback(void))(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file,int line)
+        {
+        return(dynlock_lock_callback);
+        }
+void (*CRYPTO_get_dynlock_destroy_callback(void))
+        (struct CRYPTO_dynlock_value *l, const char *file,int line)
+        {
+        return(dynlock_destroy_callback);
+        }
+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
+        (const char *file, int line))
+        {
+        dynlock_create_callback=func;
+        }
+void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file, int line))
+        {
+        dynlock_lock_callback=func;
+        }
+void CRYPTO_set_dynlock_destroy_callback(void (*func)
+        (struct CRYPTO_dynlock_value *l, const char *file, int line))
+        {
+        dynlock_destroy_callback=func;
+        }
 void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
                int line)
        {
@@ -156,6 +418,108 @@ void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
        add_lock_callback=func;
        }
+/* the memset() here and in set_pointer() seem overkill, but for the sake of
+ * CRYPTO_THREADID_cmp() this avoids any platform silliness that might cause two
+ * "equal" THREADID structs to not be memcmp()-identical. */
+void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val)
+        {
+        memset(id, 0, sizeof(*id));
+        id->val = val;
+        }
+static const unsigned char hash_coeffs[] = { 3, 5, 7, 11, 13, 17, 19, 23 };
+void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr)
+        {
+        unsigned char *dest = (void *)&id->val;
+        unsigned int accum = 0;
+        unsigned char dnum = sizeof(id->val);
+        memset(id, 0, sizeof(*id));
+        id->ptr = ptr;
+        if (sizeof(id->val) >= sizeof(id->ptr))
+                {
+                /* 'ptr' can be embedded in 'val' without loss of uniqueness */
+                id->val = (unsigned long)id->ptr;
+                return;
+                }
+        /* hash ptr ==> val. Each byte of 'val' gets the mod-256 total of a
+         * linear function over the bytes in 'ptr', the co-efficients of which
+         * are a sequence of low-primes (hash_coeffs is an 8-element cycle) -
+         * the starting prime for the sequence varies for each byte of 'val'
+         * (unique polynomials unless pointers are >64-bit). For added spice,
+         * the totals accumulate rather than restarting from zero, and the index
+         * of the 'val' byte is added each time (position dependence). If I was
+         * a black-belt, I'd scan big-endian pointers in reverse to give
+         * low-order bits more play, but this isn't crypto and I'd prefer nobody
+         * mistake it as such. Plus I'm lazy. */
+        while (dnum--)
+                {
+                const unsigned char *src = (void *)&id->ptr;
+                unsigned char snum = sizeof(id->ptr);
+                while (snum--)
+                        accum += *(src++) * hash_coeffs[(snum + dnum) & 7];
+                accum += dnum;
+                *(dest++) = accum & 255;
+                }
+        }
+int CRYPTO_THREADID_set_callback(void (*func)(CRYPTO_THREADID *))
+        {
+        if (threadid_callback)
+                return 0;
+        threadid_callback = func;
+        return 1;
+        }
+void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *)
+        {
+        return threadid_callback;
+        }
+void CRYPTO_THREADID_current(CRYPTO_THREADID *id)
+        {
+        if (threadid_callback)
+                {
+                threadid_callback(id);
+                return;
+                }
+#ifndef OPENSSL_NO_DEPRECATED
+        /* If the deprecated callback was set, fall back to that */
+        if (id_callback)
+                {
+                CRYPTO_THREADID_set_numeric(id, id_callback());
+                return;
+                }
+#endif
+        /* Else pick a backup */
+#ifdef OPENSSL_SYS_WIN16
+        CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentTask());
+#elif defined(OPENSSL_SYS_WIN32)
+        CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentThreadId());
+#elif defined(OPENSSL_SYS_BEOS)
+        CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL));
+#else
+        /* For everything else, default to using the address of 'errno' */
+        CRYPTO_THREADID_set_pointer(id, &errno);
+#endif
+        }
+int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b)
+        {
+        return memcmp(a, b, sizeof(*a));
+        }
+void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src)
+        {
+        memcpy(dest, src, sizeof(*src));
+        }
+unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id)
+        {
+        return id->val;
+        }
+#ifndef OPENSSL_NO_DEPRECATED
 unsigned long (*CRYPTO_get_id_callback(void))(void)
        {
        return(id_callback);
@@ -178,6 +542,8 @@ unsigned long CRYPTO_thread_id(void)
                ret=(unsigned long)GetCurrentThreadId();
 #elif defined(GETPID_IS_MEANINGLESS)
                ret=1L;
+#elif defined(OPENSSL_SYS_BEOS)
+                ret=(unsigned long)find_thread(NULL);
 #else
                ret=(unsigned long)getpid();
 #endif
@@ -186,19 +552,13 @@ unsigned long CRYPTO_thread_id(void)
                ret=id_callback();
        return(ret);
        }
+#endif
-static void (*do_dynlock_cb)(int mode, int type, const char *file, int line);
-void int_CRYPTO_set_do_dynlock_callback(
-        void (*dyn_cb)(int mode, int type, const char *file, int line))
-        {
-        do_dynlock_cb = dyn_cb;
-        }
 void CRYPTO_lock(int mode, int type, const char *file, int line)
        {
 #ifdef LOCK_DEBUG
                {
+                CRYPTO_THREADID id;
                char *rw_text,*operation_text;
                if (mode & CRYPTO_LOCK)
@@ -215,15 +575,25 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
                else
                        rw_text="ERROR";
+                CRYPTO_THREADID_current(&id);
                fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n",
-                        CRYPTO_thread_id(), rw_text, operation_text,
+                        CRYPTO_THREADID_hash(&id), rw_text, operation_text,
                        CRYPTO_get_lock_name(type), file, line);
                }
 #endif
        if (type < 0)
                {
-                if (do_dynlock_cb)
+                if (dynlock_lock_callback != NULL)
-                        do_dynlock_cb(mode, type, file, line);
+                        {
+                        struct CRYPTO_dynlock_value *pointer
+                                = CRYPTO_get_dynlock_value(type);
+                        OPENSSL_assert(pointer != NULL);
+                        dynlock_lock_callback(mode, pointer, file, line);
+                        CRYPTO_destroy_dynlockid(type);
+                        }
                }
        else
                if (locking_callback != NULL)
@@ -243,11 +613,14 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
                ret=add_lock_callback(pointer,amount,type,file,line);
 #ifdef LOCK_DEBUG
+                {
+                CRYPTO_THREADID id;
+                CRYPTO_THREADID_current(&id);
                fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
-                        CRYPTO_thread_id(),
+                        CRYPTO_THREADID_hash(&id), before,amount,ret,
-                        before,amount,ret,
                        CRYPTO_get_lock_name(type),
                        file,line);
+                }
 #endif
                }
        else
@@ -256,11 +629,15 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
                ret= *pointer+amount;
 #ifdef LOCK_DEBUG
+                {
+                CRYPTO_THREADID id;
+                CRYPTO_THREADID_current(&id);
                fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
-                        CRYPTO_thread_id(),
+                        CRYPTO_THREADID_hash(&id),
                        *pointer,amount,ret,
                        CRYPTO_get_lock_name(type),
                        file,line);
+                }
 #endif
                *pointer=ret;
                CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line);
@@ -268,6 +645,18 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
        return(ret);
        }
+const char *CRYPTO_get_lock_name(int type)
+        {
+        if (type < 0)
+                return("dynamic");
+        else if (type < CRYPTO_NUM_LOCKS)
+                return(lock_names[type]);
+        else if (type-CRYPTO_NUM_LOCKS > sk_OPENSSL_STRING_num(app_locks))
+                return("ERROR");
+        else
+                return(sk_OPENSSL_STRING_value(app_locks,type-CRYPTO_NUM_LOCKS));
+        }
 #if     defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
        defined(__INTEL__) || \
        defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
@@ -301,70 +690,16 @@ void OPENSSL_cpuid_setup(void)
 unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; }
 #endif
 int OPENSSL_NONPIC_relocated = 0;
-#if !defined(OPENSSL_CPUID_SETUP)
+#if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ)
 void OPENSSL_cpuid_setup(void) {}
 #endif
 #if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL)
-#ifdef OPENSSL_FIPS
-#include <tlhelp32.h>
-#if defined(__GNUC__) && __GNUC__>=2
-static int DllInit(void) __attribute__((constructor));
-#elif defined(_MSC_VER)
-static int DllInit(void);
-# ifdef _WIN64
-# pragma section(".CRT$XCU",read)
-  __declspec(allocate(".CRT$XCU"))
-# else
-# pragma data_seg(".CRT$XCU")
-# endif
-  static int (*p)(void) = DllInit;
-# pragma data_seg()
-#endif
-static int DllInit(void)
-{
-#if defined(_WIN32_WINNT)
-        union   { int(*f)(void); BYTE *p; } t = { DllInit };
-        HANDLE  hModuleSnap = INVALID_HANDLE_VALUE;
-        IMAGE_DOS_HEADER *dos_header;
-        IMAGE_NT_HEADERS *nt_headers;
-        MODULEENTRY32 me32 = {sizeof(me32)};
-        hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0);
-        if (hModuleSnap != INVALID_HANDLE_VALUE &&
-            Module32First(hModuleSnap,&me32)) do
-                {
-                if (t.p >= me32.modBaseAddr &&
-                    t.p <  me32.modBaseAddr+me32.modBaseSize)
-                        {
-                        dos_header=(IMAGE_DOS_HEADER *)me32.modBaseAddr;
-                        if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
-                                {
-                                nt_headers=(IMAGE_NT_HEADERS *)
-                                        ((BYTE *)dos_header+dos_header->e_lfanew);
-                                if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
-                                    me32.modBaseAddr!=(BYTE*)nt_headers->OptionalHeader.ImageBase)
-                                        OPENSSL_NONPIC_relocated=1;
-                                }
-                        break;
-                        }
-                } while (Module32Next(hModuleSnap,&me32));
-        if (hModuleSnap != INVALID_HANDLE_VALUE)
-                CloseHandle(hModuleSnap);
-#endif
-        OPENSSL_cpuid_setup();
-        return 0;
-}
-#else
 #ifdef __CYGWIN__
 /* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
 #include <windows.h>
+/* this has side-effect of _WIN32 getting defined, which otherwise
+ * is mutually exclusive with __CYGWIN__... */
 #endif
 /* All we really need to do is remove the 'error' state when a thread
@@ -405,16 +740,27 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
        }
 #endif
-#endif
 #if defined(_WIN32) && !defined(__CYGWIN__)
 #include <tchar.h>
+#include <signal.h>
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
 int OPENSSL_isservice(void)
 { HWINSTA h;
  DWORD len;
  WCHAR *name;
+  static union { void *p; int (*f)(void); } _OPENSSL_isservice = { NULL };
+    if (_OPENSSL_isservice.p == NULL) {
+        HANDLE h = GetModuleHandle(NULL);
+        if (h != NULL)
+            _OPENSSL_isservice.p = GetProcAddress(h,"_OPENSSL_isservice");
+        if (_OPENSSL_isservice.p == NULL)
+            _OPENSSL_isservice.p = (void *)-1;
+    }
+    if (_OPENSSL_isservice.p != (void *)-1)
+        return (*_OPENSSL_isservice.f)();
    (void)GetDesktopWindow(); /* return value is ignored */
@@ -513,7 +859,7 @@ void OPENSSL_showfatal (const char *fmta,...)
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
    /* this -------------v--- guards NT-specific calls */
-    if (GetVersion() < 0x80000000 && OPENSSL_isservice())
+    if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
    {   HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
        const TCHAR *pmsg=buf;
        ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
@@ -539,7 +885,13 @@ void OpenSSLDie(const char *file,int line,const char *assertion)
        OPENSSL_showfatal(
                "%s(%d): OpenSSL internal error, assertion failed: %s\n",
                file,line,assertion);
+#if !defined(_WIN32) || defined(__CYGWIN__)
        abort();
+#else
+        /* Win32 abort() customarily shows a dialog, but we just did that... */
+        raise(SIGABRT);
+        _exit(3);
+#endif
        }
 void *OPENSSL_stderr(void)      { return stderr; }
diff --git a/src/lib/libssl/src/crypto/crypto-lib.com b/src/lib/libssl/src/crypto/crypto-lib.com
index e72af90822..a4b6635091 100644
--- a/src/lib/libssl/src/crypto/crypto-lib.com
+++ b/src/lib/libssl/src/crypto/crypto-lib.com
@@ -6,10 +6,11 @@ $!               A-Com Computing, Inc.
 $!               byer@mail.all-net.net
 $!
 $!  Changes by Richard Levitte <richard@levitte.org>
+$!             Zoltan Arpadffy <arpadffy@polarhome.com>
 $!
 $!  This command files compiles and creates the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" 
-$!  library for OpenSSL.  The "xxx" denotes the machine architecture of AXP
+$!  library for OpenSSL.  The "xxx" denotes the machine architecture, ALPHA,
-$!  or VAX.
+$!  IA64 or VAX.
 $!
 $!  It was re-written so it would try to determine what "C" compiler to use 
 $!  or you can specify which "C" compiler to use.
@@ -17,28 +18,28 @@ $!
 $!  Specify the following as P1 to build just that part or ALL to just
 $!  build everything.
 $!
-$!              LIBRARY    To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
+$!      LIBRARY    To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
-$!              APPS       To just compile the [.xxx.EXE.CRYPTO]*.EXE
+$!      APPS       To just compile the [.xxx.EXE.CRYPTO]*.EXE
-$!              ALL        To do both LIBRARY and APPS
+$!      ALL        To do both LIBRARY and APPS
 $!
 $!  Specify DEBUG or NODEBUG as P2 to compile with or without debugger
 $!  information.
 $!
 $!  Specify which compiler at P3 to try to compile under.
 $!
-$!         VAXC  For VAX C.
+$!      VAXC       For VAX C.
-$!         DECC  For DEC C.
+$!      DECC       For DEC C.
-$!         GNUC  For GNU C.
+$!      GNUC       For GNU C.
 $!
-$!  If you don't speficy a compiler, it will try to determine which
+$!  If you don't specify a compiler, it will try to determine which
 $!  "C" compiler to use.
 $!
 $!  P4, if defined, sets a TCP/IP library to use, through one of the following
 $!  keywords:
 $!
-$!      UCX             for UCX
+$!      UCX        For UCX
-$!      TCPIP           for TCPIP (post UCX)
+$!      TCPIP      For TCPIP (post UCX)
-$!      SOCKETSHR       for SOCKETSHR+NETLIB
+$!      SOCKETSHR  For SOCKETSHR+NETLIB
 $!
 $!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
 $!
@@ -54,36 +55,49 @@ $ TCPIP_LIB = ""
 $!
 $! Check Which Architecture We Are Using.
 $!
-$ IF (F$GETSYI("CPU").GE.128)
+$ IF (F$GETSYI("CPU").LT.128)
 $ THEN
 $!
-$!  The Architecture Is AXP
+$!  The Architecture Is VAX
 $!
-$   ARCH := AXP
+$   ARCH = "VAX"
 $!
 $! Else...
 $!
 $ ELSE
 $!
-$!  The Architecture Is VAX.
+$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
 $!
-$   ARCH := VAX
+$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
 $!
 $! End The Architecture Check.
 $!
 $ ENDIF
 $!
 $! Define The Different Encryption Types.
+$! NOTE: Some might think this list ugly.  However, it's made this way to
+$! reflect the SDIRS variable in [-]Makefile.org as closely as possible,
+$! thereby making it fairly easy to verify that the lists are the same.
 $!
+$ ET_WHIRLPOOL = "WHRLPOOL"
+$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = ""
 $ ENCRYPT_TYPES = "Basic,"+ -
                  "OBJECTS,"+ -
-                  "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
+                  "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ -
-                  "DES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,"+ -
+                  "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ -
-                  "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,"+ -
+                  "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ -
                  "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ -
-                  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
+                  "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
                  "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
-                  "STORE,CMS,PQUEUE,JPAKE"
+                  "STORE,CMS,PQUEUE,TS,JPAKE"
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO]
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]
 $!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
@@ -97,9 +111,6 @@ $! Tell The User What Kind of Machine We Run On.
 $!
 $ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
 $!
-$! Define The OBJ Directory.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO]
 $!
 $! Check To See If The Architecture Specific OBJ Directory Exists.
 $!
@@ -114,10 +125,6 @@ $! End The Architecture Specific OBJ Directory Check.
 $!
 $ ENDIF
 $!
-$! Define The EXE Directory.
-$!
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]
-$!
 $! Check To See If The Architecture Specific Directory Exists.
 $!
 $ IF (F$PARSE(EXE_DIR).EQS."")
@@ -161,15 +168,16 @@ $!
 $ APPS_DES = "DES/DES,CBC3_ENC"
 $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
 $
-$ LIB_ = "cryptlib,dyn_lck,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str,o_dir,o_init,fips_err"
+$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,ebcdic,uid,o_time,o_str,o_dir"
 $ LIB_MD2 = "md2_dgst,md2_one"
 $ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"
 $ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512"
 $ LIB_MDC2 = "mdc2dgst,mdc2_one"
-$ LIB_HMAC = "hmac"
+$ LIB_HMAC = "hmac,hm_ameth,hm_pmeth"
 $ LIB_RIPEMD = "rmd_dgst,rmd_one"
-$ LIB_DES = "des_lib,set_key,ecb_enc,cbc_enc,"+ -
+$ LIB_WHRLPOOL = "wp_dgst,wp_block"
+$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
        "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
        "enc_read,enc_writ,ofb64enc,"+ -
        "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
@@ -184,35 +192,39 @@ $ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64"
 $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
 $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
        "cmll_cfb,cmll_ctr"
-$ LIB_SEED = "seed,seed_cbc,seed_ecb,seed_cfb,seed_ofb"
+$ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
+$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128"
 $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
-$ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm"
+$ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
+     LIB_BN_ASM = "bn_asm"
 $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
        "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
        "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
        "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ -
-        "bn_depr,bn_x931p,bn_const,bn_opt"
+        "bn_depr,bn_const"
 $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ -
        "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ -
-        "ec2_smpl,ec2_mult"
+        "ec2_smpl,ec2_mult,ec_ameth,ec_pmeth,eck_prn"
 $ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
        "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
-        "rsa_pss,rsa_x931,rsa_x931g,rsa_asn1,rsa_depr,rsa_eng"
+        "rsa_pss,rsa_x931,rsa_asn1,rsa_depr,rsa_ameth,rsa_prn,"+ -
+        "rsa_pmeth"
 $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ -
-        "dsa_err,dsa_ossl,dsa_depr,dsa_utl"
+        "dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn"
 $ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"
-$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr"
+$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr,"+ -
+        "dh_ameth,dh_pmeth,dh_prn"
 $ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err"
 $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
-        "dso_openssl,dso_win32,dso_vms"
+        "dso_openssl,dso_win32,dso_vms,dso_beos"
 $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -
        "eng_table,eng_pkey,eng_fat,eng_all,"+ -
        "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ -
-        "tb_cipher,tb_digest,"+ -
+        "tb_cipher,tb_digest,tb_pkmeth,tb_asnmth,"+ -
-        "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock"
+        "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev"
-$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ -
+$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr,"+ -
-        "aes_ctr,aes_ige,aes_wrap"
+        "aes_ige,aes_wrap"
-$ LIB_BUFFER = "buffer,buf_str,buf_err"
+$ LIB_BUFFER = "buffer,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
        "bss_mem,bss_null,bss_fd,"+ -
        "bss_file,bss_sock,bss_conn,"+ -
@@ -224,33 +236,34 @@ $ LIB_STACK = "stack"
 $ LIB_LHASH = "lhash,lh_stats"
 $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
        "rand_vms"
-$ LIB_ERR = "err,err_def,err_all,err_prn,err_str,err_bio"
+$ LIB_ERR = "err,err_all,err_prn"
-$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
+$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref"
-$ LIB_EVP = "encode,digest,dig_eng,evp_enc,evp_key,evp_acnf,evp_cnf,"+ -
+$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
        "e_des,e_bf,e_idea,e_des3,e_camellia,"+ -
        "e_rc4,e_aes,names,e_seed,"+ -
-        "e_xcbc_d,e_rc2,e_cast,e_rc5,enc_min"
+        "e_xcbc_d,e_rc2,e_cast,e_rc5"
-$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + -
+$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1,m_wp," + -
        "m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ -
        "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
        "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
        "c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
        "evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
-$ LIB_EVP_3 = "e_old"
+$ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver"
 $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
        "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -
        "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
        "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ -
        "x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ -
-        "d2i_pu,d2i_pr,i2d_pu,i2d_pr"
+        "x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr"
 $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
        "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
+        "tasn_prn,ameth_lib,"+ -
        "f_int,f_string,n_pkey,"+ -
-        "f_enum,a_hdr,x_pkey,a_bool,x_exten,asn_mime,"+ -
+        "f_enum,x_pkey,a_bool,x_exten,bio_asn1,bio_ndef,asn_mime,"+ -
-        "asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ -
+        "asn1_gen,asn1_par,asn1_lib,asn1_err,a_bytes,a_strnid,"+ -
        "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid"
 $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ -
-        "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey"
+        "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey,pvkfmt"
 $ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ -
        "x509_obj,x509_req,x509spki,x509_vfy,"+ -
        "x509_set,x509cset,x509rset,x509_err,"+ -
@@ -266,7 +279,7 @@ $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
 $ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap"
 $ LIB_TXT_DB = "txt_db"
 $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ -
-        "pk7_mime"
+        "pk7_mime,bio_pk7"
 $ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ -
        "p12_init,p12_key,p12_kiss,p12_mutl,"+ -
        "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e"
@@ -281,6 +294,9 @@ $ LIB_STORE = "str_err,str_lib,str_meth,str_mem"
 $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ -
        "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess"
 $ LIB_PQUEUE = "pqueue"
+$ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+ -
+        "ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ -
+        "ts_asn1"
 $ LIB_JPAKE = "jpake,jpake_err"
 $!
 $! Setup exceptional compilations
@@ -291,7 +307,7 @@ $ ! Disable the DOLLARID warning
 $ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,o_dir"
 $ ! Disable disjoint optimization
 $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
-                    "sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
+                    "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
 $ ! Disable the MIXLINKAGE warning
 $ COMPILEWITH_CC6 = ",enc_read,set_key,"
 $!
@@ -334,11 +350,11 @@ $! Create The Library and Apps Module Names.
 $!
 $ LIB_MODULE = "LIB_" + MODULE_NAME
 $ APPS_MODULE = "APPS_" + MODULE_NAME
-$ IF (MODULE_NAME.EQS."ASN1_2")
+$ IF (F$EXTRACT(0,5,MODULE_NAME).EQS."ASN1_")
 $ THEN
 $   MODULE_NAME = "ASN1"
 $ ENDIF
-$ IF (MODULE_NAME.EQS."EVP_2")
+$ IF (F$EXTRACT(0,4,MODULE_NAME).EQS."EVP_")
 $ THEN
 $   MODULE_NAME = "EVP"
 $ ENDIF
@@ -353,7 +369,7 @@ $!
 $ IF F$TYPE('LIB_MODULE') .EQS. ""
 $ THEN
 $   WRITE SYS$ERROR ""
-$   WRITE SYS$ERROR "The module ",MODULE_NAME," does not exist.  Continuing..."
+$   WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist.  Continuing..."
 $   WRITE SYS$ERROR ""
 $   GOTO MODULE_NEXT
 $ ENDIF
@@ -694,7 +710,7 @@ $!
 $   IF (F$SEARCH(OPT_FILE).EQS."")
 $   THEN
 $!
-$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!    Figure Out If We Need A non-VAX Or A VAX Linker Option File.
 $!
 $     IF ARCH .EQS. "VAX"
 $     THEN
@@ -714,19 +730,19 @@ $!    Else...
 $!
 $     ELSE
 $!
-$!      Create The AXP Linker Option File.
+$!      Create The non-VAX Linker Option File.
 $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For AXP To Link Agianst 
+! Default System Options File For non-VAX To Link Agianst 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
 SYS$SHARE:CMA$OPEN_RTL/SHARE
 $EOD
 $!
-$!    End The VAX/AXP DEC C Option File Check.
+$!    End The DEC C Option File Check.
 $!
 $     ENDIF
 $!
@@ -763,12 +779,12 @@ $! Else...
 $!
 $ ELSE
 $!
-$!  Else, Check To See If P1 Has A Valid Arguement.
+$!  Else, Check To See If P1 Has A Valid Argument.
 $!
 $   IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS")
 $   THEN
 $!
-$!    A Valid Arguement.
+$!    A Valid Argument.
 $!
 $     BUILDALL = P1
 $!
@@ -787,15 +803,16 @@ $     WRITE SYS$OUTPUT "    APPS     :  To Compile Just The [.xxx.EXE.CRYPTO]*.E
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
+$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
 $     WRITE SYS$OUTPUT ""
 $!
 $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -848,7 +865,7 @@ $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -913,7 +930,7 @@ $   ELSE
 $!
 $!    Check To See If We Have VAXC Or DECC.
 $!
-$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
 $     THEN 
 $!
 $!      Looks Like DECC, Set To Use DECC.
@@ -1019,12 +1036,12 @@ $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
         THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
           "/NOLIST/PREFIX=ALL" + -
-           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP])" + -
+           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
           CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -1046,14 +1063,14 @@ $!
 $!    Compile Using VAXC.
 $!
 $     CC = "CC"
-$     IF ARCH.EQS."AXP"
+$     IF ARCH.NES."VAX"
 $     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
 $       EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
           CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -1063,7 +1080,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -1085,12 +1102,12 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
           CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -1135,7 +1152,7 @@ $!  Show user the result
 $!
 $   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
@@ -1153,14 +1170,14 @@ $!  Time To EXIT.
 $!
 $   EXIT
 $!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
 $!
 $ ENDIF
 $!
 $! Build a MACRO command for the architecture at hand
 $!
 $ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
-$ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
+$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
 $!
 $!  Show user the result
 $!
@@ -1248,7 +1265,7 @@ $!  Print info
 $!
 $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
diff --git a/src/lib/libssl/src/crypto/crypto.h b/src/lib/libssl/src/crypto/crypto.h
index 0e4fb0723c..b0360cec51 100644
--- a/src/lib/libssl/src/crypto/crypto.h
+++ b/src/lib/libssl/src/crypto/crypto.h
@@ -1,6 +1,6 @@
 /* crypto/crypto.h */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -219,13 +219,9 @@ typedef struct openssl_item_st
 #define CRYPTO_LOCK_EC_PRE_COMP         36
 #define CRYPTO_LOCK_STORE               37
 #define CRYPTO_LOCK_COMP                38
-#ifndef OPENSSL_FIPS
-#define CRYPTO_NUM_LOCKS                39
-#else
 #define CRYPTO_LOCK_FIPS                39
 #define CRYPTO_LOCK_FIPS2               40
 #define CRYPTO_NUM_LOCKS                41
-#endif
 #define CRYPTO_LOCK             1
 #define CRYPTO_UNLOCK           2
@@ -288,9 +284,10 @@ typedef struct bio_st BIO_dummy;
 struct crypto_ex_data_st
        {
-        STACK *sk;
+        STACK_OF(void) *sk;
        int dummy; /* gcc is screwing up this data structure :-( */
        };
+DECLARE_STACK_OF(void)
 /* This stuff is basically class callback functions
 * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */
@@ -347,7 +344,14 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
 /* Set standard debugging functions (not done by default
 * unless CRYPTO_MDEBUG is defined) */
-void CRYPTO_malloc_debug_init(void);
+#define CRYPTO_malloc_debug_init()      do {\
+        CRYPTO_set_mem_debug_functions(\
+                CRYPTO_dbg_malloc,\
+                CRYPTO_dbg_realloc,\
+                CRYPTO_dbg_free,\
+                CRYPTO_dbg_set_options,\
+                CRYPTO_dbg_get_options);\
+        } while(0)
 int CRYPTO_mem_ctrl(int mode);
 int CRYPTO_is_mem_check_on(void);
@@ -420,16 +424,32 @@ void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
                                              const char *file, int line));
 int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
                                          const char *file,int line);
+/* Don't use this structure directly. */
+typedef struct crypto_threadid_st
+        {
+        void *ptr;
+        unsigned long val;
+        } CRYPTO_THREADID;
+/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
+void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val);
+void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr);
+int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *));
+void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *);
+void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
+int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b);
+void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src);
+unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
+#ifndef OPENSSL_NO_DEPRECATED
 void CRYPTO_set_id_callback(unsigned long (*func)(void));
 unsigned long (*CRYPTO_get_id_callback(void))(void);
 unsigned long CRYPTO_thread_id(void);
+#endif
 const char *CRYPTO_get_lock_name(int type);
 int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,
                    int line);
-void int_CRYPTO_set_do_dynlock_callback(
-        void (*do_dynlock_cb)(int mode, int type, const char *file, int line));
 int CRYPTO_get_new_dynlockid(void);
 void CRYPTO_destroy_dynlockid(int i);
 struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);
@@ -454,10 +474,6 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
                                   void (*f)(void *,int),
                                   void (*so)(long),
                                   long (*go)(void));
-void CRYPTO_set_mem_info_functions(
-        int  (*push_info_fn)(const char *info, const char *file, int line),
-        int  (*pop_info_fn)(void),
-        int (*remove_all_info_fn)(void));
 void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *));
 void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));
 void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int),
@@ -514,9 +530,6 @@ void CRYPTO_dbg_free(void *addr,int before_p);
 void CRYPTO_dbg_set_options(long bits);
 long CRYPTO_dbg_get_options(void);
-int CRYPTO_dbg_push_info(const char *info, const char *file, int line);
-int CRYPTO_dbg_pop_info(void);
-int CRYPTO_dbg_remove_all_info(void);
 #ifndef OPENSSL_NO_FP_API
 void CRYPTO_mem_leaks_fp(FILE *);
@@ -534,69 +547,12 @@ unsigned long *OPENSSL_ia32cap_loc(void);
 #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
 int OPENSSL_isservice(void);
-#ifdef OPENSSL_FIPS
-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
-                alg " previous FIPS forbidden algorithm error ignored");
-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
-                #alg " Algorithm forbidden in FIPS mode");
-#ifdef OPENSSL_FIPS_STRICT
-#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg)
-#else
-#define FIPS_BAD_ALGORITHM(alg) \
-        { \
-        FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \
-        ERR_add_error_data(2, "Algorithm=", #alg); \
-        return 0; \
-        }
-#endif
-/* Low level digest API blocking macro */
-#define FIPS_NON_FIPS_MD_Init(alg) \
-        int alg##_Init(alg##_CTX *c) \
-                { \
-                if (FIPS_mode()) \
-                        FIPS_BAD_ALGORITHM(alg) \
-                return private_##alg##_Init(c); \
-                } \
-        int private_##alg##_Init(alg##_CTX *c)
-/* For ciphers the API often varies from cipher to cipher and each needs to
- * be treated as a special case. Variable key length ciphers (Blowfish, RC4,
- * CAST) however are very similar and can use a blocking macro.
- */
-#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
-        void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \
-                { \
-                if (FIPS_mode()) \
-                        FIPS_BAD_ABORT(alg) \
-                private_##alg##_set_key(key, len, data); \
-                } \
-        void private_##alg##_set_key(alg##_KEY *key, int len, \
-                                        const unsigned char *data)
-#else
-#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
-        void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data)
-#define FIPS_NON_FIPS_MD_Init(alg) \
-        int alg##_Init(alg##_CTX *c) 
-#endif /* def OPENSSL_FIPS */
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_CRYPTO_strings(void);
-#define OPENSSL_HAVE_INIT       1
-void OPENSSL_init(void);
 /* Error codes for the CRYPTO functions. */
 /* Function codes. */
diff --git a/src/lib/libssl/src/crypto/des/Makefile b/src/lib/libssl/src/crypto/des/Makefile
index 786e68802e..ae982265fd 100644
--- a/src/lib/libssl/src/crypto/des/Makefile
+++ b/src/lib/libssl/src/crypto/des/Makefile
@@ -12,8 +12,6 @@ MAKEFILE=	Makefile
 AR=             ar r
 RANLIB=         ranlib
 DES_ENC=        des_enc.o fcrypt_b.o
-# or use
-#DES_ENC=       dx86-elf.o yx86-elf.o
 CFLAGS= $(INCLUDES) $(CFLAG)
 ASFLAGS= $(INCLUDES) $(ASFLAG)
@@ -24,7 +22,7 @@ TEST=destest.c
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC= des_lib.c cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+LIBSRC= cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
        ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
        fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
        qud_cksm.c rand_key.c rpc_enc.c  set_key.c  \
@@ -33,7 +31,7 @@ LIBSRC=	des_lib.c cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
        str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \
        read2pwd.c
-LIBOBJ= des_lib.o set_key.o  ecb_enc.o  cbc_enc.o \
+LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
        ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
        enc_read.o enc_writ.o ofb64enc.o \
        ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
@@ -54,7 +52,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -64,21 +62,10 @@ des: des.o cbc3_enc.o lib
 des_enc-sparc.S:        asm/des_enc.m4
        m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S
-# ELF
+des-586.s:      asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-dx86-elf.s:     asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
-        (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > ../$@)
+crypt586.s:     asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-yx86-elf.s:     asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/crypt586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
-        (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > ../$@)
-# COFF
-dx86-cof.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) des-586.pl coff $(CFLAGS) > ../$@)
-yx86-cof.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) crypt586.pl coff $(CFLAGS) > ../$@)
-# a.out
-dx86-out.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) des-586.pl a.out $(CFLAGS) > ../$@)
-yx86-out.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) crypt586.pl a.out $(CFLAGS) > ../$@)
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -156,14 +143,7 @@ des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-des_enc.o: des_enc.c des_locl.h ncbc_enc.c
+des_enc.o: des_enc.c des_locl.h ncbc_enc.c spr.h
-des_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-des_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-des_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-des_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-des_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-des_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-des_lib.o: ../../include/openssl/ui_compat.h des_lib.c des_locl.h des_ver.h
 des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
@@ -182,12 +162,13 @@ ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 ecb3_enc.o: des_locl.h ecb3_enc.c
+ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-ecb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ecb_enc.o: des_locl.h ecb_enc.c spr.h
+ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
 ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 ede_cbcm_enc.o: ../../include/openssl/e_os2.h
 ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
@@ -277,11 +258,11 @@ rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c
 set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h
+set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c
+set_key.o: des_locl.h set_key.c
 str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
diff --git a/src/lib/libssl/src/crypto/des/asm/crypt586.pl b/src/lib/libssl/src/crypto/des/asm/crypt586.pl
index 1d04ed6def..e36f7d44bd 100644
--- a/src/lib/libssl/src/crypto/des/asm/crypt586.pl
+++ b/src/lib/libssl/src/crypto/des/asm/crypt586.pl
@@ -6,7 +6,8 @@
 # things perfect.
 #
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],"crypt586.pl");
@@ -22,7 +23,7 @@ sub fcrypt_body
        {
        local($name,$do_ip)=@_;
-        &function_begin($name,"EXTRN   _DES_SPtrans:DWORD");
+        &function_begin($name);
        &comment("");
        &comment("Load the 2 words");
diff --git a/src/lib/libssl/src/crypto/des/asm/des-586.pl b/src/lib/libssl/src/crypto/des/asm/des-586.pl
index b75d3c6b3a..5b5f39cebd 100644
--- a/src/lib/libssl/src/crypto/des/asm/des-586.pl
+++ b/src/lib/libssl/src/crypto/des/asm/des-586.pl
@@ -4,7 +4,8 @@
 # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
 #
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 require "cbc.pl";
 require "desboth.pl";
@@ -18,29 +19,110 @@ require "desboth.pl";
 $L="edi";
 $R="esi";
+$trans="ebp";
+$small_footprint=1 if (grep(/\-DOPENSSL_SMALL_FOOTPRINT/,@ARGV));
+# one can discuss setting this variable to 1 unconditionally, as
+# the folded loop is only 3% slower than unrolled, but >7 times smaller
-&external_label("DES_SPtrans");
+&public_label("DES_SPtrans");
+&DES_encrypt_internal();
+&DES_decrypt_internal();
 &DES_encrypt("DES_encrypt1",1);
 &DES_encrypt("DES_encrypt2",0);
 &DES_encrypt3("DES_encrypt3",1);
 &DES_encrypt3("DES_decrypt3",0);
 &cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1);
 &cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5);
+&DES_SPtrans();
 &asm_finish();
+sub DES_encrypt_internal()
+        {
+        &function_begin_B("_x86_DES_encrypt");
+        if ($small_footprint)
+            {
+            &lea("edx",&DWP(128,"ecx"));
+            &push("edx");
+            &push("ecx");
+            &set_label("eloop");
+                &D_ENCRYPT(0,$L,$R,0,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                &comment("");
+                &D_ENCRYPT(1,$R,$L,2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                &comment("");
+                &add("ecx",16);
+                &cmp("ecx",&swtmp(1));
+                &mov(&swtmp(0),"ecx");
+                &jb(&label("eloop"));
+            &add("esp",8);
+            }
+        else
+            {
+            &push("ecx");
+            for ($i=0; $i<16; $i+=2)
+                {
+                &comment("Round $i");
+                &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                &comment("Round ".sprintf("%d",$i+1));
+                &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                }
+            &add("esp",4);
+        }
+        &ret();
+        &function_end_B("_x86_DES_encrypt");
+        }
+        
+sub DES_decrypt_internal()
+        {
+        &function_begin_B("_x86_DES_decrypt");
+        if ($small_footprint)
+            {
+            &push("ecx");
+            &lea("ecx",&DWP(128,"ecx"));
+            &push("ecx");
+            &set_label("dloop");
+                &D_ENCRYPT(0,$L,$R,-2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                &comment("");
+                &D_ENCRYPT(1,$R,$L,-4,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                &comment("");
+                &sub("ecx",16);
+                &cmp("ecx",&swtmp(1));
+                &mov(&swtmp(0),"ecx");
+                &ja(&label("dloop"));
+            &add("esp",8);
+            }
+        else
+            {
+            &push("ecx");
+            for ($i=15; $i>0; $i-=2)
+                {
+                &comment("Round $i");
+                &D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                &comment("Round ".sprintf("%d",$i-1));
+                &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                }
+            &add("esp",4);
+            }
+        &ret();
+        &function_end_B("_x86_DES_decrypt");
+        }
+        
 sub DES_encrypt
        {
        local($name,$do_ip)=@_;
-        &function_begin_B($name,"EXTRN   _DES_SPtrans:DWORD");
+        &function_begin_B($name);
        &push("esi");
        &push("edi");
        &comment("");
        &comment("Load the 2 words");
-        $trans="ebp";
        if ($do_ip)
                {
@@ -73,39 +155,20 @@ sub DES_encrypt
                }
        # PIC-ification:-)
-        &picmeup($trans,"DES_SPtrans");
+        &call   (&label("pic_point"));
-        #if ($cpp)      { &picmeup($trans,"DES_SPtrans");   }
+        &set_label("pic_point");
-        #else           { &lea($trans,&DWP("DES_SPtrans")); }
+        &blindpop($trans);
+        &lea    ($trans,&DWP(&label("DES_SPtrans")."-".&label("pic_point"),$trans));
        &mov(   "ecx",  &wparam(1)      );
-        &cmp("ebx","0");
-        &je(&label("start_decrypt"));
-        for ($i=0; $i<16; $i+=2)
-                {
-                &comment("");
-                &comment("Round $i");
-                &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
-                &comment("");
-                &comment("Round ".sprintf("%d",$i+1));
-                &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx");
-                }
-        &jmp(&label("end"));
-        &set_label("start_decrypt");
+        &cmp("ebx","0");
+        &je(&label("decrypt"));
-        for ($i=15; $i>0; $i-=2)
+        &call("_x86_DES_encrypt");
-                {
+        &jmp(&label("done"));
-                &comment("");
+        &set_label("decrypt");
-                &comment("Round $i");
+        &call("_x86_DES_decrypt");
-                &D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
+        &set_label("done");
-                &comment("");
-                &comment("Round ".sprintf("%d",$i-1));
-                &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx");
-                }
-        &set_label("end");
        if ($do_ip)
                {
@@ -139,7 +202,7 @@ sub DES_encrypt
 sub D_ENCRYPT
        {
-        local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_;
+        local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t,$wp1)=@_;
         &mov(  $u,             &DWP(&n2a($S*4),$tmp2,"",0));
        &xor(   $tmp1,          $tmp1);
@@ -166,7 +229,7 @@ sub D_ENCRYPT
        &and(   $t,             "0xff"  );
         &xor(  $L,             &DWP("0x600",$trans,$tmp1,0));
         &xor(  $L,             &DWP("0x700",$trans,$tmp2,0));
-        &mov(   $tmp2,          &wparam(1)      );
+        &mov(   $tmp2,          $wp1    );
         &xor(  $L,             &DWP("0x400",$trans,$u,0));
         &xor(  $L,             &DWP("0x500",$trans,$t,0));
        }
@@ -249,3 +312,142 @@ sub FP_new
        &rotr($tt       , 4);
        }
+sub DES_SPtrans
+        {
+        &set_label("DES_SPtrans",64);
+        &data_word(0x02080800, 0x00080000, 0x02000002, 0x02080802);
+        &data_word(0x02000000, 0x00080802, 0x00080002, 0x02000002);
+        &data_word(0x00080802, 0x02080800, 0x02080000, 0x00000802);
+        &data_word(0x02000802, 0x02000000, 0x00000000, 0x00080002);
+        &data_word(0x00080000, 0x00000002, 0x02000800, 0x00080800);
+        &data_word(0x02080802, 0x02080000, 0x00000802, 0x02000800);
+        &data_word(0x00000002, 0x00000800, 0x00080800, 0x02080002);
+        &data_word(0x00000800, 0x02000802, 0x02080002, 0x00000000);
+        &data_word(0x00000000, 0x02080802, 0x02000800, 0x00080002);
+        &data_word(0x02080800, 0x00080000, 0x00000802, 0x02000800);
+        &data_word(0x02080002, 0x00000800, 0x00080800, 0x02000002);
+        &data_word(0x00080802, 0x00000002, 0x02000002, 0x02080000);
+        &data_word(0x02080802, 0x00080800, 0x02080000, 0x02000802);
+        &data_word(0x02000000, 0x00000802, 0x00080002, 0x00000000);
+        &data_word(0x00080000, 0x02000000, 0x02000802, 0x02080800);
+        &data_word(0x00000002, 0x02080002, 0x00000800, 0x00080802);
+        # nibble 1
+        &data_word(0x40108010, 0x00000000, 0x00108000, 0x40100000);
+        &data_word(0x40000010, 0x00008010, 0x40008000, 0x00108000);
+        &data_word(0x00008000, 0x40100010, 0x00000010, 0x40008000);
+        &data_word(0x00100010, 0x40108000, 0x40100000, 0x00000010);
+        &data_word(0x00100000, 0x40008010, 0x40100010, 0x00008000);
+        &data_word(0x00108010, 0x40000000, 0x00000000, 0x00100010);
+        &data_word(0x40008010, 0x00108010, 0x40108000, 0x40000010);
+        &data_word(0x40000000, 0x00100000, 0x00008010, 0x40108010);
+        &data_word(0x00100010, 0x40108000, 0x40008000, 0x00108010);
+        &data_word(0x40108010, 0x00100010, 0x40000010, 0x00000000);
+        &data_word(0x40000000, 0x00008010, 0x00100000, 0x40100010);
+        &data_word(0x00008000, 0x40000000, 0x00108010, 0x40008010);
+        &data_word(0x40108000, 0x00008000, 0x00000000, 0x40000010);
+        &data_word(0x00000010, 0x40108010, 0x00108000, 0x40100000);
+        &data_word(0x40100010, 0x00100000, 0x00008010, 0x40008000);
+        &data_word(0x40008010, 0x00000010, 0x40100000, 0x00108000);
+        # nibble 2
+        &data_word(0x04000001, 0x04040100, 0x00000100, 0x04000101);
+        &data_word(0x00040001, 0x04000000, 0x04000101, 0x00040100);
+        &data_word(0x04000100, 0x00040000, 0x04040000, 0x00000001);
+        &data_word(0x04040101, 0x00000101, 0x00000001, 0x04040001);
+        &data_word(0x00000000, 0x00040001, 0x04040100, 0x00000100);
+        &data_word(0x00000101, 0x04040101, 0x00040000, 0x04000001);
+        &data_word(0x04040001, 0x04000100, 0x00040101, 0x04040000);
+        &data_word(0x00040100, 0x00000000, 0x04000000, 0x00040101);
+        &data_word(0x04040100, 0x00000100, 0x00000001, 0x00040000);
+        &data_word(0x00000101, 0x00040001, 0x04040000, 0x04000101);
+        &data_word(0x00000000, 0x04040100, 0x00040100, 0x04040001);
+        &data_word(0x00040001, 0x04000000, 0x04040101, 0x00000001);
+        &data_word(0x00040101, 0x04000001, 0x04000000, 0x04040101);
+        &data_word(0x00040000, 0x04000100, 0x04000101, 0x00040100);
+        &data_word(0x04000100, 0x00000000, 0x04040001, 0x00000101);
+        &data_word(0x04000001, 0x00040101, 0x00000100, 0x04040000);
+        # nibble 3
+        &data_word(0x00401008, 0x10001000, 0x00000008, 0x10401008);
+        &data_word(0x00000000, 0x10400000, 0x10001008, 0x00400008);
+        &data_word(0x10401000, 0x10000008, 0x10000000, 0x00001008);
+        &data_word(0x10000008, 0x00401008, 0x00400000, 0x10000000);
+        &data_word(0x10400008, 0x00401000, 0x00001000, 0x00000008);
+        &data_word(0x00401000, 0x10001008, 0x10400000, 0x00001000);
+        &data_word(0x00001008, 0x00000000, 0x00400008, 0x10401000);
+        &data_word(0x10001000, 0x10400008, 0x10401008, 0x00400000);
+        &data_word(0x10400008, 0x00001008, 0x00400000, 0x10000008);
+        &data_word(0x00401000, 0x10001000, 0x00000008, 0x10400000);
+        &data_word(0x10001008, 0x00000000, 0x00001000, 0x00400008);
+        &data_word(0x00000000, 0x10400008, 0x10401000, 0x00001000);
+        &data_word(0x10000000, 0x10401008, 0x00401008, 0x00400000);
+        &data_word(0x10401008, 0x00000008, 0x10001000, 0x00401008);
+        &data_word(0x00400008, 0x00401000, 0x10400000, 0x10001008);
+        &data_word(0x00001008, 0x10000000, 0x10000008, 0x10401000);
+        # nibble 4
+        &data_word(0x08000000, 0x00010000, 0x00000400, 0x08010420);
+        &data_word(0x08010020, 0x08000400, 0x00010420, 0x08010000);
+        &data_word(0x00010000, 0x00000020, 0x08000020, 0x00010400);
+        &data_word(0x08000420, 0x08010020, 0x08010400, 0x00000000);
+        &data_word(0x00010400, 0x08000000, 0x00010020, 0x00000420);
+        &data_word(0x08000400, 0x00010420, 0x00000000, 0x08000020);
+        &data_word(0x00000020, 0x08000420, 0x08010420, 0x00010020);
+        &data_word(0x08010000, 0x00000400, 0x00000420, 0x08010400);
+        &data_word(0x08010400, 0x08000420, 0x00010020, 0x08010000);
+        &data_word(0x00010000, 0x00000020, 0x08000020, 0x08000400);
+        &data_word(0x08000000, 0x00010400, 0x08010420, 0x00000000);
+        &data_word(0x00010420, 0x08000000, 0x00000400, 0x00010020);
+        &data_word(0x08000420, 0x00000400, 0x00000000, 0x08010420);
+        &data_word(0x08010020, 0x08010400, 0x00000420, 0x00010000);
+        &data_word(0x00010400, 0x08010020, 0x08000400, 0x00000420);
+        &data_word(0x00000020, 0x00010420, 0x08010000, 0x08000020);
+        # nibble 5
+        &data_word(0x80000040, 0x00200040, 0x00000000, 0x80202000);
+        &data_word(0x00200040, 0x00002000, 0x80002040, 0x00200000);
+        &data_word(0x00002040, 0x80202040, 0x00202000, 0x80000000);
+        &data_word(0x80002000, 0x80000040, 0x80200000, 0x00202040);
+        &data_word(0x00200000, 0x80002040, 0x80200040, 0x00000000);
+        &data_word(0x00002000, 0x00000040, 0x80202000, 0x80200040);
+        &data_word(0x80202040, 0x80200000, 0x80000000, 0x00002040);
+        &data_word(0x00000040, 0x00202000, 0x00202040, 0x80002000);
+        &data_word(0x00002040, 0x80000000, 0x80002000, 0x00202040);
+        &data_word(0x80202000, 0x00200040, 0x00000000, 0x80002000);
+        &data_word(0x80000000, 0x00002000, 0x80200040, 0x00200000);
+        &data_word(0x00200040, 0x80202040, 0x00202000, 0x00000040);
+        &data_word(0x80202040, 0x00202000, 0x00200000, 0x80002040);
+        &data_word(0x80000040, 0x80200000, 0x00202040, 0x00000000);
+        &data_word(0x00002000, 0x80000040, 0x80002040, 0x80202000);
+        &data_word(0x80200000, 0x00002040, 0x00000040, 0x80200040);
+        # nibble 6
+        &data_word(0x00004000, 0x00000200, 0x01000200, 0x01000004);
+        &data_word(0x01004204, 0x00004004, 0x00004200, 0x00000000);
+        &data_word(0x01000000, 0x01000204, 0x00000204, 0x01004000);
+        &data_word(0x00000004, 0x01004200, 0x01004000, 0x00000204);
+        &data_word(0x01000204, 0x00004000, 0x00004004, 0x01004204);
+        &data_word(0x00000000, 0x01000200, 0x01000004, 0x00004200);
+        &data_word(0x01004004, 0x00004204, 0x01004200, 0x00000004);
+        &data_word(0x00004204, 0x01004004, 0x00000200, 0x01000000);
+        &data_word(0x00004204, 0x01004000, 0x01004004, 0x00000204);
+        &data_word(0x00004000, 0x00000200, 0x01000000, 0x01004004);
+        &data_word(0x01000204, 0x00004204, 0x00004200, 0x00000000);
+        &data_word(0x00000200, 0x01000004, 0x00000004, 0x01000200);
+        &data_word(0x00000000, 0x01000204, 0x01000200, 0x00004200);
+        &data_word(0x00000204, 0x00004000, 0x01004204, 0x01000000);
+        &data_word(0x01004200, 0x00000004, 0x00004004, 0x01004204);
+        &data_word(0x01000004, 0x01004200, 0x01004000, 0x00004004);
+        # nibble 7
+        &data_word(0x20800080, 0x20820000, 0x00020080, 0x00000000);
+        &data_word(0x20020000, 0x00800080, 0x20800000, 0x20820080);
+        &data_word(0x00000080, 0x20000000, 0x00820000, 0x00020080);
+        &data_word(0x00820080, 0x20020080, 0x20000080, 0x20800000);
+        &data_word(0x00020000, 0x00820080, 0x00800080, 0x20020000);
+        &data_word(0x20820080, 0x20000080, 0x00000000, 0x00820000);
+        &data_word(0x20000000, 0x00800000, 0x20020080, 0x20800080);
+        &data_word(0x00800000, 0x00020000, 0x20820000, 0x00000080);
+        &data_word(0x00800000, 0x00020000, 0x20000080, 0x20820080);
+        &data_word(0x00020080, 0x20000000, 0x00000000, 0x00820000);
+        &data_word(0x20800080, 0x20020080, 0x20020000, 0x00800080);
+        &data_word(0x20820000, 0x00000080, 0x00800080, 0x20020000);
+        &data_word(0x20820080, 0x00800000, 0x20800000, 0x20000080);
+        &data_word(0x00820000, 0x00020080, 0x20020080, 0x20800000);
+        &data_word(0x00000080, 0x20820000, 0x00820080, 0x00000000);
+        &data_word(0x20000000, 0x20800080, 0x00020000, 0x00820080);
+        }
diff --git a/src/lib/libssl/src/crypto/des/des-lib.com b/src/lib/libssl/src/crypto/des/des-lib.com
index fc2c35a1ce..348f1c0470 100644
--- a/src/lib/libssl/src/crypto/des/des-lib.com
+++ b/src/lib/libssl/src/crypto/des/des-lib.com
@@ -9,7 +9,7 @@ $!  Changes by Richard Levitte <richard@levitte.org>
 $!
 $!  This command files compiles and creates the 
 $!  "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library.  The "xxx" denotes the machine 
-$!  architecture of AXP or VAX.
+$!  architecture of ALPHA, IA64 or VAX.
 $!
 $!  It was re-written to try to determine which "C" compiler to try to use
 $!  or the user can specify a compiler in P3.
@@ -45,25 +45,34 @@ $!
 $!
 $! Check Which Architecture We Are Using.
 $!
-$ IF (F$GETSYI("CPU").GE.128)
+$ IF (F$GETSYI("CPU").LT.128)
 $ THEN
 $!
-$!  The Architecture Is AXP.
+$!  The Architecture Is VAX
 $!
-$   ARCH := AXP
+$   ARCH := VAX
 $!
 $! Else...
 $!
 $ ELSE
 $!
-$!  The Architecture Is VAX.
+$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
 $!
-$   ARCH := VAX
+$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
 $!
 $! End The Architecture Check.
 $!
 $ ENDIF
 $!
+$! Define The OBJ Directory Name.
+$!
+$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
+$!
+$! Define The EXE Directory Name.
+$!
+$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
+$!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
 $ GOSUB CHECK_OPTIONS
@@ -72,10 +81,6 @@ $! Tell The User What Kind of Machine We Run On.
 $!
 $ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
 $!
-$! Define The OBJ Directory Name.
-$!
-$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
-$!
 $! Check To See If The Architecture Specific OBJ Directory Exists.
 $!
 $ IF (F$PARSE(OBJ_DIR).EQS."")
@@ -89,10 +94,6 @@ $! End The Architecture Specific OBJ Directory Check.
 $!
 $ ENDIF
 $!
-$! Define The EXE Directory Name.
-$!
-$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
-$!
 $! Check To See If The Architecture Specific Directory Exists.
 $!
 $ IF (F$PARSE(EXE_DIR).EQS."")
@@ -564,7 +565,7 @@ $!
 $   IF (F$SEARCH(OPT_FILE).EQS."")
 $   THEN
 $!
-$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!    Figure Out If We Need An non-VAX Or A VAX Linker Option File.
 $!
 $     IF (F$GETSYI("CPU").LT.128)
 $     THEN
@@ -584,19 +585,19 @@ $!    Else...
 $!
 $     ELSE
 $!
-$!      Create The AXP Linker Option File.
+$!      Create The non-VAX Linker Option File.
 $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For AXP To Link Agianst 
+! Default System Options File For non-VAX To Link Agianst 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
 SYS$SHARE:CMA$OPEN_RTL/SHARE
 $EOD
 $!
-$!    End The VAX/AXP DEC C Option File Check.
+$!    End The DEC C Option File Check.
 $!
 $     ENDIF
 $!
@@ -658,13 +659,13 @@ $! Else...
 $!
 $ ELSE
 $!
-$!  Else, Check To See If P1 Has A Valid Arguement.
+$!  Else, Check To See If P1 Has A Valid Argument.
 $!
 $   IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") -
       .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS")
 $   THEN
 $!
-$!    A Valid Arguement.
+$!    A Valid Argument.
 $!
 $     BUILDALL = P1
 $!
@@ -677,7 +678,7 @@ $!
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything.
+$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
 $     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library."
 $     WRITE SYS$OUTPUT "    DESTEST  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program."
 $     WRITE SYS$OUTPUT "    SPEED    :  To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program."
@@ -687,15 +688,16 @@ $     WRITE SYS$OUTPUT "    DES_OPTS :  To Compile Just The [.xxx.EXE.CRYTPO.DES
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " Where 'xxx' Stands For: "
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
+$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
 $     WRITE SYS$OUTPUT ""
 $!
 $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -752,7 +754,7 @@ $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -817,7 +819,7 @@ $   ELSE
 $!
 $!    Check To See If We Have VAXC Or DECC.
 $!
-$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
 $     THEN 
 $!
 $!      Looks Like DECC, Set To Use DECC.
@@ -882,7 +884,7 @@ $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -904,9 +906,9 @@ $!
 $!    Compile Using VAXC.
 $!
 $     CC = "CC"
-$     IF ARCH.EQS."AXP"
+$     IF ARCH.NES."VAX"
 $     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
 $       EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
@@ -919,7 +921,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -944,7 +946,7 @@ $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -976,7 +978,7 @@ $!  Show user the result
 $!
 $   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
diff --git a/src/lib/libssl/src/crypto/des/des_enc.c b/src/lib/libssl/src/crypto/des/des_enc.c
index cf71965aca..828feba208 100644
--- a/src/lib/libssl/src/crypto/des/des_enc.c
+++ b/src/lib/libssl/src/crypto/des/des_enc.c
@@ -57,6 +57,7 @@
 */
 #include "des_locl.h"
+#include "spr.h"
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
        {
@@ -107,12 +108,10 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
                D_ENCRYPT(l,r,28); /*  15 */
                D_ENCRYPT(r,l,30); /*  16 */
 #else
-                for (i=0; i<32; i+=8)
+                for (i=0; i<32; i+=4)
                        {
                        D_ENCRYPT(l,r,i+0); /*  1 */
                        D_ENCRYPT(r,l,i+2); /*  2 */
-                        D_ENCRYPT(l,r,i+4); /*  3 */
-                        D_ENCRYPT(r,l,i+6); /*  4 */
                        }
 #endif
                }
@@ -136,12 +135,10 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
                D_ENCRYPT(l,r, 2); /*  2 */
                D_ENCRYPT(r,l, 0); /*  1 */
 #else
-                for (i=30; i>0; i-=8)
+                for (i=30; i>0; i-=4)
                        {
                        D_ENCRYPT(l,r,i-0); /* 16 */
                        D_ENCRYPT(r,l,i-2); /* 15 */
-                        D_ENCRYPT(l,r,i-4); /* 14 */
-                        D_ENCRYPT(r,l,i-6); /* 13 */
                        }
 #endif
                }
@@ -203,12 +200,10 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
                D_ENCRYPT(l,r,28); /*  15 */
                D_ENCRYPT(r,l,30); /*  16 */
 #else
-                for (i=0; i<32; i+=8)
+                for (i=0; i<32; i+=4)
                        {
                        D_ENCRYPT(l,r,i+0); /*  1 */
                        D_ENCRYPT(r,l,i+2); /*  2 */
-                        D_ENCRYPT(l,r,i+4); /*  3 */
-                        D_ENCRYPT(r,l,i+6); /*  4 */
                        }
 #endif
                }
@@ -232,12 +227,10 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
                D_ENCRYPT(l,r, 2); /*  2 */
                D_ENCRYPT(r,l, 0); /*  1 */
 #else
-                for (i=30; i>0; i-=8)
+                for (i=30; i>0; i-=4)
                        {
                        D_ENCRYPT(l,r,i-0); /* 16 */
                        D_ENCRYPT(r,l,i-2); /* 15 */
-                        D_ENCRYPT(l,r,i-4); /* 14 */
-                        D_ENCRYPT(r,l,i-6); /* 13 */
                        }
 #endif
                }
@@ -289,8 +282,6 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
 #ifndef DES_DEFAULT_OPTIONS
-#if !defined(OPENSSL_FIPS_DES_ASM)
 #undef CBC_ENC_C__DONT_UPDATE_IV
 #include "ncbc_enc.c" /* DES_ncbc_encrypt */
@@ -406,6 +397,4 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
        tin[0]=tin[1]=0;
        }
-#endif
 #endif /* DES_DEFAULT_OPTIONS */
diff --git a/src/lib/libssl/src/crypto/des/des_locl.h b/src/lib/libssl/src/crypto/des/des_locl.h
index 4b9ecff233..a3b512e9b0 100644
--- a/src/lib/libssl/src/crypto/des/des_locl.h
+++ b/src/lib/libssl/src/crypto/des/des_locl.h
@@ -61,7 +61,7 @@
 #include <openssl/e_os2.h>
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+#if defined(OPENSSL_SYS_WIN32)
 #ifndef OPENSSL_SYS_MSDOS
 #define OPENSSL_SYS_MSDOS
 #endif
@@ -425,4 +425,8 @@ extern const DES_LONG DES_SPtrans[8][64];
 void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
                 DES_LONG Eswap0, DES_LONG Eswap1);
+#ifdef OPENSSL_SMALL_FOOTPRINT
+#undef DES_UNROLL
+#endif
 #endif
diff --git a/src/lib/libssl/src/crypto/des/ecb_enc.c b/src/lib/libssl/src/crypto/des/ecb_enc.c
index 75ae6cf8bb..0684e769b3 100644
--- a/src/lib/libssl/src/crypto/des/ecb_enc.c
+++ b/src/lib/libssl/src/crypto/des/ecb_enc.c
@@ -57,7 +57,53 @@
 */
 #include "des_locl.h"
-#include "spr.h"
+#include "des_ver.h"
+#include <openssl/opensslv.h>
+#include <openssl/bio.h>
+OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT;
+const char *DES_options(void)
+        {
+        static int init=1;
+        static char buf[32];
+        if (init)
+                {
+                const char *ptr,*unroll,*risc,*size;
+#ifdef DES_PTR
+                ptr="ptr";
+#else
+                ptr="idx";
+#endif
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+                risc="risc1";
+#endif
+#ifdef DES_RISC2
+                risc="risc2";
+#endif
+#else
+                risc="cisc";
+#endif
+#ifdef DES_UNROLL
+                unroll="16";
+#else
+                unroll="2";
+#endif
+                if (sizeof(DES_LONG) != sizeof(long))
+                        size="int";
+                else
+                        size="long";
+                BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
+                             size);
+                init=0;
+                }
+        return(buf);
+        }
+                
 void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
                     DES_key_schedule *ks, int enc)
diff --git a/src/lib/libssl/src/crypto/des/enc_read.c b/src/lib/libssl/src/crypto/des/enc_read.c
index e7da2ec66b..edb6620d08 100644
--- a/src/lib/libssl/src/crypto/des/enc_read.c
+++ b/src/lib/libssl/src/crypto/des/enc_read.c
@@ -63,7 +63,7 @@
 /* This has some uglies in it but it works - even over sockets. */
 /*extern int errno;*/
-OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE;
+OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode,DES_PCBC_MODE)
 /*
@@ -87,6 +87,9 @@ OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE;
 int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
                 DES_cblock *iv)
        {
+#if defined(OPENSSL_NO_POSIX_IO)
+        return(0);
+#else
        /* data to be unencrypted */
        int net_num=0;
        static unsigned char *net=NULL;
@@ -147,7 +150,7 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
        /* first - get the length */
        while (net_num < HDRSIZE) 
                {
-#ifndef _WIN32
+#ifndef OPENSSL_SYS_WIN32
                i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
 #else
                i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
@@ -173,7 +176,11 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
        net_num=0;
        while (net_num < rnum)
                {
+#ifndef OPENSSL_SYS_WIN32
                i=read(fd,(void *)&(net[net_num]),rnum-net_num);
+#else
+                i=_read(fd,(void *)&(net[net_num]),rnum-net_num);
+#endif
 #ifdef EINTR
                if ((i == -1) && (errno == EINTR)) continue;
 #endif
@@ -228,5 +235,6 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
                        }
                }
        return num;
+#endif /* OPENSSL_NO_POSIX_IO */
        }
diff --git a/src/lib/libssl/src/crypto/des/enc_writ.c b/src/lib/libssl/src/crypto/des/enc_writ.c
index c2f032c9a6..2353ac1e89 100644
--- a/src/lib/libssl/src/crypto/des/enc_writ.c
+++ b/src/lib/libssl/src/crypto/des/enc_writ.c
@@ -80,6 +80,9 @@
 int DES_enc_write(int fd, const void *_buf, int len,
                  DES_key_schedule *sched, DES_cblock *iv)
        {
+#if defined(OPENSSL_NO_POSIX_IO)
+        return (-1);
+#else
 #ifdef _LIBC
        extern unsigned long time();
        extern int write();
@@ -172,4 +175,5 @@ int DES_enc_write(int fd, const void *_buf, int len,
                }
        return(len);
+#endif /* OPENSSL_NO_POSIX_IO */
        }
diff --git a/src/lib/libssl/src/crypto/des/fcrypt_b.c b/src/lib/libssl/src/crypto/des/fcrypt_b.c
index 1390138787..8822816938 100644
--- a/src/lib/libssl/src/crypto/des/fcrypt_b.c
+++ b/src/lib/libssl/src/crypto/des/fcrypt_b.c
@@ -100,12 +100,10 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
 #ifndef DES_UNROLL
                register int i;
-                for (i=0; i<32; i+=8)
+                for (i=0; i<32; i+=4)
                        {
                        D_ENCRYPT(l,r,i+0); /*  1 */
                        D_ENCRYPT(r,l,i+2); /*  2 */
-                        D_ENCRYPT(l,r,i+4); /*  1 */
-                        D_ENCRYPT(r,l,i+6); /*  2 */
                        }
 #else
                D_ENCRYPT(l,r, 0); /*  1 */
diff --git a/src/lib/libssl/src/crypto/des/rpc_des.h b/src/lib/libssl/src/crypto/des/rpc_des.h
index 4cbb4d2dcd..41328d7965 100644
--- a/src/lib/libssl/src/crypto/des/rpc_des.h
+++ b/src/lib/libssl/src/crypto/des/rpc_des.h
@@ -122,10 +122,10 @@ struct desparams {
 /*
 * Encrypt an arbitrary sized buffer
 */
-#define DESIOCBLOCK     _IOWR(d, 6, struct desparams)
+#define DESIOCBLOCK     _IOWR('d', 6, struct desparams)
 /* 
 * Encrypt of small amount of data, quickly
 */
-#define DESIOCQUICK     _IOWR(d, 7, struct desparams) 
+#define DESIOCQUICK     _IOWR('d', 7, struct desparams) 
diff --git a/src/lib/libssl/src/crypto/des/set_key.c b/src/lib/libssl/src/crypto/des/set_key.c
index c0806d593c..3004cc3ab3 100644
--- a/src/lib/libssl/src/crypto/des/set_key.c
+++ b/src/lib/libssl/src/crypto/des/set_key.c
@@ -64,12 +64,8 @@
 * 1.0 First working version
 */
 #include "des_locl.h"
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key);    /* defaults to false */
+OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0)   /* defaults to false */
 static const unsigned char odd_parity[256]={
  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
@@ -340,7 +336,7 @@ int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
        {
-        static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
+        static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
        register DES_LONG c,d,t,s,t2;
        register const unsigned char *in;
        register DES_LONG *k;
@@ -353,10 +349,6 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
        k = &schedule->ks->deslong[0];
        in = &(*key)[0];
-#ifdef OPENSSL_FIPS
-        FIPS_selftest_check();
-#endif
        c2l(in,c);
        c2l(in,d);
@@ -413,4 +405,3 @@ void des_fixup_key_parity(des_cblock *key)
        des_set_odd_parity(key);
        }
 */
diff --git a/src/lib/libssl/src/crypto/des/xcbc_enc.c b/src/lib/libssl/src/crypto/des/xcbc_enc.c
index dc0c761b71..058cab6bce 100644
--- a/src/lib/libssl/src/crypto/des/xcbc_enc.c
+++ b/src/lib/libssl/src/crypto/des/xcbc_enc.c
@@ -61,7 +61,7 @@
 /* RSA's DESX */
 #if 0 /* broken code, preserved just in case anyone specifically looks for this */
-static unsigned char desx_white_in2out[256]={
+static const unsigned char desx_white_in2out[256]={
 0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,
 0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,
 0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36,
diff --git a/src/lib/libssl/src/crypto/dh/Makefile b/src/lib/libssl/src/crypto/dh/Makefile
index d01fa960eb..f23b4f7fde 100644
--- a/src/lib/libssl/src/crypto/dh/Makefile
+++ b/src/lib/libssl/src/crypto/dh/Makefile
@@ -17,8 +17,10 @@ TEST= dhtest.c
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c
+LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c \
-LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o
+        dh_ameth.c dh_pmeth.c dh_prn.c
+LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o \
+        dh_ameth.o dh_pmeth.o dh_prn.o
 SRC= $(LIBSRC)
@@ -33,7 +35,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -74,6 +76,21 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+dh_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_ameth.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+dh_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+dh_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+dh_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dh_ameth.o: ../../include/openssl/opensslconf.h
+dh_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dh_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dh_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+dh_ameth.o: dh_ameth.c
 dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -129,11 +146,35 @@ dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-dh_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-dh_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dh_lib.c
+dh_lib.o: ../cryptlib.h dh_lib.c
+dh_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dh_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dh_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dh_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dh_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dh_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dh_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
+dh_pmeth.o: dh_pmeth.c
+dh_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_prn.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dh_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_prn.c
diff --git a/src/lib/libssl/src/crypto/dh/dh.h b/src/lib/libssl/src/crypto/dh/dh.h
index 10475ac4b3..849309a489 100644
--- a/src/lib/libssl/src/crypto/dh/dh.h
+++ b/src/lib/libssl/src/crypto/dh/dh.h
@@ -77,8 +77,6 @@
 # define OPENSSL_DH_MAX_MODULUS_BITS    10000
 #endif
-#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
 #define DH_FLAG_CACHE_MONT_P     0x01
 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
                                       * implementation now uses constant time
@@ -159,7 +157,6 @@ struct dh_st
   this for backward compatibility: */
 #define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
-#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x)
 #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
                (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
 #define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
@@ -167,12 +164,9 @@ struct dh_st
 #define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
 #define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
-const DH_METHOD *DH_OpenSSL(void);
+DH *DHparams_dup(DH *);
-#ifdef OPENSSL_FIPS
+const DH_METHOD *DH_OpenSSL(void);
-DH *    FIPS_dh_new(void);
-void    FIPS_dh_free(DH *dh);
-#endif
 void DH_set_default_method(const DH_METHOD *meth);
 const DH_METHOD *DH_get_default_method(void);
@@ -212,6 +206,18 @@ int	DHparams_print(BIO *bp, const DH *x);
 int     DHparams_print(char *bp, const DH *x);
 #endif
+#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
+#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
+#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN     (EVP_PKEY_ALG_CTRL + 1)
+#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR     (EVP_PKEY_ALG_CTRL + 2)
+                
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -222,22 +228,31 @@ void ERR_load_DH_strings(void);
 /* Function codes. */
 #define DH_F_COMPUTE_KEY                                 102
-#define DH_F_DHPARAMS_PRINT                              100
 #define DH_F_DHPARAMS_PRINT_FP                           101
 #define DH_F_DH_BUILTIN_GENPARAMS                        106
-#define DH_F_DH_COMPUTE_KEY                              107
-#define DH_F_DH_GENERATE_KEY                             108
-#define DH_F_DH_GENERATE_PARAMETERS                      109
 #define DH_F_DH_NEW_METHOD                               105
+#define DH_F_DH_PARAM_DECODE                             107
+#define DH_F_DH_PRIV_DECODE                              110
+#define DH_F_DH_PRIV_ENCODE                              111
+#define DH_F_DH_PUB_DECODE                               108
+#define DH_F_DH_PUB_ENCODE                               109
+#define DH_F_DO_DH_PRINT                                 100
 #define DH_F_GENERATE_KEY                                103
 #define DH_F_GENERATE_PARAMETERS                         104
+#define DH_F_PKEY_DH_DERIVE                              112
+#define DH_F_PKEY_DH_KEYGEN                              113
 /* Reason codes. */
 #define DH_R_BAD_GENERATOR                               101
+#define DH_R_BN_DECODE_ERROR                             109
+#define DH_R_BN_ERROR                                    106
+#define DH_R_DECODE_ERROR                                104
 #define DH_R_INVALID_PUBKEY                              102
-#define DH_R_KEY_SIZE_TOO_SMALL                          104
+#define DH_R_KEYS_NOT_SET                                108
 #define DH_R_MODULUS_TOO_LARGE                           103
+#define DH_R_NO_PARAMETERS_SET                           107
 #define DH_R_NO_PRIVATE_VALUE                            100
+#define DH_R_PARAMETER_ENCODING_ERROR                    105
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/crypto/dh/dh_asn1.c b/src/lib/libssl/src/crypto/dh/dh_asn1.c
index 76740af2bd..0b4357d605 100644
--- a/src/lib/libssl/src/crypto/dh/dh_asn1.c
+++ b/src/lib/libssl/src/crypto/dh/dh_asn1.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -64,7 +64,8 @@
 #include <openssl/asn1t.h>
 /* Override the default free and new methods */
-static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                void *exarg)
 {
        if(operation == ASN1_OP_NEW_PRE) {
                *pval = (ASN1_VALUE *)DH_new();
@@ -85,3 +86,8 @@ ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
 } ASN1_SEQUENCE_END_cb(DH, DHparams)
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
+DH *DHparams_dup(DH *dh)
+        {
+        return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh);
+        }
diff --git a/src/lib/libssl/src/crypto/dh/dh_check.c b/src/lib/libssl/src/crypto/dh/dh_check.c
index 316cb9221d..066898174e 100644
--- a/src/lib/libssl/src/crypto/dh/dh_check.c
+++ b/src/lib/libssl/src/crypto/dh/dh_check.c
@@ -70,8 +70,6 @@
 * should hold.
 */
-#ifndef OPENSSL_FIPS
 int DH_check(const DH *dh, int *ret)
        {
        int ok=0;
@@ -130,11 +128,11 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
        q=BN_new();
        if (q == NULL) goto err;
        BN_set_word(q,1);
-        if (BN_cmp(pub_key,q) <= 0)
+        if (BN_cmp(pub_key,q)<=0)
                *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
        BN_copy(q,dh->p);
        BN_sub_word(q,1);
-        if (BN_cmp(pub_key,q) >= 0)
+        if (BN_cmp(pub_key,q)>=0)
                *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
        ok = 1;
@@ -142,5 +140,3 @@ err:
        if (q != NULL) BN_free(q);
        return(ok);
        }
-#endif
diff --git a/src/lib/libssl/src/crypto/dh/dh_err.c b/src/lib/libssl/src/crypto/dh/dh_err.c
index 13263c81c1..d5cf0c22a3 100644
--- a/src/lib/libssl/src/crypto/dh/dh_err.c
+++ b/src/lib/libssl/src/crypto/dh/dh_err.c
@@ -1,6 +1,6 @@
 /* crypto/dh/dh_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -71,25 +71,34 @@
 static ERR_STRING_DATA DH_str_functs[]=
        {
 {ERR_FUNC(DH_F_COMPUTE_KEY),    "COMPUTE_KEY"},
-{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
 {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP),      "DHparams_print_fp"},
 {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS),   "DH_BUILTIN_GENPARAMS"},
-{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_KEY),        "DH_generate_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
 {ERR_FUNC(DH_F_DH_NEW_METHOD),  "DH_new_method"},
+{ERR_FUNC(DH_F_DH_PARAM_DECODE),        "DH_PARAM_DECODE"},
+{ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"},
+{ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"},
+{ERR_FUNC(DH_F_DH_PUB_DECODE),  "DH_PUB_DECODE"},
+{ERR_FUNC(DH_F_DH_PUB_ENCODE),  "DH_PUB_ENCODE"},
+{ERR_FUNC(DH_F_DO_DH_PRINT),    "DO_DH_PRINT"},
 {ERR_FUNC(DH_F_GENERATE_KEY),   "GENERATE_KEY"},
 {ERR_FUNC(DH_F_GENERATE_PARAMETERS),    "GENERATE_PARAMETERS"},
+{ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"},
+{ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"},
 {0,NULL}
        };
 static ERR_STRING_DATA DH_str_reasons[]=
        {
 {ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
+{ERR_REASON(DH_R_BN_DECODE_ERROR)        ,"bn decode error"},
+{ERR_REASON(DH_R_BN_ERROR)               ,"bn error"},
+{ERR_REASON(DH_R_DECODE_ERROR)           ,"decode error"},
 {ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
-{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL)     ,"key size too small"},
+{ERR_REASON(DH_R_KEYS_NOT_SET)           ,"keys not set"},
 {ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
+{ERR_REASON(DH_R_NO_PARAMETERS_SET)      ,"no parameters set"},
 {ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
+{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
 {0,NULL}
        };
diff --git a/src/lib/libssl/src/crypto/dh/dh_gen.c b/src/lib/libssl/src/crypto/dh/dh_gen.c
index 999e1deb40..cfd5b11868 100644
--- a/src/lib/libssl/src/crypto/dh/dh_gen.c
+++ b/src/lib/libssl/src/crypto/dh/dh_gen.c
@@ -66,8 +66,6 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
-#ifndef OPENSSL_FIPS
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
 int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
@@ -175,5 +173,3 @@ err:
                }
        return ok;
        }
-#endif
diff --git a/src/lib/libssl/src/crypto/dh/dh_key.c b/src/lib/libssl/src/crypto/dh/dh_key.c
index 79dd331863..e7db440342 100644
--- a/src/lib/libssl/src/crypto/dh/dh_key.c
+++ b/src/lib/libssl/src/crypto/dh/dh_key.c
@@ -62,8 +62,6 @@
 #include <openssl/rand.h>
 #include <openssl/dh.h>
-#ifndef OPENSSL_FIPS
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
 static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
@@ -263,5 +261,3 @@ static int dh_finish(DH *dh)
                BN_MONT_CTX_free(dh->method_mont_p);
        return(1);
        }
-#endif
diff --git a/src/lib/libssl/src/crypto/dsa/Makefile b/src/lib/libssl/src/crypto/dsa/Makefile
index 2cc45cdc62..8073c4ecfe 100644
--- a/src/lib/libssl/src/crypto/dsa/Makefile
+++ b/src/lib/libssl/src/crypto/dsa/Makefile
@@ -18,14 +18,14 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
-        dsa_err.c dsa_ossl.c dsa_depr.c dsa_utl.c
+        dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c
 LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
-        dsa_err.o dsa_ossl.o dsa_depr.o dsa_utl.o
+        dsa_err.o dsa_ossl.o dsa_depr.o dsa_ameth.o dsa_pmeth.o dsa_prn.o
 SRC= $(LIBSRC)
 EXHEADER= dsa.h
-HEADER= $(EXHEADER)
+HEADER= dsa_locl.h $(EXHEADER)
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -35,7 +35,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -76,12 +76,27 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+dsa_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+dsa_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dsa_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dsa_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_ameth.o: ../../include/openssl/objects.h
+dsa_ameth.o: ../../include/openssl/opensslconf.h
+dsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dsa_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dsa_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+dsa_ameth.o: dsa_ameth.c
 dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-dsa_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 dsa_asn1.o: ../../include/openssl/opensslconf.h
 dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
@@ -91,9 +106,8 @@ dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dsa_depr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+dsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-dsa_depr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-dsa_depr.o: ../../include/openssl/opensslconf.h
 dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -110,13 +124,12 @@ dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c dsa_locl.h
-dsa_gen.o: ../cryptlib.h dsa_gen.c
 dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
@@ -132,14 +145,14 @@ dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-dsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-dsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_lib.c
+dsa_lib.o: ../cryptlib.h dsa_lib.c
 dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
 dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -148,40 +161,48 @@ dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dsa_ossl.o: ../../include/openssl/opensslconf.h
 dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dsa_ossl.o: ../cryptlib.h dsa_ossl.c
+dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_ossl.c
-dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
-dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dsa_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dsa_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_pmeth.o: ../../include/openssl/objects.h
+dsa_pmeth.o: ../../include/openssl/opensslconf.h
+dsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dsa_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dsa_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
+dsa_pmeth.o: dsa_locl.h dsa_pmeth.c
+dsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+dsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+dsa_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_prn.o: ../cryptlib.h dsa_prn.c
+dsa_sign.o: ../../e_os.h ../../include/openssl/bio.h
 dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/fips.h
+dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/opensslconf.h
 dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dsa_sign.o: ../cryptlib.h dsa_sign.c
-dsa_utl.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_vrf.o: ../../e_os.h ../../include/openssl/bio.h
-dsa_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_utl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-dsa_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-dsa_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-dsa_utl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-dsa_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-dsa_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-dsa_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-dsa_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dsa_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-dsa_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_utl.c
-dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
-dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c
+dsa_vrf.o: ../cryptlib.h dsa_vrf.c
diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h b/src/lib/libssl/src/crypto/dsa/dsa.h
index 702c50d6dc..ac50a5c846 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa.h
+++ b/src/lib/libssl/src/crypto/dsa/dsa.h
@@ -88,8 +88,6 @@
 # define OPENSSL_DSA_MAX_MODULUS_BITS   10000
 #endif
-#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
 #define DSA_FLAG_CACHE_MONT_P   0x01
 #define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA
                                              * implementation now uses constant time
@@ -99,25 +97,6 @@
                                              * be used for all exponents.
                                              */
-/* If this flag is set the DSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
- */
-#define DSA_FLAG_FIPS_METHOD                    0x0400
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-#define DSA_FLAG_NON_FIPS_ALLOW                 0x0400
-#ifdef OPENSSL_FIPS
-#define FIPS_DSA_SIZE_T int
-#endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -139,7 +118,7 @@ struct dsa_method
        int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
                                                                BIGNUM **rp);
        int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
-                                                        DSA_SIG *sig, DSA *dsa);
+                             DSA_SIG *sig, DSA *dsa);
        int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
                        BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
                        BN_MONT_CTX *in_mont);
@@ -152,7 +131,7 @@ struct dsa_method
        char *app_data;
        /* If this is non-NULL, it is used to generate DSA parameters */
        int (*dsa_paramgen)(DSA *dsa, int bits,
-                        unsigned char *seed, int seed_len,
+                        const unsigned char *seed, int seed_len,
                        int *counter_ret, unsigned long *h_ret,
                        BN_GENCB *cb);
        /* If this is non-NULL, it is used to generate DSA keys */
@@ -186,7 +165,6 @@ struct dsa_st
        ENGINE *engine;
        };
-#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
 #define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
 #define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
@@ -195,6 +173,7 @@ struct dsa_st
 #define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
+DSA *DSAparams_dup(DSA *x);
 DSA_SIG * DSA_SIG_new(void);
 void    DSA_SIG_free(DSA_SIG *a);
 int     i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
@@ -210,11 +189,6 @@ void	DSA_set_default_method(const DSA_METHOD *);
 const DSA_METHOD *DSA_get_default_method(void);
 int     DSA_set_method(DSA *dsa, const DSA_METHOD *);
-#ifdef OPENSSL_FIPS
-DSA *   FIPS_dsa_new(void);
-void    FIPS_dsa_free (DSA *r);
-#endif
 DSA *   DSA_new(void);
 DSA *   DSA_new_method(ENGINE *engine);
 void    DSA_free (DSA *r);
@@ -246,7 +220,7 @@ DSA *	DSA_generate_parameters(int bits,
 /* New version */
 int     DSA_generate_parameters_ex(DSA *dsa, int bits,
-                unsigned char *seed,int seed_len,
+                const unsigned char *seed,int seed_len,
                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
 int     DSA_generate_key(DSA *a);
@@ -275,10 +249,13 @@ int	DSA_print_fp(FILE *bp, const DSA *x, int off);
 DH *DSA_dup_DH(const DSA *r);
 #endif
-#ifdef OPENSSL_FIPS
+#define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
-int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig);
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
-int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen);
+                                EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
-#endif
+#define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS         (EVP_PKEY_ALG_CTRL + 1)
+#define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS       (EVP_PKEY_ALG_CTRL + 2)
+#define EVP_PKEY_CTRL_DSA_PARAMGEN_MD           (EVP_PKEY_ALG_CTRL + 3)
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -290,33 +267,39 @@ void ERR_load_DSA_strings(void);
 /* Function codes. */
 #define DSA_F_D2I_DSA_SIG                                110
+#define DSA_F_DO_DSA_PRINT                               104
 #define DSA_F_DSAPARAMS_PRINT                            100
 #define DSA_F_DSAPARAMS_PRINT_FP                         101
-#define DSA_F_DSA_BUILTIN_KEYGEN                         119
-#define DSA_F_DSA_BUILTIN_PARAMGEN                       118
 #define DSA_F_DSA_DO_SIGN                                112
 #define DSA_F_DSA_DO_VERIFY                              113
-#define DSA_F_DSA_GENERATE_PARAMETERS                    117
 #define DSA_F_DSA_NEW_METHOD                             103
-#define DSA_F_DSA_PRINT                                  104
+#define DSA_F_DSA_PARAM_DECODE                           119
 #define DSA_F_DSA_PRINT_FP                               105
-#define DSA_F_DSA_SET_DEFAULT_METHOD                     115
+#define DSA_F_DSA_PRIV_DECODE                            115
-#define DSA_F_DSA_SET_METHOD                             116
+#define DSA_F_DSA_PRIV_ENCODE                            116
+#define DSA_F_DSA_PUB_DECODE                             117
+#define DSA_F_DSA_PUB_ENCODE                             118
 #define DSA_F_DSA_SIGN                                   106
 #define DSA_F_DSA_SIGN_SETUP                             107
 #define DSA_F_DSA_SIG_NEW                                109
 #define DSA_F_DSA_VERIFY                                 108
 #define DSA_F_I2D_DSA_SIG                                111
+#define DSA_F_OLD_DSA_PRIV_DECODE                        122
+#define DSA_F_PKEY_DSA_CTRL                              120
+#define DSA_F_PKEY_DSA_KEYGEN                            121
 #define DSA_F_SIG_CB                                     114
 /* Reason codes. */
 #define DSA_R_BAD_Q_VALUE                                102
+#define DSA_R_BN_DECODE_ERROR                            108
+#define DSA_R_BN_ERROR                                   109
 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                100
-#define DSA_R_KEY_SIZE_TOO_SMALL                         106
+#define DSA_R_DECODE_ERROR                               104
+#define DSA_R_INVALID_DIGEST_TYPE                        106
 #define DSA_R_MISSING_PARAMETERS                         101
 #define DSA_R_MODULUS_TOO_LARGE                          103
-#define DSA_R_NON_FIPS_METHOD                            104
+#define DSA_R_NO_PARAMETERS_SET                          107
-#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE         105
+#define DSA_R_PARAMETER_ENCODING_ERROR                   105
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_asn1.c b/src/lib/libssl/src/crypto/dsa/dsa_asn1.c
index 0645facb4b..c37460b2d6 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_asn1.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_asn1.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -61,24 +61,23 @@
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
-#include <openssl/bn.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 /* Override the default new methods */
-static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
 {
        if(operation == ASN1_OP_NEW_PRE) {
                DSA_SIG *sig;
                sig = OPENSSL_malloc(sizeof(DSA_SIG));
+                if (!sig)
+                        {
+                        DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
                sig->r = NULL;
                sig->s = NULL;
                *pval = (ASN1_VALUE *)sig;
-                if(sig) return 2;
+                return 2;
-                DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
-                return 0;
        }
        return 1;
 }
@@ -88,10 +87,11 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
 } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG)
+IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
 /* Override the default free and new methods */
-static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
 {
        if(operation == ASN1_OP_NEW_PRE) {
                *pval = (ASN1_VALUE *)DSA_new();
@@ -144,75 +144,7 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
-int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+DSA *DSAparams_dup(DSA *dsa)
-             unsigned int *siglen, DSA *dsa)
-        {
-        DSA_SIG *s;
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return 0;
-                }
-#endif
-        s=DSA_do_sign(dgst,dlen,dsa);
-        if (s == NULL)
-                {
-                *siglen=0;
-                return(0);
-                }
-        *siglen=i2d_DSA_SIG(s,&sig);
-        DSA_SIG_free(s);
-        return(1);
-        }
-int DSA_size(const DSA *r)
-        {
-        int ret,i;
-        ASN1_INTEGER bs;
-        unsigned char buf[4];   /* 4 bytes looks really small.
-                                   However, i2d_ASN1_INTEGER() will not look
-                                   beyond the first byte, as long as the second
-                                   parameter is NULL. */
-        i=BN_num_bits(r->q);
-        bs.length=(i+7)/8;
-        bs.data=buf;
-        bs.type=V_ASN1_INTEGER;
-        /* If the top bit is set the asn1 encoding is 1 larger. */
-        buf[0]=0xff;    
-        i=i2d_ASN1_INTEGER(&bs,NULL);
-        i+=i; /* r and s */
-        ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-        return(ret);
-        }
-/* data has already been hashed (probably with SHA or SHA-1). */
-/* returns
- *      1: correct signature
- *      0: incorrect signature
- *     -1: error
- */
-int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
-             const unsigned char *sigbuf, int siglen, DSA *dsa)
        {
-        DSA_SIG *s;
+        return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
-        int ret=-1;
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return 0;
-                }
-#endif
-        s = DSA_SIG_new();
-        if (s == NULL) return(ret);
-        if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
-        ret=DSA_do_verify(dgst,dgst_len,s,dsa);
-err:
-        DSA_SIG_free(s);
-        return(ret);
        }
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_err.c b/src/lib/libssl/src/crypto/dsa/dsa_err.c
index 872839af94..bba984e92e 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_err.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
 /* crypto/dsa/dsa_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -71,23 +71,26 @@
 static ERR_STRING_DATA DSA_str_functs[]=
        {
 {ERR_FUNC(DSA_F_D2I_DSA_SIG),   "d2i_DSA_SIG"},
+{ERR_FUNC(DSA_F_DO_DSA_PRINT),  "DO_DSA_PRINT"},
 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT),       "DSAparams_print"},
 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),    "DSAparams_print_fp"},
-{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN),    "DSA_BUILTIN_KEYGEN"},
-{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN),  "DSA_BUILTIN_PARAMGEN"},
 {ERR_FUNC(DSA_F_DSA_DO_SIGN),   "DSA_do_sign"},
 {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
-{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS),       "DSA_generate_parameters"},
 {ERR_FUNC(DSA_F_DSA_NEW_METHOD),        "DSA_new_method"},
-{ERR_FUNC(DSA_F_DSA_PRINT),     "DSA_print"},
+{ERR_FUNC(DSA_F_DSA_PARAM_DECODE),      "DSA_PARAM_DECODE"},
 {ERR_FUNC(DSA_F_DSA_PRINT_FP),  "DSA_print_fp"},
-{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD),        "DSA_set_default_method"},
+{ERR_FUNC(DSA_F_DSA_PRIV_DECODE),       "DSA_PRIV_DECODE"},
-{ERR_FUNC(DSA_F_DSA_SET_METHOD),        "DSA_set_method"},
+{ERR_FUNC(DSA_F_DSA_PRIV_ENCODE),       "DSA_PRIV_ENCODE"},
+{ERR_FUNC(DSA_F_DSA_PUB_DECODE),        "DSA_PUB_DECODE"},
+{ERR_FUNC(DSA_F_DSA_PUB_ENCODE),        "DSA_PUB_ENCODE"},
 {ERR_FUNC(DSA_F_DSA_SIGN),      "DSA_sign"},
 {ERR_FUNC(DSA_F_DSA_SIGN_SETUP),        "DSA_sign_setup"},
 {ERR_FUNC(DSA_F_DSA_SIG_NEW),   "DSA_SIG_new"},
 {ERR_FUNC(DSA_F_DSA_VERIFY),    "DSA_verify"},
 {ERR_FUNC(DSA_F_I2D_DSA_SIG),   "i2d_DSA_SIG"},
+{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE),   "OLD_DSA_PRIV_DECODE"},
+{ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "PKEY_DSA_CTRL"},
+{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN),       "PKEY_DSA_KEYGEN"},
 {ERR_FUNC(DSA_F_SIG_CB),        "SIG_CB"},
 {0,NULL}
        };
@@ -95,12 +98,15 @@ static ERR_STRING_DATA DSA_str_functs[]=
 static ERR_STRING_DATA DSA_str_reasons[]=
        {
 {ERR_REASON(DSA_R_BAD_Q_VALUE)           ,"bad q value"},
+{ERR_REASON(DSA_R_BN_DECODE_ERROR)       ,"bn decode error"},
+{ERR_REASON(DSA_R_BN_ERROR)              ,"bn error"},
 {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
+{ERR_REASON(DSA_R_DECODE_ERROR)          ,"decode error"},
+{ERR_REASON(DSA_R_INVALID_DIGEST_TYPE)   ,"invalid digest type"},
 {ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
 {ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
-{ERR_REASON(DSA_R_NON_FIPS_METHOD)       ,"non fips method"},
+{ERR_REASON(DSA_R_NO_PARAMETERS_SET)     ,"no parameters set"},
-{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
+{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
 {0,NULL}
        };
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_gen.c b/src/lib/libssl/src/crypto/dsa/dsa_gen.c
index 6f1728e3cf..0fcd25f8b0 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_gen.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_gen.c
@@ -74,69 +74,88 @@
 #ifndef OPENSSL_NO_SHA
 #include <stdio.h>
-#include <time.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/bn.h>
-#include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
+#include "dsa_locl.h"
-#ifndef OPENSSL_FIPS
-static int dsa_builtin_paramgen(DSA *ret, int bits,
-                unsigned char *seed_in, int seed_len,
-                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
 int DSA_generate_parameters_ex(DSA *ret, int bits,
-                unsigned char *seed_in, int seed_len,
+                const unsigned char *seed_in, int seed_len,
                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
        {
        if(ret->meth->dsa_paramgen)
                return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
                                counter_ret, h_ret, cb);
-        return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
+        else
-                        counter_ret, h_ret, cb);
+                {
+                const EVP_MD *evpmd;
+                size_t qbits = bits >= 2048 ? 256 : 160;
+                if (bits >= 2048)
+                        {
+                        qbits = 256;
+                        evpmd = EVP_sha256();
+                        }
+                else
+                        {
+                        qbits = 160;
+                        evpmd = EVP_sha1();
+                        }
+                return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
+                                seed_in, seed_len, counter_ret, h_ret, cb);
+                }
        }
-static int dsa_builtin_paramgen(DSA *ret, int bits,
+int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
-                unsigned char *seed_in, int seed_len,
+        const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
-                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+        int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
        {
        int ok=0;
-        unsigned char seed[SHA_DIGEST_LENGTH];
+        unsigned char seed[SHA256_DIGEST_LENGTH];
-        unsigned char md[SHA_DIGEST_LENGTH];
+        unsigned char md[SHA256_DIGEST_LENGTH];
-        unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
+        unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH];
        BIGNUM *r0,*W,*X,*c,*test;
        BIGNUM *g=NULL,*q=NULL,*p=NULL;
        BN_MONT_CTX *mont=NULL;
-        int k,n=0,i,b,m=0;
+        int i, k,n=0,b,m=0, qsize = qbits >> 3;
        int counter=0;
        int r=0;
        BN_CTX *ctx=NULL;
        unsigned int h=2;
-        if (bits < 512) bits=512;
+        if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
-        bits=(bits+63)/64*64;
+            qsize != SHA256_DIGEST_LENGTH)
+                /* invalid q size */
+                return 0;
+        if (evpmd == NULL)
+                /* use SHA1 as default */
+                evpmd = EVP_sha1();
+        if (bits < 512)
+                bits = 512;
+        bits = (bits+63)/64*64;
        /* NB: seed_len == 0 is special case: copy generated seed to
         * seed_in if it is not NULL.
         */
-        if (seed_len && (seed_len < 20))
+        if (seed_len && (seed_len < (size_t)qsize))
-                seed_in = NULL; /* seed buffer too small -- ignore */
+                seed_in = NULL;         /* seed buffer too small -- ignore */
-        if (seed_len > 20) 
+        if (seed_len > (size_t)qsize) 
-                seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
+                seed_len = qsize;       /* App. 2.2 of FIPS PUB 186 allows larger SEED,
-                                * but our internal buffers are restricted to 160 bits*/
+                                         * but our internal buffers are restricted to 160 bits*/
-        if ((seed_in != NULL) && (seed_len == 20))
+        if (seed_in != NULL)
-                {
+                memcpy(seed, seed_in, seed_len);
-                memcpy(seed,seed_in,seed_len);
-                /* set seed_in to NULL to avoid it being copied back */
+        if ((ctx=BN_CTX_new()) == NULL)
-                seed_in = NULL;
+                goto err;
-                }
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+        if ((mont=BN_MONT_CTX_new()) == NULL)
+                goto err;
        BN_CTX_start(ctx);
        r0 = BN_CTX_get(ctx);
@@ -163,7 +182,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
                        if (!seed_len)
                                {
-                                RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
+                                RAND_pseudo_bytes(seed, qsize);
                                seed_is_random = 1;
                                }
                        else
@@ -171,25 +190,27 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
                                seed_is_random = 0;
                                seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
                                }
-                        memcpy(buf,seed,SHA_DIGEST_LENGTH);
+                        memcpy(buf , seed, qsize);
-                        memcpy(buf2,seed,SHA_DIGEST_LENGTH);
+                        memcpy(buf2, seed, qsize);
                        /* precompute "SEED + 1" for step 7: */
-                        for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+                        for (i = qsize-1; i >= 0; i--)
                                {
                                buf[i]++;
-                                if (buf[i] != 0) break;
+                                if (buf[i] != 0)
+                                        break;
                                }
                        /* step 2 */
-                        EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+                        EVP_Digest(seed, qsize, md,   NULL, evpmd, NULL);
-                        EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
+                        EVP_Digest(buf,  qsize, buf2, NULL, evpmd, NULL);
-                        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                        for (i = 0; i < qsize; i++)
                                md[i]^=buf2[i];
                        /* step 3 */
-                        md[0]|=0x80;
+                        md[0] |= 0x80;
-                        md[SHA_DIGEST_LENGTH-1]|=0x01;
+                        md[qsize-1] |= 0x01;
-                        if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
+                        if (!BN_bin2bn(md, qsize, q))
+                                goto err;
                        /* step 4 */
                        r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
@@ -224,18 +245,19 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
                        for (k=0; k<=n; k++)
                                {
                                /* obtain "SEED + offset + k" by incrementing: */
-                                for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+                                for (i = qsize-1; i >= 0; i--)
                                        {
                                        buf[i]++;
-                                        if (buf[i] != 0) break;
+                                        if (buf[i] != 0)
+                                                break;
                                        }
-                                EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+                                EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL);
                                /* step 8 */
-                                if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
+                                if (!BN_bin2bn(md, qsize, r0))
                                        goto err;
-                                if (!BN_lshift(r0,r0,160*k)) goto err;
+                                if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;
                                if (!BN_add(W,W,r0)) goto err;
                                }
@@ -309,7 +331,6 @@ err:
                        ok=0;
                        goto err;
                        }
-                if (seed_in != NULL) memcpy(seed_in,seed,20);
                if (counter_ret != NULL) *counter_ret=counter;
                if (h_ret != NULL) *h_ret=h;
                }
@@ -322,4 +343,3 @@ err:
        return ok;
        }
 #endif
-#endif
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_key.c b/src/lib/libssl/src/crypto/dsa/dsa_key.c
index 5e39124230..c4aa86bc6d 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_key.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_key.c
@@ -64,8 +64,6 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_FIPS
 static int dsa_builtin_keygen(DSA *dsa);
 int DSA_generate_key(DSA *dsa)
@@ -128,5 +126,3 @@ err:
        return(ok);
        }
 #endif
-#endif
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_lib.c b/src/lib/libssl/src/crypto/dsa/dsa_lib.c
index 7ac9dc8c89..e9b75902db 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_lib.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_lib.c
@@ -76,14 +76,6 @@ static const DSA_METHOD *default_DSA_method = NULL;
 void DSA_set_default_method(const DSA_METHOD *meth)
        {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
-                {
-                DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD);
-                return;
-                }
-#endif
-                
        default_DSA_method = meth;
        }
@@ -104,13 +96,6 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
        /* NB: The caller is specifically setting a method, so it's not up to us
         * to deal with which ENGINE it comes from. */
        const DSA_METHOD *mtmp;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
-                {
-                DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
        mtmp = dsa->meth;
        if (mtmp->finish) mtmp->finish(dsa);
 #ifndef OPENSSL_NO_ENGINE
@@ -162,18 +147,6 @@ DSA *DSA_new_method(ENGINE *engine)
                        }
                }
 #endif
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD))
-                {
-                DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD);
-#ifndef OPENSSL_NO_ENGINE
-                if (ret->engine)
-                        ENGINE_finish(ret->engine);
-#endif
-                OPENSSL_free(ret);
-                return NULL;
-                }
-#endif
        ret->pad=0;
        ret->version=0;
@@ -260,6 +233,28 @@ int DSA_up_ref(DSA *r)
        return ((i > 1) ? 1 : 0);
        }
+int DSA_size(const DSA *r)
+        {
+        int ret,i;
+        ASN1_INTEGER bs;
+        unsigned char buf[4];   /* 4 bytes looks really small.
+                                   However, i2d_ASN1_INTEGER() will not look
+                                   beyond the first byte, as long as the second
+                                   parameter is NULL. */
+        i=BN_num_bits(r->q);
+        bs.length=(i+7)/8;
+        bs.data=buf;
+        bs.type=V_ASN1_INTEGER;
+        /* If the top bit is set the asn1 encoding is 1 larger. */
+        buf[0]=0xff;    
+        i=i2d_ASN1_INTEGER(&bs,NULL);
+        i+=i; /* r and s */
+        ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+        return(ret);
+        }
 int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
        {
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
index 412cf1d88b..4fead07e80 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
@@ -61,16 +61,15 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
+#include <openssl/sha.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
-#ifndef OPENSSL_FIPS
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-                  DSA *dsa);
+                         DSA *dsa);
 static int dsa_init(DSA *dsa);
 static int dsa_finish(DSA *dsa);
@@ -135,7 +134,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        BIGNUM m;
        BIGNUM xr;
        BN_CTX *ctx=NULL;
-        int i,reason=ERR_R_BN_LIB;
+        int reason=ERR_R_BN_LIB;
        DSA_SIG *ret=NULL;
        BN_init(&m);
@@ -150,8 +149,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        s=BN_new();
        if (s == NULL) goto err;
-        i=BN_num_bytes(dsa->q); /* should be 20 */
+        /* reject a excessive digest length (currently at most
-        if ((dlen > i) || (dlen > 50))
+         * dsa-with-SHA256 is supported) */
+        if (dlen > SHA256_DIGEST_LENGTH)
                {
                reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
                goto err;
@@ -172,7 +172,14 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                dsa->r=NULL;
                }
-        if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
+        
+        if (dlen > BN_num_bytes(dsa->q))
+                /* if the digest length is greater than the size of q use the
+                 * BN_num_bits(dsa->q) leftmost bits of the digest, see
+                 * fips 186-3, 4.2 */
+                dlen = BN_num_bytes(dsa->q);
+        if (BN_bin2bn(dgst,dlen,&m) == NULL)
+                goto err;
        /* Compute  s = inv(k) (m + xr) mod q */
        if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
@@ -283,30 +290,31 @@ err:
        if (!ret)
                {
                DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
-                if (kinv != NULL) BN_clear_free(kinv);
+                if (r != NULL)
-                if (r != NULL) BN_clear_free(r);
+                        BN_clear_free(r);
                }
        if (ctx_in == NULL) BN_CTX_free(ctx);
-        if (kinv != NULL) BN_clear_free(kinv);
        BN_clear_free(&k);
        BN_clear_free(&kq);
        return(ret);
        }
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-                  DSA *dsa)
+                         DSA *dsa)
        {
        BN_CTX *ctx;
        BIGNUM u1,u2,t1;
        BN_MONT_CTX *mont=NULL;
-        int ret = -1;
+        int ret = -1, i;
        if (!dsa->p || !dsa->q || !dsa->g)
                {
                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
                return -1;
                }
-        if (BN_num_bits(dsa->q) != 160)
+        i = BN_num_bits(dsa->q);
+        /* fips 186-3 allows only different sizes for q */
+        if (i != 160 && i != 224 && i != 256)
                {
                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
                return -1;
@@ -318,6 +326,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                return -1;
                }
+        /* reject a excessive digest length (currently at most
+         * dsa-with-SHA256 is supported) */
+        if (dgst_len > SHA256_DIGEST_LENGTH)
+                {
+                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                return -1;
+                }
        BN_init(&u1);
        BN_init(&u2);
        BN_init(&t1);
@@ -342,6 +358,11 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
        /* save M in u1 */
+        if (dgst_len > (i >> 3))
+                /* if the digest length is greater than the size of q use the
+                 * BN_num_bits(dsa->q) leftmost bits of the digest, see
+                 * fips 186-3, 4.2 */
+                dgst_len = (i >> 3);
        if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
        /* u1 = M * w mod q */
@@ -393,4 +414,3 @@ static int dsa_finish(DSA *dsa)
        return(1);
 }
-#endif
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_sign.c b/src/lib/libssl/src/crypto/dsa/dsa_sign.c
index 4cfbbe57a8..17555e5892 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_sign.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_sign.c
@@ -58,38 +58,33 @@
 /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-#include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
-#include <openssl/asn1.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return NULL;
-                }
-#endif
        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
        }
-int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+             unsigned int *siglen, DSA *dsa)
        {
-#ifdef OPENSSL_FIPS
+        DSA_SIG *s;
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+        RAND_seed(dgst, dlen);
+        s=DSA_do_sign(dgst,dlen,dsa);
+        if (s == NULL)
                {
-                DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                *siglen=0;
-                return 0;
+                return(0);
                }
-#endif
+        *siglen=i2d_DSA_SIG(s,&sig);
+        DSA_SIG_free(s);
+        return(1);
+        }
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+        {
        return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
        }
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
index c75e423048..226a75ff3f 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
@@ -58,27 +58,32 @@
 /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-#include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/bn.h>
 #include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-#include <openssl/asn1_mac.h>
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)
        {
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return 0;
-                }
-#endif
        return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
        }
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+             const unsigned char *sigbuf, int siglen, DSA *dsa)
+        {
+        DSA_SIG *s;
+        int ret=-1;
+        s = DSA_SIG_new();
+        if (s == NULL) return(ret);
+        if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+        ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+err:
+        DSA_SIG_free(s);
+        return(ret);
+        }
diff --git a/src/lib/libssl/src/crypto/dsa/dsatest.c b/src/lib/libssl/src/crypto/dsa/dsatest.c
index 912317bb44..edffd24e6b 100644
--- a/src/lib/libssl/src/crypto/dsa/dsatest.c
+++ b/src/lib/libssl/src/crypto/dsa/dsatest.c
@@ -169,7 +169,6 @@ int main(int argc, char **argv)
                }
        BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
                
-        if (dsa == NULL) goto end;
        DSA_print(bio_err,dsa,0);
        if (counter != 105) 
                {
@@ -223,7 +222,7 @@ end:
                ERR_print_errors(bio_err);
        if (dsa != NULL) DSA_free(dsa);
        CRYPTO_cleanup_all_ex_data();
-        ERR_remove_state(0);
+        ERR_remove_thread_state(NULL);
        ERR_free_strings();
        CRYPTO_mem_leaks(bio_err);
        if (bio_err != NULL)
diff --git a/src/lib/libssl/src/crypto/dso/Makefile b/src/lib/libssl/src/crypto/dso/Makefile
index 52f152888c..fb2709ed63 100644
--- a/src/lib/libssl/src/crypto/dso/Makefile
+++ b/src/lib/libssl/src/crypto/dso/Makefile
@@ -18,9 +18,9 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \
-        dso_openssl.c dso_win32.c dso_vms.c
+        dso_openssl.c dso_win32.c dso_vms.c dso_beos.c
 LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \
-        dso_openssl.o dso_win32.o dso_vms.o
+        dso_openssl.o dso_win32.o dso_vms.o dso_beos.o
 SRC= $(LIBSRC)
@@ -35,7 +35,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -76,6 +76,14 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+dso_beos.o: ../../e_os.h ../../include/openssl/bio.h
+dso_beos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_beos.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_beos.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_beos.o: ../../include/openssl/opensslconf.h
+dso_beos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dso_beos.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_beos.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_beos.c
 dso_dl.o: ../../e_os.h ../../include/openssl/bio.h
 dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
diff --git a/src/lib/libssl/src/crypto/dso/dso.h b/src/lib/libssl/src/crypto/dso/dso.h
index 3e51913a72..839f2e0617 100644
--- a/src/lib/libssl/src/crypto/dso/dso.h
+++ b/src/lib/libssl/src/crypto/dso/dso.h
@@ -170,6 +170,11 @@ typedef struct dso_meth_st
        /* [De]Initialisation handlers. */
        int (*init)(DSO *dso);
        int (*finish)(DSO *dso);
+        /* Return pathname of the module containing location */
+        int (*pathbyaddr)(void *addr,char *path,int sz);
+        /* Perform global symbol lookup, i.e. among *all* modules */
+        void *(*globallookup)(const char *symname);
        } DSO_METHOD;
 /**********************************************************************/
@@ -183,7 +188,7 @@ struct dso_st
         * for use in the dso_bind handler. All in all, let each
         * method control its own destiny. "Handles" and such go in
         * a STACK. */
-        STACK *meth_data;
+        STACK_OF(void) *meth_data;
        int references;
        int flags;
        /* For use by applications etc ... use this for your bits'n'pieces,
@@ -296,6 +301,30 @@ DSO_METHOD *DSO_METHOD_win32(void);
 /* If VMS is defined, use shared images. If not, return NULL. */
 DSO_METHOD *DSO_METHOD_vms(void);
+/* This function writes null-terminated pathname of DSO module
+ * containing 'addr' into 'sz' large caller-provided 'path' and
+ * returns the number of characters [including trailing zero]
+ * written to it. If 'sz' is 0 or negative, 'path' is ignored and
+ * required amount of charachers [including trailing zero] to
+ * accomodate pathname is returned. If 'addr' is NULL, then
+ * pathname of cryptolib itself is returned. Negative or zero
+ * return value denotes error.
+ */
+int DSO_pathbyaddr(void *addr,char *path,int sz);
+/* This function should be used with caution! It looks up symbols in
+ * *all* loaded modules and if module gets unloaded by somebody else
+ * attempt to dereference the pointer is doomed to have fatal
+ * consequences. Primary usage for this function is to probe *core*
+ * system functionality, e.g. check if getnameinfo(3) is available
+ * at run-time without bothering about OS-specific details such as
+ * libc.so.versioning or where does it actually reside: in libc
+ * itself or libsocket. */
+void *DSO_global_lookup(const char *name);
+/* If BeOS is defined, use shared images. If not, return NULL. */
+DSO_METHOD *DSO_METHOD_beos(void);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -305,6 +334,11 @@ void ERR_load_DSO_strings(void);
 /* Error codes for the DSO functions. */
 /* Function codes. */
+#define DSO_F_BEOS_BIND_FUNC                             144
+#define DSO_F_BEOS_BIND_VAR                              145
+#define DSO_F_BEOS_LOAD                                  146
+#define DSO_F_BEOS_NAME_CONVERTER                        147
+#define DSO_F_BEOS_UNLOAD                                148
 #define DSO_F_DLFCN_BIND_FUNC                            100
 #define DSO_F_DLFCN_BIND_VAR                             101
 #define DSO_F_DLFCN_LOAD                                 102
@@ -324,22 +358,29 @@ void ERR_load_DSO_strings(void);
 #define DSO_F_DSO_FREE                                   111
 #define DSO_F_DSO_GET_FILENAME                           127
 #define DSO_F_DSO_GET_LOADED_FILENAME                    128
+#define DSO_F_DSO_GLOBAL_LOOKUP                          139
 #define DSO_F_DSO_LOAD                                   112
 #define DSO_F_DSO_MERGE                                  132
 #define DSO_F_DSO_NEW_METHOD                             113
+#define DSO_F_DSO_PATHBYADDR                             140
 #define DSO_F_DSO_SET_FILENAME                           129
 #define DSO_F_DSO_SET_NAME_CONVERTER                     122
 #define DSO_F_DSO_UP_REF                                 114
+#define DSO_F_GLOBAL_LOOKUP_FUNC                         138
+#define DSO_F_PATHBYADDR                                 137
 #define DSO_F_VMS_BIND_SYM                               115
 #define DSO_F_VMS_LOAD                                   116
 #define DSO_F_VMS_MERGER                                 133
 #define DSO_F_VMS_UNLOAD                                 117
 #define DSO_F_WIN32_BIND_FUNC                            118
 #define DSO_F_WIN32_BIND_VAR                             119
+#define DSO_F_WIN32_GLOBALLOOKUP                         142
+#define DSO_F_WIN32_GLOBALLOOKUP_FUNC                    143
 #define DSO_F_WIN32_JOINER                               135
 #define DSO_F_WIN32_LOAD                                 120
 #define DSO_F_WIN32_MERGER                               134
 #define DSO_F_WIN32_NAME_CONVERTER                       125
+#define DSO_F_WIN32_PATHBYADDR                           141
 #define DSO_F_WIN32_SPLITTER                             136
 #define DSO_F_WIN32_UNLOAD                               121
diff --git a/src/lib/libssl/src/crypto/dso/dso_dl.c b/src/lib/libssl/src/crypto/dso/dso_dl.c
index 417abb6ea9..fc4236bd9a 100644
--- a/src/lib/libssl/src/crypto/dso/dso_dl.c
+++ b/src/lib/libssl/src/crypto/dso/dso_dl.c
@@ -85,6 +85,8 @@ static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
 #endif
 static char *dl_name_converter(DSO *dso, const char *filename);
 static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2);
+static int dl_pathbyaddr(void *addr,char *path,int sz);
+static void *dl_globallookup(const char *name);
 static DSO_METHOD dso_meth_dl = {
        "OpenSSL 'dl' shared library method",
@@ -101,7 +103,9 @@ static DSO_METHOD dso_meth_dl = {
        dl_name_converter,
        dl_merger,
        NULL, /* init */
-        NULL  /* finish */
+        NULL, /* finish */
+        dl_pathbyaddr,
+        dl_globallookup
        };
 DSO_METHOD *DSO_METHOD_dl(void)
@@ -350,4 +354,40 @@ static char *dl_name_converter(DSO *dso, const char *filename)
        return(translated);
        }
+static int dl_pathbyaddr(void *addr,char *path,int sz)
+        {
+        struct shl_descriptor inf;
+        int i,len;
+        if (addr == NULL)
+                {
+                union   { int(*f)(void*,char*,int); void *p; } t =
+                        { dl_pathbyaddr };
+                addr = t.p;
+                }
+        for (i=-1;shl_get_r(i,&inf)==0;i++)
+                {
+                if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
+                    ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend))
+                        {
+                        len = (int)strlen(inf.filename);
+                        if (sz <= 0) return len+1;
+                        if (len >= sz) len=sz-1;
+                        memcpy(path,inf.filename,len);
+                        path[len++] = 0;
+                        return len;
+                        }
+                }
+        return -1;
+        }
+static void *dl_globallookup(const char *name)
+        {
+        void *ret;
+        shl_t h = NULL;
+        return shl_findsym(&h,name,TYPE_UNDEFINED,&ret) ? NULL : ret;
+        }
 #endif /* DSO_DL */
diff --git a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
index 1fd10104c5..14bd322fb8 100644
--- a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
+++ b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
@@ -56,6 +56,16 @@
 *
 */
+/* We need to do this early, because stdio.h includes the header files
+   that handle _GNU_SOURCE and other similar macros.  Defining it later
+   is simply too late, because those headers are protected from re-
+   inclusion.  */
+#ifdef __linux
+# ifndef _GNU_SOURCE
+#  define _GNU_SOURCE   /* make sure dladdr is declared */
+# endif
+#endif
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/dso.h>
@@ -68,7 +78,16 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 #else
 #ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
+# ifdef __osf__
+#  define __EXTENSIONS__
+# endif
+# include <dlfcn.h>
+# define HAVE_DLINFO 1
+# if defined(_AIX) || defined(__CYGWIN__) || \
+     defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
+     (defined(__OpenBSD__) && !defined(RTLD_SELF))
+#  undef HAVE_DLINFO
+# endif
 #endif
 /* Part of the hack in "dlfcn_load" ... */
@@ -87,6 +106,8 @@ static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
 static char *dlfcn_name_converter(DSO *dso, const char *filename);
 static char *dlfcn_merger(DSO *dso, const char *filespec1,
        const char *filespec2);
+static int dlfcn_pathbyaddr(void *addr,char *path,int sz);
+static void *dlfcn_globallookup(const char *name);
 static DSO_METHOD dso_meth_dlfcn = {
        "OpenSSL 'dlfcn' shared library method",
@@ -103,7 +124,9 @@ static DSO_METHOD dso_meth_dlfcn = {
        dlfcn_name_converter,
        dlfcn_merger,
        NULL, /* init */
-        NULL  /* finish */
+        NULL, /* finish */
+        dlfcn_pathbyaddr,
+        dlfcn_globallookup
        };
 DSO_METHOD *DSO_METHOD_dlfcn(void)
@@ -163,7 +186,7 @@ static int dlfcn_load(DSO *dso)
                ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
                goto err;
                }
-        if(!sk_push(dso->meth_data, (char *)ptr))
+        if(!sk_void_push(dso->meth_data, (char *)ptr))
                {
                DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR);
                goto err;
@@ -188,15 +211,15 @@ static int dlfcn_unload(DSO *dso)
                DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
                return(0);
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                return(1);
-        ptr = (void *)sk_pop(dso->meth_data);
+        ptr = sk_void_pop(dso->meth_data);
        if(ptr == NULL)
                {
                DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE);
                /* Should push the value back onto the stack in
                 * case of a retry. */
-                sk_push(dso->meth_data, (char *)ptr);
+                sk_void_push(dso->meth_data, ptr);
                return(0);
                }
        /* For now I'm not aware of any errors associated with dlclose() */
@@ -213,12 +236,12 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname)
                DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
                return(NULL);
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                {
                DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR);
                return(NULL);
                }
-        ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
        if(ptr == NULL)
                {
                DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE);
@@ -237,32 +260,35 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname)
 static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
        {
        void *ptr;
-        DSO_FUNC_TYPE sym, *tsym = &sym;
+        union {
+                DSO_FUNC_TYPE sym;
+                void *dlret;
+        } u;
        if((dso == NULL) || (symname == NULL))
                {
                DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
                return(NULL);
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                {
                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR);
                return(NULL);
                }
-        ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
        if(ptr == NULL)
                {
                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
                return(NULL);
                }
-        *(void **)(tsym) = dlsym(ptr, symname);
+        u.dlret = dlsym(ptr, symname);
-        if(sym == NULL)
+        if(u.dlret == NULL)
                {
                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
                ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
                return(NULL);
                }
-        return(sym);
+        return u.sym;
        }
 static char *dlfcn_merger(DSO *dso, const char *filespec1,
@@ -278,13 +304,12 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
                }
        /* If the first file specification is a rooted path, it rules.
           same goes if the second file specification is missing. */
-        if (!filespec2 || filespec1[0] == '/')
+        if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/'))
                {
                merged = OPENSSL_malloc(strlen(filespec1) + 1);
                if(!merged)
                        {
-                        DSOerr(DSO_F_DLFCN_MERGER,
+                        DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
-                                ERR_R_MALLOC_FAILURE);
                        return(NULL);
                        }
                strcpy(merged, filespec1);
@@ -310,7 +335,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
                {
                int spec2len, len;
-                spec2len = (filespec2 ? strlen(filespec2) : 0);
+                spec2len = strlen(filespec2);
                len = spec2len + (filespec1 ? strlen(filespec1) : 0);
                if(filespec2 && filespec2[spec2len - 1] == '/')
@@ -332,6 +357,15 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
        return(merged);
        }
+#ifdef OPENSSL_SYS_MACOSX
+#define DSO_ext ".dylib"
+#define DSO_extlen 6
+#else
+#define DSO_ext ".so"
+#define DSO_extlen 3
+#endif
 static char *dlfcn_name_converter(DSO *dso, const char *filename)
        {
        char *translated;
@@ -342,8 +376,8 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
        transform = (strstr(filename, "/") == NULL);
        if(transform)
                {
-                /* We will convert this to "%s.so" or "lib%s.so" */
+                /* We will convert this to "%s.so" or "lib%s.so" etc */
-                rsize += 3;     /* The length of ".so" */
+                rsize += DSO_extlen;    /* The length of ".so" */
                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
                        rsize += 3; /* The length of "lib" */
                }
@@ -357,13 +391,92 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
        if(transform)
                {
                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-                        sprintf(translated, "lib%s.so", filename);
+                        sprintf(translated, "lib%s" DSO_ext, filename);
                else
-                        sprintf(translated, "%s.so", filename);
+                        sprintf(translated, "%s" DSO_ext, filename);
                }
        else
                sprintf(translated, "%s", filename);
        return(translated);
        }
+#ifdef __sgi
+/*
+This is a quote from IRIX manual for dladdr(3c):
+     <dlfcn.h> does not contain a prototype for dladdr or definition of
+     Dl_info.  The #include <dlfcn.h>  in the SYNOPSIS line is traditional,
+     but contains no dladdr prototype and no IRIX library contains an
+     implementation.  Write your own declaration based on the code below.
+     The following code is dependent on internal interfaces that are not
+     part of the IRIX compatibility guarantee; however, there is no future
+     intention to change this interface, so on a practical level, the code
+     below is safe to use on IRIX.
+*/
+#include <rld_interface.h>
+#ifndef _RLD_INTERFACE_DLFCN_H_DLADDR
+#define _RLD_INTERFACE_DLFCN_H_DLADDR
+typedef struct Dl_info {
+    const char * dli_fname;
+    void       * dli_fbase;
+    const char * dli_sname;
+    void       * dli_saddr;
+    int          dli_version;
+    int          dli_reserved1;
+    long         dli_reserved[4];
+} Dl_info;
+#else
+typedef struct Dl_info Dl_info;
+#endif
+#define _RLD_DLADDR             14
+static int dladdr(void *address, Dl_info *dl)
+{
+        void *v;
+        v = _rld_new_interface(_RLD_DLADDR,address,dl);
+        return (int)v;
+}
+#endif /* __sgi */
+static int dlfcn_pathbyaddr(void *addr,char *path,int sz)
+        {
+#ifdef HAVE_DLINFO
+        Dl_info dli;
+        int len;
+        if (addr == NULL)
+                {
+                union   { int(*f)(void*,char*,int); void *p; } t =
+                        { dlfcn_pathbyaddr };
+                addr = t.p;
+                }
+        if (dladdr(addr,&dli))
+                {
+                len = (int)strlen(dli.dli_fname);
+                if (sz <= 0) return len+1;
+                if (len >= sz) len=sz-1;
+                memcpy(path,dli.dli_fname,len);
+                path[len++]=0;
+                return len;
+                }
+        ERR_add_error_data(4, "dlfcn_pathbyaddr(): ", dlerror());
+#endif
+        return -1;
+        }
+static void *dlfcn_globallookup(const char *name)
+        {
+        void *ret = NULL,*handle = dlopen(NULL,RTLD_LAZY);
+        
+        if (handle)
+                {
+                ret = dlsym(handle,name);
+                dlclose(handle);
+                }
+        return ret;
+        }
 #endif /* DSO_DLFCN */
diff --git a/src/lib/libssl/src/crypto/dso/dso_err.c b/src/lib/libssl/src/crypto/dso/dso_err.c
index a8b0a210de..2bb07c2514 100644
--- a/src/lib/libssl/src/crypto/dso/dso_err.c
+++ b/src/lib/libssl/src/crypto/dso/dso_err.c
@@ -1,6 +1,6 @@
 /* crypto/dso/dso_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,6 +70,11 @@
 static ERR_STRING_DATA DSO_str_functs[]=
        {
+{ERR_FUNC(DSO_F_BEOS_BIND_FUNC),        "BEOS_BIND_FUNC"},
+{ERR_FUNC(DSO_F_BEOS_BIND_VAR), "BEOS_BIND_VAR"},
+{ERR_FUNC(DSO_F_BEOS_LOAD),     "BEOS_LOAD"},
+{ERR_FUNC(DSO_F_BEOS_NAME_CONVERTER),   "BEOS_NAME_CONVERTER"},
+{ERR_FUNC(DSO_F_BEOS_UNLOAD),   "BEOS_UNLOAD"},
 {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC),       "DLFCN_BIND_FUNC"},
 {ERR_FUNC(DSO_F_DLFCN_BIND_VAR),        "DLFCN_BIND_VAR"},
 {ERR_FUNC(DSO_F_DLFCN_LOAD),    "DLFCN_LOAD"},
@@ -89,22 +94,29 @@ static ERR_STRING_DATA DSO_str_functs[]=
 {ERR_FUNC(DSO_F_DSO_FREE),      "DSO_free"},
 {ERR_FUNC(DSO_F_DSO_GET_FILENAME),      "DSO_get_filename"},
 {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME),       "DSO_get_loaded_filename"},
+{ERR_FUNC(DSO_F_DSO_GLOBAL_LOOKUP),     "DSO_global_lookup"},
 {ERR_FUNC(DSO_F_DSO_LOAD),      "DSO_load"},
 {ERR_FUNC(DSO_F_DSO_MERGE),     "DSO_merge"},
 {ERR_FUNC(DSO_F_DSO_NEW_METHOD),        "DSO_new_method"},
+{ERR_FUNC(DSO_F_DSO_PATHBYADDR),        "DSO_pathbyaddr"},
 {ERR_FUNC(DSO_F_DSO_SET_FILENAME),      "DSO_set_filename"},
 {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER),        "DSO_set_name_converter"},
 {ERR_FUNC(DSO_F_DSO_UP_REF),    "DSO_up_ref"},
+{ERR_FUNC(DSO_F_GLOBAL_LOOKUP_FUNC),    "GLOBAL_LOOKUP_FUNC"},
+{ERR_FUNC(DSO_F_PATHBYADDR),    "PATHBYADDR"},
 {ERR_FUNC(DSO_F_VMS_BIND_SYM),  "VMS_BIND_SYM"},
 {ERR_FUNC(DSO_F_VMS_LOAD),      "VMS_LOAD"},
 {ERR_FUNC(DSO_F_VMS_MERGER),    "VMS_MERGER"},
 {ERR_FUNC(DSO_F_VMS_UNLOAD),    "VMS_UNLOAD"},
 {ERR_FUNC(DSO_F_WIN32_BIND_FUNC),       "WIN32_BIND_FUNC"},
 {ERR_FUNC(DSO_F_WIN32_BIND_VAR),        "WIN32_BIND_VAR"},
+{ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP),    "WIN32_GLOBALLOOKUP"},
+{ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP_FUNC),       "WIN32_GLOBALLOOKUP_FUNC"},
 {ERR_FUNC(DSO_F_WIN32_JOINER),  "WIN32_JOINER"},
 {ERR_FUNC(DSO_F_WIN32_LOAD),    "WIN32_LOAD"},
 {ERR_FUNC(DSO_F_WIN32_MERGER),  "WIN32_MERGER"},
 {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER),  "WIN32_NAME_CONVERTER"},
+{ERR_FUNC(DSO_F_WIN32_PATHBYADDR),      "WIN32_PATHBYADDR"},
 {ERR_FUNC(DSO_F_WIN32_SPLITTER),        "WIN32_SPLITTER"},
 {ERR_FUNC(DSO_F_WIN32_UNLOAD),  "WIN32_UNLOAD"},
 {0,NULL}
diff --git a/src/lib/libssl/src/crypto/dso/dso_lib.c b/src/lib/libssl/src/crypto/dso/dso_lib.c
index 49bdd71309..8a15b794ab 100644
--- a/src/lib/libssl/src/crypto/dso/dso_lib.c
+++ b/src/lib/libssl/src/crypto/dso/dso_lib.c
@@ -107,7 +107,7 @@ DSO *DSO_new_method(DSO_METHOD *meth)
                return(NULL);
                }
        memset(ret, 0, sizeof(DSO));
-        ret->meth_data = sk_new_null();
+        ret->meth_data = sk_void_new_null();
        if(ret->meth_data == NULL)
                {
                /* sk_new doesn't generate any errors so we do */
@@ -163,7 +163,7 @@ int DSO_free(DSO *dso)
                return(0);
                }
        
-        sk_free(dso->meth_data);
+        sk_void_free(dso->meth_data);
        if(dso->filename != NULL)
                OPENSSL_free(dso->filename);
        if(dso->loaded_filename != NULL)
@@ -399,13 +399,6 @@ char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
                DSOerr(DSO_F_DSO_MERGE,ERR_R_PASSED_NULL_PARAMETER);
                return(NULL);
                }
-        if(filespec1 == NULL)
-                filespec1 = dso->filename;
-        if(filespec1 == NULL)
-                {
-                DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION);
-                return(NULL);
-                }
        if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
                {
                if(dso->merger != NULL)
@@ -464,3 +457,27 @@ const char *DSO_get_loaded_filename(DSO *dso)
                }
        return(dso->loaded_filename);
        }
+int DSO_pathbyaddr(void *addr,char *path,int sz)
+        {
+        DSO_METHOD *meth = default_DSO_meth;
+        if (meth == NULL) meth = DSO_METHOD_openssl();
+        if (meth->pathbyaddr == NULL)
+                {
+                DSOerr(DSO_F_DSO_PATHBYADDR,DSO_R_UNSUPPORTED);
+                return -1;
+                }
+        return (*meth->pathbyaddr)(addr,path,sz);
+        }
+void *DSO_global_lookup(const char *name)
+        {
+        DSO_METHOD *meth = default_DSO_meth;
+        if (meth == NULL) meth = DSO_METHOD_openssl();
+        if (meth->globallookup == NULL)
+                {
+                DSOerr(DSO_F_DSO_GLOBAL_LOOKUP,DSO_R_UNSUPPORTED);
+                return NULL;
+                }
+        return (*meth->globallookup)(name);
+        }
diff --git a/src/lib/libssl/src/crypto/dso/dso_null.c b/src/lib/libssl/src/crypto/dso/dso_null.c
index 4972984651..49d842d1f5 100644
--- a/src/lib/libssl/src/crypto/dso/dso_null.c
+++ b/src/lib/libssl/src/crypto/dso/dso_null.c
@@ -78,7 +78,9 @@ static DSO_METHOD dso_meth_null = {
        NULL, /* dso_name_converter */
        NULL, /* dso_merger */
        NULL, /* init */
-        NULL  /* finish */
+        NULL, /* finish */
+        NULL, /* pathbyaddr */
+        NULL  /* globallookup */
        };
 DSO_METHOD *DSO_METHOD_null(void)
diff --git a/src/lib/libssl/src/crypto/dso/dso_openssl.c b/src/lib/libssl/src/crypto/dso/dso_openssl.c
index a4395ebffe..b17e8e8e9e 100644
--- a/src/lib/libssl/src/crypto/dso/dso_openssl.c
+++ b/src/lib/libssl/src/crypto/dso/dso_openssl.c
@@ -74,6 +74,8 @@ DSO_METHOD *DSO_METHOD_openssl(void)
        return(DSO_METHOD_win32());
 #elif defined(DSO_VMS)
        return(DSO_METHOD_vms());
+#elif defined(DSO_BEOS)
+        return(DSO_METHOD_beos());
 #else
        return(DSO_METHOD_null());
 #endif
diff --git a/src/lib/libssl/src/crypto/dso/dso_vms.c b/src/lib/libssl/src/crypto/dso/dso_vms.c
index 2c434ee8a6..321512772a 100644
--- a/src/lib/libssl/src/crypto/dso/dso_vms.c
+++ b/src/lib/libssl/src/crypto/dso/dso_vms.c
@@ -215,7 +215,7 @@ static int vms_load(DSO *dso)
        p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
        p->imagename_dsc.dsc$a_pointer = p->imagename;
-        if(!sk_push(dso->meth_data, (char *)p))
+        if(!sk_void_push(dso->meth_data, (char *)p))
                {
                DSOerr(DSO_F_VMS_LOAD,DSO_R_STACK_ERROR);
                goto err;
@@ -245,9 +245,9 @@ static int vms_unload(DSO *dso)
                DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
                return(0);
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                return(1);
-        p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data);
+        p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data);
        if(p == NULL)
                {
                DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE);
@@ -302,13 +302,13 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym)
                DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER);
                return;
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                {
                DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR);
                return;
                }
-        ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data,
+        ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data,
-                sk_num(dso->meth_data) - 1);
+                sk_void_num(dso->meth_data) - 1);
        if(ptr == NULL)
                {
                DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_NULL_HANDLE);
diff --git a/src/lib/libssl/src/crypto/dso/dso_win32.c b/src/lib/libssl/src/crypto/dso/dso_win32.c
index fd3dd6a7fe..6fb6c54181 100644
--- a/src/lib/libssl/src/crypto/dso/dso_win32.c
+++ b/src/lib/libssl/src/crypto/dso/dso_win32.c
@@ -96,7 +96,11 @@ static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName)
 #else
        fnamw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
 #endif
-        if (fnamw == NULL) return NULL;
+        if (fnamw == NULL)
+                {
+                SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+                return NULL;
+                }
 #if defined(_WIN32_WCE) && _WIN32_WCE>=101
        if (!MultiByteToWideChar(CP_ACP,0,lpLibFileName,len_0,fnamw,len_0))
@@ -124,6 +128,8 @@ static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg);
 static char *win32_name_converter(DSO *dso, const char *filename);
 static char *win32_merger(DSO *dso, const char *filespec1,
        const char *filespec2);
+static int win32_pathbyaddr(void *addr,char *path,int sz);
+static void *win32_globallookup(const char *name);
 static const char *openssl_strnchr(const char *string, int c, size_t len);
@@ -142,7 +148,9 @@ static DSO_METHOD dso_meth_win32 = {
        win32_name_converter,
        win32_merger,
        NULL, /* init */
-        NULL  /* finish */
+        NULL, /* finish */
+        win32_pathbyaddr,
+        win32_globallookup
        };
 DSO_METHOD *DSO_METHOD_win32(void)
@@ -180,7 +188,7 @@ static int win32_load(DSO *dso)
                goto err;
                }
        *p = h;
-        if(!sk_push(dso->meth_data, (char *)p))
+        if(!sk_void_push(dso->meth_data, p))
                {
                DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR);
                goto err;
@@ -207,9 +215,9 @@ static int win32_unload(DSO *dso)
                DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
                return(0);
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                return(1);
-        p = (HINSTANCE *)sk_pop(dso->meth_data);
+        p = sk_void_pop(dso->meth_data);
        if(p == NULL)
                {
                DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE);
@@ -220,7 +228,7 @@ static int win32_unload(DSO *dso)
                DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED);
                /* We should push the value back onto the stack in
                 * case of a retry. */
-                sk_push(dso->meth_data, (char *)p);
+                sk_void_push(dso->meth_data, p);
                return(0);
                }
        /* Cleanup */
@@ -240,12 +248,12 @@ static void *win32_bind_var(DSO *dso, const char *symname)
                DSOerr(DSO_F_WIN32_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
                return(NULL);
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                {
                DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_STACK_ERROR);
                return(NULL);
                }
-        ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
        if(ptr == NULL)
                {
                DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_NULL_HANDLE);
@@ -271,12 +279,12 @@ static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
                DSOerr(DSO_F_WIN32_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
                return(NULL);
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                {
                DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_STACK_ERROR);
                return(NULL);
                }
-        ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
        if(ptr == NULL)
                {
                DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_NULL_HANDLE);
@@ -327,8 +335,8 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
        memset(result, 0, sizeof(struct file_st));
        position = IN_DEVICE;
-        if(filename[0] == '\\' && filename[1] == '\\'
+        if((filename[0] == '\\' && filename[1] == '\\')
-                || filename[0] == '/' && filename[1] == '/')
+                || (filename[0] == '/' && filename[1] == '/'))
                {
                position = IN_NODE;
                filename += 2;
@@ -347,10 +355,11 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
                                DSOerr(DSO_F_WIN32_SPLITTER,
                                        DSO_R_INCORRECT_FILE_SYNTAX);
                                /*goto err;*/
+                                OPENSSL_free(result);
                                return(NULL);
                                }
                        result->device = start;
-                        result->devicelen = filename - start;
+                        result->devicelen = (int)(filename - start);
                        position = IN_FILE;
                        start = ++filename;
                        result->dir = start;
@@ -359,7 +368,7 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
                case '/':
                        if(position == IN_NODE)
                                {
-                                result->nodelen = filename - start;
+                                result->nodelen = (int)(filename - start);
                                position = IN_FILE;
                                start = ++filename;
                                result->dir = start;
@@ -369,20 +378,20 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
                                position = IN_FILE;
                                filename++;
                                result->dir = start;
-                                result->dirlen = filename - start;
+                                result->dirlen = (int)(filename - start);
                                start = filename;
                                }
                        else
                                {
                                filename++;
-                                result->dirlen += filename - start;
+                                result->dirlen += (int)(filename - start);
                                start = filename;
                                }
                        break;
                case '\0':
                        if(position == IN_NODE)
                                {
-                                result->nodelen = filename - start;
+                                result->nodelen = (int)(filename - start);
                                }
                        else
                                {
@@ -396,13 +405,13 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
                                                        result->dirlen = 0;
                                                        }
                                                result->dirlen +=
-                                                        filename - start;
+                                                        (int)(filename - start);
                                                }
                                        else
                                                {
                                                result->file = start;
                                                result->filelen =
-                                                        filename - start;
+                                                        (int)(filename - start);
                                                }
                                        }
                                }
@@ -496,7 +505,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split)
                                + file_split->predirlen
                                - (start - file_split->predir);
                strncpy(&result[offset], start,
-                        end - start); offset += end - start;
+                        end - start); offset += (int)(end - start);
                result[offset] = '\\'; offset++;
                start = end + 1;
                }
@@ -517,7 +526,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split)
                                + file_split->dirlen
                                - (start - file_split->dir);
                strncpy(&result[offset], start,
-                        end - start); offset += end - start;
+                        end - start); offset += (int)(end - start);
                result[offset] = '\\'; offset++;
                start = end + 1;
                }
@@ -613,6 +622,8 @@ static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2
                merged = win32_joiner(dso, filespec1_split);
                }
+        OPENSSL_free(filespec1_split);
+        OPENSSL_free(filespec2_split);
        return(merged);
        }
@@ -656,5 +667,178 @@ static const char *openssl_strnchr(const char *string, int c, size_t len)
        return NULL;
        }
+#include <tlhelp32.h>
+#ifdef _WIN32_WCE
+# define DLLNAME "TOOLHELP.DLL"
+#else
+# ifdef MODULEENTRY32
+# undef MODULEENTRY32   /* unmask the ASCII version! */
+# endif
+# define DLLNAME "KERNEL32.DLL"
+#endif
+typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
+typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
+typedef BOOL (WINAPI *MODULE32)(HANDLE, MODULEENTRY32 *);
-#endif /* OPENSSL_SYS_WIN32 */
+static int win32_pathbyaddr(void *addr,char *path,int sz)
+        {
+        HMODULE dll;
+        HANDLE hModuleSnap = INVALID_HANDLE_VALUE; 
+        MODULEENTRY32 me32; 
+        CREATETOOLHELP32SNAPSHOT create_snap;
+        CLOSETOOLHELP32SNAPSHOT  close_snap;
+        MODULE32 module_first, module_next;
+        int len;
+ 
+        if (addr == NULL)
+                {
+                union   { int(*f)(void*,char*,int); void *p; } t =
+                        { win32_pathbyaddr };
+                addr = t.p;
+                }
+        dll = LoadLibrary(TEXT(DLLNAME));
+        if (dll == NULL)
+                {
+                DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED);
+                return -1;
+                }
+        create_snap = (CREATETOOLHELP32SNAPSHOT)
+                GetProcAddress(dll,"CreateToolhelp32Snapshot");
+        if (create_snap == NULL)
+                {
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED);
+                return -1;
+                }
+        /* We take the rest for granted... */
+#ifdef _WIN32_WCE
+        close_snap = (CLOSETOOLHELP32SNAPSHOT)
+                GetProcAddress(dll,"CloseToolhelp32Snapshot");
+#else
+        close_snap = (CLOSETOOLHELP32SNAPSHOT)CloseHandle;
+#endif
+        module_first = (MODULE32)GetProcAddress(dll,"Module32First");
+        module_next  = (MODULE32)GetProcAddress(dll,"Module32Next");
+        hModuleSnap = (*create_snap)(TH32CS_SNAPMODULE,0); 
+        if( hModuleSnap == INVALID_HANDLE_VALUE ) 
+                { 
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED);
+                return -1;
+                } 
+ 
+        me32.dwSize = sizeof(me32); 
+ 
+        if(!(*module_first)(hModuleSnap,&me32)) 
+                { 
+                (*close_snap)(hModuleSnap);
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_FAILURE);
+                return -1;
+                }
+ 
+        do      { 
+                if ((BYTE *)addr >= me32.modBaseAddr &&
+                    (BYTE *)addr <  me32.modBaseAddr+me32.modBaseSize)
+                        {
+                        (*close_snap)(hModuleSnap);
+                        FreeLibrary(dll);
+#ifdef _WIN32_WCE
+# if _WIN32_WCE >= 101
+                        return WideCharToMultiByte(CP_ACP,0,me32.szExePath,-1,
+                                                        path,sz,NULL,NULL);
+# else
+                        len = (int)wcslen(me32.szExePath);
+                        if (sz <= 0) return len+1;
+                        if (len >= sz) len=sz-1;
+                        for(i=0;i<len;i++)
+                                path[i] = (char)me32.szExePath[i];
+                        path[len++] = 0;
+                        return len;
+# endif
+#else
+                        len = (int)strlen(me32.szExePath);
+                        if (sz <= 0) return len+1;
+                        if (len >= sz) len=sz-1;
+                        memcpy(path,me32.szExePath,len);
+                        path[len++] = 0;
+                        return len;
+#endif
+                        } 
+                } while((*module_next)(hModuleSnap, &me32)); 
+ 
+        (*close_snap)(hModuleSnap); 
+        FreeLibrary(dll);
+        return 0;
+        }
+static void *win32_globallookup(const char *name)
+        {
+        HMODULE dll;
+        HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
+        MODULEENTRY32 me32;
+        CREATETOOLHELP32SNAPSHOT create_snap;
+        CLOSETOOLHELP32SNAPSHOT  close_snap;
+        MODULE32 module_first, module_next;
+        FARPROC ret=NULL;
+        dll = LoadLibrary(TEXT(DLLNAME));
+        if (dll == NULL)
+                {
+                DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED);
+                return NULL;
+                }
+        create_snap = (CREATETOOLHELP32SNAPSHOT)
+                GetProcAddress(dll,"CreateToolhelp32Snapshot");
+        if (create_snap == NULL)
+                {
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED);
+                return NULL;
+                }
+        /* We take the rest for granted... */
+#ifdef _WIN32_WCE
+        close_snap = (CLOSETOOLHELP32SNAPSHOT)
+                GetProcAddress(dll,"CloseToolhelp32Snapshot");
+#else
+        close_snap = (CLOSETOOLHELP32SNAPSHOT)CloseHandle;
+#endif
+        module_first = (MODULE32)GetProcAddress(dll,"Module32First");
+        module_next  = (MODULE32)GetProcAddress(dll,"Module32Next");
+        hModuleSnap = (*create_snap)(TH32CS_SNAPMODULE,0);
+        if( hModuleSnap == INVALID_HANDLE_VALUE )
+                {
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED);
+                return NULL;
+                }
+        me32.dwSize = sizeof(me32);
+        if (!(*module_first)(hModuleSnap,&me32))
+                {
+                (*close_snap)(hModuleSnap);
+                FreeLibrary(dll);
+                return NULL;
+                }
+        do      {
+                if ((ret = GetProcAddress(me32.hModule,name)))
+                        {
+                        (*close_snap)(hModuleSnap);
+                        FreeLibrary(dll);
+                        return ret;
+                        }
+                } while((*module_next)(hModuleSnap,&me32));
+        (*close_snap)(hModuleSnap); 
+        FreeLibrary(dll);
+        return NULL;
+        }
+#endif /* DSO_WIN32 */
diff --git a/src/lib/libssl/src/crypto/ec/Makefile b/src/lib/libssl/src/crypto/ec/Makefile
index b5bbc9faa1..db380ed16f 100644
--- a/src/lib/libssl/src/crypto/ec/Makefile
+++ b/src/lib/libssl/src/crypto/ec/Makefile
@@ -19,11 +19,11 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c\
        ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c\
-        ec2_smpl.c ec2_smpt.c ec2_mult.c
+        ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c
 LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_nist.o ec_cvt.o ec_mult.o\
        ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o\
-        ec2_smpl.o ec2_mult.o
+        ec2_smpl.o ec2_mult.o ec_ameth.o ec_pmeth.o eck_prn.o
 SRC= $(LIBSRC)
@@ -38,7 +38,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -94,8 +94,22 @@ ec2_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 ec2_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
 ec2_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ec2_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec2_smpt.c ec_lcl.h
+ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec_lcl.h
-ec2_smpt.o: ec2_smpt.c
+ec_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+ec_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+ec_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ec_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ec_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ec_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ec_ameth.o: ../../include/openssl/opensslconf.h
+ec_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ec_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ec_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ec_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+ec_ameth.o: ec_ameth.c
 ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -160,6 +174,20 @@ ec_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
 ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ec_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 ec_mult.o: ../../include/openssl/symhacks.h ec_lcl.h ec_mult.c
+ec_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+ec_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+ec_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ec_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ec_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ec_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ec_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ec_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ec_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ec_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ec_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
+ec_pmeth.o: ec_pmeth.c
 ec_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ec_print.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 ec_print.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -167,6 +195,16 @@ ec_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
 ec_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ec_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 ec_print.o: ../../include/openssl/symhacks.h ec_lcl.h ec_print.c
+eck_prn.o: ../../e_os.h ../../include/openssl/asn1.h
+eck_prn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eck_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eck_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eck_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eck_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eck_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eck_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eck_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eck_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h eck_prn.c
 ecp_mont.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ecp_mont.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 ecp_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/src/lib/libssl/src/crypto/ec/ec.h b/src/lib/libssl/src/crypto/ec/ec.h
index 8bc2a235b1..ee7078130c 100644
--- a/src/lib/libssl/src/crypto/ec/ec.h
+++ b/src/lib/libssl/src/crypto/ec/ec.h
@@ -2,8 +2,12 @@
 /*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
+/**
+ * \file crypto/ec/ec.h Include file for the OpenSSL EC functions
+ * \author Originally written by Bodo Moeller for the OpenSSL project
+ */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -92,15 +96,21 @@ extern "C" {
 # endif
 #endif
+  
 #ifndef OPENSSL_ECC_MAX_FIELD_BITS
 # define OPENSSL_ECC_MAX_FIELD_BITS 661
 #endif
+/** Enum for the point conversion form as defined in X9.62 (ECDSA)
+ *  for the encoding of a elliptic curve point (x,y) */
 typedef enum {
-        /* values as defined in X9.62 (ECDSA) and elsewhere */
+        /** the point is encoded as z||x, where the octet z specifies 
+         *  which solution of the quadratic equation y is  */
        POINT_CONVERSION_COMPRESSED = 2,
+        /** the point is encoded as z||x||y, where z is the octet 0x02  */
        POINT_CONVERSION_UNCOMPRESSED = 4,
+        /** the point is encoded as z||x||y, where the octet z specifies
+         *  which solution of the quadratic equation y is  */
        POINT_CONVERSION_HYBRID = 6
 } point_conversion_form_t;
@@ -121,37 +131,129 @@ typedef struct ec_group_st
 typedef struct ec_point_st EC_POINT;
-/* EC_METHODs for curves over GF(p).
+/********************************************************************/
- * EC_GFp_simple_method provides the basis for the optimized methods.
+/*               EC_METHODs for curves over GF(p)                   */       
+/********************************************************************/
+/** Returns the basic GFp ec methods which provides the basis for the
+ *  optimized methods. 
+ *  \return  EC_METHOD object
 */
 const EC_METHOD *EC_GFp_simple_method(void);
+/** Returns GFp methods using montgomery multiplication.
+ *  \return  EC_METHOD object
+ */
 const EC_METHOD *EC_GFp_mont_method(void);
+/** Returns GFp methods using optimized methods for NIST recommended curves
+ *  \return  EC_METHOD object
+ */
 const EC_METHOD *EC_GFp_nist_method(void);
-/* EC_METHOD for curves over GF(2^m).
+/********************************************************************/ 
+/*           EC_METHOD for curves over GF(2^m)                      */
+/********************************************************************/
+/** Returns the basic GF2m ec method 
+ *  \return  EC_METHOD object
 */
 const EC_METHOD *EC_GF2m_simple_method(void);
-EC_GROUP *EC_GROUP_new(const EC_METHOD *);
+/********************************************************************/
-void EC_GROUP_free(EC_GROUP *);
+/*                   EC_GROUP functions                             */
-void EC_GROUP_clear_free(EC_GROUP *);
+/********************************************************************/
-int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *);
-EC_GROUP *EC_GROUP_dup(const EC_GROUP *);
-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);
+/** Creates a new EC_GROUP object
-int EC_METHOD_get_field_type(const EC_METHOD *);
+ *  \param   meth  EC_METHOD to use
+ *  \return  newly created EC_GROUP object or NULL in case of an error.
+ */
+EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
-int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
+/** Frees a EC_GROUP object
-const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
+ *  \param  group  EC_GROUP object to be freed.
-int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
+ */
-int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
+void EC_GROUP_free(EC_GROUP *group);
-void EC_GROUP_set_curve_name(EC_GROUP *, int nid);
+/** Clears and frees a EC_GROUP object
-int EC_GROUP_get_curve_name(const EC_GROUP *);
+ *  \param  group  EC_GROUP object to be cleared and freed.
+ */
+void EC_GROUP_clear_free(EC_GROUP *group);
-void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag);
+/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD.
-int EC_GROUP_get_asn1_flag(const EC_GROUP *);
+ *  \param  dst  destination EC_GROUP object
+ *  \param  src  source EC_GROUP object
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
+/** Creates a new EC_GROUP object and copies the copies the content
+ *  form src to the newly created EC_KEY object
+ *  \param  src  source EC_GROUP object
+ *  \return newly created EC_GROUP object or NULL in case of an error.
+ */
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
+/** Returns the EC_METHOD of the EC_GROUP object.
+ *  \param  group  EC_GROUP object 
+ *  \return EC_METHOD used in this EC_GROUP object.
+ */
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
+/** Returns the field type of the EC_METHOD.
+ *  \param  meth  EC_METHOD object
+ *  \return NID of the underlying field type OID.
+ */
+int EC_METHOD_get_field_type(const EC_METHOD *meth);
+/** Sets the generator and it's order/cofactor of a EC_GROUP object.
+ *  \param  group      EC_GROUP object 
+ *  \param  generator  EC_POINT object with the generator.
+ *  \param  order      the order of the group generated by the generator.
+ *  \param  cofactor   the index of the sub-group generated by the generator
+ *                     in the group of all points on the elliptic curve.
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
+/** Returns the generator of a EC_GROUP object.
+ *  \param  group  EC_GROUP object
+ *  \return the currently used generator (possibly NULL).
+ */
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
+/** Gets the order of a EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \param  order  BIGNUM to which the order is copied
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
+/** Gets the cofactor of a EC_GROUP
+ *  \param  group     EC_GROUP object
+ *  \param  cofactor  BIGNUM to which the cofactor is copied
+ *  \param  ctx       BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
+/** Sets the name of a EC_GROUP object
+ *  \param  group  EC_GROUP object
+ *  \param  nid    NID of the curve name OID
+ */
+void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
+/** Returns the curve name of a EC_GROUP object
+ *  \param  group  EC_GROUP object
+ *  \return NID of the curve name OID or 0 if not set.
+ */
+int EC_GROUP_get_curve_name(const EC_GROUP *group);
+void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
+int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
 void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
@@ -160,36 +262,114 @@ unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
 size_t EC_GROUP_get_seed_len(const EC_GROUP *);
 size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
-int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b
-int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+ *  \param  group  EC_GROUP object
-int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+ *  \param  p      BIGNUM with the prime number
-int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+ *  \param  a      BIGNUM with parameter a of the equation
+ *  \param  b      BIGNUM with parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM for the prime number
+ *  \param  a      BIGNUM for parameter a of the equation
+ *  \param  b      BIGNUM for parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the polynomial defining the underlying field
+ *  \param  a      BIGNUM with parameter a of the equation
+ *  \param  b      BIGNUM with parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM for the polynomial defining the underlying field
+ *  \param  a      BIGNUM for parameter a of the equation
+ *  \param  b      BIGNUM for parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-/* returns the number of bits needed to represent a field element */
+/** Returns the number of bits needed to represent a field element 
-int EC_GROUP_get_degree(const EC_GROUP *);
+ *  \param  group  EC_GROUP object
+ *  \return number of bits needed to represent a field element
+ */
+int EC_GROUP_get_degree(const EC_GROUP *group);
-/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */
+/** Checks whether the parameter in the EC_GROUP define a valid ec group
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if group is a valid ec group and 0 otherwise
+ */
 int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
-/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the
- * elliptic curve is not zero, 0 otherwise */
-int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *);
-/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */
+/** Checks whether the discriminant of the elliptic curve is zero or not
-int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *);
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if the discriminant is not zero and 0 otherwise
+ */
+int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
+/** Compares two EC_GROUP objects
+ *  \param  a    first EC_GROUP object
+ *  \param  b    second EC_GROUP object
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return 0 if both groups are equal and 1 otherwise
+ */
+int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
 /* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*()
 * after choosing an appropriate EC_METHOD */
-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-/* EC_GROUP_new_by_curve_name() creates a EC_GROUP structure
+/** Creates a new EC_GROUP object with the specified parameters defined
- * specified by a curve name (in form of a NID) */
+ *  over GFp (defined by the equation y^2 = x^3 + a*x + b)
+ *  \param  p    BIGNUM with the prime number
+ *  \param  a    BIGNUM with the parameter a of the equation
+ *  \param  b    BIGNUM with the parameter b of the equation
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return newly created EC_GROUP object with the specified parameters
+ */
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/** Creates a new EC_GROUP object with the specified parameters defined
+ *  over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b)
+ *  \param  p    BIGNUM with the polynomial defining the underlying field
+ *  \param  a    BIGNUM with the parameter a of the equation
+ *  \param  b    BIGNUM with the parameter b of the equation
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return newly created EC_GROUP object with the specified parameters
+ */
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/** Creates a EC_GROUP object with a curve specified by a NID
+ *  \param  nid  NID of the OID of the curve name
+ *  \return newly created EC_GROUP object with specified curve or NULL
+ *          if an error occurred
+ */
 EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
-/* handling of internal curves */
+/********************************************************************/
+/*               handling of internal curves                        */
+/********************************************************************/
 typedef struct { 
        int nid;
        const char *comment;
        } EC_builtin_curve;
 /* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number 
 * of all available curves or zero if a error occurred. 
 * In case r ist not zero nitems EC_builtin_curve structures 
@@ -197,39 +377,168 @@ typedef struct {
 size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
-/* EC_POINT functions */
+/********************************************************************/
+/*                    EC_POINT functions                            */
+/********************************************************************/
+/** Creates a new EC_POINT object for the specified EC_GROUP
+ *  \param  group  EC_GROUP the underlying EC_GROUP object
+ *  \return newly created EC_POINT object or NULL if an error occurred
+ */
+EC_POINT *EC_POINT_new(const EC_GROUP *group);
+/** Frees a EC_POINT object
+ *  \param  point  EC_POINT object to be freed
+ */
+void EC_POINT_free(EC_POINT *point);
+/** Clears and frees a EC_POINT object
+ *  \param  point  EC_POINT object to be cleared and freed
+ */
+void EC_POINT_clear_free(EC_POINT *point);
+/** Copies EC_POINT object
+ *  \param  dst  destination EC_POINT object
+ *  \param  src  source EC_POINT object
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
-EC_POINT *EC_POINT_new(const EC_GROUP *);
+/** Creates a new EC_POINT object and copies the content of the supplied
-void EC_POINT_free(EC_POINT *);
+ *  EC_POINT
-void EC_POINT_clear_free(EC_POINT *);
+ *  \param  src    source EC_POINT object
-int EC_POINT_copy(EC_POINT *, const EC_POINT *);
+ *  \param  group  underlying the EC_GROUP object
-EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *);
+ *  \return newly created EC_POINT object or NULL if an error occurred 
+ */
+EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
 
-const EC_METHOD *EC_POINT_method_of(const EC_POINT *);
+/** Returns the EC_METHOD used in EC_POINT object 
+ *  \param  point  EC_POINT object
-int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *);
+ *  \return the EC_METHOD used
-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+ */
-        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
-        BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
+/** Sets a point to infinity (neutral element)
-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+ *  \param  group  underlying EC_GROUP object
-        const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+ *  \param  point  EC_POINT to set to infinity
-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+ *  \return 1 on success and 0 if an error occured
-        BIGNUM *x, BIGNUM *y, BN_CTX *);
+ */
-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
-        const BIGNUM *x, int y_bit, BN_CTX *);
+/** Sets the jacobian projective coordinates of a EC_POINT over GFp
-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *,
+ *  \param  group  underlying EC_GROUP object
-        const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+ *  \param  p      EC_POINT object
-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *,
+ *  \param  x      BIGNUM with the x-coordinate
-        BIGNUM *x, BIGNUM *y, BN_CTX *);
+ *  \param  y      BIGNUM with the y-coordinate
-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *,
+ *  \param  z      BIGNUM with the z-coordinate
-        const BIGNUM *x, int y_bit, BN_CTX *);
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
-size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
+ */
-        unsigned char *buf, size_t len, BN_CTX *);
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
-int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *,
+        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
-        const unsigned char *buf, size_t len, BN_CTX *);
+/** Gets the jacobian projective coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  z      BIGNUM for the z-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+        const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
+/** Sets the affine coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
+        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
+/** Gets the affine coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+        const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with x-coordinate
+ *  \param  y_bit  integer with the y-Bit (either 0 or 1)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
+        const BIGNUM *x, int y_bit, BN_CTX *ctx);
+/** Sets the affine coordinates of a EC_POINT over GF2m
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
+        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
+/** Gets the affine coordinates of a EC_POINT over GF2m
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+        const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with x-coordinate
+ *  \param  y_bit  integer with the y-Bit (either 0 or 1)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
+        const BIGNUM *x, int y_bit, BN_CTX *ctx);
+/** Encodes a EC_POINT object to a octet string
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  form   point conversion form
+ *  \param  buf    memory buffer for the result. If NULL the function returns
+ *                 required buffer size.
+ *  \param  len    length of the memory buffer
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
+        point_conversion_form_t form,
+        unsigned char *buf, size_t len, BN_CTX *ctx);
+/** Decodes a EC_POINT from a octet string
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  buf    memory buffer with the encoded ec point
+ *  \param  len    length of the encoded ec point
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
+        const unsigned char *buf, size_t len, BN_CTX *ctx);
 /* other interfaces to point2oct/oct2point: */
 BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
@@ -241,29 +550,105 @@ char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
 EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
        EC_POINT *, BN_CTX *);
-int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
-int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+/********************************************************************/
-int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+/*         functions for doing EC_POINT arithmetic                  */
-int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+/********************************************************************/
+/** Computes the sum of two EC_POINT 
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result (r = a + b)
+ *  \param  a      EC_POINT object with the first summand
+ *  \param  b      EC_POINT object with the second summand
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
+/** Computes the double of a EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result (r = 2 * a)
+ *  \param  a      EC_POINT object 
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
+/** Computes the inverse of a EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  a      EC_POINT object to be inverted (it's used for the result as well)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
+/** Checks whether the point is the neutral element of the group
+ *  \param  group  the underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \return 1 if the point is the neutral element and 0 otherwise
+ */
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
+/** Checks whether the point is on the curve 
+ *  \param  group  underlying EC_GROUP object
+ *  \param  point  EC_POINT object to check
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if point if on the curve and 0 otherwise
+ */
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
+/** Compares two EC_POINTs 
+ *  \param  group  underlying EC_GROUP object
+ *  \param  a      first EC_POINT object
+ *  \param  b      second EC_POINT object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 0 if both points are equal and a value != 0 otherwise
+ */
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
 int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
 int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+/** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result
+ *  \param  n      BIGNUM with the multiplier for the group generator (optional)
+ *  \param  num    number futher summands
+ *  \param  p      array of size num of EC_POINT objects
+ *  \param  m      array of size num of BIGNUM objects
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
+/** Computes r = generator * n + q * m
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result
+ *  \param  n      BIGNUM with the multiplier for the group generator (optional)
+ *  \param  q      EC_POINT object with the first factor of the second summand
+ *  \param  m      BIGNUM with the second factor of the second summand
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
-int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *);
+/** Stores multiples of generator for faster point multiplication
-int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *);
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
-/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */
+ *  \return 1 on success and 0 if an error occured
-int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *);
+ */
-/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
-int EC_GROUP_have_precompute_mult(const EC_GROUP *);
+/** Reports whether a precomputation has been done
+ *  \param  group  EC_GROUP object
+ *  \return 1 if a pre-computation has been done and 0 otherwise
+ */
+int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
-/* ASN1 stuff */
+/********************************************************************/
+/*                       ASN1 stuff                                 */
+/********************************************************************/
 /* EC_GROUP_get_basis_type() returns the NID of the basis type
 * used to represent the field elements */
@@ -293,28 +678,96 @@ int     ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
 int     ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
 #endif
-/* the EC_KEY stuff */
+/********************************************************************/
+/*                      EC_KEY functions                            */
+/********************************************************************/
 typedef struct ec_key_st EC_KEY;
 /* some values for the encoding_flag */
 #define EC_PKEY_NO_PARAMETERS   0x001
 #define EC_PKEY_NO_PUBKEY       0x002
+/** Creates a new EC_KEY object.
+ *  \return EC_KEY object or NULL if an error occurred.
+ */
 EC_KEY *EC_KEY_new(void);
+/** Creates a new EC_KEY object using a named curve as underlying
+ *  EC_GROUP object.
+ *  \param  nid  NID of the named curve.
+ *  \return EC_KEY object or NULL if an error occurred. 
+ */
 EC_KEY *EC_KEY_new_by_curve_name(int nid);
-void EC_KEY_free(EC_KEY *);
-EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *);
+/** Frees a EC_KEY object.
-EC_KEY *EC_KEY_dup(const EC_KEY *);
+ *  \param  key  EC_KEY object to be freed.
+ */
-int EC_KEY_up_ref(EC_KEY *);
+void EC_KEY_free(EC_KEY *key);
-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *);
+/** Copies a EC_KEY object.
-int EC_KEY_set_group(EC_KEY *, const EC_GROUP *);
+ *  \param  dst  destination EC_KEY object
-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *);
+ *  \param  src  src EC_KEY object
-int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *);
+ *  \return dst or NULL if an error occurred.
-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *);
+ */
-int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *);
+EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
-unsigned EC_KEY_get_enc_flags(const EC_KEY *);
+/** Creates a new EC_KEY object and copies the content from src to it.
+ *  \param  src  the source EC_KEY object
+ *  \return newly created EC_KEY object or NULL if an error occurred.
+ */
+EC_KEY *EC_KEY_dup(const EC_KEY *src);
+/** Increases the internal reference count of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_up_ref(EC_KEY *key);
+/** Returns the EC_GROUP object of a EC_KEY object
+ *  \param  key  EC_KEY object
+ *  \return the EC_GROUP object (possibly NULL).
+ */
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
+/** Sets the EC_GROUP of a EC_KEY object.
+ *  \param  key    EC_KEY object
+ *  \param  group  EC_GROUP to use in the EC_KEY object (note: the EC_KEY
+ *                 object will use an own copy of the EC_GROUP).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
+/** Returns the private key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \return a BIGNUM with the private key (possibly NULL).
+ */
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
+/** Sets the private key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \param  prv  BIGNUM with the private key (note: the EC_KEY object
+ *               will use an own copy of the BIGNUM).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
+/** Returns the public key of a EC_KEY object.
+ *  \param  key  the EC_KEY object
+ *  \return a EC_POINT object with the public key (possibly NULL)
+ */
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
+/** Sets the public key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \param  pub  EC_POINT object with the public key (note: the EC_KEY object
+ *               will use an own copy of the EC_POINT object).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
+unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
 void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
 point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
 void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
@@ -325,31 +778,126 @@ void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
 /* wrapper functions for the underlying EC_GROUP object */
 void EC_KEY_set_asn1_flag(EC_KEY *, int);
-int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx);
+/** Creates a table of pre-computed multiples of the generator to 
-/* EC_KEY_generate_key() creates a ec private (public) key */
+ *  accelerate further EC_KEY operations.
-int EC_KEY_generate_key(EC_KEY *);
+ *  \param  key  EC_KEY object
-/* EC_KEY_check_key() */
+ *  \param  ctx  BN_CTX object (optional)
-int EC_KEY_check_key(const EC_KEY *);
+ *  \return 1 on success and 0 if an error occurred.
+ */
-/* de- and encoding functions for SEC1 ECPrivateKey */
+int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
-EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len);
-int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out);
+/** Creates a new ec private (and optional a new public) key.
-/* de- and encoding functions for EC parameters */
+ *  \param  key  EC_KEY object
-EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len);
+ *  \return 1 on success and 0 if an error occurred.
-int i2d_ECParameters(EC_KEY *a, unsigned char **out);
+ */
-/* de- and encoding functions for EC public key
+int EC_KEY_generate_key(EC_KEY *key);
- * (octet string, not DER -- hence 'o2i' and 'i2o') */
-EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len);
+/** Verifies that a private and/or public key is valid.
-int i2o_ECPublicKey(EC_KEY *a, unsigned char **out);
+ *  \param  key  the EC_KEY object
+ *  \return 1 on success and 0 otherwise.
+ */
+int EC_KEY_check_key(const EC_KEY *key);
+/********************************************************************/
+/*        de- and encoding functions for SEC1 ECPrivateKey          */
+/********************************************************************/
+/** Decodes a private key from a memory buffer.
+ *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
+ *  \param  in   pointer to memory with the DER encoded private key
+ *  \param  len  length of the DER encoded private key
+ *  \return the decoded private key or NULL if an error occurred.
+ */
+EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
+/** Encodes a private key object and stores the result in a buffer.
+ *  \param  key  the EC_KEY object to encode
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);
+/********************************************************************/
+/*        de- and encoding functions for EC parameters              */
+/********************************************************************/
+/** Decodes ec parameter from a memory buffer.
+ *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
+ *  \param  in   pointer to memory with the DER encoded ec parameters
+ *  \param  len  length of the DER encoded ec parameters
+ *  \return a EC_KEY object with the decoded parameters or NULL if an error
+ *          occurred.
+ */
+EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
+/** Encodes ec parameter and stores the result in a buffer.
+ *  \param  key  the EC_KEY object with ec paramters to encode
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int i2d_ECParameters(EC_KEY *key, unsigned char **out);
+/********************************************************************/
+/*         de- and encoding functions for EC public key             */
+/*         (octet string, not DER -- hence 'o2i' and 'i2o')         */
+/********************************************************************/
+/** Decodes a ec public key from a octet string.
+ *  \param  key  a pointer to a EC_KEY object which should be used
+ *  \param  in   memory buffer with the encoded public key
+ *  \param  len  length of the encoded public key
+ *  \return EC_KEY object with decoded public key or NULL if an error
+ *          occurred.
+ */
+EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
+/** Encodes a ec public key in an octet string.
+ *  \param  key  the EC_KEY object with the public key
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred
+ */
+int i2o_ECPublicKey(EC_KEY *key, unsigned char **out);
 #ifndef OPENSSL_NO_BIO
-int     ECParameters_print(BIO *bp, const EC_KEY *x);
+/** Prints out the ec parameters on human readable form.
-int     EC_KEY_print(BIO *bp, const EC_KEY *x, int off);
+ *  \param  bp   BIO object to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred
+ */
+int     ECParameters_print(BIO *bp, const EC_KEY *key);
+/** Prints out the contents of a EC_KEY object
+ *  \param  bp   BIO object to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \param  off  line offset 
+ *  \return 1 on success and 0 if an error occurred
+ */
+int     EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
 #endif
 #ifndef OPENSSL_NO_FP_API
-int     ECParameters_print_fp(FILE *fp, const EC_KEY *x);
+/** Prints out the ec parameters on human readable form.
-int     EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off);
+ *  \param  fp   file descriptor to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred
+ */
+int     ECParameters_print_fp(FILE *fp, const EC_KEY *key);
+/** Prints out the contents of a EC_KEY object
+ *  \param  fp   file descriptor to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \param  off  line offset 
+ *  \return 1 on success and 0 if an error occurred
+ */
+int     EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
 #endif
 #define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
@@ -362,6 +910,13 @@ int	EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off);
 # endif
 #endif
+#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \
+                                EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
+#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID             (EVP_PKEY_ALG_CTRL + 1)
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -375,6 +930,14 @@ void ERR_load_EC_strings(void);
 #define EC_F_D2I_ECPARAMETERS                            144
 #define EC_F_D2I_ECPKPARAMETERS                          145
 #define EC_F_D2I_ECPRIVATEKEY                            146
+#define EC_F_DO_EC_KEY_PRINT                             221
+#define EC_F_ECKEY_PARAM2TYPE                            223
+#define EC_F_ECKEY_PARAM_DECODE                          212
+#define EC_F_ECKEY_PRIV_DECODE                           213
+#define EC_F_ECKEY_PRIV_ENCODE                           214
+#define EC_F_ECKEY_PUB_DECODE                            215
+#define EC_F_ECKEY_PUB_ENCODE                            216
+#define EC_F_ECKEY_TYPE2PARAM                            220
 #define EC_F_ECPARAMETERS_PRINT                          147
 #define EC_F_ECPARAMETERS_PRINT_FP                       148
 #define EC_F_ECPKPARAMETERS_PRINT                        149
@@ -448,7 +1011,6 @@ void ERR_load_EC_strings(void);
 #define EC_F_EC_KEY_PRINT                                180
 #define EC_F_EC_KEY_PRINT_FP                             181
 #define EC_F_EC_POINTS_MAKE_AFFINE                       136
-#define EC_F_EC_POINTS_MUL                               138
 #define EC_F_EC_POINT_ADD                                112
 #define EC_F_EC_POINT_CMP                                113
 #define EC_F_EC_POINT_COPY                               114
@@ -479,21 +1041,31 @@ void ERR_load_EC_strings(void);
 #define EC_F_I2D_ECPRIVATEKEY                            192
 #define EC_F_I2O_ECPUBLICKEY                             151
 #define EC_F_O2I_ECPUBLICKEY                             152
+#define EC_F_OLD_EC_PRIV_DECODE                          222
+#define EC_F_PKEY_EC_CTRL                                197
+#define EC_F_PKEY_EC_CTRL_STR                            198
+#define EC_F_PKEY_EC_DERIVE                              217
+#define EC_F_PKEY_EC_KEYGEN                              199
+#define EC_F_PKEY_EC_PARAMGEN                            219
+#define EC_F_PKEY_EC_SIGN                                218
 /* Reason codes. */
 #define EC_R_ASN1_ERROR                                  115
 #define EC_R_ASN1_UNKNOWN_FIELD                          116
 #define EC_R_BUFFER_TOO_SMALL                            100
 #define EC_R_D2I_ECPKPARAMETERS_FAILURE                  117
+#define EC_R_DECODE_ERROR                                142
 #define EC_R_DISCRIMINANT_IS_ZERO                        118
 #define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE                119
-#define EC_R_FIELD_TOO_LARGE                             138
+#define EC_R_FIELD_TOO_LARGE                             143
 #define EC_R_GROUP2PKPARAMETERS_FAILURE                  120
 #define EC_R_I2D_ECPKPARAMETERS_FAILURE                  121
 #define EC_R_INCOMPATIBLE_OBJECTS                        101
 #define EC_R_INVALID_ARGUMENT                            112
 #define EC_R_INVALID_COMPRESSED_POINT                    110
 #define EC_R_INVALID_COMPRESSION_BIT                     109
+#define EC_R_INVALID_CURVE                               141
+#define EC_R_INVALID_DIGEST_TYPE                         138
 #define EC_R_INVALID_ENCODING                            102
 #define EC_R_INVALID_FIELD                               103
 #define EC_R_INVALID_FORM                                104
@@ -501,6 +1073,7 @@ void ERR_load_EC_strings(void);
 #define EC_R_INVALID_PENTANOMIAL_BASIS                   132
 #define EC_R_INVALID_PRIVATE_KEY                         123
 #define EC_R_INVALID_TRINOMIAL_BASIS                     137
+#define EC_R_KEYS_NOT_SET                                140
 #define EC_R_MISSING_PARAMETERS                          124
 #define EC_R_MISSING_PRIVATE_KEY                         125
 #define EC_R_NOT_A_NIST_PRIME                            135
@@ -508,6 +1081,7 @@ void ERR_load_EC_strings(void);
 #define EC_R_NOT_IMPLEMENTED                             126
 #define EC_R_NOT_INITIALIZED                             111
 #define EC_R_NO_FIELD_MOD                                133
+#define EC_R_NO_PARAMETERS_SET                           139
 #define EC_R_PASSED_NULL_PARAMETER                       134
 #define EC_R_PKPARAMETERS2GROUP_FAILURE                  127
 #define EC_R_POINT_AT_INFINITY                           106
diff --git a/src/lib/libssl/src/crypto/ec/ec_err.c b/src/lib/libssl/src/crypto/ec/ec_err.c
index d04c895560..84b4833371 100644
--- a/src/lib/libssl/src/crypto/ec/ec_err.c
+++ b/src/lib/libssl/src/crypto/ec/ec_err.c
@@ -74,6 +74,14 @@ static ERR_STRING_DATA EC_str_functs[]=
 {ERR_FUNC(EC_F_D2I_ECPARAMETERS),       "d2i_ECParameters"},
 {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS),     "d2i_ECPKParameters"},
 {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY),       "d2i_ECPrivateKey"},
+{ERR_FUNC(EC_F_DO_EC_KEY_PRINT),        "DO_EC_KEY_PRINT"},
+{ERR_FUNC(EC_F_ECKEY_PARAM2TYPE),       "ECKEY_PARAM2TYPE"},
+{ERR_FUNC(EC_F_ECKEY_PARAM_DECODE),     "ECKEY_PARAM_DECODE"},
+{ERR_FUNC(EC_F_ECKEY_PRIV_DECODE),      "ECKEY_PRIV_DECODE"},
+{ERR_FUNC(EC_F_ECKEY_PRIV_ENCODE),      "ECKEY_PRIV_ENCODE"},
+{ERR_FUNC(EC_F_ECKEY_PUB_DECODE),       "ECKEY_PUB_DECODE"},
+{ERR_FUNC(EC_F_ECKEY_PUB_ENCODE),       "ECKEY_PUB_ENCODE"},
+{ERR_FUNC(EC_F_ECKEY_TYPE2PARAM),       "ECKEY_TYPE2PARAM"},
 {ERR_FUNC(EC_F_ECPARAMETERS_PRINT),     "ECParameters_print"},
 {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP),  "ECParameters_print_fp"},
 {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT),   "ECPKParameters_print"},
@@ -147,7 +155,6 @@ static ERR_STRING_DATA EC_str_functs[]=
 {ERR_FUNC(EC_F_EC_KEY_PRINT),   "EC_KEY_print"},
 {ERR_FUNC(EC_F_EC_KEY_PRINT_FP),        "EC_KEY_print_fp"},
 {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE),  "EC_POINTs_make_affine"},
-{ERR_FUNC(EC_F_EC_POINTS_MUL),  "EC_POINTs_mul"},
 {ERR_FUNC(EC_F_EC_POINT_ADD),   "EC_POINT_add"},
 {ERR_FUNC(EC_F_EC_POINT_CMP),   "EC_POINT_cmp"},
 {ERR_FUNC(EC_F_EC_POINT_COPY),  "EC_POINT_copy"},
@@ -178,6 +185,13 @@ static ERR_STRING_DATA EC_str_functs[]=
 {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY),       "i2d_ECPrivateKey"},
 {ERR_FUNC(EC_F_I2O_ECPUBLICKEY),        "i2o_ECPublicKey"},
 {ERR_FUNC(EC_F_O2I_ECPUBLICKEY),        "o2i_ECPublicKey"},
+{ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE),     "OLD_EC_PRIV_DECODE"},
+{ERR_FUNC(EC_F_PKEY_EC_CTRL),   "PKEY_EC_CTRL"},
+{ERR_FUNC(EC_F_PKEY_EC_CTRL_STR),       "PKEY_EC_CTRL_STR"},
+{ERR_FUNC(EC_F_PKEY_EC_DERIVE), "PKEY_EC_DERIVE"},
+{ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "PKEY_EC_KEYGEN"},
+{ERR_FUNC(EC_F_PKEY_EC_PARAMGEN),       "PKEY_EC_PARAMGEN"},
+{ERR_FUNC(EC_F_PKEY_EC_SIGN),   "PKEY_EC_SIGN"},
 {0,NULL}
        };
@@ -187,6 +201,7 @@ static ERR_STRING_DATA EC_str_reasons[]=
 {ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD)     ,"asn1 unknown field"},
 {ERR_REASON(EC_R_BUFFER_TOO_SMALL)       ,"buffer too small"},
 {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"},
+{ERR_REASON(EC_R_DECODE_ERROR)           ,"decode error"},
 {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO)   ,"discriminant is zero"},
 {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"},
 {ERR_REASON(EC_R_FIELD_TOO_LARGE)        ,"field too large"},
@@ -196,6 +211,8 @@ static ERR_STRING_DATA EC_str_reasons[]=
 {ERR_REASON(EC_R_INVALID_ARGUMENT)       ,"invalid argument"},
 {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"},
 {ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"},
+{ERR_REASON(EC_R_INVALID_CURVE)          ,"invalid curve"},
+{ERR_REASON(EC_R_INVALID_DIGEST_TYPE)    ,"invalid digest type"},
 {ERR_REASON(EC_R_INVALID_ENCODING)       ,"invalid encoding"},
 {ERR_REASON(EC_R_INVALID_FIELD)          ,"invalid field"},
 {ERR_REASON(EC_R_INVALID_FORM)           ,"invalid form"},
@@ -203,6 +220,7 @@ static ERR_STRING_DATA EC_str_reasons[]=
 {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"},
 {ERR_REASON(EC_R_INVALID_PRIVATE_KEY)    ,"invalid private key"},
 {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"},
+{ERR_REASON(EC_R_KEYS_NOT_SET)           ,"keys not set"},
 {ERR_REASON(EC_R_MISSING_PARAMETERS)     ,"missing parameters"},
 {ERR_REASON(EC_R_MISSING_PRIVATE_KEY)    ,"missing private key"},
 {ERR_REASON(EC_R_NOT_A_NIST_PRIME)       ,"not a NIST prime"},
@@ -210,6 +228,7 @@ static ERR_STRING_DATA EC_str_reasons[]=
 {ERR_REASON(EC_R_NOT_IMPLEMENTED)        ,"not implemented"},
 {ERR_REASON(EC_R_NOT_INITIALIZED)        ,"not initialized"},
 {ERR_REASON(EC_R_NO_FIELD_MOD)           ,"no field mod"},
+{ERR_REASON(EC_R_NO_PARAMETERS_SET)      ,"no parameters set"},
 {ERR_REASON(EC_R_PASSED_NULL_PARAMETER)  ,"passed null parameter"},
 {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),"pkparameters2group failure"},
 {ERR_REASON(EC_R_POINT_AT_INFINITY)      ,"point at infinity"},
diff --git a/src/lib/libssl/src/crypto/ec/ec_lcl.h b/src/lib/libssl/src/crypto/ec/ec_lcl.h
index fdd7aa2755..3e2c34b0bc 100644
--- a/src/lib/libssl/src/crypto/ec/ec_lcl.h
+++ b/src/lib/libssl/src/crypto/ec/ec_lcl.h
@@ -205,11 +205,14 @@ struct ec_group_st {
                       * irreducible polynomial defining the field.
                       */
-        unsigned int poly[5]; /* Field specification for curves over GF(2^m).
+        int poly[6]; /* Field specification for curves over GF(2^m).
-                               * The irreducible f(t) is then of the form:
+                      * The irreducible f(t) is then of the form:
-                               *     t^poly[0] + t^poly[1] + ... + t^poly[k]
+                      *     t^poly[0] + t^poly[1] + ... + t^poly[k]
-                               * where m = poly[0] > poly[1] > ... > poly[k] = 0.
+                      * where m = poly[0] > poly[1] > ... > poly[k] = 0.
-                               */
+                      * The array is terminated with poly[k+1]=-1.
+                      * All elliptic curve irreducibles have at most 5
+                      * non-zero terms.
+                      */
        BIGNUM a, b; /* Curve coefficients.
                      * (Here the assumption is that BIGNUMs can be used
diff --git a/src/lib/libssl/src/crypto/ec/ec_lib.c b/src/lib/libssl/src/crypto/ec/ec_lib.c
index 5af84376c6..dd7da0fcf9 100644
--- a/src/lib/libssl/src/crypto/ec/ec_lib.c
+++ b/src/lib/libssl/src/crypto/ec/ec_lib.c
@@ -79,7 +79,7 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
        if (meth == NULL)
                {
-                ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER);
+                ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
                return NULL;
                }
        if (meth->group_init == 0)
@@ -740,7 +740,7 @@ void EC_POINT_clear_free(EC_POINT *point)
        if (point->meth->point_clear_finish != 0)
                point->meth->point_clear_finish(point);
-        else if (point->meth != NULL && point->meth->point_finish != 0)
+        else if (point->meth->point_finish != 0)
                point->meth->point_finish(point);
        OPENSSL_cleanse(point, sizeof *point);
        OPENSSL_free(point);
diff --git a/src/lib/libssl/src/crypto/ec/ec_mult.c b/src/lib/libssl/src/crypto/ec/ec_mult.c
index 2ba173ef36..f05df5332e 100644
--- a/src/lib/libssl/src/crypto/ec/ec_mult.c
+++ b/src/lib/libssl/src/crypto/ec/ec_mult.c
@@ -224,6 +224,12 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
                sign = -1;
                }
+        if (scalar->d == NULL || scalar->top == 0)
+                {
+                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                goto err;
+                }
        len = BN_num_bits(scalar);
        r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation
                                      * (*ret_len will be set to the actual length, i.e. at most
@@ -233,12 +239,6 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
                ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
                goto err;
                }
-        if (scalar->d == NULL || scalar->top == 0)
-                {
-                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-                goto err;
-                }
        window_val = scalar->d[0] & mask;
        j = 0;
        while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */
@@ -419,7 +419,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                        if (numblocks > pre_comp->numblocks)
                                numblocks = pre_comp->numblocks;
-                        pre_points_per_block = 1u << (pre_comp->w - 1);
+                        pre_points_per_block = (size_t)1 << (pre_comp->w - 1);
                        /* check that pre_comp looks sane */
                        if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block))
@@ -461,7 +461,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
                wsize[i] = EC_window_bits_for_scalar_size(bits);
-                num_val += 1u << (wsize[i] - 1);
+                num_val += (size_t)1 << (wsize[i] - 1);
                wNAF[i + 1] = NULL; /* make sure we always have a pivot */
                wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]);
                if (wNAF[i] == NULL)
@@ -600,7 +600,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
        for (i = 0; i < num + num_scalar; i++)
                {
                val_sub[i] = v;
-                for (j = 0; j < (1u << (wsize[i] - 1)); j++)
+                for (j = 0; j < ((size_t)1 << (wsize[i] - 1)); j++)
                        {
                        *v = EC_POINT_new(group);
                        if (*v == NULL) goto err;
@@ -636,7 +636,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                if (wsize[i] > 1)
                        {
                        if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err;
-                        for (j = 1; j < (1u << (wsize[i] - 1)); j++)
+                        for (j = 1; j < ((size_t)1 << (wsize[i] - 1)); j++)
                                {
                                if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err;
                                }
@@ -820,7 +820,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
        numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */
        
-        pre_points_per_block = 1u << (w - 1);
+        pre_points_per_block = (size_t)1 << (w - 1);
        num = pre_points_per_block * numblocks; /* number of points to compute and store */
        points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1));
diff --git a/src/lib/libssl/src/crypto/ec/ecp_nist.c b/src/lib/libssl/src/crypto/ec/ecp_nist.c
index 71893d5eab..2a5682ea41 100644
--- a/src/lib/libssl/src/crypto/ec/ecp_nist.c
+++ b/src/lib/libssl/src/crypto/ec/ecp_nist.c
@@ -112,10 +112,6 @@ const EC_METHOD *EC_GFp_nist_method(void)
        return &ret;
        }
-#if BN_BITS2 == 64
-#define NO_32_BIT_TYPE
-#endif
 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
        {
        dest->field_mod_func = src->field_mod_func;
@@ -139,34 +135,12 @@ int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
        if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)
                group->field_mod_func = BN_nist_mod_192;
        else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0)
-                {
-#ifndef NO_32_BIT_TYPE
                group->field_mod_func = BN_nist_mod_224;
-#else
-                ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
-                goto err;
-#endif
-                }
        else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0)
-                {
-#ifndef NO_32_BIT_TYPE
                group->field_mod_func = BN_nist_mod_256;
-#else
-                ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
-                goto err;
-#endif
-                }
        else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0)
-                {
-#ifndef NO_32_BIT_TYPE
                group->field_mod_func = BN_nist_mod_384;
-#else
-                ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
-                goto err;
-#endif
-                }
        else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
-                /* this one works in the NO_32_BIT_TYPE case */
                group->field_mod_func = BN_nist_mod_521;
        else
                {
diff --git a/src/lib/libssl/src/crypto/ec/ectest.c b/src/lib/libssl/src/crypto/ec/ectest.c
index 6148d553f9..7509cb9c7c 100644
--- a/src/lib/libssl/src/crypto/ec/ectest.c
+++ b/src/lib/libssl/src/crypto/ec/ectest.c
@@ -432,9 +432,7 @@ void prime_field_tests()
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, ".");
        fflush(stdout);
-#if 0
        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, " ok\n");
@@ -478,9 +476,7 @@ void prime_field_tests()
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, ".");
        fflush(stdout);
-#if 0
        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, " ok\n");
@@ -525,9 +521,7 @@ void prime_field_tests()
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, ".");
        fflush(stdout);
-#if 0
        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, " ok\n");
@@ -577,9 +571,7 @@ void prime_field_tests()
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, ".");
        fflush(stdout);
-#if 0
        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, " ok\n");
@@ -635,9 +627,7 @@ void prime_field_tests()
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, ".");
        fflush(stdout);
-#if 0
        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
        fprintf(stdout, " ok\n");
@@ -809,7 +799,7 @@ void prime_field_tests()
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \
        fprintf(stdout, "."); \
        fflush(stdout); \
-        /* if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; */ \
+        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; \
        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \
        if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \
        fprintf(stdout, " ok\n"); \
@@ -1336,7 +1326,7 @@ int main(int argc, char *argv[])
 #endif
        CRYPTO_cleanup_all_ex_data();
        ERR_free_strings();
-        ERR_remove_state(0);
+        ERR_remove_thread_state(NULL);
        CRYPTO_mem_leaks_fp(stderr);
        
        return 0;
diff --git a/src/lib/libssl/src/crypto/engine/Makefile b/src/lib/libssl/src/crypto/engine/Makefile
index 0cc3722089..9c214824eb 100644
--- a/src/lib/libssl/src/crypto/engine/Makefile
+++ b/src/lib/libssl/src/crypto/engine/Makefile
@@ -20,13 +20,13 @@ LIB=$(TOP)/libcrypto.a
 LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
        eng_table.c eng_pkey.c eng_fat.c eng_all.c \
        tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
-        tb_cipher.c tb_digest.c \
+        tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
-        eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c
+        eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c
 LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
        eng_table.o eng_pkey.o eng_fat.o eng_all.o \
        tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
-        tb_cipher.o tb_digest.o \
+        tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
-        eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o
+        eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o
 SRC= $(LIBSRC)
@@ -41,7 +41,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -88,35 +88,34 @@ eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 eng_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-eng_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-eng_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_all.c eng_int.h
-eng_all.o: ../cryptlib.h eng_all.c eng_int.h
 eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 eng_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 eng_cnf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 eng_cnf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-eng_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_cnf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_cnf.c eng_int.h
+eng_cnf.o: ../cryptlib.h eng_cnf.c eng_int.h
 eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_cryptodev.o: ../../include/openssl/obj_mac.h
 eng_cryptodev.o: ../../include/openssl/objects.h
 eng_cryptodev.o: ../../include/openssl/opensslconf.h
 eng_cryptodev.o: ../../include/openssl/opensslv.h
@@ -131,9 +130,8 @@ eng_ctrl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_ctrl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_ctrl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_ctrl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_ctrl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_ctrl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_ctrl.o: ../../include/openssl/opensslconf.h
 eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -145,50 +143,49 @@ eng_dyn.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
 eng_dyn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 eng_dyn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_dyn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-eng_dyn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_dyn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_dyn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_dyn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_dyn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_dyn.c eng_int.h
+eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h
 eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 eng_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-eng_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-eng_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_err.o: ../../include/openssl/x509_vfy.h eng_err.c
+eng_err.o: eng_err.c
 eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 eng_fat.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 eng_fat.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 eng_fat.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_fat.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-eng_fat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_fat.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_fat.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_fat.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_fat.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_fat.c eng_int.h
+eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h
 eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 eng_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 eng_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_init.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_init.o: ../../include/openssl/opensslconf.h
 eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -200,23 +197,22 @@ eng_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 eng_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+eng_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-eng_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_lib.c
+eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c
 eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_list.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 eng_list.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_list.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_list.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 eng_list.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_list.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_list.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_list.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_list.o: ../../include/openssl/opensslconf.h
 eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -229,9 +225,8 @@ eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
 eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 eng_openssl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-eng_openssl.o: ../../include/openssl/objects.h
 eng_openssl.o: ../../include/openssl/opensslconf.h
 eng_openssl.o: ../../include/openssl/opensslv.h
 eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
@@ -241,31 +236,14 @@ eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c
-eng_padlock.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-eng_padlock.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
-eng_padlock.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-eng_padlock.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-eng_padlock.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_padlock.o: ../../include/openssl/objects.h
-eng_padlock.o: ../../include/openssl/opensslconf.h
-eng_padlock.o: ../../include/openssl/opensslv.h
-eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_padlock.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-eng_padlock.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-eng_padlock.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-eng_padlock.o: ../../include/openssl/x509_vfy.h eng_padlock.c
 eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 eng_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_pkey.o: ../../include/openssl/opensslconf.h
 eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -277,8 +255,8 @@ eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_table.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_table.o: ../../include/openssl/objects.h
 eng_table.o: ../../include/openssl/opensslconf.h
 eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -286,14 +264,29 @@ eng_table.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
 eng_table.o: eng_table.c
+tb_asnmth.o: ../../e_os.h ../../include/openssl/asn1.h
+tb_asnmth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tb_asnmth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_asnmth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_asnmth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_asnmth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_asnmth.o: ../../include/openssl/objects.h
+tb_asnmth.o: ../../include/openssl/opensslconf.h
+tb_asnmth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_asnmth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_asnmth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_asnmth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_asnmth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+tb_asnmth.o: eng_int.h tb_asnmth.c
 tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h
 tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_cipher.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_cipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_cipher.o: ../../include/openssl/objects.h
 tb_cipher.o: ../../include/openssl/opensslconf.h
 tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -306,22 +299,22 @@ tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 tb_dh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-tb_dh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-tb_dh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-tb_dh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_dh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-tb_dh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_dh.c
+tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c
 tb_digest.o: ../../e_os.h ../../include/openssl/asn1.h
 tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_digest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_digest.o: ../../include/openssl/objects.h
 tb_digest.o: ../../include/openssl/opensslconf.h
 tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -334,78 +327,89 @@ tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 tb_dsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-tb_dsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-tb_dsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-tb_dsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_dsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-tb_dsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_dsa.c
+tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c
 tb_ecdh.o: ../../e_os.h ../../include/openssl/asn1.h
 tb_ecdh.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_ecdh.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_ecdh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_ecdh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-tb_ecdh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_ecdh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-tb_ecdh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+tb_ecdh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdh.c
-tb_ecdh.o: ../cryptlib.h eng_int.h tb_ecdh.c
 tb_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
 tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_ecdsa.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-tb_ecdsa.o: ../../include/openssl/opensslconf.h
 tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 tb_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 tb_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdsa.c
+tb_pkmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+tb_pkmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tb_pkmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tb_pkmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_pkmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_pkmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_pkmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_pkmeth.o: ../../include/openssl/objects.h
+tb_pkmeth.o: ../../include/openssl/opensslconf.h
+tb_pkmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_pkmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_pkmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_pkmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_pkmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
+tb_pkmeth.o: tb_pkmeth.c
 tb_rand.o: ../../e_os.h ../../include/openssl/asn1.h
 tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_rand.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-tb_rand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+tb_rand.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rand.c
-tb_rand.o: ../cryptlib.h eng_int.h tb_rand.c
 tb_rsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 tb_rsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-tb_rsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-tb_rsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-tb_rsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_rsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-tb_rsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rsa.c
+tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c
 tb_store.o: ../../e_os.h ../../include/openssl/asn1.h
 tb_store.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 tb_store.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 tb_store.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 tb_store.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_store.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_store.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_store.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_store.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-tb_store.o: ../../include/openssl/opensslconf.h
 tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/src/lib/libssl/src/crypto/engine/eng_all.c b/src/lib/libssl/src/crypto/engine/eng_all.c
index d29cd57dc2..22c120454f 100644
--- a/src/lib/libssl/src/crypto/engine/eng_all.c
+++ b/src/lib/libssl/src/crypto/engine/eng_all.c
@@ -61,15 +61,15 @@
 void ENGINE_load_builtin_engines(void)
        {
+#if 0
        /* There's no longer any need for an "openssl" ENGINE unless, one day,
         * it is the *only* way for standard builtin implementations to be be
         * accessed (ie. it would be possible to statically link binaries with
         * *no* builtin implementations). */
-#if 0
        ENGINE_load_openssl();
 #endif
-#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
+#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
-        ENGINE_load_padlock();
+        ENGINE_load_cryptodev();
 #endif
        ENGINE_load_dynamic();
 #ifndef OPENSSL_NO_STATIC_ENGINE
@@ -98,14 +98,15 @@ void ENGINE_load_builtin_engines(void)
 #ifndef OPENSSL_NO_HW_UBSEC
        ENGINE_load_ubsec();
 #endif
+#ifndef OPENSSL_NO_HW_PADLOCK
+        ENGINE_load_padlock();
 #endif
-#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP)
-        ENGINE_load_gmp();
 #endif
+#ifndef OPENSSL_NO_GOST
+        ENGINE_load_gost();
 #endif
-#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_GMP
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
+        ENGINE_load_gmp();
-        ENGINE_load_cryptodev();
 #endif
 #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
        ENGINE_load_capi();
@@ -113,7 +114,7 @@ void ENGINE_load_builtin_engines(void)
 #endif
        }
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
+#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
 void ENGINE_setup_bsd_cryptodev(void) {
        static int bsd_cryptodev_default_loaded = 0;
        if (!bsd_cryptodev_default_loaded) {
diff --git a/src/lib/libssl/src/crypto/engine/eng_cnf.c b/src/lib/libssl/src/crypto/engine/eng_cnf.c
index 08066cea59..95c4070015 100644
--- a/src/lib/libssl/src/crypto/engine/eng_cnf.c
+++ b/src/lib/libssl/src/crypto/engine/eng_cnf.c
@@ -95,7 +95,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
        int ret = 0;
        long do_init = -1;
        STACK_OF(CONF_VALUE) *ecmds;
-        CONF_VALUE *ecmd;
+        CONF_VALUE *ecmd = NULL;
        char *ctrlname, *ctrlvalue;
        ENGINE *e = NULL;
        int soft = 0;
@@ -157,7 +157,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
                                        return 1;
                                        }
                                if (!e)
-                                        return 0;
+                                        goto err;
                                }
                        /* Allow "EMPTY" to mean no value: this allows a valid
                         * "value" to be passed to ctrls of type NO_INPUT
@@ -186,16 +186,27 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
                                }
                        else if (!ENGINE_ctrl_cmd_string(e,
                                        ctrlname, ctrlvalue, 0))
-                                return 0;
+                                goto err;
                        }
                }
        if (e && (do_init == -1) && !int_engine_init(e))
+                {
+                ecmd = NULL;
                goto err;
+                }
        ret = 1;
        err:
+        if (ret != 1)
+                {
+                ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_CONFIGURATION_ERROR);
+                if (ecmd)
+                        ERR_add_error_data(6, "section=", ecmd->section, 
+                                                ", name=", ecmd->name,
+                                                ", value=", ecmd->value);
+                }
        if (e)
                ENGINE_free(e);
        return ret;
diff --git a/src/lib/libssl/src/crypto/engine/eng_cryptodev.c b/src/lib/libssl/src/crypto/engine/eng_cryptodev.c
index ab38cd52f0..52f4ca3901 100644
--- a/src/lib/libssl/src/crypto/engine/eng_cryptodev.c
+++ b/src/lib/libssl/src/crypto/engine/eng_cryptodev.c
@@ -32,7 +32,7 @@
 #include <openssl/bn.h>
 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
-        (defined(OpenBSD) || defined(__FreeBSD_version))
+        (defined(OpenBSD) || defined(__FreeBSD__))
 #include <sys/param.h>
 # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
 #  define HAVE_CRYPTODEV
@@ -55,6 +55,10 @@ ENGINE_load_cryptodev(void)
 
 #include <sys/types.h>
 #include <crypto/cryptodev.h>
+#include <crypto/dh/dh.h>
+#include <crypto/dsa/dsa.h>
+#include <crypto/err/err.h>
+#include <crypto/rsa/rsa.h>
 #include <sys/ioctl.h>
 #include <errno.h>
 #include <stdio.h>
@@ -68,6 +72,16 @@ ENGINE_load_cryptodev(void)
 struct dev_crypto_state {
        struct session_op d_sess;
        int d_fd;
+#ifdef USE_CRYPTODEV_DIGESTS
+        char dummy_mac_key[HASH_MAX_LEN];
+        unsigned char digest_res[HASH_MAX_LEN];
+        char *mac_data;
+        int mac_len;
+        int copy;
+#endif
 };
 static u_int32_t cryptodev_asymfeat = 0;
@@ -75,15 +89,14 @@ static u_int32_t cryptodev_asymfeat = 0;
 static int get_asym_dev_crypto(void);
 static int open_dev_crypto(void);
 static int get_dev_crypto(void);
-static int cryptodev_max_iv(int cipher);
-static int cryptodev_key_length_valid(int cipher, int len);
-static int cipher_nid_to_cryptodev(int nid);
 static int get_cryptodev_ciphers(const int **cnids);
+#ifdef USE_CRYPTODEV_DIGESTS
 static int get_cryptodev_digests(const int **cnids);
+#endif
 static int cryptodev_usable_ciphers(const int **nids);
 static int cryptodev_usable_digests(const int **nids);
 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, unsigned int inl);
+    const unsigned char *in, size_t inl);
 static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
    const unsigned char *iv, int enc);
 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
@@ -100,7 +113,7 @@ static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
 static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
-    RSA *rsa);
+    RSA *rsa, BN_CTX *ctx);
 static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
 static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
@@ -117,7 +130,7 @@ static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
 static int cryptodev_dh_compute_key(unsigned char *key,
    const BIGNUM *pub_key, DH *dh);
 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-    void (*f)());
+    void (*f)(void));
 void ENGINE_load_cryptodev(void);
 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
@@ -130,27 +143,34 @@ static struct {
        int     ivmax;
        int     keylen;
 } ciphers[] = {
+        { CRYPTO_ARC4,                  NID_rc4,                0,      16, },
        { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
        { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
        { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
+        { CRYPTO_AES_CBC,               NID_aes_192_cbc,        16,     24, },
+        { CRYPTO_AES_CBC,               NID_aes_256_cbc,        16,     32, },
        { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
        { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
        { CRYPTO_SKIPJACK_CBC,          NID_undef,              0,       0, },
        { 0,                            NID_undef,              0,       0, },
 };
+#ifdef USE_CRYPTODEV_DIGESTS
 static struct {
        int     id;
        int     nid;
+        int     keylen;
 } digests[] = {
-        { CRYPTO_SHA1_HMAC,             NID_hmacWithSHA1,       },
+        { CRYPTO_MD5_HMAC,              NID_hmacWithMD5,        16},
-        { CRYPTO_RIPEMD160_HMAC,        NID_ripemd160,          },
+        { CRYPTO_SHA1_HMAC,             NID_hmacWithSHA1,       20},
-        { CRYPTO_MD5_KPDK,              NID_undef,              },
+        { CRYPTO_RIPEMD160_HMAC,        NID_ripemd160,          16/*?*/},
-        { CRYPTO_SHA1_KPDK,             NID_undef,              },
+        { CRYPTO_MD5_KPDK,              NID_undef,              0},
-        { CRYPTO_MD5,                   NID_md5,                },
+        { CRYPTO_SHA1_KPDK,             NID_undef,              0},
-        { CRYPTO_SHA1,                  NID_undef,              },
+        { CRYPTO_MD5,                   NID_md5,                16},
-        { 0,                            NID_undef,              },
+        { CRYPTO_SHA1,                  NID_sha1,               20},
+        { 0,                            NID_undef,              0},
 };
+#endif
 /*
 * Return a fd if /dev/crypto seems usable, 0 otherwise.
@@ -203,50 +223,6 @@ get_asym_dev_crypto(void)
 }
 /*
- * XXXX this needs to be set for each alg - and determined from
- * a running card.
- */
-static int
-cryptodev_max_iv(int cipher)
-{
-        int i;
-        for (i = 0; ciphers[i].id; i++)
-                if (ciphers[i].id == cipher)
-                        return (ciphers[i].ivmax);
-        return (0);
-}
-/*
- * XXXX this needs to be set for each alg - and determined from
- * a running card. For now, fake it out - but most of these
- * for real devices should return 1 for the supported key
- * sizes the device can handle.
- */
-static int
-cryptodev_key_length_valid(int cipher, int len)
-{
-        int i;
-        for (i = 0; ciphers[i].id; i++)
-                if (ciphers[i].id == cipher)
-                        return (ciphers[i].keylen == len);
-        return (0);
-}
-/* convert libcrypto nids to cryptodev */
-static int
-cipher_nid_to_cryptodev(int nid)
-{
-        int i;
-        for (i = 0; ciphers[i].id; i++)
-                if (ciphers[i].nid == nid)
-                        return (ciphers[i].id);
-        return (0);
-}
-/*
 * Find out what ciphers /dev/crypto will let us have a session for.
 * XXX note, that some of these openssl doesn't deal with yet!
 * returning them here is harmless, as long as we return NULL
@@ -264,7 +240,7 @@ get_cryptodev_ciphers(const int **cnids)
                return (0);
        }
        memset(&sess, 0, sizeof(sess));
-        sess.key = (caddr_t)"123456781234567812345678";
+        sess.key = (caddr_t)"123456789abcdefghijklmno";
        for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
                if (ciphers[i].nid == NID_undef)
@@ -285,6 +261,7 @@ get_cryptodev_ciphers(const int **cnids)
        return (count);
 }
+#ifdef USE_CRYPTODEV_DIGESTS
 /*
 * Find out what digests /dev/crypto will let us have a session for.
 * XXX note, that some of these openssl doesn't deal with yet!
@@ -303,10 +280,12 @@ get_cryptodev_digests(const int **cnids)
                return (0);
        }
        memset(&sess, 0, sizeof(sess));
+        sess.mackey = (caddr_t)"123456789abcdefghijklmno";
        for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
                if (digests[i].nid == NID_undef)
                        continue;
                sess.mac = digests[i].id;
+                sess.mackeylen = digests[i].keylen;
                sess.cipher = 0;
                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
@@ -320,6 +299,7 @@ get_cryptodev_digests(const int **cnids)
                *cnids = NULL;
        return (count);
 }
+#endif  /* 0 */
 /*
 * Find the useable ciphers|digests from dev/crypto - this is the first
@@ -351,6 +331,9 @@ cryptodev_usable_ciphers(const int **nids)
 static int
 cryptodev_usable_digests(const int **nids)
 {
+#ifdef USE_CRYPTODEV_DIGESTS
+        return (get_cryptodev_digests(nids));
+#else
        /*
         * XXXX just disable all digests for now, because it sucks.
         * we need a better way to decide this - i.e. I may not
@@ -365,16 +348,17 @@ cryptodev_usable_digests(const int **nids)
         */
        *nids = NULL;
        return (0);
+#endif
 }
 static int
 cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, unsigned int inl)
+    const unsigned char *in, size_t inl)
 {
        struct crypt_op cryp;
        struct dev_crypto_state *state = ctx->cipher_data;
        struct session_op *sess = &state->d_sess;
-        void *iiv;
+        const void *iiv;
        unsigned char save_iv[EVP_MAX_IV_LENGTH];
        if (state->d_fd < 0)
@@ -398,7 +382,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        if (ctx->cipher->iv_len) {
                cryp.iv = (caddr_t) ctx->iv;
                if (!ctx->encrypt) {
-                        iiv = (void *) in + inl - ctx->cipher->iv_len;
+                        iiv = in + inl - ctx->cipher->iv_len;
                        memcpy(save_iv, iiv, ctx->cipher->iv_len);
                }
        } else
@@ -413,7 +397,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        if (ctx->cipher->iv_len) {
                if (ctx->encrypt)
-                        iiv = (void *) out + inl - ctx->cipher->iv_len;
+                        iiv = out + inl - ctx->cipher->iv_len;
                else
                        iiv = save_iv;
                memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
@@ -427,23 +411,27 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 {
        struct dev_crypto_state *state = ctx->cipher_data;
        struct session_op *sess = &state->d_sess;
-        int cipher;
+        int cipher = -1, i;
-        if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
+        for (i = 0; ciphers[i].id; i++)
-                return (0);
+                if (ctx->cipher->nid == ciphers[i].nid &&
+                    ctx->cipher->iv_len <= ciphers[i].ivmax &&
-        if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
+                    ctx->key_len == ciphers[i].keylen) {
-                return (0);
+                        cipher = ciphers[i].id;
+                        break;
+                }
-        if (!cryptodev_key_length_valid(cipher, ctx->key_len))
+        if (!ciphers[i].id) {
+                state->d_fd = -1;
                return (0);
+        }
        memset(sess, 0, sizeof(struct session_op));
        if ((state->d_fd = get_dev_crypto()) < 0)
                return (0);
-        sess->key = (unsigned char *)key;
+        sess->key = (caddr_t)key;
        sess->keylen = ctx->key_len;
        sess->cipher = cipher;
@@ -496,6 +484,20 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
 * gets called when libcrypto requests a cipher NID.
 */
+/* RC4 */
+const EVP_CIPHER cryptodev_rc4 = {
+        NID_rc4,
+        1, 16, 0,
+        EVP_CIPH_VARIABLE_LENGTH,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        NULL,
+        NULL,
+        NULL
+};
 /* DES CBC EVP */
 const EVP_CIPHER cryptodev_des_cbc = {
        NID_des_cbc,
@@ -563,6 +565,32 @@ const EVP_CIPHER cryptodev_aes_cbc = {
        NULL
 };
+const EVP_CIPHER cryptodev_aes_192_cbc = {
+        NID_aes_192_cbc,
+        16, 24, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+const EVP_CIPHER cryptodev_aes_256_cbc = {
+        NID_aes_256_cbc,
+        16, 32, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
 /*
 * Registered by the ENGINE when used to find out how to deal with
 * a particular NID in the ENGINE. this says what we'll do at the
@@ -576,6 +604,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
                return (cryptodev_usable_ciphers(nids));
        switch (nid) {
+        case NID_rc4:
+                *cipher = &cryptodev_rc4;
+                break;
        case NID_des_ede3_cbc:
                *cipher = &cryptodev_3des_cbc;
                break;
@@ -591,6 +622,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
        case NID_aes_128_cbc:
                *cipher = &cryptodev_aes_cbc;
                break;
+        case NID_aes_192_cbc:
+                *cipher = &cryptodev_aes_192_cbc;
+                break;
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
+                break;
        default:
                *cipher = NULL;
                break;
@@ -598,6 +635,234 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
        return (*cipher != NULL);
 }
+#ifdef USE_CRYPTODEV_DIGESTS
+/* convert digest type to cryptodev */
+static int
+digest_nid_to_cryptodev(int nid)
+{
+        int i;
+        for (i = 0; digests[i].id; i++)
+                if (digests[i].nid == nid)
+                        return (digests[i].id);
+        return (0);
+}
+static int
+digest_key_length(int nid)
+{
+        int i;
+        for (i = 0; digests[i].id; i++)
+                if (digests[i].nid == nid)
+                        return digests[i].keylen;
+        return (0);
+}
+static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+{
+        struct dev_crypto_state *state = ctx->md_data;
+        struct session_op *sess = &state->d_sess;
+        int digest;
+        if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
+                printf("cryptodev_digest_init: Can't get digest \n");
+                return (0);
+        }
+        memset(state, 0, sizeof(struct dev_crypto_state));
+        if ((state->d_fd = get_dev_crypto()) < 0) {
+                printf("cryptodev_digest_init: Can't get Dev \n");
+                return (0);
+        }
+        sess->mackey = state->dummy_mac_key;
+        sess->mackeylen = digest_key_length(ctx->digest->type);
+        sess->mac = digest;
+        if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+                close(state->d_fd);
+                state->d_fd = -1;
+                printf("cryptodev_digest_init: Open session failed\n");
+                return (0);
+        }
+        return (1);
+}
+static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+                size_t count)
+{
+        struct crypt_op cryp;
+        struct dev_crypto_state *state = ctx->md_data;
+        struct session_op *sess = &state->d_sess;
+        if (!data || state->d_fd < 0) {
+                printf("cryptodev_digest_update: illegal inputs \n");
+                return (0);
+        }
+        if (!count) {
+                return (0);
+        }
+        if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+                /* if application doesn't support one buffer */
+                state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
+                if (!state->mac_data) {
+                        printf("cryptodev_digest_update: realloc failed\n");
+                        return (0);
+                }
+                memcpy(state->mac_data + state->mac_len, data, count);
+                state->mac_len += count;
+        
+                return (1);
+        }
+        memset(&cryp, 0, sizeof(cryp));
+        cryp.ses = sess->ses;
+        cryp.flags = 0;
+        cryp.len = count;
+        cryp.src = (caddr_t) data;
+        cryp.dst = NULL;
+        cryp.mac = (caddr_t) state->digest_res;
+        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+                printf("cryptodev_digest_update: digest failed\n");
+                return (0);
+        }
+        return (1);
+}
+static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        struct crypt_op cryp;
+        struct dev_crypto_state *state = ctx->md_data;
+        struct session_op *sess = &state->d_sess;
+        int ret = 1;
+        if (!md || state->d_fd < 0) {
+                printf("cryptodev_digest_final: illegal input\n");
+                return(0);
+        }
+        if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
+                /* if application doesn't support one buffer */
+                memset(&cryp, 0, sizeof(cryp));
+                cryp.ses = sess->ses;
+                cryp.flags = 0;
+                cryp.len = state->mac_len;
+                cryp.src = state->mac_data;
+                cryp.dst = NULL;
+                cryp.mac = (caddr_t)md;
+                if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+                        printf("cryptodev_digest_final: digest failed\n");
+                        return (0);
+                }
+                return 1;
+        }
+        memcpy(md, state->digest_res, ctx->digest->md_size);
+        return (ret);
+}
+static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+{
+        int ret = 1;
+        struct dev_crypto_state *state = ctx->md_data;
+        struct session_op *sess = &state->d_sess;
+        if (state->d_fd < 0) {
+                printf("cryptodev_digest_cleanup: illegal input\n");
+                return (0);
+        }
+        if (state->mac_data) {
+                OPENSSL_free(state->mac_data);
+                state->mac_data = NULL;
+                state->mac_len = 0;
+        }
+        if (state->copy)
+                return 1;
+        if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+                printf("cryptodev_digest_cleanup: failed to close session\n");
+                ret = 0;
+        } else {
+                ret = 1;
+        }
+        close(state->d_fd);     
+        state->d_fd = -1;
+        return (ret);
+}
+static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
+{
+        struct dev_crypto_state *fstate = from->md_data;
+        struct dev_crypto_state *dstate = to->md_data;
+        memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
+        if (fstate->mac_len != 0) {
+                dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+                memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+        }
+        dstate->copy = 1;
+        return 1;
+}
+const EVP_MD cryptodev_sha1 = {
+        NID_sha1,
+        NID_undef, 
+        SHA_DIGEST_LENGTH, 
+        EVP_MD_FLAG_ONESHOT,
+        cryptodev_digest_init,
+        cryptodev_digest_update,
+        cryptodev_digest_final,
+        cryptodev_digest_copy,
+        cryptodev_digest_cleanup,
+        EVP_PKEY_NULL_method,
+        SHA_CBLOCK,
+        sizeof(struct dev_crypto_state),
+};
+const EVP_MD cryptodev_md5 = {
+        NID_md5,
+        NID_undef, 
+        16 /* MD5_DIGEST_LENGTH */, 
+        EVP_MD_FLAG_ONESHOT,
+        cryptodev_digest_init,
+        cryptodev_digest_update,
+        cryptodev_digest_final,
+        cryptodev_digest_copy,
+        cryptodev_digest_cleanup,
+        EVP_PKEY_NULL_method,
+        64 /* MD5_CBLOCK */,
+        sizeof(struct dev_crypto_state),
+};
+#endif /* USE_CRYPTODEV_DIGESTS */
 static int
 cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
    const int **nids, int nid)
@@ -606,10 +871,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
                return (cryptodev_usable_digests(nids));
        switch (nid) {
+#ifdef USE_CRYPTODEV_DIGESTS
        case NID_md5:
-                *digest = NULL; /* need to make a clean md5 critter */
+                *digest = &cryptodev_md5; 
                break;
+        case NID_sha1:
+                *digest = &cryptodev_sha1;
+                break;
        default:
+#endif /* USE_CRYPTODEV_DIGESTS */
                *digest = NULL;
                break;
        }
@@ -625,7 +895,7 @@ static int
 bn2crparam(const BIGNUM *a, struct crparam *crp)
 {
        int i, j, k;
-        ssize_t words, bytes, bits;
+        ssize_t bytes, bits;
        u_char *b;
        crp->crp_p = NULL;
@@ -637,8 +907,9 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
        b = malloc(bytes);
        if (b == NULL)
                return (1);
+        memset(b, 0, bytes);
-        crp->crp_p = b;
+        crp->crp_p = (caddr_t) b;
        crp->crp_nbits = bits;
        for (i = 0, j = 0; i < a->top; i++) {
@@ -681,7 +952,7 @@ zapparams(struct crypt_kop *kop)
 {
        int i;
-        for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
+        for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
                if (kop->crk_param[i].crp_p)
                        free(kop->crk_param[i].crp_p);
                kop->crk_param[i].crp_p = NULL;
@@ -746,21 +1017,27 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                goto err;
        kop.crk_iparams = 3;
-        if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {
+        if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                printf("OCF asym process failed, Running in software\n");
+                ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+        } else if (ECANCELED == kop.crk_status) {
                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                printf("OCF hardware operation cancelled. Running in Software\n");
                ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
        }
+        /* else cryptodev operation worked ok ==> ret = 1*/
 err:
        zapparams(&kop);
        return (ret);
 }
 static int
-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 {
        int r;
-        BN_CTX *ctx;
        ctx = BN_CTX_new();
        r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
        BN_CTX_free(ctx);
@@ -795,10 +1072,18 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
                goto err;
        kop.crk_iparams = 6;
-        if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
+        if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                printf("OCF asym process failed, running in Software\n");
+                ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
+        } else if (ECANCELED == kop.crk_status) {
                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                printf("OCF hardware operation cancelled. Running in Software\n");
                ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
        }
+        /* else cryptodev operation worked ok ==> ret = 1*/
 err:
        zapparams(&kop);
        return (ret);
@@ -934,7 +1219,8 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
        kop.crk_iparams = 7;
        if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-                dsaret = kop.crk_status;
+/*OCF success value is 0, if not zero, change dsaret to fail*/
+                if(0 != kop.crk_status) dsaret  = 0;
        } else {
                const DSA_METHOD *meth = DSA_OpenSSL();
@@ -994,7 +1280,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
                goto err;
        kop.crk_iparams = 3;
-        kop.crk_param[3].crp_p = key;
+        kop.crk_param[3].crp_p = (caddr_t) key;
        kop.crk_param[3].crp_nbits = keylen * 8;
        kop.crk_oparams = 1;
@@ -1025,7 +1311,7 @@ static DH_METHOD cryptodev_dh = {
 * but I expect we'll want some options soon.
 */
 static int
-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
 {
 #ifdef HAVE_SYSLOG_R
        struct syslog_data sd = SYSLOG_DATA_INIT;
diff --git a/src/lib/libssl/src/crypto/engine/eng_ctrl.c b/src/lib/libssl/src/crypto/engine/eng_ctrl.c
index 95b6b455aa..5ce25d92ec 100644
--- a/src/lib/libssl/src/crypto/engine/eng_ctrl.c
+++ b/src/lib/libssl/src/crypto/engine/eng_ctrl.c
@@ -280,7 +280,7 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
                }
        /* Force the result of the control command to 0 or 1, for the reasons
         * mentioned before. */
-        if (ENGINE_ctrl(e, num, i, p, f))
+        if (ENGINE_ctrl(e, num, i, p, f) > 0)
                return 1;
        return 0;
        }
@@ -345,7 +345,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
                 * usage of these commands is consistent across applications and
                 * that certain applications don't understand it one way, and
                 * others another. */
-                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
                        return 1;
                return 0;
                }
@@ -360,7 +360,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
        if(flags & ENGINE_CMD_FLAG_STRING)
                {
                /* Same explanation as above */
-                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
                        return 1;
                return 0;
                }
@@ -383,7 +383,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
                }
        /* Force the result of the control command to 0 or 1, for the reasons
         * mentioned before. */
-        if(ENGINE_ctrl(e, num, l, NULL, NULL))
+        if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
                return 1;
        return 0;
        }
diff --git a/src/lib/libssl/src/crypto/engine/eng_dyn.c b/src/lib/libssl/src/crypto/engine/eng_dyn.c
index acb30c34d8..807da7a5eb 100644
--- a/src/lib/libssl/src/crypto/engine/eng_dyn.c
+++ b/src/lib/libssl/src/crypto/engine/eng_dyn.c
@@ -146,14 +146,14 @@ struct st_dynamic_data_ctx
         * 'dirs' for loading. Default is to use 'dirs' as a fallback. */
        int dir_load;
        /* A stack of directories from which ENGINEs could be loaded */
-        STACK *dirs;
+        STACK_OF(OPENSSL_STRING) *dirs;
        };
 /* This is the "ex_data" index we obtain and reserve for use with our context
 * structure. */
 static int dynamic_ex_data_idx = -1;
-static void int_free_str(void *s) { OPENSSL_free(s); }
+static void int_free_str(char *s) { OPENSSL_free(s); }
 /* Because our ex_data element may or may not get allocated depending on whether
 * a "first-use" occurs before the ENGINE is freed, we have a memory leak
 * problem to solve. We can't declare a "new" handler for the ex_data as we
@@ -174,7 +174,7 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr,
                if(ctx->engine_id)
                        OPENSSL_free((void*)ctx->engine_id);
                if(ctx->dirs)
-                        sk_pop_free(ctx->dirs, int_free_str);
+                        sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
                OPENSSL_free(ctx);
                }
        }
@@ -203,7 +203,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
        c->DYNAMIC_F1 = "v_check";
        c->DYNAMIC_F2 = "bind_engine";
        c->dir_load = 1;
-        c->dirs = sk_new_null();
+        c->dirs = sk_OPENSSL_STRING_new_null();
        if(!c->dirs)
                {
                ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
@@ -393,7 +393,7 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
                                ERR_R_MALLOC_FAILURE);
                        return 0;
                        }
-                sk_insert(ctx->dirs, tmp_str, -1);
+                sk_OPENSSL_STRING_insert(ctx->dirs, tmp_str, -1);
                }
                return 1;
        default:
@@ -411,11 +411,11 @@ static int int_load(dynamic_data_ctx *ctx)
                                ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL)
                return 1;
        /* If we're not allowed to use 'dirs' or we have none, fail */
-        if(!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1))
+        if(!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
                return 0;
        for(loop = 0; loop < num; loop++)
                {
-                const char *s = sk_value(ctx->dirs, loop);
+                const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
                char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
                if(!merge)
                        return 0;
diff --git a/src/lib/libssl/src/crypto/engine/eng_err.c b/src/lib/libssl/src/crypto/engine/eng_err.c
index 574ffbb5c0..81c70acfa8 100644
--- a/src/lib/libssl/src/crypto/engine/eng_err.c
+++ b/src/lib/libssl/src/crypto/engine/eng_err.c
@@ -1,6 +1,6 @@
 /* crypto/engine/eng_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -86,6 +86,8 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
 {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE),    "ENGINE_GET_DEFAULT_TYPE"},
 {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST),  "ENGINE_get_digest"},
 {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT),    "ENGINE_get_next"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH),  "ENGINE_get_pkey_asn1_meth"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH),       "ENGINE_get_pkey_meth"},
 {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV),    "ENGINE_get_prev"},
 {ERR_FUNC(ENGINE_F_ENGINE_INIT),        "ENGINE_init"},
 {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD),    "ENGINE_LIST_ADD"},
@@ -124,6 +126,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
 {ERR_REASON(ENGINE_R_DSO_FAILURE)        ,"DSO failure"},
 {ERR_REASON(ENGINE_R_DSO_NOT_FOUND)      ,"dso not found"},
 {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
+{ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),"engine configuration error"},
 {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
 {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
 {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
@@ -150,6 +153,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
 {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
 {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
 {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
+{ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),"unimplemented public key method"},
 {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
 {0,NULL}
        };
diff --git a/src/lib/libssl/src/crypto/engine/eng_fat.c b/src/lib/libssl/src/crypto/engine/eng_fat.c
index 27c1662f62..db66e62350 100644
--- a/src/lib/libssl/src/crypto/engine/eng_fat.c
+++ b/src/lib/libssl/src/crypto/engine/eng_fat.c
@@ -89,6 +89,12 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags)
 #endif
        if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
                return 0;
+        if((flags & ENGINE_METHOD_PKEY_METHS)
+                                && !ENGINE_set_default_pkey_meths(e))
+                return 0;
+        if((flags & ENGINE_METHOD_PKEY_ASN1_METHS)
+                                && !ENGINE_set_default_pkey_asn1_meths(e))
+                return 0;
        return 1;
        }
@@ -115,6 +121,13 @@ static int int_def_cb(const char *alg, int len, void *arg)
                *pflags |= ENGINE_METHOD_CIPHERS;
        else if (!strncmp(alg, "DIGESTS", len))
                *pflags |= ENGINE_METHOD_DIGESTS;
+        else if (!strncmp(alg, "PKEY", len))
+                *pflags |=
+                        ENGINE_METHOD_PKEY_METHS|ENGINE_METHOD_PKEY_ASN1_METHS;
+        else if (!strncmp(alg, "PKEY_CRYPTO", len))
+                *pflags |= ENGINE_METHOD_PKEY_METHS;
+        else if (!strncmp(alg, "PKEY_ASN1", len))
+                *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS;
        else
                return 0;
        return 1;
@@ -154,6 +167,7 @@ int ENGINE_register_complete(ENGINE *e)
        ENGINE_register_ECDSA(e);
 #endif
        ENGINE_register_RAND(e);
+        ENGINE_register_pkey_meths(e);
        return 1;
        }
diff --git a/src/lib/libssl/src/crypto/engine/eng_int.h b/src/lib/libssl/src/crypto/engine/eng_int.h
index a66f107a44..451ef8feb8 100644
--- a/src/lib/libssl/src/crypto/engine/eng_int.h
+++ b/src/lib/libssl/src/crypto/engine/eng_int.h
@@ -127,6 +127,8 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
 ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l);
 #define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
 #endif
+typedef void (engine_table_doall_cb)(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg);
+void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, void *arg);
 /* Internal versions of API functions that have control over locking. These are
 * used between C files when functionality needs to be shared but the caller may
@@ -143,6 +145,11 @@ void engine_set_all_null(ENGINE *e);
 /* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
 * in engine.h. */
+/* Free up dynamically allocated public key methods associated with ENGINE */
+void engine_pkey_meths_free(ENGINE *e);
+void engine_pkey_asn1_meths_free(ENGINE *e);
 /* This is a structure for storing implementations of various crypto
 * algorithms and functions. */
 struct engine_st
@@ -160,7 +167,10 @@ struct engine_st
        ENGINE_CIPHERS_PTR ciphers;
        /* Digest handling is via this callback */
        ENGINE_DIGESTS_PTR digests;
+        /* Public key handling via this callback */
+        ENGINE_PKEY_METHS_PTR pkey_meths;
+        /* ASN1 public key handling via this callback */
+        ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths;
        ENGINE_GEN_INT_FUNC_PTR destroy;
diff --git a/src/lib/libssl/src/crypto/engine/eng_lib.c b/src/lib/libssl/src/crypto/engine/eng_lib.c
index 5815b867f4..18a6664645 100644
--- a/src/lib/libssl/src/crypto/engine/eng_lib.c
+++ b/src/lib/libssl/src/crypto/engine/eng_lib.c
@@ -125,6 +125,9 @@ int engine_free_util(ENGINE *e, int locked)
                abort();
                }
 #endif
+        /* Free up any dynamically allocated public key methods */
+        engine_pkey_meths_free(e);
+        engine_pkey_asn1_meths_free(e);
        /* Give the ENGINE a chance to do any structural cleanup corresponding
         * to allocation it did in its constructor (eg. unload error strings) */
        if(e->destroy)
diff --git a/src/lib/libssl/src/crypto/engine/eng_list.c b/src/lib/libssl/src/crypto/engine/eng_list.c
index bd511944ba..27846edb1e 100644
--- a/src/lib/libssl/src/crypto/engine/eng_list.c
+++ b/src/lib/libssl/src/crypto/engine/eng_list.c
@@ -336,6 +336,7 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
        dest->store_meth = src->store_meth;
        dest->ciphers = src->ciphers;
        dest->digests = src->digests;
+        dest->pkey_meths = src->pkey_meths;
        dest->destroy = src->destroy;
        dest->init = src->init;
        dest->finish = src->finish;
@@ -412,6 +413,7 @@ ENGINE *ENGINE_by_id(const char *id)
                return iterator;
                }
 notfound:
+        ENGINE_free(iterator);
        ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);
        ERR_add_error_data(2, "id=", id);
        return NULL;
diff --git a/src/lib/libssl/src/crypto/engine/eng_openssl.c b/src/lib/libssl/src/crypto/engine/eng_openssl.c
index 7c139ae2ef..9abb95cc22 100644
--- a/src/lib/libssl/src/crypto/engine/eng_openssl.c
+++ b/src/lib/libssl/src/crypto/engine/eng_openssl.c
@@ -238,7 +238,7 @@ static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        return 1;
        }
 static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                      const unsigned char *in, unsigned int inl)
+                      const unsigned char *in, size_t inl)
        {
 #ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
diff --git a/src/lib/libssl/src/crypto/engine/eng_table.c b/src/lib/libssl/src/crypto/engine/eng_table.c
index 8879a267d1..4fde948185 100644
--- a/src/lib/libssl/src/crypto/engine/eng_table.c
+++ b/src/lib/libssl/src/crypto/engine/eng_table.c
@@ -70,12 +70,22 @@ typedef struct st_engine_pile
        int uptodate;
        } ENGINE_PILE;
+DECLARE_LHASH_OF(ENGINE_PILE);
 /* The type exposed in eng_int.h */
 struct st_engine_table
        {
-        LHASH piles;
+        LHASH_OF(ENGINE_PILE) piles;
        }; /* ENGINE_TABLE */
+typedef struct st_engine_pile_doall
+        {
+        engine_table_doall_cb *cb;
+        void *arg;
+        } ENGINE_PILE_DOALL;
+        
 /* Global flags (ENGINE_TABLE_FLAG_***). */
 static unsigned int table_flags = 0;
@@ -84,6 +94,7 @@ unsigned int ENGINE_get_table_flags(void)
        {
        return table_flags;
        }
 void ENGINE_set_table_flags(unsigned int flags)
        {
        table_flags = flags;
@@ -94,19 +105,21 @@ static unsigned long engine_pile_hash(const ENGINE_PILE *c)
        {
        return c->nid;
        }
 static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
        {
        return a->nid - b->nid;
        }
-static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *)
+static IMPLEMENT_LHASH_HASH_FN(engine_pile, ENGINE_PILE)
-static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)
+static IMPLEMENT_LHASH_COMP_FN(engine_pile, ENGINE_PILE)
 static int int_table_check(ENGINE_TABLE **t, int create)
        {
-        LHASH *lh;
+        LHASH_OF(ENGINE_PILE) *lh;
        if(*t) return 1;
        if(!create) return 0;
-        if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
+        if((lh = lh_ENGINE_PILE_new()) == NULL)
-                        LHASH_COMP_FN(engine_pile_cmp))) == NULL)
                return 0;
        *t = (ENGINE_TABLE *)lh;
        return 1;
@@ -130,7 +143,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
        while(num_nids--)
                {
                tmplate.nid = *nids;
-                fnd = lh_retrieve(&(*table)->piles, &tmplate);
+                fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
                if(!fnd)
                        {
                        fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
@@ -144,7 +157,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
                                goto end;
                                }
                        fnd->funct = NULL;
-                        lh_insert(&(*table)->piles, fnd);
+                        (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
                        }
                /* A registration shouldn't add duplciate entries */
                (void)sk_ENGINE_delete_ptr(fnd->sk, e);
@@ -173,7 +186,7 @@ end:
        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        return ret;
        }
-static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
+static void int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e)
        {
        int n;
        /* Iterate the 'c->sk' stack removing any occurance of 'e' */
@@ -188,31 +201,35 @@ static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
                pile->funct = NULL;
                }
        }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE, ENGINE)
 void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
        {
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
        if(int_table_check(table, 0))
-                lh_doall_arg(&(*table)->piles,
+                lh_ENGINE_PILE_doall_arg(&(*table)->piles,
-                        LHASH_DOALL_ARG_FN(int_unregister_cb), e);
+                                         LHASH_DOALL_ARG_FN(int_unregister_cb),
+                                         ENGINE, e);
        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        }
-static void int_cleanup_cb(ENGINE_PILE *p)
+static void int_cleanup_cb_doall(ENGINE_PILE *p)
        {
        sk_ENGINE_free(p->sk);
        if(p->funct)
                engine_unlocked_finish(p->funct, 0);
        OPENSSL_free(p);
        }
-static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *)
+static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE)
 void engine_table_cleanup(ENGINE_TABLE **table)
        {
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
        if(*table)
                {
-                lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));
+                lh_ENGINE_PILE_doall(&(*table)->piles,
-                lh_free(&(*table)->piles);
+                                     LHASH_DOALL_FN(int_cleanup_cb));
+                lh_ENGINE_PILE_free(&(*table)->piles);
                *table = NULL;
                }
        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
@@ -237,12 +254,13 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, in
 #endif
                return NULL;
                }
+        ERR_set_mark();
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
        /* Check again inside the lock otherwise we could race against cleanup
         * operations. But don't worry about a fprintf(stderr). */
        if(!int_table_check(table, 0)) goto end;
        tmplate.nid = nid;
-        fnd = lh_retrieve(&(*table)->piles, &tmplate);
+        fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
        if(!fnd) goto end;
        if(fnd->funct && engine_unlocked_init(fnd->funct))
                {
@@ -310,6 +328,24 @@ end:
        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        /* Whatever happened, any failed init()s are not failures in this
         * context, so clear our error state. */
-        ERR_clear_error();
+        ERR_pop_to_mark();
        return ret;
        }
+/* Table enumeration */
+static void int_cb_doall_arg(ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall)
+        {
+        dall->cb(pile->nid, pile->sk, pile->funct, dall->arg);
+        }
+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_cb, ENGINE_PILE,ENGINE_PILE_DOALL)
+void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
+                                                                void *arg)
+        {
+        ENGINE_PILE_DOALL dall;
+        dall.cb = cb;
+        dall.arg = arg;
+        lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb),
+                                 ENGINE_PILE_DOALL, &dall);
+        }
diff --git a/src/lib/libssl/src/crypto/engine/engine.h b/src/lib/libssl/src/crypto/engine/engine.h
index f503595ece..7fbd95f634 100644
--- a/src/lib/libssl/src/crypto/engine/engine.h
+++ b/src/lib/libssl/src/crypto/engine/engine.h
@@ -88,16 +88,15 @@
 #include <openssl/ecdsa.h>
 #endif
 #include <openssl/rand.h>
-#include <openssl/store.h>
 #include <openssl/ui.h>
 #include <openssl/err.h>
 #endif
-#include <openssl/x509.h>
 #include <openssl/ossl_typ.h>
 #include <openssl/symhacks.h>
+#include <openssl/x509.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -113,6 +112,8 @@ extern "C" {
 #define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
 #define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
 #define ENGINE_METHOD_STORE             (unsigned int)0x0100
+#define ENGINE_METHOD_PKEY_METHS        (unsigned int)0x0200
+#define ENGINE_METHOD_PKEY_ASN1_METHS   (unsigned int)0x0400
 /* Obvious all-or-nothing cases. */
 #define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
 #define ENGINE_METHOD_NONE              (unsigned int)0x0000
@@ -297,7 +298,8 @@ typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
 * parameter is non-NULL it is set to the size of the returned array. */
 typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
 typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
+typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **, const int **, int);
+typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **, const int **, int);
 /* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
 * structures where the pointers have a "structural reference". This means that
 * their reference is to allowed access to the structure but it does not imply
@@ -329,19 +331,20 @@ void ENGINE_load_aep(void);
 void ENGINE_load_atalla(void);
 void ENGINE_load_chil(void);
 void ENGINE_load_cswift(void);
-#ifndef OPENSSL_NO_GMP
-void ENGINE_load_gmp(void);
-#endif
 void ENGINE_load_nuron(void);
 void ENGINE_load_sureware(void);
 void ENGINE_load_ubsec(void);
-#endif
-void ENGINE_load_cryptodev(void);
 void ENGINE_load_padlock(void);
-void ENGINE_load_builtin_engines(void);
-#ifndef OPENSSL_NO_CAPIENG
 void ENGINE_load_capi(void);
+#ifndef OPENSSL_NO_GMP
+void ENGINE_load_gmp(void);
+#endif
+#ifndef OPENSSL_NO_GOST
+void ENGINE_load_gost(void);
+#endif
 #endif
+void ENGINE_load_cryptodev(void);
+void ENGINE_load_builtin_engines(void);
 /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
 * "registry" handling. */
@@ -392,6 +395,14 @@ int ENGINE_register_digests(ENGINE *e);
 void ENGINE_unregister_digests(ENGINE *e);
 void ENGINE_register_all_digests(void);
+int ENGINE_register_pkey_meths(ENGINE *e);
+void ENGINE_unregister_pkey_meths(ENGINE *e);
+void ENGINE_register_all_pkey_meths(void);
+int ENGINE_register_pkey_asn1_meths(ENGINE *e);
+void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
+void ENGINE_register_all_pkey_asn1_meths(void);
 /* These functions register all support from the above categories. Note, use of
 * these functions can result in static linkage of code your application may not
 * need. If you only need a subset of functionality, consider using more
@@ -471,6 +482,8 @@ int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
                                ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
 int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
 int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
+int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
 int ENGINE_set_flags(ENGINE *e, int flags);
 int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
 /* These functions allow control over any per-structure ENGINE data. */
@@ -507,8 +520,16 @@ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
 ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
 ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
 ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
+ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
 const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
 const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
+                                        const char *str, int len);
+const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
+                                        const char *str, int len);
 const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
 int ENGINE_get_flags(const ENGINE *e);
@@ -560,6 +581,8 @@ ENGINE *ENGINE_get_default_RAND(void);
 * ciphering or digesting corresponding to "nid". */
 ENGINE *ENGINE_get_cipher_engine(int nid);
 ENGINE *ENGINE_get_digest_engine(int nid);
+ENGINE *ENGINE_get_pkey_meth_engine(int nid);
+ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
 /* This sets a new default ENGINE structure for performing RSA
 * operations. If the result is non-zero (success) then the ENGINE
@@ -575,6 +598,8 @@ int ENGINE_set_default_DH(ENGINE *e);
 int ENGINE_set_default_RAND(ENGINE *e);
 int ENGINE_set_default_ciphers(ENGINE *e);
 int ENGINE_set_default_digests(ENGINE *e);
+int ENGINE_set_default_pkey_meths(ENGINE *e);
+int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
 /* The combination "set" - the flags are bitwise "OR"d from the
 * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
@@ -703,7 +728,7 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
 * values. */
 void *ENGINE_get_static_state(void);
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
+#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
 void ENGINE_setup_bsd_cryptodev(void);
 #endif
@@ -732,13 +757,15 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_F_ENGINE_GET_DEFAULT_TYPE                 177
 #define ENGINE_F_ENGINE_GET_DIGEST                       186
 #define ENGINE_F_ENGINE_GET_NEXT                         115
+#define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH               193
+#define ENGINE_F_ENGINE_GET_PKEY_METH                    192
 #define ENGINE_F_ENGINE_GET_PREV                         116
 #define ENGINE_F_ENGINE_INIT                             119
 #define ENGINE_F_ENGINE_LIST_ADD                         120
 #define ENGINE_F_ENGINE_LIST_REMOVE                      121
 #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
 #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
-#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             192
+#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             194
 #define ENGINE_F_ENGINE_NEW                              122
 #define ENGINE_F_ENGINE_REMOVE                           123
 #define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
@@ -767,6 +794,7 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_R_DSO_FAILURE                             104
 #define ENGINE_R_DSO_NOT_FOUND                           132
 #define ENGINE_R_ENGINES_SECTION_ERROR                   148
+#define ENGINE_R_ENGINE_CONFIGURATION_ERROR              102
 #define ENGINE_R_ENGINE_IS_NOT_IN_LIST                   105
 #define ENGINE_R_ENGINE_SECTION_ERROR                    149
 #define ENGINE_R_FAILED_LOADING_PRIVATE_KEY              128
@@ -793,6 +821,7 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_R_RSA_NOT_IMPLEMENTED                     141
 #define ENGINE_R_UNIMPLEMENTED_CIPHER                    146
 #define ENGINE_R_UNIMPLEMENTED_DIGEST                    147
+#define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD         101
 #define ENGINE_R_VERSION_INCOMPATIBILITY                 145
 #ifdef  __cplusplus
diff --git a/src/lib/libssl/src/crypto/engine/enginetest.c b/src/lib/libssl/src/crypto/engine/enginetest.c
index e3834611db..f4d70e7e0a 100644
--- a/src/lib/libssl/src/crypto/engine/enginetest.c
+++ b/src/lib/libssl/src/crypto/engine/enginetest.c
@@ -276,7 +276,7 @@ end:
        ENGINE_cleanup();
        CRYPTO_cleanup_all_ex_data();
        ERR_free_strings();
-        ERR_remove_state(0);
+        ERR_remove_thread_state(NULL);
        CRYPTO_mem_leaks_fp(stderr);
        return to_return;
        }
diff --git a/src/lib/libssl/src/crypto/err/Makefile b/src/lib/libssl/src/crypto/err/Makefile
index 91d1379d41..862b23ba17 100644
--- a/src/lib/libssl/src/crypto/err/Makefile
+++ b/src/lib/libssl/src/crypto/err/Makefile
@@ -17,8 +17,8 @@ TEST=
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC=err.c err_def.c err_all.c err_prn.c err_str.c err_bio.c
+LIBSRC=err.c err_all.c err_prn.c
-LIBOBJ=err.o err_def.o err_all.o err_prn.o err_str.o err_bio.o
+LIBOBJ=err.o err_all.o err_prn.o
 SRC= $(LIBSRC)
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -83,37 +83,24 @@ err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 err.o: ../cryptlib.h err.c
 err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+err_all.o: ../../include/openssl/cms.h ../../include/openssl/comp.h
 err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 err_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-err_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-err_all.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h
-err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+err_all.o: ../../include/openssl/ts.h ../../include/openssl/ui.h
 err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 err_all.o: ../../include/openssl/x509v3.h err_all.c
-err_bio.o: ../../e_os.h ../../include/openssl/bio.h
-err_bio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-err_bio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-err_bio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-err_bio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-err_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-err_bio.o: ../../include/openssl/symhacks.h ../cryptlib.h err_bio.c
-err_def.o: ../../e_os.h ../../include/openssl/bio.h
-err_def.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-err_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-err_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-err_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-err_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-err_def.o: ../../include/openssl/symhacks.h ../cryptlib.h err_def.c
 err_prn.o: ../../e_os.h ../../include/openssl/bio.h
 err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -121,10 +108,3 @@ err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 err_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 err_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h err_prn.c
-err_str.o: ../../e_os.h ../../include/openssl/bio.h
-err_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-err_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-err_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-err_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-err_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-err_str.o: ../../include/openssl/symhacks.h ../cryptlib.h err_str.c
diff --git a/src/lib/libssl/src/crypto/err/err.c b/src/lib/libssl/src/crypto/err/err.c
index 292404a2fb..69713a6e2f 100644
--- a/src/lib/libssl/src/crypto/err/err.c
+++ b/src/lib/libssl/src/crypto/err/err.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -119,9 +119,507 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
-static unsigned long get_error_values(int inc,int top,
+DECLARE_LHASH_OF(ERR_STRING_DATA);
-                                        const char **file,int *line,
+DECLARE_LHASH_OF(ERR_STATE);
-                                        const char **data,int *flags);
+static void err_load_strings(int lib, ERR_STRING_DATA *str);
+static void ERR_STATE_free(ERR_STATE *s);
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ERR_str_libraries[]=
+        {
+{ERR_PACK(ERR_LIB_NONE,0,0)             ,"unknown library"},
+{ERR_PACK(ERR_LIB_SYS,0,0)              ,"system library"},
+{ERR_PACK(ERR_LIB_BN,0,0)               ,"bignum routines"},
+{ERR_PACK(ERR_LIB_RSA,0,0)              ,"rsa routines"},
+{ERR_PACK(ERR_LIB_DH,0,0)               ,"Diffie-Hellman routines"},
+{ERR_PACK(ERR_LIB_EVP,0,0)              ,"digital envelope routines"},
+{ERR_PACK(ERR_LIB_BUF,0,0)              ,"memory buffer routines"},
+{ERR_PACK(ERR_LIB_OBJ,0,0)              ,"object identifier routines"},
+{ERR_PACK(ERR_LIB_PEM,0,0)              ,"PEM routines"},
+{ERR_PACK(ERR_LIB_DSA,0,0)              ,"dsa routines"},
+{ERR_PACK(ERR_LIB_X509,0,0)             ,"x509 certificate routines"},
+{ERR_PACK(ERR_LIB_ASN1,0,0)             ,"asn1 encoding routines"},
+{ERR_PACK(ERR_LIB_CONF,0,0)             ,"configuration file routines"},
+{ERR_PACK(ERR_LIB_CRYPTO,0,0)           ,"common libcrypto routines"},
+{ERR_PACK(ERR_LIB_EC,0,0)               ,"elliptic curve routines"},
+{ERR_PACK(ERR_LIB_SSL,0,0)              ,"SSL routines"},
+{ERR_PACK(ERR_LIB_BIO,0,0)              ,"BIO routines"},
+{ERR_PACK(ERR_LIB_PKCS7,0,0)            ,"PKCS7 routines"},
+{ERR_PACK(ERR_LIB_X509V3,0,0)           ,"X509 V3 routines"},
+{ERR_PACK(ERR_LIB_PKCS12,0,0)           ,"PKCS12 routines"},
+{ERR_PACK(ERR_LIB_RAND,0,0)             ,"random number generator"},
+{ERR_PACK(ERR_LIB_DSO,0,0)              ,"DSO support routines"},
+{ERR_PACK(ERR_LIB_TS,0,0)               ,"time stamp routines"},
+{ERR_PACK(ERR_LIB_ENGINE,0,0)           ,"engine routines"},
+{ERR_PACK(ERR_LIB_OCSP,0,0)             ,"OCSP routines"},
+{ERR_PACK(ERR_LIB_FIPS,0,0)             ,"FIPS routines"},
+{ERR_PACK(ERR_LIB_CMS,0,0)              ,"CMS routines"},
+{ERR_PACK(ERR_LIB_HMAC,0,0)             ,"HMAC routines"},
+{0,NULL},
+        };
+static ERR_STRING_DATA ERR_str_functs[]=
+        {
+        {ERR_PACK(0,SYS_F_FOPEN,0),             "fopen"},
+        {ERR_PACK(0,SYS_F_CONNECT,0),           "connect"},
+        {ERR_PACK(0,SYS_F_GETSERVBYNAME,0),     "getservbyname"},
+        {ERR_PACK(0,SYS_F_SOCKET,0),            "socket"}, 
+        {ERR_PACK(0,SYS_F_IOCTLSOCKET,0),       "ioctlsocket"},
+        {ERR_PACK(0,SYS_F_BIND,0),              "bind"},
+        {ERR_PACK(0,SYS_F_LISTEN,0),            "listen"},
+        {ERR_PACK(0,SYS_F_ACCEPT,0),            "accept"},
+#ifdef OPENSSL_SYS_WINDOWS
+        {ERR_PACK(0,SYS_F_WSASTARTUP,0),        "WSAstartup"},
+#endif
+        {ERR_PACK(0,SYS_F_OPENDIR,0),           "opendir"},
+        {ERR_PACK(0,SYS_F_FREAD,0),             "fread"},
+        {0,NULL},
+        };
+static ERR_STRING_DATA ERR_str_reasons[]=
+        {
+{ERR_R_SYS_LIB                          ,"system lib"},
+{ERR_R_BN_LIB                           ,"BN lib"},
+{ERR_R_RSA_LIB                          ,"RSA lib"},
+{ERR_R_DH_LIB                           ,"DH lib"},
+{ERR_R_EVP_LIB                          ,"EVP lib"},
+{ERR_R_BUF_LIB                          ,"BUF lib"},
+{ERR_R_OBJ_LIB                          ,"OBJ lib"},
+{ERR_R_PEM_LIB                          ,"PEM lib"},
+{ERR_R_DSA_LIB                          ,"DSA lib"},
+{ERR_R_X509_LIB                         ,"X509 lib"},
+{ERR_R_ASN1_LIB                         ,"ASN1 lib"},
+{ERR_R_CONF_LIB                         ,"CONF lib"},
+{ERR_R_CRYPTO_LIB                       ,"CRYPTO lib"},
+{ERR_R_EC_LIB                           ,"EC lib"},
+{ERR_R_SSL_LIB                          ,"SSL lib"},
+{ERR_R_BIO_LIB                          ,"BIO lib"},
+{ERR_R_PKCS7_LIB                        ,"PKCS7 lib"},
+{ERR_R_X509V3_LIB                       ,"X509V3 lib"},
+{ERR_R_PKCS12_LIB                       ,"PKCS12 lib"},
+{ERR_R_RAND_LIB                         ,"RAND lib"},
+{ERR_R_DSO_LIB                          ,"DSO lib"},
+{ERR_R_ENGINE_LIB                       ,"ENGINE lib"},
+{ERR_R_OCSP_LIB                         ,"OCSP lib"},
+{ERR_R_TS_LIB                           ,"TS lib"},
+{ERR_R_NESTED_ASN1_ERROR                ,"nested asn1 error"},
+{ERR_R_BAD_ASN1_OBJECT_HEADER           ,"bad asn1 object header"},
+{ERR_R_BAD_GET_ASN1_OBJECT_CALL         ,"bad get asn1 object call"},
+{ERR_R_EXPECTING_AN_ASN1_SEQUENCE       ,"expecting an asn1 sequence"},
+{ERR_R_ASN1_LENGTH_MISMATCH             ,"asn1 length mismatch"},
+{ERR_R_MISSING_ASN1_EOS                 ,"missing asn1 eos"},
+{ERR_R_FATAL                            ,"fatal"},
+{ERR_R_MALLOC_FAILURE                   ,"malloc failure"},
+{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED      ,"called a function you should not call"},
+{ERR_R_PASSED_NULL_PARAMETER            ,"passed a null parameter"},
+{ERR_R_INTERNAL_ERROR                   ,"internal error"},
+{ERR_R_DISABLED                         ,"called a function that was disabled at compile-time"},
+{0,NULL},
+        };
+#endif
+/* Define the predeclared (but externally opaque) "ERR_FNS" type */
+struct st_ERR_FNS
+        {
+        /* Works on the "error_hash" string table */
+        LHASH_OF(ERR_STRING_DATA) *(*cb_err_get)(int create);
+        void (*cb_err_del)(void);
+        ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *);
+        ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *);
+        ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
+        /* Works on the "thread_hash" error-state table */
+        LHASH_OF(ERR_STATE) *(*cb_thread_get)(int create);
+        void (*cb_thread_release)(LHASH_OF(ERR_STATE) **hash);
+        ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
+        ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
+        void (*cb_thread_del_item)(const ERR_STATE *);
+        /* Returns the next available error "library" numbers */
+        int (*cb_get_next_lib)(void);
+        };
+/* Predeclarations of the "err_defaults" functions */
+static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create);
+static void int_err_del(void);
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
+static LHASH_OF(ERR_STATE) *int_thread_get(int create);
+static void int_thread_release(LHASH_OF(ERR_STATE) **hash);
+static ERR_STATE *int_thread_get_item(const ERR_STATE *);
+static ERR_STATE *int_thread_set_item(ERR_STATE *);
+static void int_thread_del_item(const ERR_STATE *);
+static int int_err_get_next_lib(void);
+/* The static ERR_FNS table using these defaults functions */
+static const ERR_FNS err_defaults =
+        {
+        int_err_get,
+        int_err_del,
+        int_err_get_item,
+        int_err_set_item,
+        int_err_del_item,
+        int_thread_get,
+        int_thread_release,
+        int_thread_get_item,
+        int_thread_set_item,
+        int_thread_del_item,
+        int_err_get_next_lib
+        };
+/* The replacable table of ERR_FNS functions we use at run-time */
+static const ERR_FNS *err_fns = NULL;
+/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */
+#define ERRFN(a) err_fns->cb_##a
+/* The internal state used by "err_defaults" - as such, the setting, reading,
+ * creating, and deleting of this data should only be permitted via the
+ * "err_defaults" functions. This way, a linked module can completely defer all
+ * ERR state operation (together with requisite locking) to the implementations
+ * and state in the loading application. */
+static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL;
+static LHASH_OF(ERR_STATE) *int_thread_hash = NULL;
+static int int_thread_hash_references = 0;
+static int int_err_library_number= ERR_LIB_USER;
+/* Internal function that checks whether "err_fns" is set and if not, sets it to
+ * the defaults. */
+static void err_fns_check(void)
+        {
+        if (err_fns) return;
+        
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!err_fns)
+                err_fns = &err_defaults;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+/* API functions to get or set the underlying ERR functions. */
+const ERR_FNS *ERR_get_implementation(void)
+        {
+        err_fns_check();
+        return err_fns;
+        }
+int ERR_set_implementation(const ERR_FNS *fns)
+        {
+        int ret = 0;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting
+         * an error is there?! */
+        if (!err_fns)
+                {
+                err_fns = fns;
+                ret = 1;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return ret;
+        }
+/* These are the callbacks provided to "lh_new()" when creating the LHASH tables
+ * internal to the "err_defaults" implementation. */
+static unsigned long get_error_values(int inc,int top,const char **file,int *line,
+                                      const char **data,int *flags);
+/* The internal functions used in the "err_defaults" implementation */
+static unsigned long err_string_data_hash(const ERR_STRING_DATA *a)
+        {
+        unsigned long ret,l;
+        l=a->error;
+        ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
+        return(ret^ret%19*13);
+        }
+static IMPLEMENT_LHASH_HASH_FN(err_string_data, ERR_STRING_DATA)
+static int err_string_data_cmp(const ERR_STRING_DATA *a,
+                               const ERR_STRING_DATA *b)
+        {
+        return (int)(a->error - b->error);
+        }
+static IMPLEMENT_LHASH_COMP_FN(err_string_data, ERR_STRING_DATA)
+static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create)
+        {
+        LHASH_OF(ERR_STRING_DATA) *ret = NULL;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!int_error_hash && create)
+                {
+                CRYPTO_push_info("int_err_get (err.c)");
+                int_error_hash = lh_ERR_STRING_DATA_new();
+                CRYPTO_pop_info();
+                }
+        if (int_error_hash)
+                ret = int_error_hash;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return ret;
+        }
+static void int_err_del(void)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (int_error_hash)
+                {
+                lh_ERR_STRING_DATA_free(int_error_hash);
+                int_error_hash = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH_OF(ERR_STRING_DATA) *hash;
+        err_fns_check();
+        hash = ERRFN(err_get)(0);
+        if (!hash)
+                return NULL;
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        p = lh_ERR_STRING_DATA_retrieve(hash, d);
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+        return p;
+        }
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH_OF(ERR_STRING_DATA) *hash;
+        err_fns_check();
+        hash = ERRFN(err_get)(1);
+        if (!hash)
+                return NULL;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = lh_ERR_STRING_DATA_insert(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return p;
+        }
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH_OF(ERR_STRING_DATA) *hash;
+        err_fns_check();
+        hash = ERRFN(err_get)(0);
+        if (!hash)
+                return NULL;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = lh_ERR_STRING_DATA_delete(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return p;
+        }
+static unsigned long err_state_hash(const ERR_STATE *a)
+        {
+        return CRYPTO_THREADID_hash(&a->tid) * 13;
+        }
+static IMPLEMENT_LHASH_HASH_FN(err_state, ERR_STATE)
+static int err_state_cmp(const ERR_STATE *a, const ERR_STATE *b)
+        {
+        return CRYPTO_THREADID_cmp(&a->tid, &b->tid);
+        }
+static IMPLEMENT_LHASH_COMP_FN(err_state, ERR_STATE)
+static LHASH_OF(ERR_STATE) *int_thread_get(int create)
+        {
+        LHASH_OF(ERR_STATE) *ret = NULL;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!int_thread_hash && create)
+                {
+                CRYPTO_push_info("int_thread_get (err.c)");
+                int_thread_hash = lh_ERR_STATE_new();
+                CRYPTO_pop_info();
+                }
+        if (int_thread_hash)
+                {
+                int_thread_hash_references++;
+                ret = int_thread_hash;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return ret;
+        }
+static void int_thread_release(LHASH_OF(ERR_STATE) **hash)
+        {
+        int i;
+        if (hash == NULL || *hash == NULL)
+                return;
+        i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
+#ifdef REF_PRINT
+        fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"int_thread_release, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+        *hash = NULL;
+        }
+static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH_OF(ERR_STATE) *hash;
+        err_fns_check();
+        hash = ERRFN(thread_get)(0);
+        if (!hash)
+                return NULL;
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        p = lh_ERR_STATE_retrieve(hash, d);
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+        ERRFN(thread_release)(&hash);
+        return p;
+        }
+static ERR_STATE *int_thread_set_item(ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH_OF(ERR_STATE) *hash;
+        err_fns_check();
+        hash = ERRFN(thread_get)(1);
+        if (!hash)
+                return NULL;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = lh_ERR_STATE_insert(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        ERRFN(thread_release)(&hash);
+        return p;
+        }
+static void int_thread_del_item(const ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH_OF(ERR_STATE) *hash;
+        err_fns_check();
+        hash = ERRFN(thread_get)(0);
+        if (!hash)
+                return;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = lh_ERR_STATE_delete(hash, d);
+        /* make sure we don't leak memory */
+        if (int_thread_hash_references == 1
+            && int_thread_hash && lh_ERR_STATE_num_items(int_thread_hash) == 0)
+                {
+                lh_ERR_STATE_free(int_thread_hash);
+                int_thread_hash = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        ERRFN(thread_release)(&hash);
+        if (p)
+                ERR_STATE_free(p);
+        }
+static int int_err_get_next_lib(void)
+        {
+        int ret;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        ret = int_err_library_number++;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return ret;
+        }
+#ifndef OPENSSL_NO_ERR
+#define NUM_SYS_STR_REASONS 127
+#define LEN_SYS_STR_REASON 32
+static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
+/* SYS_str_reasons is filled with copies of strerror() results at
+ * initialization.
+ * 'errno' values up to 127 should cover all usual errors,
+ * others will be displayed numerically by ERR_error_string.
+ * It is crucial that we have something for each reason code
+ * that occurs in ERR_str_reasons, or bogus reason strings
+ * will be returned for SYSerr(), which always gets an errno
+ * value and never one of those 'standard' reason codes. */
+static void build_SYS_str_reasons(void)
+        {
+        /* OPENSSL_malloc cannot be used here, use static storage instead */
+        static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
+        int i;
+        static int init = 1;
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        if (!init)
+                {
+                CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+                return;
+                }
+        
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!init)
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+                return;
+                }
+        for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
+                {
+                ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
+                str->error = (unsigned long)i;
+                if (str->string == NULL)
+                        {
+                        char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
+                        char *src = strerror(i);
+                        if (src != NULL)
+                                {
+                                strncpy(*dest, src, sizeof *dest);
+                                (*dest)[sizeof *dest - 1] = '\0';
+                                str->string = *dest;
+                                }
+                        }
+                if (str->string == NULL)
+                        str->string = "unknown";
+                }
+        /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL},
+         * as required by ERR_load_strings. */
+        init = 0;
+        
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+#endif
 #define err_clear_data(p,i) \
        do { \
@@ -143,6 +641,68 @@ static unsigned long get_error_values(int inc,int top,
        (p)->err_line[i]= -1; \
        } while(0)
+static void ERR_STATE_free(ERR_STATE *s)
+        {
+        int i;
+        if (s == NULL)
+            return;
+        for (i=0; i<ERR_NUM_ERRORS; i++)
+                {
+                err_clear_data(s,i);
+                }
+        OPENSSL_free(s);
+        }
+void ERR_load_ERR_strings(void)
+        {
+        err_fns_check();
+#ifndef OPENSSL_NO_ERR
+        err_load_strings(0,ERR_str_libraries);
+        err_load_strings(0,ERR_str_reasons);
+        err_load_strings(ERR_LIB_SYS,ERR_str_functs);
+        build_SYS_str_reasons();
+        err_load_strings(ERR_LIB_SYS,SYS_str_reasons);
+#endif
+        }
+static void err_load_strings(int lib, ERR_STRING_DATA *str)
+        {
+        while (str->error)
+                {
+                if (lib)
+                        str->error|=ERR_PACK(lib,0,0);
+                ERRFN(err_set_item)(str);
+                str++;
+                }
+        }
+void ERR_load_strings(int lib, ERR_STRING_DATA *str)
+        {
+        ERR_load_ERR_strings();
+        err_load_strings(lib, str);
+        }
+void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
+        {
+        while (str->error)
+                {
+                if (lib)
+                        str->error|=ERR_PACK(lib,0,0);
+                ERRFN(err_del_item)(str);
+                str++;
+                }
+        }
+void ERR_free_strings(void)
+        {
+        err_fns_check();
+        ERRFN(err_del)();
+        }
+/********************************************************/
 void ERR_put_error(int lib, int func, int reason, const char *file,
             int line)
        {
@@ -297,6 +857,196 @@ static unsigned long get_error_values(int inc, int top, const char **file, int *
        return ret;
        }
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
+        {
+        char lsbuf[64], fsbuf[64], rsbuf[64];
+        const char *ls,*fs,*rs;
+        unsigned long l,f,r;
+        l=ERR_GET_LIB(e);
+        f=ERR_GET_FUNC(e);
+        r=ERR_GET_REASON(e);
+        ls=ERR_lib_error_string(e);
+        fs=ERR_func_error_string(e);
+        rs=ERR_reason_error_string(e);
+        if (ls == NULL) 
+                BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
+        if (fs == NULL)
+                BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
+        if (rs == NULL)
+                BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
+        BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, 
+                fs?fs:fsbuf, rs?rs:rsbuf);
+        if (strlen(buf) == len-1)
+                {
+                /* output may be truncated; make sure we always have 5 
+                 * colon-separated fields, i.e. 4 colons ... */
+#define NUM_COLONS 4
+                if (len > NUM_COLONS) /* ... if possible */
+                        {
+                        int i;
+                        char *s = buf;
+                        
+                        for (i = 0; i < NUM_COLONS; i++)
+                                {
+                                char *colon = strchr(s, ':');
+                                if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i)
+                                        {
+                                        /* set colon no. i at last possible position
+                                         * (buf[len-1] is the terminating 0)*/
+                                        colon = &buf[len-1] - NUM_COLONS + i;
+                                        *colon = ':';
+                                        }
+                                s = colon + 1;
+                                }
+                        }
+                }
+        }
+/* BAD for multi-threading: uses a local buffer if ret == NULL */
+/* ERR_error_string_n should be used instead for ret != NULL
+ * as ERR_error_string cannot know how large the buffer is */
+char *ERR_error_string(unsigned long e, char *ret)
+        {
+        static char buf[256];
+        if (ret == NULL) ret=buf;
+        ERR_error_string_n(e, ret, 256);
+        return ret;
+        }
+LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void)
+        {
+        err_fns_check();
+        return ERRFN(err_get)(0);
+        }
+LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void)
+        {
+        err_fns_check();
+        return ERRFN(thread_get)(0);
+        }
+void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash)
+        {
+        err_fns_check();
+        ERRFN(thread_release)(hash);
+        }
+const char *ERR_lib_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p;
+        unsigned long l;
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        d.error=ERR_PACK(l,0,0);
+        p=ERRFN(err_get_item)(&d);
+        return((p == NULL)?NULL:p->string);
+        }
+const char *ERR_func_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p;
+        unsigned long l,f;
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        f=ERR_GET_FUNC(e);
+        d.error=ERR_PACK(l,f,0);
+        p=ERRFN(err_get_item)(&d);
+        return((p == NULL)?NULL:p->string);
+        }
+const char *ERR_reason_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p=NULL;
+        unsigned long l,r;
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        r=ERR_GET_REASON(e);
+        d.error=ERR_PACK(l,0,r);
+        p=ERRFN(err_get_item)(&d);
+        if (!p)
+                {
+                d.error=ERR_PACK(0,0,r);
+                p=ERRFN(err_get_item)(&d);
+                }
+        return((p == NULL)?NULL:p->string);
+        }
+void ERR_remove_thread_state(const CRYPTO_THREADID *id)
+        {
+        ERR_STATE tmp;
+        if (id)
+                CRYPTO_THREADID_cpy(&tmp.tid, id);
+        else
+                CRYPTO_THREADID_current(&tmp.tid);
+        err_fns_check();
+        /* thread_del_item automatically destroys the LHASH if the number of
+         * items reaches zero. */
+        ERRFN(thread_del_item)(&tmp);
+        }
+#ifndef OPENSSL_NO_DEPRECATED
+void ERR_remove_state(unsigned long pid)
+        {
+        ERR_remove_thread_state(NULL);
+        }
+#endif
+ERR_STATE *ERR_get_state(void)
+        {
+        static ERR_STATE fallback;
+        ERR_STATE *ret,tmp,*tmpp=NULL;
+        int i;
+        CRYPTO_THREADID tid;
+        err_fns_check();
+        CRYPTO_THREADID_current(&tid);
+        CRYPTO_THREADID_cpy(&tmp.tid, &tid);
+        ret=ERRFN(thread_get_item)(&tmp);
+        /* ret == the error state, if NULL, make a new one */
+        if (ret == NULL)
+                {
+                ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
+                if (ret == NULL) return(&fallback);
+                CRYPTO_THREADID_cpy(&ret->tid, &tid);
+                ret->top=0;
+                ret->bottom=0;
+                for (i=0; i<ERR_NUM_ERRORS; i++)
+                        {
+                        ret->err_data[i]=NULL;
+                        ret->err_data_flags[i]=0;
+                        }
+                tmpp = ERRFN(thread_set_item)(ret);
+                /* To check if insertion failed, do a get. */
+                if (ERRFN(thread_get_item)(ret) != ret)
+                        {
+                        ERR_STATE_free(ret); /* could not insert it */
+                        return(&fallback);
+                        }
+                /* If a race occured in this function and we came second, tmpp
+                 * is the first one that we just replaced. */
+                if (tmpp)
+                        ERR_STATE_free(tmpp);
+                }
+        return ret;
+        }
+int ERR_get_next_error_library(void)
+        {
+        err_fns_check();
+        return ERRFN(get_next_lib)();
+        }
 void ERR_set_error_data(char *data, int flags)
        {
        ERR_STATE *es;
@@ -383,34 +1133,3 @@ int ERR_pop_to_mark(void)
        es->err_flags[es->top]&=~ERR_FLAG_MARK;
        return 1;
        }
-#ifdef OPENSSL_FIPS
-static ERR_STATE *fget_state(void)
-        {
-        static ERR_STATE fstate;
-        return &fstate;
-        }
-ERR_STATE *(*get_state_func)(void) = fget_state;
-void (*remove_state_func)(unsigned long pid);
-ERR_STATE *ERR_get_state(void)
-        {
-        return get_state_func();
-        }
-void int_ERR_set_state_func(ERR_STATE *(*get_func)(void),
-                                void (*remove_func)(unsigned long pid))
-        {
-        get_state_func = get_func;
-        remove_state_func = remove_func;
-        }
-void ERR_remove_state(unsigned long pid)
-        {
-        if (remove_state_func)
-                remove_state_func(pid);
-        }
-#endif
diff --git a/src/lib/libssl/src/crypto/err/err.h b/src/lib/libssl/src/crypto/err/err.h
index dcac415231..b9f8c16d47 100644
--- a/src/lib/libssl/src/crypto/err/err.h
+++ b/src/lib/libssl/src/crypto/err/err.h
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 #ifndef HEADER_ERR_H
 #define HEADER_ERR_H
@@ -94,7 +147,7 @@ extern "C" {
 #define ERR_NUM_ERRORS  16
 typedef struct err_state_st
        {
-        unsigned long pid;
+        CRYPTO_THREADID tid;
        int err_flags[ERR_NUM_ERRORS];
        unsigned long err_buffer[ERR_NUM_ERRORS];
        char *err_data[ERR_NUM_ERRORS];
@@ -142,7 +195,9 @@ typedef struct err_state_st
 #define ERR_LIB_STORE           44
 #define ERR_LIB_FIPS            45
 #define ERR_LIB_CMS             46
-#define ERR_LIB_JPAKE           47
+#define ERR_LIB_TS              47
+#define ERR_LIB_HMAC            48
+#define ERR_LIB_JPAKE           49
 #define ERR_LIB_USER            128
@@ -176,6 +231,8 @@ typedef struct err_state_st
 #define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
 #define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
 #define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
+#define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
+#define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
 #define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
 /* Borland C seems too stupid to be able to shift and do longs in
@@ -232,6 +289,7 @@ typedef struct err_state_st
 #define ERR_R_ECDSA_LIB ERR_LIB_ECDSA    /* 42 */
 #define ERR_R_ECDH_LIB  ERR_LIB_ECDH     /* 43 */
 #define ERR_R_STORE_LIB ERR_LIB_STORE    /* 44 */
+#define ERR_R_TS_LIB    ERR_LIB_TS       /* 45 */
 #define ERR_R_NESTED_ASN1_ERROR                 58
 #define ERR_R_BAD_ASN1_OBJECT_HEADER            59
@@ -294,13 +352,16 @@ void ERR_load_ERR_strings(void);
 void ERR_load_crypto_strings(void);
 void ERR_free_strings(void);
+void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
+#ifndef OPENSSL_NO_DEPRECATED
 void ERR_remove_state(unsigned long pid); /* if zero we look it up */
+#endif
 ERR_STATE *ERR_get_state(void);
 #ifndef OPENSSL_NO_LHASH
-LHASH *ERR_get_string_table(void);
+LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void);
-LHASH *ERR_get_err_state_table(void);
+LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void);
-void ERR_release_err_state_table(LHASH **hash);
+void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash);
 #endif
 int ERR_get_next_error_library(void);
@@ -308,12 +369,6 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
-#ifdef OPENSSL_FIPS
-void int_ERR_set_state_func(ERR_STATE *(*get_func)(void),
-                                void (*remove_func)(unsigned long pid));
-void int_ERR_lib_init(void);
-#endif
 /* Already defined in ossl_typ.h */
 /* typedef struct st_ERR_FNS ERR_FNS; */
 /* An application can use this function and provide the return value to loaded
diff --git a/src/lib/libssl/src/crypto/err/err_all.c b/src/lib/libssl/src/crypto/err/err_all.c
index f21a5276ed..fc049e8e88 100644
--- a/src/lib/libssl/src/crypto/err/err_all.c
+++ b/src/lib/libssl/src/crypto/err/err_all.c
@@ -64,6 +64,7 @@
 #endif
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
+#include <openssl/comp.h>
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
@@ -94,16 +95,14 @@
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
+#include <openssl/ts.h>
-#include <openssl/fips.h>
-#endif
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #endif
 #ifndef OPENSSL_NO_JPAKE
 #include <openssl/jpake.h>
 #endif
+#include <openssl/comp.h>
 void ERR_load_crypto_strings(void)
        {
@@ -127,6 +126,7 @@ void ERR_load_crypto_strings(void)
        ERR_load_ASN1_strings();
        ERR_load_CONF_strings();
        ERR_load_CRYPTO_strings();
+        ERR_load_COMP_strings();
 #ifndef OPENSSL_NO_EC
        ERR_load_EC_strings();
 #endif
@@ -143,19 +143,18 @@ void ERR_load_crypto_strings(void)
        ERR_load_PKCS12_strings();
        ERR_load_RAND_strings();
        ERR_load_DSO_strings();
+        ERR_load_TS_strings();
 #ifndef OPENSSL_NO_ENGINE
        ERR_load_ENGINE_strings();
 #endif
        ERR_load_OCSP_strings();
        ERR_load_UI_strings();
-#ifdef OPENSSL_FIPS
-        ERR_load_FIPS_strings();
-#endif
 #ifndef OPENSSL_NO_CMS
        ERR_load_CMS_strings();
 #endif
 #ifndef OPENSSL_NO_JPAKE
        ERR_load_JPAKE_strings();
 #endif
+        ERR_load_COMP_strings();
 #endif
        }
diff --git a/src/lib/libssl/src/crypto/err/err_prn.c b/src/lib/libssl/src/crypto/err/err_prn.c
index 4cdf342fa6..a0168ac8ed 100644
--- a/src/lib/libssl/src/crypto/err/err_prn.c
+++ b/src/lib/libssl/src/crypto/err/err_prn.c
@@ -72,21 +72,29 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
        const char *file,*data;
        int line,flags;
        unsigned long es;
+        CRYPTO_THREADID cur;
-        es=CRYPTO_thread_id();
+        CRYPTO_THREADID_current(&cur);
+        es=CRYPTO_THREADID_hash(&cur);
        while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
                {
                ERR_error_string_n(l, buf, sizeof buf);
                BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
                        file, line, (flags & ERR_TXT_STRING) ? data : "");
-                cb(buf2, strlen(buf2), u);
+                if (cb(buf2, strlen(buf2), u) <= 0)
+                        break; /* abort outputting the error report */
                }
        }
 #ifndef OPENSSL_NO_FP_API
 static int print_fp(const char *str, size_t len, void *fp)
        {
-        return fwrite(str, 1, len, fp);
+        BIO bio;
+        BIO_set(&bio,BIO_s_file());
+        BIO_set_fp(&bio,fp,BIO_NOCLOSE);
+        return BIO_printf(&bio, "%s", str);
        }
 void ERR_print_errors_fp(FILE *fp)
        {
@@ -94,64 +102,13 @@ void ERR_print_errors_fp(FILE *fp)
        }
 #endif
-void ERR_error_string_n(unsigned long e, char *buf, size_t len)
+static int print_bio(const char *str, size_t len, void *bp)
        {
-        char lsbuf[64], fsbuf[64], rsbuf[64];
+        return BIO_write((BIO *)bp, str, len);
-        const char *ls,*fs,*rs;
-        unsigned long l,f,r;
-        l=ERR_GET_LIB(e);
-        f=ERR_GET_FUNC(e);
-        r=ERR_GET_REASON(e);
-        ls=ERR_lib_error_string(e);
-        fs=ERR_func_error_string(e);
-        rs=ERR_reason_error_string(e);
-        if (ls == NULL) 
-                BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
-        if (fs == NULL)
-                BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
-        if (rs == NULL)
-                BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
-        BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, 
-                fs?fs:fsbuf, rs?rs:rsbuf);
-        if (strlen(buf) == len-1)
-                {
-                /* output may be truncated; make sure we always have 5 
-                 * colon-separated fields, i.e. 4 colons ... */
-#define NUM_COLONS 4
-                if (len > NUM_COLONS) /* ... if possible */
-                        {
-                        int i;
-                        char *s = buf;
-                        
-                        for (i = 0; i < NUM_COLONS; i++)
-                                {
-                                char *colon = strchr(s, ':');
-                                if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i)
-                                        {
-                                        /* set colon no. i at last possible position
-                                         * (buf[len-1] is the terminating 0)*/
-                                        colon = &buf[len-1] - NUM_COLONS + i;
-                                        *colon = ':';
-                                        }
-                                s = colon + 1;
-                                }
-                        }
-                }
        }
+void ERR_print_errors(BIO *bp)
-/* BAD for multi-threading: uses a local buffer if ret == NULL */
-/* ERR_error_string_n should be used instead for ret != NULL
- * as ERR_error_string cannot know how large the buffer is */
-char *ERR_error_string(unsigned long e, char *ret)
        {
-        static char buf[256];
+        ERR_print_errors_cb(print_bio, bp);
-        if (ret == NULL) ret=buf;
-        ERR_error_string_n(e, ret, 256);
-        return ret;
        }
+        
diff --git a/src/lib/libssl/src/crypto/err/openssl.ec b/src/lib/libssl/src/crypto/err/openssl.ec
index 868826624d..e0554b4342 100644
--- a/src/lib/libssl/src/crypto/err/openssl.ec
+++ b/src/lib/libssl/src/crypto/err/openssl.ec
@@ -31,13 +31,15 @@ L COMP		crypto/comp/comp.h		crypto/comp/comp_err.c
 L ECDSA         crypto/ecdsa/ecdsa.h            crypto/ecdsa/ecs_err.c
 L ECDH          crypto/ecdh/ecdh.h              crypto/ecdh/ech_err.c
 L STORE         crypto/store/store.h            crypto/store/str_err.c
-L FIPS          fips/fips.h                     crypto/fips_err.h
+L TS            crypto/ts/ts.h                  crypto/ts/ts_err.c
+L HMAC          crypto/hmac/hmac.h              crypto/hmac/hmac_err.c
 L CMS           crypto/cms/cms.h                crypto/cms/cms_err.c
 L JPAKE         crypto/jpake/jpake.h            crypto/jpake/jpake_err.c
 # additional header files to be scanned for function names
 L NONE          crypto/x509/x509_vfy.h          NONE
 L NONE          crypto/ec/ec_lcl.h              NONE
+L NONE          crypto/asn1/asn_lcl.h           NONE
 L NONE          crypto/cms/cms_lcl.h            NONE
@@ -71,6 +73,11 @@ R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY	1071
 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR              1080
 R SSL_R_TLSV1_ALERT_USER_CANCELLED              1090
 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION            1100
+R SSL_R_TLSV1_UNSUPPORTED_EXTENSION             1110
+R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE          1111
+R SSL_R_TLSV1_UNRECOGNIZED_NAME                 1112
+R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE   1113
+R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE        1114
 R RSAREF_R_CONTENT_ENCODING                     0x0400
 R RSAREF_R_DATA                                 0x0401
diff --git a/src/lib/libssl/src/crypto/evp/Makefile b/src/lib/libssl/src/crypto/evp/Makefile
index c204f84c1d..82825e5299 100644
--- a/src/lib/libssl/src/crypto/evp/Makefile
+++ b/src/lib/libssl/src/crypto/evp/Makefile
@@ -18,34 +18,34 @@ TESTDATA=evptests.txt
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC= encode.c digest.c dig_eng.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
        e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
        e_rc4.c e_aes.c names.c e_seed.c \
-        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c enc_min.c \
+        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
-        m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \
+        m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c \
        m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\
        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
        c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
-        e_old.c
+        e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c
-LIBOBJ= encode.o digest.o dig_eng.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
+LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
        e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
        e_rc4.o e_aes.o names.o e_seed.o \
-        e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o enc_min.o \
+        e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
-        m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \
+        m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o m_wp.o \
        m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\
        p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
        bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
        c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
        evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
-        e_old.o
+        e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o
 SRC= $(LIBSRC)
 EXHEADER= evp.h
-HEADER= $(EXHEADER)
+HEADER= evp_locl.h $(EXHEADER)
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -55,7 +55,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -101,201 +101,185 @@ bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h
 bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_b64.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c
-bio_b64.o: ../cryptlib.h bio_b64.c
 bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h
 bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c
-bio_enc.o: ../cryptlib.h bio_enc.c
 bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bio_md.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+bio_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-bio_md.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bio_md.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_md.c
+bio_md.o: ../cryptlib.h bio_md.c
 bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c
-bio_ok.o: ../cryptlib.h bio_ok.c
 c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-c_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+c_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_all.c
+c_all.o: ../cryptlib.h c_all.c
 c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_allc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-c_allc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-c_allc.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c
+c_allc.o: ../cryptlib.h c_allc.c
 c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_alld.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-c_alld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-c_alld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c
+c_alld.o: ../cryptlib.h c_alld.c
-dig_eng.o: ../../e_os.h ../../include/openssl/asn1.h
-dig_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-dig_eng.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-dig_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-dig_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-dig_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dig_eng.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-dig_eng.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-dig_eng.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dig_eng.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-dig_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-dig_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dig_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-dig_eng.o: ../cryptlib.h dig_eng.c evp_locl.h
 digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h digest.c evp_locl.h
+digest.o: ../cryptlib.h digest.c
 e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
 e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_aes.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_aes.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h e_aes.c
-e_aes.o: ../../include/openssl/symhacks.h e_aes.c evp_locl.h
+e_aes.o: evp_locl.h
 e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
 e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_bf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_bf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_bf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h
-e_bf.o: ../cryptlib.h e_bf.c evp_locl.h
+e_camellia.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_camellia.o: ../../include/openssl/opensslconf.h e_camellia.c
+e_camellia.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h
+e_camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_camellia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_camellia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_camellia.o: ../../include/openssl/opensslconf.h
+e_camellia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_camellia.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_camellia.o: ../../include/openssl/symhacks.h e_camellia.c evp_locl.h
 e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cast.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_cast.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_cast.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h
-e_cast.o: ../cryptlib.h e_cast.c evp_locl.h
 e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_des.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_des.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-e_des.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_des.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_des.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h
-e_des.o: ../cryptlib.h e_des.c evp_locl.h
 e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_des3.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-e_des3.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_des3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_des3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h
-e_des3.o: ../cryptlib.h e_des3.c evp_locl.h
 e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_idea.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-e_idea.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_idea.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_idea.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h
-e_idea.o: ../cryptlib.h e_idea.c evp_locl.h
 e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_null.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_null.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-e_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_null.o: ../../include/openssl/symhacks.h ../cryptlib.h e_null.c
+e_null.o: ../cryptlib.h e_null.c
 e_old.o: e_old.c
 e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
-e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h
+e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_rc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h
-e_rc2.o: ../cryptlib.h e_rc2.c evp_locl.h
 e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
-e_rc4.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
+e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_rc4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c
-e_rc4.o: ../cryptlib.h e_rc4.c evp_locl.h
 e_rc5.o: ../../e_os.h ../../include/openssl/bio.h
 e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -306,256 +290,221 @@ e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c
 e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_seed.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_seed.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_seed.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_seed.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_seed.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_seed.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_seed.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_seed.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h
 e_seed.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_seed.o: e_seed.c
+e_seed.o: e_seed.c evp_locl.h
 e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h
 e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_xcbc_d.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_xcbc_d.o: ../../include/openssl/opensslconf.h
 e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
-enc_min.o: ../../e_os.h ../../include/openssl/asn1.h
+e_xcbc_d.o: evp_locl.h
-enc_min.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-enc_min.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-enc_min.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-enc_min.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-enc_min.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-enc_min.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-enc_min.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-enc_min.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-enc_min.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-enc_min.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-enc_min.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-enc_min.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-enc_min.o: ../../include/openssl/x509_vfy.h ../cryptlib.h enc_min.c evp_locl.h
 encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-encode.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+encode.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-encode.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-encode.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-encode.o: ../../include/openssl/symhacks.h ../cryptlib.h encode.c
+encode.o: ../cryptlib.h encode.c
 evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_acnf.o: ../../include/openssl/opensslconf.h
 evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
-evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-evp_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-evp_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-evp_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-evp_cnf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-evp_cnf.o: ../cryptlib.h evp_cnf.c
 evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_enc.c evp_locl.h
+evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
 evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+evp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_err.o: ../../include/openssl/symhacks.h evp_err.c
-evp_err.o: evp_err.c
 evp_key.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_key.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h
-evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c
-evp_key.o: ../cryptlib.h evp_key.c
 evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c
-evp_lib.o: ../cryptlib.h evp_lib.c
 evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
 evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c
 evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_pkey.o: ../../include/openssl/opensslconf.h
 evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c
+evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c
 m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_dss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_dss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss.c
+m_dss.o: ../cryptlib.h m_dss.c
 m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_dss1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_dss1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss1.c
+m_dss1.o: ../cryptlib.h m_dss1.c
 m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
 m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_ecdsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_ecdsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ecdsa.c
+m_ecdsa.o: ../cryptlib.h m_ecdsa.c
-m_md2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md2.o: ../../e_os.h ../../include/openssl/bio.h
 m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-m_md2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-m_md2.o: ../../include/openssl/md2.h ../../include/openssl/obj_mac.h
-m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_md2.c
-m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_md2.o: ../cryptlib.h evp_locl.h m_md2.c
 m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md4.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h
-m_md4.o: ../../include/openssl/md4.h ../../include/openssl/obj_mac.h
+m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_md4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_md4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c
-m_md4.o: ../cryptlib.h evp_locl.h m_md4.c
 m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md5.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
-m_md5.o: ../../include/openssl/md5.h ../../include/openssl/obj_mac.h
+m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c
-m_md5.o: ../cryptlib.h evp_locl.h m_md5.c
+m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_mdc2.o: ../../e_os.h ../../include/openssl/bio.h
 m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_mdc2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h m_mdc2.c
+m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
+m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_mdc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_mdc2.c
 m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_null.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c
-m_null.o: ../cryptlib.h m_null.c
 m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h
 m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_ripemd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_ripemd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_ripemd.o: ../../include/openssl/opensslconf.h
 m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h
 m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
@@ -567,62 +516,87 @@ m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-m_sha.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_sha.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_sha.c
+m_sha.o: ../cryptlib.h m_sha.c
 m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-m_sha1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_sha1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_sha1.c
+m_sha1.o: ../cryptlib.h m_sha1.c
+m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h
+m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+m_sigver.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+m_sigver.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_sigver.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_sigver.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_sigver.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sigver.o: ../../include/openssl/opensslconf.h
+m_sigver.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sigver.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_sigver.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sigver.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_sigver.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
+m_sigver.o: m_sigver.c
+m_wp.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_wp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_wp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_wp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_wp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_wp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_wp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_wp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_wp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_wp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_wp.o: ../../include/openssl/symhacks.h ../../include/openssl/whrlpool.h
+m_wp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_wp.o: ../cryptlib.h m_wp.c
 names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-names.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c
-names.o: ../cryptlib.h names.c
 p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
 p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p5_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p5_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p5_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c
+p5_crpt.o: ../cryptlib.h p5_crpt.c
 p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h
 p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p5_crpt2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_crpt2.o: ../../include/openssl/opensslconf.h
 p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -633,37 +607,35 @@ p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_dec.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_dec.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_dec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_dec.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_dec.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_dec.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c
-p_dec.o: ../cryptlib.h p_dec.c
 p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_enc.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c
-p_enc.o: ../cryptlib.h p_enc.c
 p_lib.o: ../../e_os.h ../../include/openssl/asn1.h
 p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
 p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-p_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -671,57 +643,91 @@ p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_lib.o: ../cryptlib.h p_lib.c
+p_lib.o: ../asn1/asn1_locl.h ../cryptlib.h p_lib.c
 p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_open.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_open.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-p_open.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_open.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p_open.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_open.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_open.c
+p_open.o: ../cryptlib.h p_open.c
 p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_seal.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_seal.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_seal.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c
-p_seal.o: ../cryptlib.h p_seal.c
 p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c
-p_sign.o: ../cryptlib.h p_sign.c
 p_verify.o: ../../e_os.h ../../include/openssl/asn1.h
 p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p_verify.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_verify.o: ../../include/openssl/opensslconf.h
 p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_verify.c
+pmeth_fn.o: ../../e_os.h ../../include/openssl/asn1.h
+pmeth_fn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pmeth_fn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pmeth_fn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pmeth_fn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pmeth_fn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pmeth_fn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pmeth_fn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+pmeth_fn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+pmeth_fn.o: pmeth_fn.c
+pmeth_gn.o: ../../e_os.h ../../include/openssl/asn1.h
+pmeth_gn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+pmeth_gn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pmeth_gn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pmeth_gn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pmeth_gn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pmeth_gn.o: ../../include/openssl/opensslconf.h
+pmeth_gn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pmeth_gn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+pmeth_gn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+pmeth_gn.o: pmeth_gn.c
+pmeth_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+pmeth_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pmeth_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pmeth_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pmeth_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+pmeth_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pmeth_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pmeth_lib.o: ../../include/openssl/objects.h
+pmeth_lib.o: ../../include/openssl/opensslconf.h
+pmeth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pmeth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pmeth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pmeth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pmeth_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+pmeth_lib.o: evp_locl.h pmeth_lib.c
diff --git a/src/lib/libssl/src/crypto/evp/bio_b64.c b/src/lib/libssl/src/crypto/evp/bio_b64.c
index fa5cbc7eb1..72a2a67277 100644
--- a/src/lib/libssl/src/crypto/evp/bio_b64.c
+++ b/src/lib/libssl/src/crypto/evp/bio_b64.c
@@ -64,7 +64,7 @@
 static int b64_write(BIO *h, const char *buf, int num);
 static int b64_read(BIO *h, char *buf, int size);
-/*static int b64_puts(BIO *h, const char *str); */
+static int b64_puts(BIO *h, const char *str);
 /*static int b64_gets(BIO *h, char *str, int size); */
 static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int b64_new(BIO *h);
@@ -96,7 +96,7 @@ static BIO_METHOD methods_b64=
        BIO_TYPE_BASE64,"base64 encoding",
        b64_write,
        b64_read,
-        NULL, /* b64_puts, */
+        b64_puts,
        NULL, /* b64_gets, */
        b64_ctrl,
        b64_new,
@@ -127,6 +127,7 @@ static int b64_new(BIO *bi)
        bi->init=1;
        bi->ptr=(char *)ctx;
        bi->flags=0;
+        bi->num = 0;
        return(1);
        }
@@ -151,6 +152,8 @@ static int b64_read(BIO *b, char *out, int outl)
        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+        BIO_clear_retry_flags(b);
        if (ctx->encode != B64_DECODE)
                {
                ctx->encode=B64_DECODE;
@@ -163,6 +166,7 @@ static int b64_read(BIO *b, char *out, int outl)
        /* First check if there are bytes decoded/encoded */
        if (ctx->buf_len > 0)
                {
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
                i=ctx->buf_len-ctx->buf_off;
                if (i > outl) i=outl;
                OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));
@@ -184,7 +188,6 @@ static int b64_read(BIO *b, char *out, int outl)
        ret_code=0;
        while (outl > 0)
                {
                if (ctx->cont <= 0)
                        break;
@@ -195,7 +198,7 @@ static int b64_read(BIO *b, char *out, int outl)
                        {
                        ret_code=i;
-                        /* Should be continue next time we are called? */
+                        /* Should we continue next time we are called? */
                        if (!BIO_should_retry(b->next_bio))
                                {
                                ctx->cont=i;
@@ -285,19 +288,27 @@ static int b64_read(BIO *b, char *out, int outl)
                                continue;
                                }
                        else
+                        {
                                ctx->tmp_len=0;
                        }
-                /* If buffer isn't full and we can retry then
+                }
-                 * restart to read in more data.
-                 */
                else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
+                {
+                        /* If buffer isn't full and we can retry then
+                         * restart to read in more data.
+                         */
                        continue;
+                }
                if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
                        {
                        int z,jj;
+#if 0
                        jj=(i>>2)<<2;
+#else
+                        jj = i & ~3; /* process per 4 */
+#endif
                        z=EVP_DecodeBlock((unsigned char *)ctx->buf,
                                (unsigned char *)ctx->tmp,jj);
                        if (jj > 2)
@@ -313,18 +324,15 @@ static int b64_read(BIO *b, char *out, int outl)
                         * number consumed */
                        if (jj != i)
                                {
-                                memcpy((unsigned char *)ctx->tmp,
+                                memmove(ctx->tmp, &ctx->tmp[jj], i-jj);
-                                        (unsigned char *)&(ctx->tmp[jj]),i-jj);
                                ctx->tmp_len=i-jj;
                                }
                        ctx->buf_len=0;
                        if (z > 0)
                                {
                                ctx->buf_len=z;
-                                i=1;
                                }
-                        else
+                        i=z;
-                                i=z;
                        }
                else
                        {
@@ -357,14 +365,16 @@ static int b64_read(BIO *b, char *out, int outl)
                outl-=i;
                out+=i;
                }
-        BIO_clear_retry_flags(b);
+        /* BIO_clear_retry_flags(b); */
        BIO_copy_next_retry(b);
        return((ret == 0)?ret_code:ret);
        }
 static int b64_write(BIO *b, const char *in, int inl)
        {
-        int ret=inl,n,i;
+        int ret=0;
+        int n;
+        int i;
        BIO_B64_CTX *ctx;
        ctx=(BIO_B64_CTX *)b->ptr;
@@ -379,6 +389,9 @@ static int b64_write(BIO *b, const char *in, int inl)
                EVP_EncodeInit(&(ctx->base64));
                }
+        OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
+        OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
        n=ctx->buf_len-ctx->buf_off;
        while (n > 0)
                {
@@ -388,7 +401,10 @@ static int b64_write(BIO *b, const char *in, int inl)
                        BIO_copy_next_retry(b);
                        return(i);
                        }
+                OPENSSL_assert(i <= n);
                ctx->buf_off+=i;
+                OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
                n-=i;
                }
        /* at this point all pending data has been written */
@@ -405,18 +421,19 @@ static int b64_write(BIO *b, const char *in, int inl)
                        {
                        if (ctx->tmp_len > 0)
                                {
+                                OPENSSL_assert(ctx->tmp_len <= 3);
                                n=3-ctx->tmp_len;
-                                /* There's a teoretical possibility for this */
+                                /* There's a theoretical possibility for this */
                                if (n > inl) 
                                        n=inl;
                                memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
                                ctx->tmp_len+=n;
+                                ret += n;
                                if (ctx->tmp_len < 3)
                                        break;
-                                ctx->buf_len=EVP_EncodeBlock(
+                                ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len);
-                                        (unsigned char *)ctx->buf,
+                                OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
-                                        (unsigned char *)ctx->tmp,
+                                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-                                        ctx->tmp_len);
                                /* Since we're now done using the temporary
                                   buffer, the length should be 0'd */
                                ctx->tmp_len=0;
@@ -425,14 +442,16 @@ static int b64_write(BIO *b, const char *in, int inl)
                                {
                                if (n < 3)
                                        {
-                                        memcpy(&(ctx->tmp[0]),in,n);
+                                        memcpy(ctx->tmp,in,n);
                                        ctx->tmp_len=n;
+                                        ret += n;
                                        break;
                                        }
                                n-=n%3;
-                                ctx->buf_len=EVP_EncodeBlock(
+                                ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n);
-                                        (unsigned char *)ctx->buf,
+                                OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
-                                        (unsigned char *)in,n);
+                                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+                                ret += n;
                                }
                        }
                else
@@ -440,6 +459,9 @@ static int b64_write(BIO *b, const char *in, int inl)
                        EVP_EncodeUpdate(&(ctx->base64),
                                (unsigned char *)ctx->buf,&ctx->buf_len,
                                (unsigned char *)in,n);
+                        OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+                        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+                        ret += n;
                        }
                inl-=n;
                in+=n;
@@ -454,8 +476,11 @@ static int b64_write(BIO *b, const char *in, int inl)
                                BIO_copy_next_retry(b);
                                return((ret == 0)?i:ret);
                                }
+                        OPENSSL_assert(i <= n);
                        n-=i;
                        ctx->buf_off+=i;
+                        OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+                        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
                        }
                ctx->buf_len=0;
                ctx->buf_off=0;
@@ -486,6 +511,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
                break;
        case BIO_CTRL_WPENDING: /* More to write in buffer */
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
                ret=ctx->buf_len-ctx->buf_off;
                if ((ret == 0) && (ctx->encode != B64_NONE)
                        && (ctx->base64.num != 0))
@@ -494,6 +520,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
                break;
        case BIO_CTRL_PENDING: /* More to read in buffer */
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
                ret=ctx->buf_len-ctx->buf_off;
                if (ret <= 0)
                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
@@ -565,3 +592,7 @@ static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
        return(ret);
        }
+static int b64_puts(BIO *b, const char *str)
+        {
+        return b64_write(b,str,strlen(str));
+        }
diff --git a/src/lib/libssl/src/crypto/evp/bio_enc.c b/src/lib/libssl/src/crypto/evp/bio_enc.c
index f6ac94c6e1..b6efb5fbc4 100644
--- a/src/lib/libssl/src/crypto/evp/bio_enc.c
+++ b/src/lib/libssl/src/crypto/evp/bio_enc.c
@@ -361,8 +361,10 @@ again:
        case BIO_CTRL_DUP:
                dbio=(BIO *)ptr;
                dctx=(BIO_ENC_CTX *)dbio->ptr;
-                memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
+                EVP_CIPHER_CTX_init(&dctx->cipher);
-                dbio->init=1;
+                ret = EVP_CIPHER_CTX_copy(&dctx->cipher,&ctx->cipher);
+                if (ret)
+                        dbio->init=1;
                break;
        default:
                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
diff --git a/src/lib/libssl/src/crypto/evp/bio_md.c b/src/lib/libssl/src/crypto/evp/bio_md.c
index ed5c1135fd..9841e32e1a 100644
--- a/src/lib/libssl/src/crypto/evp/bio_md.c
+++ b/src/lib/libssl/src/crypto/evp/bio_md.c
@@ -130,8 +130,8 @@ static int md_read(BIO *b, char *out, int outl)
                {
                if (ret > 0)
                        {
-                        EVP_DigestUpdate(ctx,(unsigned char *)out,
+                        if (EVP_DigestUpdate(ctx,(unsigned char *)out,
-                                (unsigned int)ret);
+                                (unsigned int)ret)<=0) return (-1);
                        }
                }
        BIO_clear_retry_flags(b);
@@ -157,8 +157,11 @@ static int md_write(BIO *b, const char *in, int inl)
                                (unsigned int)ret);
                        }
                }
-        BIO_clear_retry_flags(b);
+        if(b->next_bio != NULL)
-        BIO_copy_next_retry(b);
+                {
+                BIO_clear_retry_flags(b);
+                BIO_copy_next_retry(b);
+                }
        return(ret);
        }
@@ -194,6 +197,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
        case BIO_C_GET_MD_CTX:
                pctx=ptr;
                *pctx=ctx;
+                b->init = 1;
                break;
        case BIO_C_SET_MD_CTX:
                if (b->init)
@@ -249,7 +253,9 @@ static int md_gets(BIO *bp, char *buf, int size)
        ctx=bp->ptr;
        if (size < ctx->digest->md_size)
                return(0);
-        EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret);
+        if (EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret)<=0) 
+                return -1;
+                
        return((int)ret);
        }
diff --git a/src/lib/libssl/src/crypto/evp/c_all.c b/src/lib/libssl/src/crypto/evp/c_all.c
index a5da52e62d..766c4cecdf 100644
--- a/src/lib/libssl/src/crypto/evp/c_all.c
+++ b/src/lib/libssl/src/crypto/evp/c_all.c
@@ -83,7 +83,7 @@ void OPENSSL_add_all_algorithms_noconf(void)
        OpenSSL_add_all_ciphers();
        OpenSSL_add_all_digests();
 #ifndef OPENSSL_NO_ENGINE
-# if defined(__OpenBSD__) || defined(__FreeBSD__)
+# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
        ENGINE_setup_bsd_cryptodev();
 # endif
 #endif
diff --git a/src/lib/libssl/src/crypto/evp/c_allc.c b/src/lib/libssl/src/crypto/evp/c_allc.c
index 7054d8125d..c5f9268378 100644
--- a/src/lib/libssl/src/crypto/evp/c_allc.c
+++ b/src/lib/libssl/src/crypto/evp/c_allc.c
@@ -71,6 +71,8 @@ void OpenSSL_add_all_ciphers(void)
        EVP_add_cipher(EVP_des_cfb8());
        EVP_add_cipher(EVP_des_ede_cfb());
        EVP_add_cipher(EVP_des_ede3_cfb());
+        EVP_add_cipher(EVP_des_ede3_cfb1());
+        EVP_add_cipher(EVP_des_ede3_cfb8());
        EVP_add_cipher(EVP_des_ofb());
        EVP_add_cipher(EVP_des_ede_ofb());
@@ -219,7 +221,4 @@ void OpenSSL_add_all_ciphers(void)
        EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
        EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
 #endif
-        PKCS12_PBE_add();
-        PKCS5_PBE_add();
        }
diff --git a/src/lib/libssl/src/crypto/evp/c_alld.c b/src/lib/libssl/src/crypto/evp/c_alld.c
index d270b0ee03..311e1fe2f8 100644
--- a/src/lib/libssl/src/crypto/evp/c_alld.c
+++ b/src/lib/libssl/src/crypto/evp/c_alld.c
@@ -64,9 +64,6 @@
 void OpenSSL_add_all_digests(void)
        {
-#ifndef OPENSSL_NO_MD2
-        EVP_add_digest(EVP_md2());
-#endif
 #ifndef OPENSSL_NO_MD4
        EVP_add_digest(EVP_md4());
 #endif
@@ -81,7 +78,7 @@ void OpenSSL_add_all_digests(void)
        EVP_add_digest(EVP_dss());
 #endif
 #endif
-#ifndef OPENSSL_NO_SHA
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
        EVP_add_digest(EVP_sha1());
        EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
        EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
@@ -111,4 +108,7 @@ void OpenSSL_add_all_digests(void)
        EVP_add_digest(EVP_sha384());
        EVP_add_digest(EVP_sha512());
 #endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+        EVP_add_digest(EVP_whirlpool());
+#endif
        }
diff --git a/src/lib/libssl/src/crypto/evp/digest.c b/src/lib/libssl/src/crypto/evp/digest.c
index 3bc2d1295c..982ba2b136 100644
--- a/src/lib/libssl/src/crypto/evp/digest.c
+++ b/src/lib/libssl/src/crypto/evp/digest.c
@@ -116,7 +116,6 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#include "evp_locl.h"
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
        {
@@ -127,7 +126,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void)
        {
        EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
-        EVP_MD_CTX_init(ctx);
+        if (ctx)
+                EVP_MD_CTX_init(ctx);
        return ctx;
        }
@@ -138,77 +138,18 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
        return EVP_DigestInit_ex(ctx, type, NULL);
        }
-#ifdef OPENSSL_FIPS
+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
-/* The purpose of these is to trap programs that attempt to use non FIPS
- * algorithms in FIPS mode and ignore the errors.
- */
-static int bad_init(EVP_MD_CTX *ctx)
-        { FIPS_ERROR_IGNORED("Digest init"); return 0;}
-static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
-        { FIPS_ERROR_IGNORED("Digest update"); return 0;}
-static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
-        { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
-static const EVP_MD bad_md =
        {
-        0,
+        EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
-        0,
-        0,
-        0,
-        bad_init,
-        bad_update,
-        bad_final,
-        NULL,
-        NULL,
-        NULL,
-        0,
-        {0,0,0,0},
-        };
-#endif
 #ifndef OPENSSL_NO_ENGINE
+        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
-#ifdef OPENSSL_FIPS
+         * so this context may already have an ENGINE! Try to avoid releasing
+         * the previous handle, re-querying for an ENGINE, and having a
-static int do_engine_null(ENGINE *impl) { return 0;}
+         * reinitialisation, when it may all be unecessary. */
-static int do_evp_md_engine_null(EVP_MD_CTX *ctx,
+        if (ctx->engine && ctx->digest && (!type ||
-                                const EVP_MD **ptype, ENGINE *impl)
+                        (type && (type->type == ctx->digest->type))))
-        { return 1; }
+                goto skip_to_init;
+        if (type)
-static int (*do_engine_init)(ENGINE *impl)
-                = do_engine_null;
-static int (*do_engine_finish)(ENGINE *impl)
-                = do_engine_null;
-static int (*do_evp_md_engine)
-        (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
-                = do_evp_md_engine_null;
-void int_EVP_MD_set_engine_callbacks(
-        int (*eng_md_init)(ENGINE *impl),
-        int (*eng_md_fin)(ENGINE *impl),
-        int (*eng_md_evp)
-                (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl))
-        {
-        do_engine_init = eng_md_init;
-        do_engine_finish = eng_md_fin;
-        do_evp_md_engine = eng_md_evp;
-        }
-#else
-#define do_engine_init  ENGINE_init
-#define do_engine_finish ENGINE_finish
-static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
-        {
-        if (*ptype)
                {
                /* Ensure an ENGINE left lying around from last time is cleared
                 * (the previous check attempted to avoid this if the same
@@ -219,25 +160,26 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
                        {
                        if (!ENGINE_init(impl))
                                {
-                                EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
+                                EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
                                return 0;
                                }
                        }
                else
                        /* Ask if an ENGINE is reserved for this job */
-                        impl = ENGINE_get_digest_engine((*ptype)->type);
+                        impl = ENGINE_get_digest_engine(type->type);
                if(impl)
                        {
                        /* There's an ENGINE for this job ... (apparently) */
-                        const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
+                        const EVP_MD *d = ENGINE_get_digest(impl, type->type);
                        if(!d)
                                {
                                /* Same comment from evp_enc.c */
-                                EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
+                                EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
+                                ENGINE_finish(impl);
                                return 0;
                                }
                        /* We'll use the ENGINE's private digest definition */
-                        *ptype = d;
+                        type = d;
                        /* Store the ENGINE functional reference so we know
                         * 'type' came from an ENGINE and we need to release
                         * it when done. */
@@ -249,71 +191,46 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
        else
        if(!ctx->digest)
                {
-                EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET);
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET);
                return 0;
                }
-        return 1;
-        }
-#endif
-#endif
-int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
-        {
-        M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
-#ifdef OPENSSL_FIPS
-        if(FIPS_selftest_failed())
-                {
-                FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
-                ctx->digest = &bad_md;
-                return 0;
-                }
-#endif
-#ifndef OPENSSL_NO_ENGINE
-        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
-         * so this context may already have an ENGINE! Try to avoid releasing
-         * the previous handle, re-querying for an ENGINE, and having a
-         * reinitialisation, when it may all be unecessary. */
-        if (ctx->engine && ctx->digest && (!type ||
-                        (type && (type->type == ctx->digest->type))))
-                goto skip_to_init;
-        if (!do_evp_md_engine(ctx, &type, impl))
-                return 0;
 #endif
        if (ctx->digest != type)
                {
-#ifdef OPENSSL_FIPS
+                if (ctx->digest && ctx->digest->ctx_size)
-                if (FIPS_mode())
+                        OPENSSL_free(ctx->md_data);
+                ctx->digest=type;
+                if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size)
                        {
-                        if (!(type->flags & EVP_MD_FLAG_FIPS) 
+                        ctx->update = type->update;
-                         && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
+                        ctx->md_data=OPENSSL_malloc(type->ctx_size);
+                        if (ctx->md_data == NULL)
                                {
-                                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
+                                EVPerr(EVP_F_EVP_DIGESTINIT_EX,
-                                ctx->digest = &bad_md;
+                                                        ERR_R_MALLOC_FAILURE);
                                return 0;
                                }
                        }
-#endif
-                if (ctx->digest && ctx->digest->ctx_size)
-                        OPENSSL_free(ctx->md_data);
-                ctx->digest=type;
-                if (type->ctx_size)
-                        ctx->md_data=OPENSSL_malloc(type->ctx_size);
                }
 #ifndef OPENSSL_NO_ENGINE
-        skip_to_init:
+skip_to_init:
 #endif
+        if (ctx->pctx)
+                {
+                int r;
+                r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
+                                        EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
+                if (r <= 0 && (r != -2))
+                        return 0;
+                }
+        if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
+                return 1;
        return ctx->digest->init(ctx);
        }
-int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
-             size_t count)
        {
-#ifdef OPENSSL_FIPS
+        return ctx->update(ctx,data,count);
-        FIPS_selftest_check();
-#endif
-        return ctx->digest->update(ctx,data,count);
        }
 /* The caller can assume that this removes any secret data from the context */
@@ -329,9 +246,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
        {
        int ret;
-#ifdef OPENSSL_FIPS
-        FIPS_selftest_check();
-#endif
        OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
        ret=ctx->digest->final(ctx,md);
@@ -340,7 +254,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
        if (ctx->digest->cleanup)
                {
                ctx->digest->cleanup(ctx);
-                M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+                EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
                }
        memset(ctx->md_data,0,ctx->digest->ctx_size);
        return ret;
@@ -362,7 +276,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
                }
 #ifndef OPENSSL_NO_ENGINE
        /* Make sure it's safe to copy a digest context using an ENGINE */
-        if (in->engine && !do_engine_init(in->engine))
+        if (in->engine && !ENGINE_init(in->engine))
                {
                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB);
                return 0;
@@ -372,19 +286,40 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
        if (out->digest == in->digest)
                {
                tmp_buf = out->md_data;
-                M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
+                EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
                }
        else tmp_buf = NULL;
        EVP_MD_CTX_cleanup(out);
        memcpy(out,in,sizeof *out);
-        if (out->digest->ctx_size)
+        if (in->md_data && out->digest->ctx_size)
                {
-                if (tmp_buf) out->md_data = tmp_buf;
+                if (tmp_buf)
-                else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+                        out->md_data = tmp_buf;
+                else
+                        {
+                        out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+                        if (!out->md_data)
+                                {
+                                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        }
                memcpy(out->md_data,in->md_data,out->digest->ctx_size);
                }
+        out->update = in->update;
+        if (in->pctx)
+                {
+                out->pctx = EVP_PKEY_CTX_dup(in->pctx);
+                if (!out->pctx)
+                        {
+                        EVP_MD_CTX_cleanup(out);
+                        return 0;
+                        }
+                }
        if (out->digest->copy)
                return out->digest->copy(out,in);
        
@@ -398,7 +333,7 @@ int EVP_Digest(const void *data, size_t count,
        int ret;
        EVP_MD_CTX_init(&ctx);
-        M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
+        EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
        ret=EVP_DigestInit_ex(&ctx, type, impl)
          && EVP_DigestUpdate(&ctx, data, count)
          && EVP_DigestFinal_ex(&ctx, md, size);
@@ -420,19 +355,21 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
         * because sometimes only copies of the context are ever finalised.
         */
        if (ctx->digest && ctx->digest->cleanup
-            && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
+            && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
                ctx->digest->cleanup(ctx);
        if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
-            && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
+            && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
                {
                OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
                OPENSSL_free(ctx->md_data);
                }
+        if (ctx->pctx)
+                EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
        if(ctx->engine)
                /* The EVP_MD we used belongs to an ENGINE, release the
                 * functional reference we held for this reason. */
-                do_engine_finish(ctx->engine);
+                ENGINE_finish(ctx->engine);
 #endif
        memset(ctx,'\0',sizeof *ctx);
diff --git a/src/lib/libssl/src/crypto/evp/e_aes.c b/src/lib/libssl/src/crypto/evp/e_aes.c
index c9a5ee8d75..bd6c0a3a62 100644
--- a/src/lib/libssl/src/crypto/evp/e_aes.c
+++ b/src/lib/libssl/src/crypto/evp/e_aes.c
@@ -69,29 +69,32 @@ typedef struct
 IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
                       NID_aes_128, 16, 16, 16, 128,
-                       EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       0, aes_init_key, NULL, 
-                       aes_init_key,
+                       EVP_CIPHER_set_asn1_iv,
-                       NULL, NULL, NULL, NULL)
+                       EVP_CIPHER_get_asn1_iv,
+                       NULL)
 IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
                       NID_aes_192, 16, 24, 16, 128,
-                       EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       0, aes_init_key, NULL, 
-                       aes_init_key,
+                       EVP_CIPHER_set_asn1_iv,
-                       NULL, NULL, NULL, NULL)
+                       EVP_CIPHER_get_asn1_iv,
+                       NULL)
 IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
                       NID_aes_256, 16, 32, 16, 128,
-                       EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       0, aes_init_key, NULL, 
-                       aes_init_key,
+                       EVP_CIPHER_set_asn1_iv,
-                       NULL, NULL, NULL, NULL)
+                       EVP_CIPHER_get_asn1_iv,
+                       NULL)
-#define IMPLEMENT_AES_CFBR(ksize,cbits,flags)   IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
+#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16)
-IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(128,1)
-IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(192,1)
-IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(256,1)
-IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(128,8)
-IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(192,8)
-IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(256,8)
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                   const unsigned char *iv, int enc)
diff --git a/src/lib/libssl/src/crypto/evp/e_des.c b/src/lib/libssl/src/crypto/evp/e_des.c
index 04376df232..ca009f2c52 100644
--- a/src/lib/libssl/src/crypto/evp/e_des.c
+++ b/src/lib/libssl/src/crypto/evp/e_des.c
@@ -72,7 +72,7 @@ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
 /* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
 static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                          const unsigned char *in, unsigned int inl)
+                          const unsigned char *in, size_t inl)
 {
        BLOCK_CIPHER_ecb_loop()
                DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt);
@@ -80,24 +80,52 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 }
 static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                          const unsigned char *in, unsigned int inl)
+                          const unsigned char *in, size_t inl)
 {
-        DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num);
+        while(inl>=EVP_MAXCHUNK)
+                {
+                DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
+                                (DES_cblock *)ctx->iv, &ctx->num);
+                inl-=EVP_MAXCHUNK;
+                in +=EVP_MAXCHUNK;
+                out+=EVP_MAXCHUNK;
+                }
+        if (inl)
+                DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data,
+                                (DES_cblock *)ctx->iv, &ctx->num);
        return 1;
 }
 static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                          const unsigned char *in, unsigned int inl)
+                          const unsigned char *in, size_t inl)
 {
-        DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
+        while(inl>=EVP_MAXCHUNK)
-                         (DES_cblock *)ctx->iv, ctx->encrypt);
+                {
+                DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
+                                (DES_cblock *)ctx->iv, ctx->encrypt);
+                inl-=EVP_MAXCHUNK;
+                in +=EVP_MAXCHUNK;
+                out+=EVP_MAXCHUNK;
+                }
+        if (inl)
+                DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
+                                (DES_cblock *)ctx->iv, ctx->encrypt);
        return 1;
 }
 static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                            const unsigned char *in, unsigned int inl)
+                            const unsigned char *in, size_t inl)
 {
-        DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
+        while(inl>=EVP_MAXCHUNK)
+                {
+                DES_cfb64_encrypt(in,out, (long)EVP_MAXCHUNK, ctx->cipher_data,
+                                (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+                inl-=EVP_MAXCHUNK;
+                in +=EVP_MAXCHUNK;
+                out+=EVP_MAXCHUNK;
+                }
+        if (inl)
+                DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
                          (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
        return 1;
 }
@@ -105,45 +133,62 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 /* Although we have a CFB-r implementation for DES, it doesn't pack the right
   way, so wrap it here */
 static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl)
+                           const unsigned char *in, size_t inl)
    {
-    unsigned int n;
+    size_t n,chunk=EVP_MAXCHUNK/8;
    unsigned char c[1],d[1];
-    for(n=0 ; n < inl ; ++n)
+    if (inl<chunk) chunk=inl;
+    while (inl && inl>=chunk)
        {
-        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+        for(n=0 ; n < chunk*8; ++n)
-        DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
+            {
+            c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+            DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
                        ctx->encrypt);
-        out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
+            out[n/8]=(out[n/8]&~(0x80 >> (unsigned int)(n%8))) |
+                     ((d[0]&0x80) >> (unsigned int)(n%8));
+            }
+        inl-=chunk;
+        in +=chunk;
+        out+=chunk;
+        if (inl<chunk) chunk=inl;
        }
    return 1;
    }
 static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl)
+                           const unsigned char *in, size_t inl)
    {
-    DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,
+    while (inl>=EVP_MAXCHUNK)
-                    ctx->encrypt);
+        {
+        DES_cfb_encrypt(in,out,8,(long)EVP_MAXCHUNK,ctx->cipher_data,
+                        (DES_cblock *)ctx->iv,ctx->encrypt);
+        inl-=EVP_MAXCHUNK;
+        in +=EVP_MAXCHUNK;
+        out+=EVP_MAXCHUNK;
+        }
+    if (inl)
+        DES_cfb_encrypt(in,out,8,(long)inl,ctx->cipher_data,
+                        (DES_cblock *)ctx->iv,ctx->encrypt);
    return 1;
    }
 BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
-                        EVP_CIPH_RAND_KEY,
+                        EVP_CIPH_RAND_KEY, des_init_key, NULL,
-                        des_init_key, NULL,
                        EVP_CIPHER_set_asn1_iv,
                        EVP_CIPHER_get_asn1_iv,
                        des_ctrl)
 BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
-                     EVP_CIPH_RAND_KEY,
+                     EVP_CIPH_RAND_KEY, des_init_key,NULL,
-                     des_init_key, NULL,
                     EVP_CIPHER_set_asn1_iv,
                     EVP_CIPHER_get_asn1_iv,des_ctrl)
 BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
-                     EVP_CIPH_RAND_KEY,
+                     EVP_CIPH_RAND_KEY,des_init_key,NULL,
-                     des_init_key,NULL,
                     EVP_CIPHER_set_asn1_iv,
                     EVP_CIPHER_get_asn1_iv,des_ctrl)
diff --git a/src/lib/libssl/src/crypto/evp/e_des3.c b/src/lib/libssl/src/crypto/evp/e_des3.c
index f910af19b1..3232cfe024 100644
--- a/src/lib/libssl/src/crypto/evp/e_des3.c
+++ b/src/lib/libssl/src/crypto/evp/e_des3.c
@@ -85,7 +85,7 @@ typedef struct
 /* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */
 static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, unsigned int inl)
+                              const unsigned char *in, size_t inl)
 {
        BLOCK_CIPHER_ecb_loop()
                DES_ecb3_encrypt((const_DES_cblock *)(in + i),
@@ -97,48 +97,80 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 }
 static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, unsigned int inl)
+                              const unsigned char *in, size_t inl)
 {
-        DES_ede3_ofb64_encrypt(in, out, (long)inl,
+        if (inl>=EVP_MAXCHUNK)
+                {
+                DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                               &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
                               (DES_cblock *)ctx->iv, &ctx->num);
+                inl-=EVP_MAXCHUNK;
+                in +=EVP_MAXCHUNK;
+                out+=EVP_MAXCHUNK;
+                }
+        if (inl)
+                DES_ede3_ofb64_encrypt(in, out, (long)inl,
+                                &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+                               (DES_cblock *)ctx->iv, &ctx->num);
        return 1;
 }
 static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, unsigned int inl)
+                              const unsigned char *in, size_t inl)
 {
 #ifdef KSSL_DEBUG
        {
        int i;
-        printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, ctx->buf_len);
+        char *cp;
+        printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
        printf("\t iv= ");
        for(i=0;i<8;i++)
                printf("%02X",ctx->iv[i]);
        printf("\n");
        }
 #endif    /* KSSL_DEBUG */
-        DES_ede3_cbc_encrypt(in, out, (long)inl,
+        if (inl>=EVP_MAXCHUNK)
+                {
+                DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
                             &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
                             (DES_cblock *)ctx->iv, ctx->encrypt);
+                inl-=EVP_MAXCHUNK;
+                in +=EVP_MAXCHUNK;
+                out+=EVP_MAXCHUNK;
+                }
+        if (inl)
+                DES_ede3_cbc_encrypt(in, out, (long)inl,
+                             &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+                             (DES_cblock *)ctx->iv, ctx->encrypt);
        return 1;
 }
 static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, unsigned int inl)
+                              const unsigned char *in, size_t inl)
 {
-        DES_ede3_cfb64_encrypt(in, out, (long)inl, 
+        if (inl>=EVP_MAXCHUNK)
+                {
+                DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, 
                               &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
                               (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+                inl-=EVP_MAXCHUNK;
+                in +=EVP_MAXCHUNK;
+                out+=EVP_MAXCHUNK;
+                }
+        if (inl)
+                DES_ede3_cfb64_encrypt(in, out, (long)inl,
+                               &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+                               (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
        return 1;
 }
 /* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
   way, so wrap it here */
 static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                                const unsigned char *in, unsigned int inl)
+                                const unsigned char *in, size_t inl)
    {
-    unsigned int n;
+    size_t n;
    unsigned char c[1],d[1];
    for(n=0 ; n < inl ; ++n)
@@ -147,25 +179,36 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        DES_ede3_cfb_encrypt(c,d,1,1,
                             &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
                             (DES_cblock *)ctx->iv,ctx->encrypt);
-        out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
+        out[n/8]=(out[n/8]&~(0x80 >> (unsigned int)(n%8))) |
+                 ((d[0]&0x80) >> (unsigned int)(n%8));
        }
    return 1;
    }
 static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                                const unsigned char *in, unsigned int inl)
+                                const unsigned char *in, size_t inl)
    {
-    DES_ede3_cfb_encrypt(in,out,8,inl,
+    while (inl>=EVP_MAXCHUNK)
+        {
+        DES_ede3_cfb_encrypt(in,out,8,(long)EVP_MAXCHUNK,
                         &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
                         (DES_cblock *)ctx->iv,ctx->encrypt);
+        inl-=EVP_MAXCHUNK;
+        in +=EVP_MAXCHUNK;
+        out+=EVP_MAXCHUNK;
+        }
+    if (inl)
+        DES_ede3_cfb_encrypt(in,out,8,(long)inl,
+                        &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
+                        (DES_cblock *)ctx->iv,ctx->encrypt);
    return 1;
    }
 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
-                EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+                        EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, 
-                        des_ede_init_key,
+                        EVP_CIPHER_set_asn1_iv,
-                        NULL, NULL, NULL,
+                        EVP_CIPHER_get_asn1_iv,
                        des3_ctrl)
 #define des_ede3_cfb64_cipher des_ede_cfb64_cipher
@@ -174,21 +217,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
 #define des_ede3_ecb_cipher des_ede_ecb_cipher
 BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-                EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+                        EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, 
-                        des_ede3_init_key,
+                        EVP_CIPHER_set_asn1_iv,
-                        NULL, NULL, NULL,
+                        EVP_CIPHER_get_asn1_iv,
                        des3_ctrl)
 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
-                EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+                     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
-                     des_ede3_init_key,
+                     EVP_CIPHER_set_asn1_iv,
-                     NULL, NULL, NULL,
+                     EVP_CIPHER_get_asn1_iv,
                     des3_ctrl)
 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
-                EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+                     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
-                     des_ede3_init_key,
+                     EVP_CIPHER_set_asn1_iv,
-                     NULL, NULL, NULL,
+                     EVP_CIPHER_get_asn1_iv,
                     des3_ctrl)
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -215,7 +258,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 #ifdef KSSL_DEBUG
        {
        int i;
-        printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx);
+        printf("des_ede3_init_key(ctx=%lx)\n", ctx);
        printf("\tKEY= ");
        for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
        printf("\t IV= ");
diff --git a/src/lib/libssl/src/crypto/evp/e_idea.c b/src/lib/libssl/src/crypto/evp/e_idea.c
index 48c33a774a..806b080360 100644
--- a/src/lib/libssl/src/crypto/evp/e_idea.c
+++ b/src/lib/libssl/src/crypto/evp/e_idea.c
@@ -73,7 +73,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 */
 static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl)
+                           const unsigned char *in, size_t inl)
 {
        BLOCK_CIPHER_ecb_loop()
                idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
diff --git a/src/lib/libssl/src/crypto/evp/e_null.c b/src/lib/libssl/src/crypto/evp/e_null.c
index 0872d733e4..7cf50e1416 100644
--- a/src/lib/libssl/src/crypto/evp/e_null.c
+++ b/src/lib/libssl/src/crypto/evp/e_null.c
@@ -64,12 +64,12 @@
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        const unsigned char *iv,int enc);
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        const unsigned char *in, unsigned int inl);
+        const unsigned char *in, size_t inl);
 static const EVP_CIPHER n_cipher=
        {
        NID_undef,
        1,0,0,
-        EVP_CIPH_FLAG_FIPS,
+        0,
        null_init_key,
        null_cipher,
        NULL,
@@ -93,10 +93,10 @@ static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        }
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             const unsigned char *in, unsigned int inl)
+             const unsigned char *in, size_t inl)
        {
        if (in != out)
-                memcpy((char *)out,(const char *)in,(size_t)inl);
+                memcpy((char *)out,(const char *)in,inl);
        return 1;
        }
diff --git a/src/lib/libssl/src/crypto/evp/e_rc2.c b/src/lib/libssl/src/crypto/evp/e_rc2.c
index d37726ffae..f78d781129 100644
--- a/src/lib/libssl/src/crypto/evp/e_rc2.c
+++ b/src/lib/libssl/src/crypto/evp/e_rc2.c
@@ -223,6 +223,11 @@ static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
                        return 1;
                        }
                return 0;
+#ifdef PBE_PRF_TEST
+        case EVP_CTRL_PBE_PRF_NID:
+                *(int *)ptr = NID_hmacWithMD5;
+                return 1;
+#endif
        default:
                return -1;
diff --git a/src/lib/libssl/src/crypto/evp/e_rc4.c b/src/lib/libssl/src/crypto/evp/e_rc4.c
index 55baad7446..8b5175e0fd 100644
--- a/src/lib/libssl/src/crypto/evp/e_rc4.c
+++ b/src/lib/libssl/src/crypto/evp/e_rc4.c
@@ -64,7 +64,6 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/rc4.h>
-#include "evp_locl.h"
 /* FIXME: surely this is available elsewhere? */
 #define EVP_RC4_KEY_SIZE                16
@@ -79,7 +78,7 @@ typedef struct
 static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        const unsigned char *iv,int enc);
 static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                      const unsigned char *in, unsigned int inl);
+                      const unsigned char *in, size_t inl);
 static const EVP_CIPHER r4_cipher=
        {
        NID_rc4,
@@ -129,7 +128,7 @@ static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        }
 static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                      const unsigned char *in, unsigned int inl)
+                      const unsigned char *in, size_t inl)
        {
        RC4(&data(ctx)->ks,inl,in,out);
        return 1;
diff --git a/src/lib/libssl/src/crypto/evp/e_xcbc_d.c b/src/lib/libssl/src/crypto/evp/e_xcbc_d.c
index 8832da2433..250e88c8c5 100644
--- a/src/lib/libssl/src/crypto/evp/e_xcbc_d.c
+++ b/src/lib/libssl/src/crypto/evp/e_xcbc_d.c
@@ -63,12 +63,13 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#include "evp_locl.h"
 #include <openssl/des.h>
 static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                             const unsigned char *iv,int enc);
 static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl);
+                           const unsigned char *in, size_t inl);
 typedef struct
@@ -113,13 +114,25 @@ static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        }
 static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl)
+                           const unsigned char *in, size_t inl)
        {
-        DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks,
+        while (inl>=EVP_MAXCHUNK)
+                {
+                DES_xcbc_encrypt(in,out,(long)EVP_MAXCHUNK,&data(ctx)->ks,
                         (DES_cblock *)&(ctx->iv[0]),
                         &data(ctx)->inw,
                         &data(ctx)->outw,
                         ctx->encrypt);
+                inl-=EVP_MAXCHUNK;
+                in +=EVP_MAXCHUNK;
+                out+=EVP_MAXCHUNK;
+                }
+        if (inl)
+                DES_xcbc_encrypt(in,out,(long)inl,&data(ctx)->ks,
+                        (DES_cblock *)&(ctx->iv[0]),
+                        &data(ctx)->inw,
+                        &data(ctx)->outw,
+                        ctx->encrypt);
        return 1;
        }
 #endif
diff --git a/src/lib/libssl/src/crypto/evp/encode.c b/src/lib/libssl/src/crypto/evp/encode.c
index 5921f0d710..b42c747249 100644
--- a/src/lib/libssl/src/crypto/evp/encode.c
+++ b/src/lib/libssl/src/crypto/evp/encode.c
@@ -85,7 +85,7 @@
 #define CHUNKS_PER_LINE (64/4)
 #define CHAR_PER_LINE   (64+1)
-static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\
+static const unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\
 abcdefghijklmnopqrstuvwxyz0123456789+/";
 /* 0xF0 is a EOLN
@@ -102,7 +102,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/";
 #define B64_ERROR               0xFF
 #define B64_NOT_BASE64(a)       (((a)|0x13) == 0xF3)
-static unsigned char data_ascii2bin[128]={
+static const unsigned char data_ascii2bin[128]={
        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
        0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF,
        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
index 79c097181f..9f9795e2d9 100644
--- a/src/lib/libssl/src/crypto/evp/evp.h
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -75,10 +75,6 @@
 #include <openssl/bio.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 /*
 #define EVP_RC2_KEY_SIZE                16
 #define EVP_RC4_KEY_SIZE                16
@@ -119,6 +115,7 @@
 #define EVP_PKEY_DSA4   NID_dsaWithSHA1_2
 #define EVP_PKEY_DH     NID_dhKeyAgreement
 #define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
+#define EVP_PKEY_HMAC   NID_hmac
 #ifdef  __cplusplus
 extern "C" {
@@ -132,6 +129,8 @@ struct evp_pkey_st
        int type;
        int save_type;
        int references;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        ENGINE *engine;
        union   {
                char *ptr;
 #ifndef OPENSSL_NO_RSA
@@ -156,73 +155,6 @@ struct evp_pkey_st
 #define EVP_PKEY_MO_ENCRYPT     0x0004
 #define EVP_PKEY_MO_DECRYPT     0x0008
-#if 0
-/* This structure is required to tie the message digest and signing together.
- * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or
- * oid, md and pkey.
- * This is required because for various smart-card perform the digest and
- * signing/verification on-board.  To handle this case, the specific
- * EVP_MD and EVP_PKEY_METHODs need to be closely associated.
- * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it.
- * This can either be software or a token to provide the required low level
- * routines.
- */
-typedef struct evp_pkey_md_st
-        {
-        int oid;
-        EVP_MD *md;
-        EVP_PKEY_METHOD *pkey;
-        } EVP_PKEY_MD;
-#define EVP_rsa_md2() \
-                EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\
-                        EVP_rsa_pkcs1(),EVP_md2())
-#define EVP_rsa_md5() \
-                EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\
-                        EVP_rsa_pkcs1(),EVP_md5())
-#define EVP_rsa_sha0() \
-                EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\
-                        EVP_rsa_pkcs1(),EVP_sha())
-#define EVP_rsa_sha1() \
-                EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\
-                        EVP_rsa_pkcs1(),EVP_sha1())
-#define EVP_rsa_ripemd160() \
-                EVP_PKEY_MD_add(NID_ripemd160WithRSA,\
-                        EVP_rsa_pkcs1(),EVP_ripemd160())
-#define EVP_rsa_mdc2() \
-                EVP_PKEY_MD_add(NID_mdc2WithRSA,\
-                        EVP_rsa_octet_string(),EVP_mdc2())
-#define EVP_dsa_sha() \
-                EVP_PKEY_MD_add(NID_dsaWithSHA,\
-                        EVP_dsa(),EVP_sha())
-#define EVP_dsa_sha1() \
-                EVP_PKEY_MD_add(NID_dsaWithSHA1,\
-                        EVP_dsa(),EVP_sha1())
-typedef struct evp_pkey_method_st
-        {
-        char *name;
-        int flags;
-        int type;               /* RSA, DSA, an SSLeay specific constant */
-        int oid;                /* For the pub-key type */
-        int encrypt_oid;        /* pub/priv key encryption */
-        int (*sign)();
-        int (*verify)();
-        struct  {
-                int (*set)();   /* get and/or set the underlying type */
-                int (*get)();
-                int (*encrypt)();
-                int (*decrypt)();
-                int (*i2d)();
-                int (*d2i)();
-                int (*dup)();
-                } pub,priv;
-        int (*set_asn1_parameters)();
-        int (*get_asn1_parameters)();
-        } EVP_PKEY_METHOD;
-#endif
 #ifndef EVP_MD
 struct env_md_st
        {
@@ -245,6 +177,8 @@ struct env_md_st
        int required_pkey_type[5]; /*EVP_PKEY_xxx */
        int block_size;
        int ctx_size; /* how big does the ctx->md_data need to be */
+        /* control function */
+        int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
        } /* EVP_MD */;
 typedef int evp_sign_method(int type,const unsigned char *m,
@@ -254,18 +188,42 @@ typedef int evp_verify_method(int type,const unsigned char *m,
                            unsigned int m_length,const unsigned char *sigbuf,
                            unsigned int siglen, void *key);
-typedef struct
-        {
-        EVP_MD_CTX *mctx;
-        void *key;
-        } EVP_MD_SVCTX;
 #define EVP_MD_FLAG_ONESHOT     0x0001 /* digest can only handle a single
                                        * block */
-#define EVP_MD_FLAG_FIPS        0x0400 /* Note if suitable for use in FIPS mode */
+#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a "clone" digest used
+                                        * which is a copy of an existing
+                                        * one for a specific public key type.
+                                        * EVP_dss1() etc */
+/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */
+#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE       0x0004
+/* DigestAlgorithmIdentifier flags... */
+#define EVP_MD_FLAG_DIGALGID_MASK               0x0018
-#define EVP_MD_FLAG_SVCTX       0x0800 /* pass EVP_MD_SVCTX to sign/verify */
+/* NULL or absent parameter accepted. Use NULL */
+#define EVP_MD_FLAG_DIGALGID_NULL               0x0000
+/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */
+#define EVP_MD_FLAG_DIGALGID_ABSENT             0x0008
+/* Custom handling via ctrl */
+#define EVP_MD_FLAG_DIGALGID_CUSTOM             0x0018
+/* Digest ctrls */
+#define EVP_MD_CTRL_DIGALGID                    0x1
+#define EVP_MD_CTRL_MICALG                      0x2
+/* Minimum Algorithm specific ctrl value */
+#define EVP_MD_CTRL_ALG_CTRL                    0x1000
 #define EVP_PKEY_NULL_method    NULL,NULL,{0,0,0,0}
@@ -307,6 +265,10 @@ struct env_md_ctx_st
        ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
        unsigned long flags;
        void *md_data;
+        /* Public key context for sign/verify */
+        EVP_PKEY_CTX *pctx;
+        /* Update function: usually copied from EVP_MD */
+        int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);
        } /* EVP_MD_CTX */;
 /* values for EVP_MD_CTX flags */
@@ -317,17 +279,23 @@ struct env_md_ctx_st
                                                * cleaned */
 #define EVP_MD_CTX_FLAG_REUSE           0x0004 /* Don't free up ctx->md_data
                                                * in EVP_MD_CTX_cleanup */
+/* FIPS and pad options are ignored in 1.0.0, definitions are here
+ * so we don't accidentally reuse the values for other purposes.
+ */
 #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW  0x0008  /* Allow use of non FIPS digest
                                                 * in FIPS mode */
+/* The following PAD options are also currently ignored in 1.0.0, digest
+ * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*()
+ * instead.
+ */
 #define EVP_MD_CTX_FLAG_PAD_MASK        0xF0    /* RSA mode to use */
 #define EVP_MD_CTX_FLAG_PAD_PKCS1       0x00    /* PKCS#1 v1.5 mode */
 #define EVP_MD_CTX_FLAG_PAD_X931        0x10    /* X9.31 mode */
 #define EVP_MD_CTX_FLAG_PAD_PSS         0x20    /* PSS mode */
-#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \
-                ((ctx->flags>>16) &0xFFFF) /* seed length */
+#define EVP_MD_CTX_FLAG_NO_INIT         0x0100 /* Don't initialize md_data */
-#define EVP_MD_CTX_FLAG_PSS_MDLEN       0xFFFF  /* salt len same as digest */
-#define EVP_MD_CTX_FLAG_PSS_MREC        0xFFFE  /* salt max or auto recovered */
 struct evp_cipher_st
        {
@@ -339,7 +307,7 @@ struct evp_cipher_st
        int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                    const unsigned char *iv, int enc);  /* init key */
        int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                         const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */
+                         const unsigned char *in, size_t inl);/* encrypt/decrypt data */
        int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
        int ctx_size;           /* how big ctx->cipher_data needs to be */
        int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
@@ -357,7 +325,7 @@ struct evp_cipher_st
 #define         EVP_CIPH_CBC_MODE               0x2
 #define         EVP_CIPH_CFB_MODE               0x3
 #define         EVP_CIPH_OFB_MODE               0x4
-#define         EVP_CIPH_MODE                   0x7
+#define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 #define         EVP_CIPH_VARIABLE_LENGTH        0x8
 /* Set if the iv handling should be done by the cipher itself */
@@ -372,10 +340,8 @@ struct evp_cipher_st
 #define         EVP_CIPH_NO_PADDING             0x100
 /* cipher handles random key generation */
 #define         EVP_CIPH_RAND_KEY               0x200
-/* Note if suitable for use in FIPS mode */
+/* cipher has its own additional copying logic */
-#define         EVP_CIPH_FLAG_FIPS              0x400
+#define         EVP_CIPH_CUSTOM_COPY            0x400
-/* Allow non FIPS cipher in FIPS mode */
-#define         EVP_CIPH_FLAG_NON_FIPS_ALLOW    0x800
 /* Allow use default ASN1 get/set iv */
 #define         EVP_CIPH_FLAG_DEFAULT_ASN1      0x1000
 /* Buffer length in bits not bytes: CFB1 mode only */
@@ -390,6 +356,8 @@ struct evp_cipher_st
 #define         EVP_CTRL_GET_RC5_ROUNDS         0x4
 #define         EVP_CTRL_SET_RC5_ROUNDS         0x5
 #define         EVP_CTRL_RAND_KEY               0x6
+#define         EVP_CTRL_PBE_PRF_NID            0x7
+#define         EVP_CTRL_COPY                   0x8
 typedef struct evp_cipher_info_st
        {
@@ -462,26 +430,15 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
 #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
-/* Macros to reduce FIPS dependencies: do NOT use in applications */
-#define M_EVP_MD_size(e)                ((e)->md_size)
-#define M_EVP_MD_block_size(e)          ((e)->block_size)
-#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
-#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
-#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
-#define M_EVP_MD_type(e)                        ((e)->type)
-#define M_EVP_MD_CTX_type(e)            M_EVP_MD_type(M_EVP_MD_CTX_md(e))
-#define M_EVP_MD_CTX_md(e)                      ((e)->digest)
-#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
 int EVP_MD_type(const EVP_MD *md);
 #define EVP_MD_nid(e)                   EVP_MD_type(e)
 #define EVP_MD_name(e)                  OBJ_nid2sn(EVP_MD_nid(e))
 int EVP_MD_pkey_type(const EVP_MD *md); 
 int EVP_MD_size(const EVP_MD *md);
 int EVP_MD_block_size(const EVP_MD *md);
+unsigned long EVP_MD_flags(const EVP_MD *md);
-const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
 #define EVP_MD_CTX_size(e)              EVP_MD_size(EVP_MD_CTX_md(e))
 #define EVP_MD_CTX_block_size(e)        EVP_MD_block_size(EVP_MD_CTX_md(e))
 #define EVP_MD_CTX_type(e)              EVP_MD_type(EVP_MD_CTX_md(e))
@@ -499,6 +456,7 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
 void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
 void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
 #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
@@ -516,6 +474,8 @@ unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
 #define EVP_VerifyUpdate(a,b,c)         EVP_DigestUpdate(a,b,c)
 #define EVP_OpenUpdate(a,b,c,d,e)       EVP_DecryptUpdate(a,b,c,d,e)
 #define EVP_SealUpdate(a,b,c,d,e)       EVP_EncryptUpdate(a,b,c,d,e)    
+#define EVP_DigestSignUpdate(a,b,c)     EVP_DigestUpdate(a,b,c)
+#define EVP_DigestVerifyUpdate(a,b,c)   EVP_DigestUpdate(a,b,c)
 #ifdef CONST_STRICT
 void BIO_set_md(BIO *,const EVP_MD *md);
@@ -562,6 +522,7 @@ int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 int     EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
 int     EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
+int     EVP_read_pw_string_min(char *buf,int minlen,int maxlen,const char *prompt,int verify);
 void    EVP_set_pw_prompt(const char *prompt);
 char *  EVP_get_pw_prompt(void);
@@ -608,6 +569,16 @@ int	EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
 int     EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
                unsigned int siglen,EVP_PKEY *pkey);
+int     EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+int     EVP_DigestSignFinal(EVP_MD_CTX *ctx,
+                        unsigned char *sigret, size_t *siglen);
+int     EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+int     EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
+                        unsigned char *sig, size_t siglen);
 int     EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
                const unsigned char *ek, int ekl, const unsigned char *iv,
                EVP_PKEY *priv);
@@ -680,6 +651,9 @@ const EVP_MD *EVP_mdc2(void);
 #ifndef OPENSSL_NO_RIPEMD
 const EVP_MD *EVP_ripemd160(void);
 #endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+const EVP_MD *EVP_whirlpool(void);
+#endif
 const EVP_CIPHER *EVP_enc_null(void);           /* does nothing :-) */
 #ifndef OPENSSL_NO_DES
 const EVP_CIPHER *EVP_des_ecb(void);
@@ -847,16 +821,31 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
 const EVP_MD *EVP_get_digestbyname(const char *name);
 void EVP_cleanup(void);
-int             EVP_PKEY_decrypt(unsigned char *dec_key,
+void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph,
+                const char *from, const char *to, void *x), void *arg);
+void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph,
+                const char *from, const char *to, void *x), void *arg);
+void EVP_MD_do_all(void (*fn)(const EVP_MD *ciph,
+                const char *from, const char *to, void *x), void *arg);
+void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *ciph,
+                const char *from, const char *to, void *x), void *arg);
+int             EVP_PKEY_decrypt_old(unsigned char *dec_key,
                        const unsigned char *enc_key,int enc_key_len,
                        EVP_PKEY *private_key);
-int             EVP_PKEY_encrypt(unsigned char *enc_key,
+int             EVP_PKEY_encrypt_old(unsigned char *enc_key,
                        const unsigned char *key,int key_len,
                        EVP_PKEY *pub_key);
 int             EVP_PKEY_type(int type);
+int             EVP_PKEY_id(const EVP_PKEY *pkey);
+int             EVP_PKEY_base_id(const EVP_PKEY *pkey);
 int             EVP_PKEY_bits(EVP_PKEY *pkey);
 int             EVP_PKEY_size(EVP_PKEY *pkey);
-int             EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);
+int             EVP_PKEY_set_type(EVP_PKEY *pkey,int type);
+int             EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
+int             EVP_PKEY_assign(EVP_PKEY *pkey,int type,void *key);
+void *          EVP_PKEY_get0(EVP_PKEY *pkey);
 #ifndef OPENSSL_NO_RSA
 struct rsa_st;
@@ -899,6 +888,15 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
+int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
 int EVP_CIPHER_type(const EVP_CIPHER *ctx);
 /* calls methods */
@@ -916,6 +914,10 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
                           const unsigned char *salt, int saltlen, int iter,
                           int keylen, unsigned char *out);
+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+                           const unsigned char *salt, int saltlen, int iter,
+                           const EVP_MD *digest,
+                      int keylen, unsigned char *out);
 int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                         ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
                         int en_de);
@@ -924,27 +926,260 @@ void PKCS5_PBE_add(void);
 int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
             ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
+/* PBE type */
+/* Can appear as the outermost AlgorithmIdentifier */
+#define EVP_PBE_TYPE_OUTER      0x0
+/* Is an PRF type OID */
+#define EVP_PBE_TYPE_PRF        0x1
+int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
+             EVP_PBE_KEYGEN *keygen);
 int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
                    EVP_PBE_KEYGEN *keygen);
+int EVP_PBE_find(int type, int pbe_nid,
+                        int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen);
 void EVP_PBE_cleanup(void);
-#ifdef OPENSSL_FIPS
+#define ASN1_PKEY_ALIAS         0x1
-#ifndef OPENSSL_NO_ENGINE
+#define ASN1_PKEY_DYNAMIC       0x2
-void int_EVP_MD_set_engine_callbacks(
+#define ASN1_PKEY_SIGPARAM_NULL 0x4
-        int (*eng_md_init)(ENGINE *impl),
-        int (*eng_md_fin)(ENGINE *impl),
+#define ASN1_PKEY_CTRL_PKCS7_SIGN       0x1
-        int (*eng_md_evp)
+#define ASN1_PKEY_CTRL_PKCS7_ENCRYPT    0x2
-                (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl));
+#define ASN1_PKEY_CTRL_DEFAULT_MD_NID   0x3
-void int_EVP_MD_init_engine_callbacks(void);
+#define ASN1_PKEY_CTRL_CMS_SIGN         0x5
-void int_EVP_CIPHER_set_engine_callbacks(
+#define ASN1_PKEY_CTRL_CMS_ENVELOPE     0x7
-        int (*eng_ciph_fin)(ENGINE *impl),
-        int (*eng_ciph_evp)
+int EVP_PKEY_asn1_get_count(void);
-                (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl));
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
-void int_EVP_CIPHER_init_engine_callbacks(void);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
-#endif
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
-#endif
+                                        const char *str, int len);
+int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
+int EVP_PKEY_asn1_add_alias(int to, int from);
+int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags,
+                                const char **pinfo, const char **ppem_str,
+                                        const EVP_PKEY_ASN1_METHOD *ameth);
+const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(EVP_PKEY *pkey);
+EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
+                                        const char *pem_str, const char *info);
+void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, 
+                        const EVP_PKEY_ASN1_METHOD *src);
+void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
+void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
+                int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub),
+                int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk),
+                int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
+                int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *pctx),
+                int (*pkey_size)(const EVP_PKEY *pk),
+                int (*pkey_bits)(const EVP_PKEY *pk));
+void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
+                int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf),
+                int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk),
+                int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *pctx));
+void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
+                int (*param_decode)(EVP_PKEY *pkey,
+                                const unsigned char **pder, int derlen),
+                int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder),
+                int (*param_missing)(const EVP_PKEY *pk),
+                int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from),
+                int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
+                int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *pctx));
+void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
+                void (*pkey_free)(EVP_PKEY *pkey));
+void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
+                int (*pkey_ctrl)(EVP_PKEY *pkey, int op,
+                                                        long arg1, void *arg2));
+#define EVP_PKEY_OP_UNDEFINED           0
+#define EVP_PKEY_OP_PARAMGEN            (1<<1)
+#define EVP_PKEY_OP_KEYGEN              (1<<2)
+#define EVP_PKEY_OP_SIGN                (1<<3)
+#define EVP_PKEY_OP_VERIFY              (1<<4)
+#define EVP_PKEY_OP_VERIFYRECOVER       (1<<5)
+#define EVP_PKEY_OP_SIGNCTX             (1<<6)
+#define EVP_PKEY_OP_VERIFYCTX           (1<<7)
+#define EVP_PKEY_OP_ENCRYPT             (1<<8)
+#define EVP_PKEY_OP_DECRYPT             (1<<9)
+#define EVP_PKEY_OP_DERIVE              (1<<10)
+#define EVP_PKEY_OP_TYPE_SIG    \
+        (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
+                | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
+#define EVP_PKEY_OP_TYPE_CRYPT \
+        (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
+#define EVP_PKEY_OP_TYPE_NOGEN \
+        (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)
+#define EVP_PKEY_OP_TYPE_GEN \
+                (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
+#define  EVP_PKEY_CTX_set_signature_md(ctx, md) \
+                EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
+                                        EVP_PKEY_CTRL_MD, 0, (void *)md)
+#define EVP_PKEY_CTRL_MD                1
+#define EVP_PKEY_CTRL_PEER_KEY          2
+#define EVP_PKEY_CTRL_PKCS7_ENCRYPT     3
+#define EVP_PKEY_CTRL_PKCS7_DECRYPT     4
+#define EVP_PKEY_CTRL_PKCS7_SIGN        5
+#define EVP_PKEY_CTRL_SET_MAC_KEY       6
+#define EVP_PKEY_CTRL_DIGESTINIT        7
+/* Used by GOST key encryption in TLS */
+#define EVP_PKEY_CTRL_SET_IV            8
+#define EVP_PKEY_CTRL_CMS_ENCRYPT       9
+#define EVP_PKEY_CTRL_CMS_DECRYPT       10
+#define EVP_PKEY_CTRL_CMS_SIGN          11
+#define EVP_PKEY_ALG_CTRL               0x1000
+#define EVP_PKEY_FLAG_AUTOARGLEN        2
+const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
+EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags);
+void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
+int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
+EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                                int cmd, int p1, void *p2);
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                                                const char *value);
+int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
+EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
+                                unsigned char *key, int keylen);
+void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
+void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
+EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
+EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                        unsigned char *sig, size_t *siglen,
+                        const unsigned char *tbs, size_t tbslen);
+int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                        const unsigned char *sig, size_t siglen,
+                        const unsigned char *tbs, size_t tbslen);
+int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                        unsigned char *rout, size_t *routlen,
+                        const unsigned char *sig, size_t siglen);
+int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen);
+int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen);
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
+void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+        int (*init)(EVP_PKEY_CTX *ctx));
+void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
+        int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src));
+void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+        void (*cleanup)(EVP_PKEY_CTX *ctx));
+void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+        int (*paramgen_init)(EVP_PKEY_CTX *ctx),
+        int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+        int (*keygen_init)(EVP_PKEY_CTX *ctx),
+        int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey));
-void EVP_add_alg_module(void);
+void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+        int (*sign_init)(EVP_PKEY_CTX *ctx),
+        int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs, size_t tbslen));
+void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+        int (*verify_init)(EVP_PKEY_CTX *ctx),
+        int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
+                                        const unsigned char *tbs, size_t tbslen));
+void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+        int (*verify_recover_init)(EVP_PKEY_CTX *ctx),
+        int (*verify_recover)(EVP_PKEY_CTX *ctx,
+                                        unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs, size_t tbslen));
+void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+        int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
+        int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        EVP_MD_CTX *mctx));
+void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+        int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
+        int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen,
+                                        EVP_MD_CTX *mctx));
+void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+        int (*encrypt_init)(EVP_PKEY_CTX *ctx),
+        int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen));
+void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+        int (*decrypt_init)(EVP_PKEY_CTX *ctx),
+        int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen));
+void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+        int (*derive_init)(EVP_PKEY_CTX *ctx),
+        int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen));
+void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+        int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2),
+        int (*ctrl_str)(EVP_PKEY_CTX *ctx,
+                                        const char *type, const char *value));
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -956,46 +1191,66 @@ void ERR_load_EVP_strings(void);
 /* Function codes. */
 #define EVP_F_AES_INIT_KEY                               133
-#define EVP_F_ALG_MODULE_INIT                            138
 #define EVP_F_CAMELLIA_INIT_KEY                          159
 #define EVP_F_D2I_PKEY                                   100
-#define EVP_F_DO_EVP_ENC_ENGINE                          140
+#define EVP_F_DO_SIGVER_INIT                             161
-#define EVP_F_DO_EVP_ENC_ENGINE_FULL                     141
-#define EVP_F_DO_EVP_MD_ENGINE                           139
-#define EVP_F_DO_EVP_MD_ENGINE_FULL                      142
 #define EVP_F_DSAPKEY2PKCS8                              134
 #define EVP_F_DSA_PKEY2PKCS8                             135
 #define EVP_F_ECDSA_PKEY2PKCS8                           129
 #define EVP_F_ECKEY_PKEY2PKCS8                           132
-#define EVP_F_EVP_CIPHERINIT                             137
 #define EVP_F_EVP_CIPHERINIT_EX                          123
+#define EVP_F_EVP_CIPHER_CTX_COPY                        163
 #define EVP_F_EVP_CIPHER_CTX_CTRL                        124
 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH              122
 #define EVP_F_EVP_DECRYPTFINAL_EX                        101
-#define EVP_F_EVP_DIGESTINIT                             136
 #define EVP_F_EVP_DIGESTINIT_EX                          128
 #define EVP_F_EVP_ENCRYPTFINAL_EX                        127
 #define EVP_F_EVP_MD_CTX_COPY_EX                         110
+#define EVP_F_EVP_MD_SIZE                                162
 #define EVP_F_EVP_OPENINIT                               102
 #define EVP_F_EVP_PBE_ALG_ADD                            115
+#define EVP_F_EVP_PBE_ALG_ADD_TYPE                       160
 #define EVP_F_EVP_PBE_CIPHERINIT                         116
 #define EVP_F_EVP_PKCS82PKEY                             111
+#define EVP_F_EVP_PKCS82PKEY_BROKEN                      136
 #define EVP_F_EVP_PKEY2PKCS8_BROKEN                      113
 #define EVP_F_EVP_PKEY_COPY_PARAMETERS                   103
+#define EVP_F_EVP_PKEY_CTX_CTRL                          137
+#define EVP_F_EVP_PKEY_CTX_CTRL_STR                      150
+#define EVP_F_EVP_PKEY_CTX_DUP                           156
 #define EVP_F_EVP_PKEY_DECRYPT                           104
+#define EVP_F_EVP_PKEY_DECRYPT_INIT                      138
+#define EVP_F_EVP_PKEY_DECRYPT_OLD                       151
+#define EVP_F_EVP_PKEY_DERIVE                            153
+#define EVP_F_EVP_PKEY_DERIVE_INIT                       154
+#define EVP_F_EVP_PKEY_DERIVE_SET_PEER                   155
 #define EVP_F_EVP_PKEY_ENCRYPT                           105
+#define EVP_F_EVP_PKEY_ENCRYPT_INIT                      139
+#define EVP_F_EVP_PKEY_ENCRYPT_OLD                       152
 #define EVP_F_EVP_PKEY_GET1_DH                           119
 #define EVP_F_EVP_PKEY_GET1_DSA                          120
 #define EVP_F_EVP_PKEY_GET1_ECDSA                        130
 #define EVP_F_EVP_PKEY_GET1_EC_KEY                       131
 #define EVP_F_EVP_PKEY_GET1_RSA                          121
+#define EVP_F_EVP_PKEY_KEYGEN                            146
+#define EVP_F_EVP_PKEY_KEYGEN_INIT                       147
 #define EVP_F_EVP_PKEY_NEW                               106
+#define EVP_F_EVP_PKEY_PARAMGEN                          148
+#define EVP_F_EVP_PKEY_PARAMGEN_INIT                     149
+#define EVP_F_EVP_PKEY_SIGN                              140
+#define EVP_F_EVP_PKEY_SIGN_INIT                         141
+#define EVP_F_EVP_PKEY_VERIFY                            142
+#define EVP_F_EVP_PKEY_VERIFY_INIT                       143
+#define EVP_F_EVP_PKEY_VERIFY_RECOVER                    144
+#define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT               145
 #define EVP_F_EVP_RIJNDAEL                               126
 #define EVP_F_EVP_SIGNFINAL                              107
 #define EVP_F_EVP_VERIFYFINAL                            108
+#define EVP_F_INT_CTX_NEW                                157
 #define EVP_F_PKCS5_PBE_KEYIVGEN                         117
 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
 #define EVP_F_PKCS8_SET_BROKEN                           112
+#define EVP_F_PKEY_SET_TYPE                              158
 #define EVP_F_RC2_MAGIC_TO_METH                          109
 #define EVP_F_RC5_CTRL                                   125
@@ -1007,41 +1262,52 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_BAD_KEY_LENGTH                             137
 #define EVP_R_BN_DECODE_ERROR                            112
 #define EVP_R_BN_PUBKEY_ERROR                            113
+#define EVP_R_BUFFER_TOO_SMALL                           155
 #define EVP_R_CAMELLIA_KEY_SETUP_FAILED                  157
 #define EVP_R_CIPHER_PARAMETER_ERROR                     122
+#define EVP_R_COMMAND_NOT_SUPPORTED                      147
 #define EVP_R_CTRL_NOT_IMPLEMENTED                       132
 #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED             133
 #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH          138
 #define EVP_R_DECODE_ERROR                               114
 #define EVP_R_DIFFERENT_KEY_TYPES                        101
-#define EVP_R_DISABLED_FOR_FIPS                          144
+#define EVP_R_DIFFERENT_PARAMETERS                       153
 #define EVP_R_ENCODE_ERROR                               115
-#define EVP_R_ERROR_LOADING_SECTION                      145
-#define EVP_R_ERROR_SETTING_FIPS_MODE                    146
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR                   119
 #define EVP_R_EXPECTING_AN_RSA_KEY                       127
 #define EVP_R_EXPECTING_A_DH_KEY                         128
 #define EVP_R_EXPECTING_A_DSA_KEY                        129
 #define EVP_R_EXPECTING_A_ECDSA_KEY                      141
 #define EVP_R_EXPECTING_A_EC_KEY                         142
-#define EVP_R_FIPS_MODE_NOT_SUPPORTED                    147
 #define EVP_R_INITIALIZATION_ERROR                       134
 #define EVP_R_INPUT_NOT_INITIALIZED                      111
-#define EVP_R_INVALID_FIPS_MODE                          148
+#define EVP_R_INVALID_DIGEST                             152
 #define EVP_R_INVALID_KEY_LENGTH                         130
+#define EVP_R_INVALID_OPERATION                          148
 #define EVP_R_IV_TOO_LARGE                               102
 #define EVP_R_KEYGEN_FAILURE                             120
+#define EVP_R_MESSAGE_DIGEST_IS_NULL                     159
+#define EVP_R_METHOD_NOT_SUPPORTED                       144
 #define EVP_R_MISSING_PARAMETERS                         103
 #define EVP_R_NO_CIPHER_SET                              131
+#define EVP_R_NO_DEFAULT_DIGEST                          158
 #define EVP_R_NO_DIGEST_SET                              139
 #define EVP_R_NO_DSA_PARAMETERS                          116
+#define EVP_R_NO_KEY_SET                                 154
+#define EVP_R_NO_OPERATION_SET                           149
 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED                104
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED              105
+#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
+#define EVP_R_OPERATON_NOT_INITIALIZED                   151
 #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE                  117
+#define EVP_R_PRIVATE_KEY_DECODE_ERROR                   145
+#define EVP_R_PRIVATE_KEY_ENCODE_ERROR                   146
 #define EVP_R_PUBLIC_KEY_NOT_RSA                         106
-#define EVP_R_UNKNOWN_OPTION                             149
+#define EVP_R_UNKNOWN_CIPHER                             160
+#define EVP_R_UNKNOWN_DIGEST                             161
 #define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS                135
+#define EVP_R_UNSUPPORTED_ALGORITHM                      156
 #define EVP_R_UNSUPPORTED_CIPHER                         107
 #define EVP_R_UNSUPPORTED_KEYLENGTH                      123
 #define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION        124
@@ -1051,7 +1317,6 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_UNSUPPORTED_SALT_TYPE                      126
 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH                   109
 #define EVP_R_WRONG_PUBLIC_KEY_TYPE                      110
-#define EVP_R_SEED_KEY_SETUP_FAILED                      162
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/crypto/evp/evp_enc.c b/src/lib/libssl/src/crypto/evp/evp_enc.c
index 30e0ca4d9f..bead6a2170 100644
--- a/src/lib/libssl/src/crypto/evp/evp_enc.c
+++ b/src/lib/libssl/src/crypto/evp/evp_enc.c
@@ -66,16 +66,14 @@
 #endif
 #include "evp_locl.h"
-#ifdef OPENSSL_FIPS
-        #define M_do_cipher(ctx, out, in, inl) \
-                EVP_Cipher(ctx,out,in,inl)
-#else
-        #define M_do_cipher(ctx, out, in, inl) \
-                ctx->cipher->do_cipher(ctx,out,in,inl)
-#endif
 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+        {
+        memset(ctx,0,sizeof(EVP_CIPHER_CTX));
+        /* ctx->cipher=NULL; */
+        }
 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
        {
        EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
@@ -92,6 +90,144 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
        return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
        }
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+             const unsigned char *key, const unsigned char *iv, int enc)
+        {
+        if (enc == -1)
+                enc = ctx->encrypt;
+        else
+                {
+                if (enc)
+                        enc = 1;
+                ctx->encrypt = enc;
+                }
+#ifndef OPENSSL_NO_ENGINE
+        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+         * so this context may already have an ENGINE! Try to avoid releasing
+         * the previous handle, re-querying for an ENGINE, and having a
+         * reinitialisation, when it may all be unecessary. */
+        if (ctx->engine && ctx->cipher && (!cipher ||
+                        (cipher && (cipher->nid == ctx->cipher->nid))))
+                goto skip_to_init;
+#endif
+        if (cipher)
+                {
+                /* Ensure a context left lying around from last time is cleared
+                 * (the previous check attempted to avoid this if the same
+                 * ENGINE and EVP_CIPHER could be used). */
+                EVP_CIPHER_CTX_cleanup(ctx);
+                /* Restore encrypt field: it is zeroed by cleanup */
+                ctx->encrypt = enc;
+#ifndef OPENSSL_NO_ENGINE
+                if(impl)
+                        {
+                        if (!ENGINE_init(impl))
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        }
+                else
+                        /* Ask if an ENGINE is reserved for this job */
+                        impl = ENGINE_get_cipher_engine(cipher->nid);
+                if(impl)
+                        {
+                        /* There's an ENGINE for this job ... (apparently) */
+                        const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
+                        if(!c)
+                                {
+                                /* One positive side-effect of US's export
+                                 * control history, is that we should at least
+                                 * be able to avoid using US mispellings of
+                                 * "initialisation"? */
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        /* We'll use the ENGINE's private cipher definition */
+                        cipher = c;
+                        /* Store the ENGINE functional reference so we know
+                         * 'cipher' came from an ENGINE and we need to release
+                         * it when done. */
+                        ctx->engine = impl;
+                        }
+                else
+                        ctx->engine = NULL;
+#endif
+                ctx->cipher=cipher;
+                if (ctx->cipher->ctx_size)
+                        {
+                        ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+                        if (!ctx->cipher_data)
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        }
+                else
+                        {
+                        ctx->cipher_data = NULL;
+                        }
+                ctx->key_len = cipher->key_len;
+                ctx->flags = 0;
+                if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
+                        {
+                        if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        }
+                }
+        else if(!ctx->cipher)
+                {
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
+                return 0;
+                }
+#ifndef OPENSSL_NO_ENGINE
+skip_to_init:
+#endif
+        /* we assume block size is a power of 2 in *cryptUpdate */
+        OPENSSL_assert(ctx->cipher->block_size == 1
+            || ctx->cipher->block_size == 8
+            || ctx->cipher->block_size == 16);
+        if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+                switch(EVP_CIPHER_CTX_mode(ctx)) {
+                        case EVP_CIPH_STREAM_CIPHER:
+                        case EVP_CIPH_ECB_MODE:
+                        break;
+                        case EVP_CIPH_CFB_MODE:
+                        case EVP_CIPH_OFB_MODE:
+                        ctx->num = 0;
+                        case EVP_CIPH_CBC_MODE:
+                        OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
+                                        (int)sizeof(ctx->iv));
+                        if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+                        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+                        break;
+                        default:
+                        return 0;
+                        break;
+                }
+        }
+        if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+                if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
+        }
+        ctx->buf_len=0;
+        ctx->final_used=0;
+        ctx->block_mask=ctx->cipher->block_size-1;
+        return 1;
+        }
 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
             const unsigned char *in, int inl)
        {
@@ -151,7 +287,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
                {
-                if(M_do_cipher(ctx,out,in,inl))
+                if(ctx->cipher->do_cipher(ctx,out,in,inl))
                        {
                        *outl=inl;
                        return 1;
@@ -178,7 +314,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                        {
                        j=bl-i;
                        memcpy(&(ctx->buf[i]),in,j);
-                        if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
+                        if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
                        inl-=j;
                        in+=j;
                        out+=bl;
@@ -191,7 +327,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        inl-=i;
        if (inl > 0)
                {
-                if(!M_do_cipher(ctx,out,in,inl)) return 0;
+                if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
                *outl+=inl;
                }
@@ -235,7 +371,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        n=b-bl;
        for (i=bl; i<b; i++)
                ctx->buf[i]=n;
-        ret=M_do_cipher(ctx,out,ctx->buf,b);
+        ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
        if(ret)
@@ -357,6 +493,28 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
                }
        }
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
+        {
+        if (c->cipher != NULL)
+                {
+                if(c->cipher->cleanup && !c->cipher->cleanup(c))
+                        return 0;
+                /* Cleanse cipher context data */
+                if (c->cipher_data)
+                        OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+                }
+        if (c->cipher_data)
+                OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
+        if (c->engine)
+                /* The EVP_CIPHER we used belongs to an ENGINE, release the
+                 * functional reference we held for this reason. */
+                ENGINE_finish(c->engine);
+#endif
+        memset(c,0,sizeof(EVP_CIPHER_CTX));
+        return 1;
+        }
 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
        {
        if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 
@@ -378,6 +536,27 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
        return 1;
        }
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+        int ret;
+        if(!ctx->cipher) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+                return 0;
+        }
+        if(!ctx->cipher->ctrl) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+                return 0;
+        }
+        ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+        if(ret == -1) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+                return 0;
+        }
+        return ret;
+}
 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
        {
        if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
@@ -387,54 +566,38 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
        return 1;
        }
-#ifndef OPENSSL_NO_ENGINE
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
-#ifdef OPENSSL_FIPS
-static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
        {
-        if(impl)
+        if ((in == NULL) || (in->cipher == NULL))
                {
-                if (!ENGINE_init(impl))
+                EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
-                        {
+                return 0;
-                        EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
-                        return 0;
-                        }
                }
-        else
+#ifndef OPENSSL_NO_ENGINE
-                /* Ask if an ENGINE is reserved for this job */
+        /* Make sure it's safe to copy a cipher context using an ENGINE */
-                impl = ENGINE_get_cipher_engine((*pcipher)->nid);
+        if (in->engine && !ENGINE_init(in->engine))
-        if(impl)
+                {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_ENGINE_LIB);
+                return 0;
+                }
+#endif
+        EVP_CIPHER_CTX_cleanup(out);
+        memcpy(out,in,sizeof *out);
+        if (in->cipher_data && in->cipher->ctx_size)
                {
-                /* There's an ENGINE for this job ... (apparently) */
+                out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size);
-                const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
+                if (!out->cipher_data)
-                if(!c)
                        {
-                        /* One positive side-effect of US's export
+                        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE);
-                         * control history, is that we should at least
-                         * be able to avoid using US mispellings of
-                         * "initialisation"? */
-                        EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
                        return 0;
                        }
-                /* We'll use the ENGINE's private cipher definition */
+                memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size);
-                *pcipher = c;
-                /* Store the ENGINE functional reference so we know
-                 * 'cipher' came from an ENGINE and we need to release
-                 * it when done. */
-                ctx->engine = impl;
                }
-        else
-                ctx->engine = NULL;
-        return 1;
-        }
-void int_EVP_CIPHER_init_engine_callbacks(void)
+        if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
-        {
+                return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
-        int_EVP_CIPHER_set_engine_callbacks(
+        return 1;
-                ENGINE_finish, do_evp_enc_engine_full);
        }
-#endif
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/evp_err.c b/src/lib/libssl/src/crypto/evp/evp_err.c
index b5b900d4fe..d8bfec0959 100644
--- a/src/lib/libssl/src/crypto/evp/evp_err.c
+++ b/src/lib/libssl/src/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
 /* crypto/evp/evp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -71,46 +71,66 @@
 static ERR_STRING_DATA EVP_str_functs[]=
        {
 {ERR_FUNC(EVP_F_AES_INIT_KEY),  "AES_INIT_KEY"},
-{ERR_FUNC(EVP_F_ALG_MODULE_INIT),       "ALG_MODULE_INIT"},
 {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),     "CAMELLIA_INIT_KEY"},
 {ERR_FUNC(EVP_F_D2I_PKEY),      "D2I_PKEY"},
-{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE),     "DO_EVP_ENC_ENGINE"},
+{ERR_FUNC(EVP_F_DO_SIGVER_INIT),        "DO_SIGVER_INIT"},
-{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL),        "DO_EVP_ENC_ENGINE_FULL"},
-{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE),      "DO_EVP_MD_ENGINE"},
-{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"},
 {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
 {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8),        "DSA_PKEY2PKCS8"},
 {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8),      "ECDSA_PKEY2PKCS8"},
 {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8),      "ECKEY_PKEY2PKCS8"},
-{ERR_FUNC(EVP_F_EVP_CIPHERINIT),        "EVP_CipherInit"},
 {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX),     "EVP_CipherInit_ex"},
+{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY),   "EVP_CIPHER_CTX_copy"},
 {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL),   "EVP_CIPHER_CTX_ctrl"},
 {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
 {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX),   "EVP_DecryptFinal_ex"},
-{ERR_FUNC(EVP_F_EVP_DIGESTINIT),        "EVP_DigestInit"},
 {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX),     "EVP_DigestInit_ex"},
 {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX),   "EVP_EncryptFinal_ex"},
 {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX),    "EVP_MD_CTX_copy_ex"},
+{ERR_FUNC(EVP_F_EVP_MD_SIZE),   "EVP_MD_SIZE"},
 {ERR_FUNC(EVP_F_EVP_OPENINIT),  "EVP_OpenInit"},
 {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD),       "EVP_PBE_alg_add"},
+{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE),  "EVP_PBE_alg_add_type"},
 {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT),    "EVP_PBE_CipherInit"},
 {ERR_FUNC(EVP_F_EVP_PKCS82PKEY),        "EVP_PKCS82PKEY"},
+{ERR_FUNC(EVP_F_EVP_PKCS82PKEY_BROKEN), "EVP_PKCS82PKEY_BROKEN"},
 {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"},
 {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS),      "EVP_PKEY_copy_parameters"},
+{ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL),     "EVP_PKEY_CTX_ctrl"},
+{ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"},
+{ERR_FUNC(EVP_F_EVP_PKEY_CTX_DUP),      "EVP_PKEY_CTX_dup"},
 {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT),      "EVP_PKEY_decrypt"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT), "EVP_PKEY_decrypt_init"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD),  "EVP_PKEY_decrypt_old"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE),       "EVP_PKEY_derive"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT),  "EVP_PKEY_derive_init"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_SET_PEER),      "EVP_PKEY_derive_set_peer"},
 {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT),      "EVP_PKEY_encrypt"},
+{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"},
+{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD),  "EVP_PKEY_encrypt_old"},
 {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH),      "EVP_PKEY_get1_DH"},
 {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA),     "EVP_PKEY_get1_DSA"},
 {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA),   "EVP_PKEY_GET1_ECDSA"},
 {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY),  "EVP_PKEY_get1_EC_KEY"},
 {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA),     "EVP_PKEY_get1_RSA"},
+{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN),       "EVP_PKEY_keygen"},
+{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT),  "EVP_PKEY_keygen_init"},
 {ERR_FUNC(EVP_F_EVP_PKEY_NEW),  "EVP_PKEY_new"},
+{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN),     "EVP_PKEY_paramgen"},
+{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT),        "EVP_PKEY_paramgen_init"},
+{ERR_FUNC(EVP_F_EVP_PKEY_SIGN), "EVP_PKEY_sign"},
+{ERR_FUNC(EVP_F_EVP_PKEY_SIGN_INIT),    "EVP_PKEY_sign_init"},
+{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY),       "EVP_PKEY_verify"},
+{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_INIT),  "EVP_PKEY_verify_init"},
+{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER),       "EVP_PKEY_verify_recover"},
+{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT),  "EVP_PKEY_verify_recover_init"},
 {ERR_FUNC(EVP_F_EVP_RIJNDAEL),  "EVP_RIJNDAEL"},
 {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
 {ERR_FUNC(EVP_F_EVP_VERIFYFINAL),       "EVP_VerifyFinal"},
+{ERR_FUNC(EVP_F_INT_CTX_NEW),   "INT_CTX_NEW"},
 {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN),    "PKCS5_PBE_keyivgen"},
 {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
 {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN),      "PKCS8_set_broken"},
+{ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"},
 {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH),     "RC2_MAGIC_TO_METH"},
 {ERR_FUNC(EVP_F_RC5_CTRL),      "RC5_CTRL"},
 {0,NULL}
@@ -125,42 +145,52 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_BAD_KEY_LENGTH)        ,"bad key length"},
 {ERR_REASON(EVP_R_BN_DECODE_ERROR)       ,"bn decode error"},
 {ERR_REASON(EVP_R_BN_PUBKEY_ERROR)       ,"bn pubkey error"},
+{ERR_REASON(EVP_R_BUFFER_TOO_SMALL)      ,"buffer too small"},
 {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"},
 {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
+{ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED) ,"command not supported"},
 {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED)  ,"ctrl not implemented"},
 {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
 {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
 {ERR_REASON(EVP_R_DECODE_ERROR)          ,"decode error"},
 {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES)   ,"different key types"},
-{ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
+{ERR_REASON(EVP_R_DIFFERENT_PARAMETERS)  ,"different parameters"},
 {ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
-{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
-{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
 {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
 {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY)    ,"expecting a ec key"},
-{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
 {ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
 {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
-{ERR_REASON(EVP_R_INVALID_FIPS_MODE)     ,"invalid fips mode"},
+{ERR_REASON(EVP_R_INVALID_DIGEST)        ,"invalid digest"},
 {ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
+{ERR_REASON(EVP_R_INVALID_OPERATION)     ,"invalid operation"},
 {ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
 {ERR_REASON(EVP_R_KEYGEN_FAILURE)        ,"keygen failure"},
+{ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL),"message digest is null"},
+{ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED)  ,"method not supported"},
 {ERR_REASON(EVP_R_MISSING_PARAMETERS)    ,"missing parameters"},
 {ERR_REASON(EVP_R_NO_CIPHER_SET)         ,"no cipher set"},
+{ERR_REASON(EVP_R_NO_DEFAULT_DIGEST)     ,"no default digest"},
 {ERR_REASON(EVP_R_NO_DIGEST_SET)         ,"no digest set"},
 {ERR_REASON(EVP_R_NO_DSA_PARAMETERS)     ,"no dsa parameters"},
+{ERR_REASON(EVP_R_NO_KEY_SET)            ,"no key set"},
+{ERR_REASON(EVP_R_NO_OPERATION_SET)      ,"no operation set"},
 {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"},
 {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
+{ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
+{ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED),"operaton not initialized"},
 {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
+{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"},
+{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"},
 {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
-{ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED) ,"seed key setup failed"},
+{ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
-{ERR_REASON(EVP_R_UNKNOWN_OPTION)        ,"unknown option"},
+{ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
+{ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},
 {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
 {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"},
 {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"},
diff --git a/src/lib/libssl/src/crypto/evp/evp_key.c b/src/lib/libssl/src/crypto/evp/evp_key.c
index 361ea69ab6..839d6a3a16 100644
--- a/src/lib/libssl/src/crypto/evp/evp_key.c
+++ b/src/lib/libssl/src/crypto/evp/evp_key.c
@@ -90,6 +90,11 @@ char *EVP_get_pw_prompt(void)
 * this function will fail */
 int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
        {
+        return EVP_read_pw_string_min(buf, 0, len, prompt, verify);
+        }
+int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int verify)
+        {
        int ret;
        char buff[BUFSIZ];
        UI *ui;
@@ -97,10 +102,10 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
        if ((prompt == NULL) && (prompt_string[0] != '\0'))
                prompt=prompt_string;
        ui = UI_new();
-        UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len);
+        UI_add_input_string(ui,prompt,0,buf,min,(len>=BUFSIZ)?BUFSIZ-1:len);
        if (verify)
                UI_add_verify_string(ui,prompt,0,
-                        buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
+                        buff,min,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
        ret = UI_process(ui);
        UI_free(ui);
        OPENSSL_cleanse(buff,BUFSIZ);
diff --git a/src/lib/libssl/src/crypto/evp/evp_lib.c b/src/lib/libssl/src/crypto/evp/evp_lib.c
index 174cf6c594..40951a04f0 100644
--- a/src/lib/libssl/src/crypto/evp/evp_lib.c
+++ b/src/lib/libssl/src/crypto/evp/evp_lib.c
@@ -67,8 +67,6 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        if (c->cipher->set_asn1_parameters != NULL)
                ret=c->cipher->set_asn1_parameters(c,type);
-        else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
-                ret=EVP_CIPHER_set_asn1_iv(c, type);
        else
                ret=-1;
        return(ret);
@@ -80,8 +78,6 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        if (c->cipher->get_asn1_parameters != NULL)
                ret=c->cipher->get_asn1_parameters(c,type);
-        else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
-                ret=EVP_CIPHER_get_asn1_iv(c, type);
        else
                ret=-1;
        return(ret);
@@ -163,6 +159,12 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
                return NID_des_cfb64;
+                case NID_des_ede3_cfb64:
+                case NID_des_ede3_cfb8:
+                case NID_des_ede3_cfb1:
+                return NID_des_cfb64;
                default:
                /* Check it has an OID and it is valid */
                otmp = OBJ_nid2obj(nid);
@@ -182,6 +184,11 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
        return ctx->cipher->block_size;
        }
+int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
+        {
+        return ctx->cipher->do_cipher(ctx,out,in,inl);
+        }
 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
        {
        return ctx->cipher;
@@ -192,6 +199,11 @@ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
        return cipher->flags;
        }
+unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
+        {
+        return ctx->cipher->flags;
+        }
 void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
        {
        return ctx->app_data;
@@ -207,6 +219,11 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
        return cipher->iv_len;
        }
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
+        {
+        return ctx->cipher->iv_len;
+        }
 int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
        {
        return cipher->key_len;
@@ -217,6 +234,11 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
        return ctx->key_len;
        }
+int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
+        {
+        return cipher->nid;
+        }
 int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
        {
        return ctx->cipher->nid;
@@ -239,11 +261,23 @@ int EVP_MD_pkey_type(const EVP_MD *md)
 int EVP_MD_size(const EVP_MD *md)
        {
+        if (!md)
+                {
+                EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL);
+                return -1;
+                }
        return md->md_size;
        }
-const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
+unsigned long EVP_MD_flags(const EVP_MD *md)
+        {
+        return md->flags;
+        }
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
        {
+        if (!ctx)
+                return NULL;
        return ctx->digest;
        }
diff --git a/src/lib/libssl/src/crypto/evp/evp_locl.h b/src/lib/libssl/src/crypto/evp/evp_locl.h
index eabcc96f30..292d74c188 100644
--- a/src/lib/libssl/src/crypto/evp/evp_locl.h
+++ b/src/lib/libssl/src/crypto/evp/evp_locl.h
@@ -61,38 +61,66 @@
 /* Wrapper functions for each cipher mode */
 #define BLOCK_CIPHER_ecb_loop() \
-        unsigned int i, bl; \
+        size_t i, bl; \
        bl = ctx->cipher->block_size;\
        if(inl < bl) return 1;\
        inl -= bl; \
        for(i=0; i <= inl; i+=bl) 
 #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
-static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
 {\
        BLOCK_CIPHER_ecb_loop() \
                cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\
        return 1;\
 }
+#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
 #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
-static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
 {\
-        cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
+        while(inl>=EVP_MAXCHUNK)\
+            {\
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
+            inl-=EVP_MAXCHUNK;\
+            in +=EVP_MAXCHUNK;\
+            out+=EVP_MAXCHUNK;\
+            }\
+        if (inl)\
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
        return 1;\
 }
 #define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
-static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
 {\
-        cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
+        while(inl>=EVP_MAXCHUNK) \
+            {\
+            cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
+            inl-=EVP_MAXCHUNK;\
+            in +=EVP_MAXCHUNK;\
+            out+=EVP_MAXCHUNK;\
+            }\
+        if (inl)\
+            cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
        return 1;\
 }
 #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
-static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
 {\
-        cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
+        size_t chunk=EVP_MAXCHUNK;\
+        if (cbits==1)  chunk>>=3;\
+        if (inl<chunk) chunk=inl;\
+        while(inl && inl>=chunk)\
+            {\
+            cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
+            inl-=chunk;\
+            in +=chunk;\
+            out+=chunk;\
+            if(inl<chunk) chunk=inl;\
+            }\
        return 1;\
 }
@@ -139,10 +167,10 @@ BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
                  get_asn1, ctrl)
 #define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
-                             iv_len, flags, init_key, cleanup, set_asn1, \
+                             flags, init_key, cleanup, set_asn1, \
                             get_asn1, ctrl) \
 BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
-                  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+                  0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
 #define BLOCK_CIPHER_defs(cname, kstruct, \
                          nid, block_size, key_len, iv_len, cbits, flags, \
@@ -153,7 +181,7 @@ BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
 BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
                     init_key, cleanup, set_asn1, get_asn1, ctrl)
@@ -226,27 +254,92 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
 #define EVP_C_DATA(kstruct, ctx)        ((kstruct *)(ctx)->cipher_data)
-#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \
        BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
        BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
                             NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
-                             (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
+                             0, cipher##_init_key, NULL, \
-                             cipher##_init_key, NULL, NULL, NULL, NULL)
+                             EVP_CIPHER_set_asn1_iv, \
+                             EVP_CIPHER_get_asn1_iv, \
-#ifdef OPENSSL_FIPS
+                             NULL)
-#define RC2_set_key     private_RC2_set_key
-#define RC4_set_key     private_RC4_set_key
+struct evp_pkey_ctx_st
-#define CAST_set_key    private_CAST_set_key
+        {
-#define RC5_32_set_key  private_RC5_32_set_key
+        /* Method associated with this operation */
-#define BF_set_key      private_BF_set_key
+        const EVP_PKEY_METHOD *pmeth;
-#define Camellia_set_key private_Camellia_set_key
+        /* Engine that implements this method or NULL if builtin */
-#define idea_set_encrypt_key private_idea_set_encrypt_key
+        ENGINE *engine;
+        /* Key: may be NULL */
-#define MD5_Init        private_MD5_Init
+        EVP_PKEY *pkey;
-#define MD4_Init        private_MD4_Init
+        /* Peer key for key agreement, may be NULL */
-#define MD2_Init        private_MD2_Init
+        EVP_PKEY *peerkey;
-#define MDC2_Init       private_MDC2_Init
+        /* Actual operation */
-#define SHA_Init        private_SHA_Init
+        int operation;
+        /* Algorithm specific data */
-#endif
+        void *data;
+        /* Application specific data */
+        void *app_data;
+        /* Keygen callback */
+        EVP_PKEY_gen_cb *pkey_gencb;
+        /* implementation specific keygen data */
+        int *keygen_info;
+        int keygen_info_count;
+        } /* EVP_PKEY_CTX */;
+#define EVP_PKEY_FLAG_DYNAMIC   1
+struct evp_pkey_method_st
+        {
+        int pkey_id;
+        int flags;
+        int (*init)(EVP_PKEY_CTX *ctx);
+        int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
+        void (*cleanup)(EVP_PKEY_CTX *ctx);
+        int (*paramgen_init)(EVP_PKEY_CTX *ctx);
+        int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+        int (*keygen_init)(EVP_PKEY_CTX *ctx);
+        int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+        int (*sign_init)(EVP_PKEY_CTX *ctx);
+        int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                const unsigned char *tbs, size_t tbslen);
+        int (*verify_init)(EVP_PKEY_CTX *ctx);
+        int (*verify)(EVP_PKEY_CTX *ctx,
+                                const unsigned char *sig, size_t siglen,
+                                const unsigned char *tbs, size_t tbslen);
+        int (*verify_recover_init)(EVP_PKEY_CTX *ctx);
+        int (*verify_recover)(EVP_PKEY_CTX *ctx,
+                                unsigned char *rout, size_t *routlen,
+                                const unsigned char *sig, size_t siglen);
+        int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+        int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        EVP_MD_CTX *mctx);
+        int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+        int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen,
+                                        EVP_MD_CTX *mctx);
+        int (*encrypt_init)(EVP_PKEY_CTX *ctx);
+        int (*encrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen);
+        int (*decrypt_init)(EVP_PKEY_CTX *ctx);
+        int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen);
+        int (*derive_init)(EVP_PKEY_CTX *ctx);
+        int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+        int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+        int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value);
+        } /* EVP_PKEY_METHOD */;
+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
diff --git a/src/lib/libssl/src/crypto/evp/evp_pbe.c b/src/lib/libssl/src/crypto/evp/evp_pbe.c
index 5e830be65f..c9d932d205 100644
--- a/src/lib/libssl/src/crypto/evp/evp_pbe.c
+++ b/src/lib/libssl/src/crypto/evp/evp_pbe.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -59,79 +59,253 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
+#include <openssl/pkcs12.h>
 #include <openssl/x509.h>
 /* Password based encryption (PBE) functions */
-static STACK *pbe_algs;
+DECLARE_STACK_OF(EVP_PBE_CTL)
+static STACK_OF(EVP_PBE_CTL) *pbe_algs;
 /* Setup a cipher context from a PBE algorithm */
-typedef struct {
+typedef struct
-int pbe_nid;
+        {
-const EVP_CIPHER *cipher;
+        int pbe_type;
-const EVP_MD *md;
+        int pbe_nid;
-EVP_PBE_KEYGEN *keygen;
+        int cipher_nid;
-} EVP_PBE_CTL;
+        int md_nid;
+        EVP_PBE_KEYGEN *keygen;
+        } EVP_PBE_CTL;
-int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+static const EVP_PBE_CTL builtin_pbe[] = 
-             ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
+        {
-{
+        {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC,
+                        NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen},
+        {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC,
+                        NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen},
+        {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
+                        NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
-        EVP_PBE_CTL *pbetmp, pbelu;
+        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
-        int i;
+                        NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
-        pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
+        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4,
-        if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu);
+                        NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen},
-        else i = -1;
+        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+                        NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 
+                        NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC,
+                        NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC,
+                        NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+#ifndef OPENSSL_NO_HMAC
+        {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen},
+#endif
+        {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,
+                        NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen},
+        {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,
+                        NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen},
+        {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC,
+                        NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen},
+        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
+        {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},
+        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},
+        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},
+        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
+        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
+        {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
+        };
+#ifdef TEST
+int main(int argc, char **argv)
+        {
+        int i, nid_md, nid_cipher;
+        EVP_PBE_CTL *tpbe, *tpbe2;
+        /*OpenSSL_add_all_algorithms();*/
+        for (i = 0; i < sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL); i++)
+                {
+                tpbe = builtin_pbe + i;
+                fprintf(stderr, "%d %d %s ", tpbe->pbe_type, tpbe->pbe_nid,
+                                                OBJ_nid2sn(tpbe->pbe_nid));
+                if (EVP_PBE_find(tpbe->pbe_type, tpbe->pbe_nid,
+                                        &nid_cipher ,&nid_md,0))
+                        fprintf(stderr, "Found %s %s\n",
+                                        OBJ_nid2sn(nid_cipher),
+                                        OBJ_nid2sn(nid_md));
+                else
+                        fprintf(stderr, "Find ERROR!!\n");
+                }
+        return 0;
+        }
+#endif
+                
+int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+                       ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
+        {
+        const EVP_CIPHER *cipher;
+        const EVP_MD *md;
+        int cipher_nid, md_nid;
+        EVP_PBE_KEYGEN *keygen;
-        if (i == -1) {
+        if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
+                                        &cipher_nid, &md_nid, &keygen))
+                {
                char obj_tmp[80];
                EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
                if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
                else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
                ERR_add_error_data(2, "TYPE=", obj_tmp);
                return 0;
-        }
+                }
-        if(!pass) passlen = 0;
-        else if (passlen == -1) passlen = strlen(pass);
+        if(!pass)
-        pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
+                passlen = 0;
-        i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher,
+        else if (passlen == -1)
-                                                 pbetmp->md, en_de);
+                passlen = strlen(pass);
-        if (!i) {
+        if (cipher_nid == -1)
+                cipher = NULL;
+        else
+                {
+                cipher = EVP_get_cipherbynid(cipher_nid);
+                if (!cipher)
+                        {
+                        EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_CIPHER);
+                        return 0;
+                        }
+                }
+        if (md_nid == -1)
+                md = NULL;
+        else
+                {
+                md = EVP_get_digestbynid(md_nid);
+                if (!md)
+                        {
+                        EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_DIGEST);
+                        return 0;
+                        }
+                }
+        if (!keygen(ctx, pass, passlen, param, cipher, md, en_de))
+                {
                EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
                return 0;
-        }
+                }
        return 1;       
 }
-static int pbe_cmp(const char * const *a, const char * const *b)
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
-{
-        const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a,
+static int pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
-                        * const *pbe2 = (const EVP_PBE_CTL * const *)b;
+        {
-        return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
+        int ret = pbe1->pbe_type - pbe2->pbe_type;
-}
+        if (ret)
+                return ret;
+        else
+                return pbe1->pbe_nid - pbe2->pbe_nid;
+        }
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
+static int pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b)
+        {
+        int ret = (*a)->pbe_type - (*b)->pbe_type;
+        if (ret)
+                return ret;
+        else
+                return (*a)->pbe_nid - (*b)->pbe_nid;
+        }
 /* Add a PBE algorithm */
-int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
-             EVP_PBE_KEYGEN *keygen)
+                         EVP_PBE_KEYGEN *keygen)
-{
+        {
        EVP_PBE_CTL *pbe_tmp;
-        if (!pbe_algs) pbe_algs = sk_new(pbe_cmp);
+        if (!pbe_algs)
-        if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) {
+                pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);
-                EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
+        if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL))))
+                {
+                EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE,ERR_R_MALLOC_FAILURE);
                return 0;
-        }
+                }
-        pbe_tmp->pbe_nid = nid;
+        pbe_tmp->pbe_type = pbe_type;
-        pbe_tmp->cipher = cipher;
+        pbe_tmp->pbe_nid = pbe_nid;
-        pbe_tmp->md = md;
+        pbe_tmp->cipher_nid = cipher_nid;
+        pbe_tmp->md_nid = md_nid;
        pbe_tmp->keygen = keygen;
-        sk_push (pbe_algs, (char *)pbe_tmp);
+        sk_EVP_PBE_CTL_push (pbe_algs, pbe_tmp);
        return 1;
-}
+        }
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+                    EVP_PBE_KEYGEN *keygen)
+        {
+        int cipher_nid, md_nid;
+        if (cipher)
+                cipher_nid = EVP_CIPHER_type(cipher);
+        else
+                cipher_nid = -1;
+        if (md)
+                md_nid = EVP_MD_type(md);
+        else
+                md_nid = -1;
+        return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid,
+                                        cipher_nid, md_nid, keygen);
+        }
+int EVP_PBE_find(int type, int pbe_nid,
+                 int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen)
+        {
+        EVP_PBE_CTL *pbetmp = NULL, pbelu;
+        int i;
+        if (pbe_nid == NID_undef)
+                return 0;
+        pbelu.pbe_type = type;
+        pbelu.pbe_nid = pbe_nid;
+        if (pbe_algs)
+                {
+                i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
+                if (i != -1)
+                        pbetmp = sk_EVP_PBE_CTL_value (pbe_algs, i);
+                }
+        if (pbetmp == NULL)
+                {
+                pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe,
+                                     sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL));
+                }
+        if (pbetmp == NULL)
+                return 0;
+        if (pcnid)
+                *pcnid = pbetmp->cipher_nid;
+        if (pmnid)
+                *pmnid = pbetmp->md_nid;
+        if (pkeygen)
+                *pkeygen = pbetmp->keygen;
+        return 1;
+        }
+static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe)
+         {
+         OPENSSL_freeFunc(pbe);
+         }
 void EVP_PBE_cleanup(void)
-{
+        {
-        sk_pop_free(pbe_algs, OPENSSL_freeFunc);
+        sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl);
        pbe_algs = NULL;
-}
+        }
diff --git a/src/lib/libssl/src/crypto/evp/evp_pkey.c b/src/lib/libssl/src/crypto/evp/evp_pkey.c
index 10d9e9e772..ceebf69284 100644
--- a/src/lib/libssl/src/crypto/evp/evp_pkey.c
+++ b/src/lib/libssl/src/crypto/evp/evp_pkey.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -61,287 +61,52 @@
 #include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
+#include "asn1_locl.h"
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DSA
-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_EC
-static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
-#endif
 /* Extract a private key from a PKCS8 structure */
 EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
 {
        EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_RSA
+        ASN1_OBJECT *algoid;
-        RSA *rsa = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
-        DSA *dsa = NULL;
-        ASN1_TYPE *t1, *t2;
-        ASN1_INTEGER *privkey;
-        STACK_OF(ASN1_TYPE) *ndsa = NULL;
-#endif
-#ifndef OPENSSL_NO_EC
-        EC_KEY *eckey = NULL;
-        const unsigned char *p_tmp;
-#endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
-        ASN1_TYPE    *param = NULL;     
-        BN_CTX *ctx = NULL;
-        int plen;
-#endif
-        X509_ALGOR *a;
-        const unsigned char *p;
-        const unsigned char *cp;
-        int pkeylen;
-        int  nid;
        char obj_tmp[80];
-        if(p8->pkey->type == V_ASN1_OCTET_STRING) {
+        if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
-                p8->broken = PKCS8_OK;
+                return NULL;
-                p = p8->pkey->value.octet_string->data;
-                pkeylen = p8->pkey->value.octet_string->length;
-        } else {
-                p8->broken = PKCS8_NO_OCTET;
-                p = p8->pkey->value.sequence->data;
-                pkeylen = p8->pkey->value.sequence->length;
-        }
        if (!(pkey = EVP_PKEY_new())) {
                EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
-        a = p8->pkeyalg;
-        nid = OBJ_obj2nid(a->algorithm);
-        switch(nid)
-        {
-#ifndef OPENSSL_NO_RSA
-                case NID_rsaEncryption:
-                cp = p;
-                if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
-                }
-                EVP_PKEY_assign_RSA (pkey, rsa);
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-                case NID_dsa:
-                /* PKCS#8 DSA is weird: you just get a private key integer
-                 * and parameters in the AlgorithmIdentifier the pubkey must
-                 * be recalculated.
-                 */
-        
-                /* Check for broken DSA PKCS#8, UGH! */
-                if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
-                    if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, 
-                                                          d2i_ASN1_TYPE,
-                                                          ASN1_TYPE_free))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    /* Handle Two broken types:
-                     * SEQUENCE {parameters, priv_key}
-                     * SEQUENCE {pub_key, priv_key}
-                     */
-                    t1 = sk_ASN1_TYPE_value(ndsa, 0);
-                    t2 = sk_ASN1_TYPE_value(ndsa, 1);
-                    if(t1->type == V_ASN1_SEQUENCE) {
-                        p8->broken = PKCS8_EMBEDDED_PARAM;
-                        param = t1;
-                    } else if(a->parameter->type == V_ASN1_SEQUENCE) {
-                        p8->broken = PKCS8_NS_DB;
-                        param = a->parameter;
-                    } else {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    if(t2->type != V_ASN1_INTEGER) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    privkey = t2->value.integer;
-                } else {
-                        if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                                goto dsaerr;
-                        }
-                        param = p8->pkeyalg->parameter;
-                }
-                if (!param || (param->type != V_ASN1_SEQUENCE)) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                cp = p = param->value.sequence->data;
-                plen = param->value.sequence->length;
-                if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                /* We have parameters now set private key */
-                if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                /* Calculate public key (ouch!) */
-                if (!(dsa->pub_key = BN_new())) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        goto dsaerr;
-                }
-                if (!(ctx = BN_CTX_new())) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        goto dsaerr;
-                }
-                        
-                if (!BN_mod_exp(dsa->pub_key, dsa->g,
-                                                 dsa->priv_key, dsa->p, ctx)) {
-                        
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
-                        goto dsaerr;
-                }
-                EVP_PKEY_assign_DSA(pkey, dsa);
+        if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid)))
-                BN_CTX_free (ctx);
-                if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                else ASN1_INTEGER_free(privkey);
-                break;
-                dsaerr:
-                BN_CTX_free (ctx);
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                DSA_free(dsa);
-                EVP_PKEY_free(pkey);
-                return NULL;
-                break;
-#endif
-#ifndef OPENSSL_NO_EC
-                case NID_X9_62_id_ecPublicKey:
-                p_tmp = p;
-                /* extract the ec parameters */
-                param = p8->pkeyalg->parameter;
-                if (!param || ((param->type != V_ASN1_SEQUENCE) &&
-                    (param->type != V_ASN1_OBJECT)))
                {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-                        goto ecerr;
+                i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
+                ERR_add_error_data(2, "TYPE=", obj_tmp);
+                goto error;
                }
-                if (param->type == V_ASN1_SEQUENCE)
+        if (pkey->ameth->priv_decode)
                {
-                        cp = p = param->value.sequence->data;
+                if (!pkey->ameth->priv_decode(pkey, p8))
-                        plen = param->value.sequence->length;
-                        if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
                        {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY,
+                        EVPerr(EVP_F_EVP_PKCS82PKEY,
-                                        EVP_R_DECODE_ERROR);
+                                        EVP_R_PRIVATE_KEY_DECODE_ERROR);
-                                goto ecerr;
+                        goto error;
                        }
                }
-                else
+        else
                {
-                        EC_GROUP *group;
+                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
-                        cp = p = param->value.object->data;
+                goto error;
-                        plen = param->value.object->length;
-                        /* type == V_ASN1_OBJECT => the parameters are given
-                         * by an asn1 OID
-                         */
-                        if ((eckey = EC_KEY_new()) == NULL)
-                        {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY,
-                                        ERR_R_MALLOC_FAILURE);
-                                goto ecerr;
-                        }
-                        group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
-                        if (group == NULL)
-                                goto ecerr;
-                        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-                        if (EC_KEY_set_group(eckey, group) == 0)
-                                goto ecerr;
-                        EC_GROUP_free(group);
-                }
-                /* We have parameters now set private key */
-                if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
-                {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto ecerr;
-                }
-                /* calculate public key (if necessary) */
-                if (EC_KEY_get0_public_key(eckey) == NULL)
-                {
-                        const BIGNUM *priv_key;
-                        const EC_GROUP *group;
-                        EC_POINT *pub_key;
-                        /* the public key was not included in the SEC1 private
-                         * key => calculate the public key */
-                        group   = EC_KEY_get0_group(eckey);
-                        pub_key = EC_POINT_new(group);
-                        if (pub_key == NULL)
-                        {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
-                        {
-                                EC_POINT_free(pub_key);
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        priv_key = EC_KEY_get0_private_key(eckey);
-                        if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
-                        {
-                                EC_POINT_free(pub_key);
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        if (EC_KEY_set_public_key(eckey, pub_key) == 0)
-                        {
-                                EC_POINT_free(pub_key);
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        EC_POINT_free(pub_key);
                }
-                EVP_PKEY_assign_EC_KEY(pkey, eckey);
-                if (ctx)
-                        BN_CTX_free(ctx);
-                break;
-ecerr:
-                if (ctx)
-                        BN_CTX_free(ctx);
-                if (eckey)
-                        EC_KEY_free(eckey);
-                if (pkey)
-                        EVP_PKEY_free(pkey);
-                return NULL;
-#endif
-                default:
-                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-                if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
-                else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
-                ERR_add_error_data(2, "TYPE=", obj_tmp);
-                EVP_PKEY_free (pkey);
-                return NULL;
-        }
        return pkey;
+        error:
+        EVP_PKEY_free (pkey);
+        return NULL;
 }
 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
@@ -360,59 +125,37 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
                return NULL;
        }
        p8->broken = broken;
-        if (!ASN1_INTEGER_set(p8->version, 0)) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
-        if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
-        p8->pkey->type = V_ASN1_OCTET_STRING;
-        switch (EVP_PKEY_type(pkey->type)) {
-#ifndef OPENSSL_NO_RSA
-                case EVP_PKEY_RSA:
-                if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
+        if (pkey->ameth)
+                {
-                p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+                if (pkey->ameth->priv_encode)
-                p8->pkeyalg->parameter->type = V_ASN1_NULL;
+                        {
-                if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey,
+                        if (!pkey->ameth->priv_encode(p8, pkey))
-                                         &p8->pkey->value.octet_string)) {
+                                {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
+                                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-                        PKCS8_PRIV_KEY_INFO_free (p8);
+                                        EVP_R_PRIVATE_KEY_ENCODE_ERROR);
-                        return NULL;
+                                goto error;
-                }
+                                }
-                break;
+                        }
-#endif
+                else
-#ifndef OPENSSL_NO_DSA
+                        {
-                case EVP_PKEY_DSA:
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-                if(!dsa_pkey2pkcs8(p8, pkey)) {
+                                        EVP_R_METHOD_NOT_SUPPORTED);
-                        PKCS8_PRIV_KEY_INFO_free (p8);
+                        goto error;
-                        return NULL;
+                        }
                }
+        else
-                break;
-#endif
-#ifndef OPENSSL_NO_EC
-                case EVP_PKEY_EC:
-                if (!eckey_pkey2pkcs8(p8, pkey))
                {
-                        PKCS8_PRIV_KEY_INFO_free(p8);
+                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-                        return(NULL);
+                                EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+                goto error;
                }
-                break;
-#endif
-                default:
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
        RAND_add(p8->pkey->value.octet_string->data,
                 p8->pkey->value.octet_string->length, 0.0);
        return p8;
+        error:
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        return NULL;
 }
 PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
@@ -436,301 +179,6 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
        }
 }
-#ifndef OPENSSL_NO_DSA
-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
-{
-        ASN1_STRING *params = NULL;
-        ASN1_INTEGER *prkey = NULL;
-        ASN1_TYPE *ttmp = NULL;
-        STACK_OF(ASN1_TYPE) *ndsa = NULL;
-        unsigned char *p = NULL, *q;
-        int len;
-        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
-        len = i2d_DSAparams (pkey->pkey.dsa, NULL);
-        if (!(p = OPENSSL_malloc(len))) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        q = p;
-        i2d_DSAparams (pkey->pkey.dsa, &q);
-        if (!(params = ASN1_STRING_new())) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if (!ASN1_STRING_set(params, p, len)) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        OPENSSL_free(p);
-        p = NULL;
-        /* Get private key into integer */
-        if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-                goto err;
-        }
-        switch(p8->broken) {
-                case PKCS8_OK:
-                case PKCS8_NO_OCTET:
-                if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,
-                                         &p8->pkey->value.octet_string)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                M_ASN1_INTEGER_free (prkey);
-                prkey = NULL;
-                p8->pkeyalg->parameter->value.sequence = params;
-                params = NULL;
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                break;
-                case PKCS8_NS_DB:
-                p8->pkeyalg->parameter->value.sequence = params;
-                params = NULL;
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                if (!(ndsa = sk_ASN1_TYPE_new_null())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp->value.integer =
-                        BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-                        goto err;
-                }
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.integer = prkey;
-                prkey = NULL;
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp = NULL;
-                if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
-                                         &p8->pkey->value.octet_string->data,
-                                         &p8->pkey->value.octet_string->length)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                break;
-                case PKCS8_EMBEDDED_PARAM:
-                p8->pkeyalg->parameter->type = V_ASN1_NULL;
-                if (!(ndsa = sk_ASN1_TYPE_new_null())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.sequence = params;
-                params = NULL;
-                ttmp->type = V_ASN1_SEQUENCE;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.integer = prkey;
-                prkey = NULL;
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp = NULL;
-                if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
-                                         &p8->pkey->value.octet_string->data,
-                                         &p8->pkey->value.octet_string->length)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                break;
-        }
-        return 1;
-err:
-        if (p != NULL) OPENSSL_free(p);
-        if (params != NULL) ASN1_STRING_free(params);
-        if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
-        if (ttmp != NULL) ASN1_TYPE_free(ttmp);
-        if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-        return 0;
-}
-#endif
-#ifndef OPENSSL_NO_EC
-static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
-{
-        EC_KEY          *ec_key;
-        const EC_GROUP  *group;
-        unsigned char   *p, *pp;
-        int             nid, i, ret = 0;
-        unsigned int    tmp_flags, old_flags;
-        ec_key = pkey->pkey.ec;
-        if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) 
-        {
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
-                return 0;
-        }
-        /* set the ec parameters OID */
-        if (p8->pkeyalg->algorithm)
-                ASN1_OBJECT_free(p8->pkeyalg->algorithm);
-        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
-        /* set the ec parameters */
-        if (p8->pkeyalg->parameter)
-        {
-                ASN1_TYPE_free(p8->pkeyalg->parameter);
-                p8->pkeyalg->parameter = NULL;
-        }
-        if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
-        {
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        
-        if (EC_GROUP_get_asn1_flag(group)
-                     && (nid = EC_GROUP_get_curve_name(group)))
-        {
-                /* we have a 'named curve' => just set the OID */
-                p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
-                p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
-        }
-        else    /* explicit parameters */
-        {
-                if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                        return 0;
-                }
-                if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }       
-                pp = p;
-                if (!i2d_ECParameters(ec_key, &pp))
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                        OPENSSL_free(p);
-                        return 0;
-                }
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                if ((p8->pkeyalg->parameter->value.sequence 
-                        = ASN1_STRING_new()) == NULL)
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
-                        OPENSSL_free(p);
-                        return 0;
-                }
-                ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
-                OPENSSL_free(p);
-        }
-        /* set the private key */
-        /* do not include the parameters in the SEC1 private key
-         * see PKCS#11 12.11 */
-        old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
-        tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
-        EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
-        i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
-        if (!i)
-        {
-                EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                return 0;
-        }
-        p = (unsigned char *) OPENSSL_malloc(i);
-        if (!p)
-        {
-                EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        pp = p;
-        if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
-        {
-                EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                OPENSSL_free(p);
-                return 0;
-        }
-        /* restore old encoding flags */
-        EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-        switch(p8->broken) {
-                case PKCS8_OK:
-                p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
-                if (!p8->pkey->value.octet_string ||
-                    !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
-                    (const void *)p, i))
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                }
-                else
-                        ret = 1;
-                break;
-                case PKCS8_NO_OCTET:            /* RSA specific */
-                case PKCS8_NS_DB:               /* DSA specific */
-                case PKCS8_EMBEDDED_PARAM:      /* DSA specific */
-                default:
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-        }
-        OPENSSL_cleanse(p, (size_t)i);
-        OPENSSL_free(p);
-        return ret;
-}
-#endif
 /* EVP_PKEY attribute functions */
 int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
diff --git a/src/lib/libssl/src/crypto/evp/evp_test.c b/src/lib/libssl/src/crypto/evp/evp_test.c
index 436be20bf1..902efac975 100644
--- a/src/lib/libssl/src/crypto/evp/evp_test.c
+++ b/src/lib/libssl/src/crypto/evp/evp_test.c
@@ -153,8 +153,8 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
    
    if(kn != c->key_len)
        {
-        fprintf(stderr,"Key length doesn't match, got %d expected %d\n",kn,
+        fprintf(stderr,"Key length doesn't match, got %d expected %lu\n",kn,
-                c->key_len);
+                (unsigned long)c->key_len);
        test1_exit(5);
        }
    EVP_CIPHER_CTX_init(&ctx);
@@ -441,7 +441,7 @@ int main(int argc,char **argv)
 #endif
    EVP_cleanup();
    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_state(0);
+    ERR_remove_thread_state(NULL);
    ERR_free_strings();
    CRYPTO_mem_leaks_fp(stderr);
diff --git a/src/lib/libssl/src/crypto/evp/m_dss.c b/src/lib/libssl/src/crypto/evp/m_dss.c
index 6b0c0aa7a3..48c2689504 100644
--- a/src/lib/libssl/src/crypto/evp/m_dss.c
+++ b/src/lib/libssl/src/crypto/evp/m_dss.c
@@ -81,7 +81,7 @@ static const EVP_MD dsa_md=
        NID_dsaWithSHA,
        NID_dsaWithSHA,
        SHA_DIGEST_LENGTH,
-        EVP_MD_FLAG_FIPS,
+        EVP_MD_FLAG_PKEY_DIGEST,
        init,
        update,
        final,
diff --git a/src/lib/libssl/src/crypto/evp/m_dss1.c b/src/lib/libssl/src/crypto/evp/m_dss1.c
index da8babc147..4f03fb70e0 100644
--- a/src/lib/libssl/src/crypto/evp/m_dss1.c
+++ b/src/lib/libssl/src/crypto/evp/m_dss1.c
@@ -68,8 +68,6 @@
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_FIPS
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
@@ -84,7 +82,7 @@ static const EVP_MD dss1_md=
        NID_dsa,
        NID_dsaWithSHA1,
        SHA_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_PKEY_DIGEST,
        init,
        update,
        final,
@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
        return(&dss1_md);
        }
 #endif
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/m_md2.c b/src/lib/libssl/src/crypto/evp/m_md2.c
index 8eee6236ba..5ce849f161 100644
--- a/src/lib/libssl/src/crypto/evp/m_md2.c
+++ b/src/lib/libssl/src/crypto/evp/m_md2.c
@@ -58,7 +58,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp_locl.h"
 #ifndef OPENSSL_NO_MD2
diff --git a/src/lib/libssl/src/crypto/evp/m_md4.c b/src/lib/libssl/src/crypto/evp/m_md4.c
index 5cd2ab5ade..1e0b7c5b42 100644
--- a/src/lib/libssl/src/crypto/evp/m_md4.c
+++ b/src/lib/libssl/src/crypto/evp/m_md4.c
@@ -58,7 +58,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp_locl.h"
 #ifndef OPENSSL_NO_MD4
diff --git a/src/lib/libssl/src/crypto/evp/m_md5.c b/src/lib/libssl/src/crypto/evp/m_md5.c
index 6455829671..63c142119e 100644
--- a/src/lib/libssl/src/crypto/evp/m_md5.c
+++ b/src/lib/libssl/src/crypto/evp/m_md5.c
@@ -62,7 +62,6 @@
 #ifndef OPENSSL_NO_MD5
 #include <openssl/evp.h>
-#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/md5.h>
diff --git a/src/lib/libssl/src/crypto/evp/m_mdc2.c b/src/lib/libssl/src/crypto/evp/m_mdc2.c
index 9f9bcf06ed..b08d559803 100644
--- a/src/lib/libssl/src/crypto/evp/m_mdc2.c
+++ b/src/lib/libssl/src/crypto/evp/m_mdc2.c
@@ -58,7 +58,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp_locl.h"
 #ifndef OPENSSL_NO_MDC2
@@ -66,7 +65,9 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/mdc2.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
 static int init(EVP_MD_CTX *ctx)
        { return MDC2_Init(ctx->md_data); }
diff --git a/src/lib/libssl/src/crypto/evp/m_sha.c b/src/lib/libssl/src/crypto/evp/m_sha.c
index 3f30dfc579..acccc8f92d 100644
--- a/src/lib/libssl/src/crypto/evp/m_sha.c
+++ b/src/lib/libssl/src/crypto/evp/m_sha.c
@@ -58,7 +58,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp_locl.h"
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
diff --git a/src/lib/libssl/src/crypto/evp/m_sha1.c b/src/lib/libssl/src/crypto/evp/m_sha1.c
index 471ec30be0..9a2790fdea 100644
--- a/src/lib/libssl/src/crypto/evp/m_sha1.c
+++ b/src/lib/libssl/src/crypto/evp/m_sha1.c
@@ -68,8 +68,6 @@
 #include <openssl/rsa.h>
 #endif
-#ifndef OPENSSL_FIPS
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
@@ -84,7 +82,7 @@ static const EVP_MD sha1_md=
        NID_sha1,
        NID_sha1WithRSAEncryption,
        SHA_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init,
        update,
        final,
@@ -99,6 +97,7 @@ const EVP_MD *EVP_sha1(void)
        {
        return(&sha1_md);
        }
+#endif
 #ifndef OPENSSL_NO_SHA256
 static int init224(EVP_MD_CTX *ctx)
@@ -120,7 +119,7 @@ static const EVP_MD sha224_md=
        NID_sha224,
        NID_sha224WithRSAEncryption,
        SHA224_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init224,
        update256,
        final256,
@@ -139,7 +138,7 @@ static const EVP_MD sha256_md=
        NID_sha256,
        NID_sha256WithRSAEncryption,
        SHA256_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init256,
        update256,
        final256,
@@ -170,7 +169,7 @@ static const EVP_MD sha384_md=
        NID_sha384,
        NID_sha384WithRSAEncryption,
        SHA384_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init384,
        update512,
        final512,
@@ -189,7 +188,7 @@ static const EVP_MD sha512_md=
        NID_sha512,
        NID_sha512WithRSAEncryption,
        SHA512_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init512,
        update512,
        final512,
@@ -203,7 +202,3 @@ static const EVP_MD sha512_md=
 const EVP_MD *EVP_sha512(void)
        { return(&sha512_md); }
 #endif  /* ifndef OPENSSL_NO_SHA512 */
-#endif
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/names.c b/src/lib/libssl/src/crypto/evp/names.c
index e2e04c3570..f2869f5c78 100644
--- a/src/lib/libssl/src/crypto/evp/names.c
+++ b/src/lib/libssl/src/crypto/evp/names.c
@@ -66,35 +66,32 @@ int EVP_add_cipher(const EVP_CIPHER *c)
        {
        int r;
-#ifdef OPENSSL_FIPS
-        OPENSSL_init();
-#endif
        r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
        if (r == 0) return(0);
+        check_defer(c->nid);
        r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
        return(r);
        }
 int EVP_add_digest(const EVP_MD *md)
        {
        int r;
        const char *name;
-#ifdef OPENSSL_FIPS
-        OPENSSL_init();
-#endif
        name=OBJ_nid2sn(md->type);
        r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
        if (r == 0) return(0);
+        check_defer(md->type);
        r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md);
        if (r == 0) return(0);
-        if (md->type != md->pkey_type)
+        if (md->pkey_type && md->type != md->pkey_type)
                {
                r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
                        OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
                if (r == 0) return(0);
+                check_defer(md->pkey_type);
                r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
                        OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
                }
@@ -127,4 +124,78 @@ void EVP_cleanup(void)
        OBJ_NAME_cleanup(-1);
        EVP_PBE_cleanup();
+        if (obj_cleanup_defer == 2)
+                {
+                obj_cleanup_defer = 0;
+                OBJ_cleanup();
+                }
+        OBJ_sigid_free();
+        }
+struct doall_cipher
+        {
+        void *arg;
+        void (*fn)(const EVP_CIPHER *ciph,
+                        const char *from, const char *to, void *arg);
+        };
+static void do_all_cipher_fn(const OBJ_NAME *nm, void *arg)
+        {
+        struct doall_cipher *dc = arg;
+        if (nm->alias)
+                dc->fn(NULL, nm->name, nm->data, dc->arg);
+        else
+                dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg);
+        }
+void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph,
+                const char *from, const char *to, void *x), void *arg)
+        {
+        struct doall_cipher dc;
+        dc.fn = fn;
+        dc.arg = arg;
+        OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc);
+        }
+void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph,
+                const char *from, const char *to, void *x), void *arg)
+        {
+        struct doall_cipher dc;
+        dc.fn = fn;
+        dc.arg = arg;
+        OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn,&dc);
+        }
+struct doall_md
+        {
+        void *arg;
+        void (*fn)(const EVP_MD *ciph,
+                        const char *from, const char *to, void *arg);
+        };
+static void do_all_md_fn(const OBJ_NAME *nm, void *arg)
+        {
+        struct doall_md *dc = arg;
+        if (nm->alias)
+                dc->fn(NULL, nm->name, nm->data, dc->arg);
+        else
+                dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg);
+        }
+void EVP_MD_do_all(void (*fn)(const EVP_MD *md,
+                const char *from, const char *to, void *x), void *arg)
+        {
+        struct doall_md dc;
+        dc.fn = fn;
+        dc.arg = arg;
+        OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
+        }
+void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *md,
+                const char *from, const char *to, void *x), void *arg)
+        {
+        struct doall_md dc;
+        dc.fn = fn;
+        dc.arg = arg;
+        OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
        }
diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt.c b/src/lib/libssl/src/crypto/evp/p5_crpt.c
index 2a265fdee2..7ecfa8dad9 100644
--- a/src/lib/libssl/src/crypto/evp/p5_crpt.c
+++ b/src/lib/libssl/src/crypto/evp/p5_crpt.c
@@ -62,42 +62,11 @@
 #include <openssl/x509.h>
 #include <openssl/evp.h>
-/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info.
+/* Doesn't do anything now: Builtin PBE algorithms in static table.
 */
 void PKCS5_PBE_add(void)
 {
-#ifndef OPENSSL_NO_DES
-#  ifndef OPENSSL_NO_MD5
-EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_MD2
-EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_SHA
-EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#endif
-#ifndef OPENSSL_NO_RC2
-#  ifndef OPENSSL_NO_MD5
-EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_MD2
-EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_SHA
-EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#endif
-#ifndef OPENSSL_NO_HMAC
-EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
-#endif
 }
 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
@@ -112,6 +81,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
        int saltlen, iter;
        unsigned char *salt;
        const unsigned char *pbuf;
+        int mdsize;
        /* Extract useful info from parameter */
        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
@@ -140,9 +110,12 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
        EVP_DigestUpdate(&ctx, salt, saltlen);
        PBEPARAM_free(pbe);
        EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
+        mdsize = EVP_MD_size(md);
+        if (mdsize < 0)
+            return 0;
        for (i = 1; i < iter; i++) {
                EVP_DigestInit_ex(&ctx, md, NULL);
-                EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
+                EVP_DigestUpdate(&ctx, md_tmp, mdsize);
                EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
        }
        EVP_MD_CTX_cleanup(&ctx);
diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt2.c b/src/lib/libssl/src/crypto/evp/p5_crpt2.c
index 6bec77baf9..334379f310 100644
--- a/src/lib/libssl/src/crypto/evp/p5_crpt2.c
+++ b/src/lib/libssl/src/crypto/evp/p5_crpt2.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -71,28 +71,38 @@
 #endif
 /* This is an implementation of PKCS#5 v2.0 password based encryption key
- * derivation function PBKDF2 using the only currently defined function HMAC
+ * derivation function PBKDF2.
- * with SHA1. Verified against test vectors posted by Peter Gutmann
+ * SHA1 version verified against test vectors posted by Peter Gutmann
 * <pgut001@cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng@rsa.com> mailing list.
 */
-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                           const unsigned char *salt, int saltlen, int iter,
+                           const EVP_MD *digest,
                           int keylen, unsigned char *out)
-{
+        {
-        unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
+        unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
-        int cplen, j, k, tkeylen;
+        int cplen, j, k, tkeylen, mdlen;
        unsigned long i = 1;
        HMAC_CTX hctx;
+        mdlen = EVP_MD_size(digest);
+        if (mdlen < 0)
+                return 0;
        HMAC_CTX_init(&hctx);
        p = out;
        tkeylen = keylen;
-        if(!pass) passlen = 0;
+        if(!pass)
-        else if(passlen == -1) passlen = strlen(pass);
+                passlen = 0;
-        while(tkeylen) {
+        else if(passlen == -1)
-                if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;
+                passlen = strlen(pass);
-                else cplen = tkeylen;
+        while(tkeylen)
+                {
+                if(tkeylen > mdlen)
+                        cplen = mdlen;
+                else
+                        cplen = tkeylen;
                /* We are unlikely to ever use more than 256 blocks (5120 bits!)
                 * but just in case...
                 */
@@ -100,20 +110,22 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
                itmp[1] = (unsigned char)((i >> 16) & 0xff);
                itmp[2] = (unsigned char)((i >> 8) & 0xff);
                itmp[3] = (unsigned char)(i & 0xff);
-                HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL);
+                HMAC_Init_ex(&hctx, pass, passlen, digest, NULL);
                HMAC_Update(&hctx, salt, saltlen);
                HMAC_Update(&hctx, itmp, 4);
                HMAC_Final(&hctx, digtmp, NULL);
                memcpy(p, digtmp, cplen);
-                for(j = 1; j < iter; j++) {
+                for(j = 1; j < iter; j++)
-                        HMAC(EVP_sha1(), pass, passlen,
+                        {
-                                 digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);
+                        HMAC(digest, pass, passlen,
-                        for(k = 0; k < cplen; k++) p[k] ^= digtmp[k];
+                                 digtmp, mdlen, digtmp, NULL);
-                }
+                        for(k = 0; k < cplen; k++)
+                                p[k] ^= digtmp[k];
+                        }
                tkeylen-= cplen;
                i++;
                p+= cplen;
-        }
+                }
        HMAC_CTX_cleanup(&hctx);
 #ifdef DEBUG_PKCS5V2
        fprintf(stderr, "Password:\n");
@@ -125,7 +137,15 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
        h__dump (out, keylen);
 #endif
        return 1;
-}
+        }
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                           const unsigned char *salt, int saltlen, int iter,
+                           int keylen, unsigned char *out)
+        {
+        return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, EVP_sha1(),
+                                        keylen, out);
+        }
 #ifdef DO_TEST
 main()
@@ -155,6 +175,8 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        PBE2PARAM *pbe2 = NULL;
        const EVP_CIPHER *cipher;
        PBKDF2PARAM *kdf = NULL;
+        const EVP_MD *prfmd;
+        int prf_nid, hmac_md_nid;
        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
            param->value.sequence == NULL) {
@@ -180,8 +202,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        /* lets see if we recognise the encryption algorithm.
         */
-        cipher = EVP_get_cipherbyname(
+        cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
-                        OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm)));
        if(!cipher) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
@@ -226,10 +247,23 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                goto err;
        }
-        if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) {
+        if (kdf->prf)
+                prf_nid = OBJ_obj2nid(kdf->prf->algorithm);
+        else
+                prf_nid = NID_hmacWithSHA1;
+        if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0))
+                {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
                goto err;
-        }
+                }
+        prfmd = EVP_get_digestbynid(hmac_md_nid);
+        if (prfmd == NULL)
+                {
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+                goto err;
+                }
        if(kdf->salt->type != V_ASN1_OCTET_STRING) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
@@ -241,7 +275,9 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        salt = kdf->salt->value.octet_string->data;
        saltlen = kdf->salt->value.octet_string->length;
        iter = ASN1_INTEGER_get(kdf->iter);
-        PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+        if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
+                                                   keylen, key))
+                goto err;
        EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
        OPENSSL_cleanse(key, keylen);
        PBKDF2PARAM_free(kdf);
diff --git a/src/lib/libssl/src/crypto/evp/p_dec.c b/src/lib/libssl/src/crypto/evp/p_dec.c
index f64901f653..4201dcbad9 100644
--- a/src/lib/libssl/src/crypto/evp/p_dec.c
+++ b/src/lib/libssl/src/crypto/evp/p_dec.c
@@ -66,7 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl,
+int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
             EVP_PKEY *priv)
        {
        int ret= -1;
@@ -75,7 +75,7 @@ int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl,
        if (priv->type != EVP_PKEY_RSA)
                {
 #endif
-                EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+                EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD,EVP_R_PUBLIC_KEY_NOT_RSA);
 #ifndef OPENSSL_NO_RSA
                goto err;
                }
diff --git a/src/lib/libssl/src/crypto/evp/p_enc.c b/src/lib/libssl/src/crypto/evp/p_enc.c
index c2dfdc52ad..b5a3a84c41 100644
--- a/src/lib/libssl/src/crypto/evp/p_enc.c
+++ b/src/lib/libssl/src/crypto/evp/p_enc.c
@@ -66,7 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len,
+int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int key_len,
             EVP_PKEY *pubk)
        {
        int ret=0;
@@ -75,7 +75,7 @@ int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len,
        if (pubk->type != EVP_PKEY_RSA)
                {
 #endif
-                EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+                EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD,EVP_R_PUBLIC_KEY_NOT_RSA);
 #ifndef OPENSSL_NO_RSA
                goto err;
                }
diff --git a/src/lib/libssl/src/crypto/evp/p_lib.c b/src/lib/libssl/src/crypto/evp/p_lib.c
index 22155ecf62..1916c61699 100644
--- a/src/lib/libssl/src/crypto/evp/p_lib.c
+++ b/src/lib/libssl/src/crypto/evp/p_lib.c
@@ -74,66 +74,26 @@
 #include <openssl/dh.h>
 #endif
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include "asn1_locl.h"
 static void EVP_PKEY_free_it(EVP_PKEY *x);
 int EVP_PKEY_bits(EVP_PKEY *pkey)
        {
-        if (0)
+        if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
-                return 0;
+                return pkey->ameth->pkey_bits(pkey);
-#ifndef OPENSSL_NO_RSA
+        return 0;
-        else if (pkey->type == EVP_PKEY_RSA)
-                return(BN_num_bits(pkey->pkey.rsa->n));
-#endif
-#ifndef OPENSSL_NO_DSA
-        else if (pkey->type == EVP_PKEY_DSA)
-                return(BN_num_bits(pkey->pkey.dsa->p));
-#endif
-#ifndef OPENSSL_NO_EC
-        else if (pkey->type == EVP_PKEY_EC)
-                {
-                BIGNUM *order = BN_new();
-                const EC_GROUP *group;
-                int ret;
-                if (!order)
-                        {
-                        ERR_clear_error();
-                        return 0;
-                        }
-                group = EC_KEY_get0_group(pkey->pkey.ec);
-                if (!EC_GROUP_get_order(group, order, NULL))
-                        {
-                        ERR_clear_error();
-                        return 0;
-                        }
-                ret = BN_num_bits(order);
-                BN_free(order);
-                return ret;
-                }
-#endif
-        return(0);
        }
 int EVP_PKEY_size(EVP_PKEY *pkey)
        {
-        if (pkey == NULL)
+        if (pkey && pkey->ameth && pkey->ameth->pkey_size)
-                return(0);
+                return pkey->ameth->pkey_size(pkey);
-#ifndef OPENSSL_NO_RSA
+        return 0;
-        if (pkey->type == EVP_PKEY_RSA)
-                return(RSA_size(pkey->pkey.rsa));
-        else
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                return(DSA_size(pkey->pkey.dsa));
-#endif
-#ifndef OPENSSL_NO_ECDSA
-                if (pkey->type == EVP_PKEY_EC)
-                return(ECDSA_size(pkey->pkey.ec));
-#endif
-        return(0);
        }
 int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
@@ -174,88 +134,26 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
                EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);
                goto err;
                }
-#ifndef OPENSSL_NO_DSA
+        if (from->ameth && from->ameth->param_copy)
-        if (to->type == EVP_PKEY_DSA)
+                return from->ameth->param_copy(to, from);
-                {
-                BIGNUM *a;
-                if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err;
-                if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p);
-                to->pkey.dsa->p=a;
-                if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err;
-                if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q);
-                to->pkey.dsa->q=a;
-                if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err;
-                if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g);
-                to->pkey.dsa->g=a;
-                }
-#endif
-#ifndef OPENSSL_NO_EC
-        if (to->type == EVP_PKEY_EC)
-                {
-                EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
-                if (group == NULL)
-                        goto err;
-                if (EC_KEY_set_group(to->pkey.ec, group) == 0)
-                        goto err;
-                EC_GROUP_free(group);
-                }
-#endif
-        return(1);
 err:
-        return(0);
+        return 0;
        }
 int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
        {
-#ifndef OPENSSL_NO_DSA
+        if (pkey->ameth && pkey->ameth->param_missing)
-        if (pkey->type == EVP_PKEY_DSA)
+                return pkey->ameth->param_missing(pkey);
-                {
+        return 0;
-                DSA *dsa;
-                dsa=pkey->pkey.dsa;
-                if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
-                        return(1);
-                }
-#endif
-#ifndef OPENSSL_NO_EC
-        if (pkey->type == EVP_PKEY_EC)
-                {
-                if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
-                        return(1);
-                }
-#endif
-        return(0);
        }
 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
        {
-#ifndef OPENSSL_NO_DSA
+        if (a->type != b->type)
-        if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
+                return -1;
-                {
+        if (a->ameth && a->ameth->param_cmp)
-                if (    BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
+                return a->ameth->param_cmp(a, b);
-                        BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
+        return -2;
-                        BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
-                        return(0);
-                else
-                        return(1);
-                }
-#endif
-#ifndef OPENSSL_NO_EC
-        if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC)
-                {
-                const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
-                               *group_b = EC_KEY_get0_group(b->pkey.ec);
-                if (EC_GROUP_cmp(group_a, group_b, NULL))
-                        return 0;
-                else
-                        return 1;
-                }
-#endif
-        return(-1);
        }
 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
@@ -263,51 +161,22 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
        if (a->type != b->type)
                return -1;
-        if (EVP_PKEY_cmp_parameters(a, b) == 0)
+        if (a->ameth)
-                return 0;
-        switch (a->type)
                {
-#ifndef OPENSSL_NO_RSA
+                int ret;
-        case EVP_PKEY_RSA:
+                /* Compare parameters if the algorithm has them */
-                if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0
+                if (a->ameth->param_cmp)
-                        || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
-                        return 0;
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-        case EVP_PKEY_DSA:
-                if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
-                        return 0;
-                break;
-#endif
-#ifndef OPENSSL_NO_EC
-        case EVP_PKEY_EC:
-                {
-                int  r;
-                const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
-                const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
-                               *pb = EC_KEY_get0_public_key(b->pkey.ec);
-                r = EC_POINT_cmp(group, pa, pb, NULL);
-                if (r != 0)
                        {
-                        if (r == 1)
+                        ret = a->ameth->param_cmp(a, b);
-                                return 0;
+                        if (ret <= 0)
-                        else
+                                return ret;
-                                return -2;
                        }
-                }
-                break;
+                if (a->ameth->pub_cmp)
-#endif
+                        return a->ameth->pub_cmp(a, b);
-#ifndef OPENSSL_NO_DH
-        case EVP_PKEY_DH:
-                return -2;
-#endif
-        default:
-                return -2;
                }
-        return 1;
+        return -2;
        }
 EVP_PKEY *EVP_PKEY_new(void)
@@ -321,22 +190,87 @@ EVP_PKEY *EVP_PKEY_new(void)
                return(NULL);
                }
        ret->type=EVP_PKEY_NONE;
+        ret->save_type=EVP_PKEY_NONE;
        ret->references=1;
+        ret->ameth=NULL;
+        ret->engine=NULL;
        ret->pkey.ptr=NULL;
        ret->attributes=NULL;
        ret->save_parameters=1;
        return(ret);
        }
-int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
+/* Setup a public key ASN1 method and ENGINE from a NID or a string.
+ * If pkey is NULL just return 1 or 0 if the algorithm exists.
+ */
+static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
        {
-        if (pkey == NULL) return(0);
+        const EVP_PKEY_ASN1_METHOD *ameth;
-        if (pkey->pkey.ptr != NULL)
+        ENGINE *e = NULL;
-                EVP_PKEY_free_it(pkey);
+        if (pkey)
-        pkey->type=EVP_PKEY_type(type);
+                {
-        pkey->save_type=type;
+                if (pkey->pkey.ptr)
+                        EVP_PKEY_free_it(pkey);
+                /* If key type matches and a method exists then this
+                 * lookup has succeeded once so just indicate success.
+                 */
+                if ((type == pkey->save_type) && pkey->ameth)
+                        return 1;
+#ifndef OPENSSL_NO_ENGINE
+                /* If we have an ENGINE release it */
+                if (pkey->engine)
+                        {
+                        ENGINE_finish(pkey->engine);
+                        pkey->engine = NULL;
+                        }
+#endif
+                }
+        if (str)
+                ameth = EVP_PKEY_asn1_find_str(&e, str, len);
+        else
+                ameth = EVP_PKEY_asn1_find(&e, type);
+#ifndef OPENSSL_NO_ENGINE
+        if (!pkey && e)
+                ENGINE_finish(e);
+#endif
+        if (!ameth)
+                {
+                EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
+                return 0;
+                }
+        if (pkey)
+                {
+                pkey->ameth = ameth;
+                pkey->engine = e;
+                pkey->type = pkey->ameth->pkey_id;
+                pkey->save_type=type;
+                }
+        return 1;
+        }
+int EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
+        {
+        return pkey_set_type(pkey, type, NULL, -1);
+        }
+int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
+        {
+        return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
+        }
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
+        {
+        if (!EVP_PKEY_set_type(pkey, type))
+                return 0;
        pkey->pkey.ptr=key;
-        return(key != NULL);
+        return (key != NULL);
+        }
+void *EVP_PKEY_get0(EVP_PKEY *pkey)
+        {
+        return pkey->pkey.ptr;
        }
 #ifndef OPENSSL_NO_RSA
@@ -425,24 +359,29 @@ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
 int EVP_PKEY_type(int type)
        {
-        switch (type)
+        int ret;
-                {
+        const EVP_PKEY_ASN1_METHOD *ameth;
-        case EVP_PKEY_RSA:
+        ENGINE *e;
-        case EVP_PKEY_RSA2:
+        ameth = EVP_PKEY_asn1_find(&e, type);
-                return(EVP_PKEY_RSA);
+        if (ameth)
-        case EVP_PKEY_DSA:
+                ret = ameth->pkey_id;
-        case EVP_PKEY_DSA1:
+        else
-        case EVP_PKEY_DSA2:
+                ret = NID_undef;
-        case EVP_PKEY_DSA3:
+#ifndef OPENSSL_NO_ENGINE
-        case EVP_PKEY_DSA4:
+        if (e)
-                return(EVP_PKEY_DSA);
+                ENGINE_finish(e);
-        case EVP_PKEY_DH:
+#endif
-                return(EVP_PKEY_DH);
+        return ret;
-        case EVP_PKEY_EC:
+        }
-                return(EVP_PKEY_EC);
-        default:
+int EVP_PKEY_id(const EVP_PKEY *pkey)
-                return(NID_undef);
+        {
-                }
+        return pkey->type;
+        }
+int EVP_PKEY_base_id(const EVP_PKEY *pkey)
+        {
+        return EVP_PKEY_type(pkey->type);
        }
 void EVP_PKEY_free(EVP_PKEY *x)
@@ -471,32 +410,57 @@ void EVP_PKEY_free(EVP_PKEY *x)
 static void EVP_PKEY_free_it(EVP_PKEY *x)
        {
-        switch (x->type)
+        if (x->ameth && x->ameth->pkey_free)
+                x->ameth->pkey_free(x);
+#ifndef OPENSSL_NO_ENGINE
+        if (x->engine)
                {
-#ifndef OPENSSL_NO_RSA
+                ENGINE_finish(x->engine);
-        case EVP_PKEY_RSA:
+                x->engine = NULL;
-        case EVP_PKEY_RSA2:
-                RSA_free(x->pkey.rsa);
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-        case EVP_PKEY_DSA:
-        case EVP_PKEY_DSA2:
-        case EVP_PKEY_DSA3:
-        case EVP_PKEY_DSA4:
-                DSA_free(x->pkey.dsa);
-                break;
-#endif
-#ifndef OPENSSL_NO_EC
-        case EVP_PKEY_EC:
-                EC_KEY_free(x->pkey.ec);
-                break;
-#endif
-#ifndef OPENSSL_NO_DH
-        case EVP_PKEY_DH:
-                DH_free(x->pkey.dh);
-                break;
-#endif
                }
+#endif
+        }
+static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent,
+                                const char *kstr)
+        {
+        BIO_indent(out, indent, 128);
+        BIO_printf(out, "%s algorithm \"%s\" unsupported\n",
+                                                kstr, OBJ_nid2ln(pkey->type));
+        return 1;
+        }
+int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx)
+        {
+        if (pkey->ameth && pkey->ameth->pub_print)
+                return pkey->ameth->pub_print(out, pkey, indent, pctx);
+        
+        return unsup_alg(out, pkey, indent, "Public Key");
+        }
+int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx)
+        {
+        if (pkey->ameth && pkey->ameth->priv_print)
+                return pkey->ameth->priv_print(out, pkey, indent, pctx);
+        
+        return unsup_alg(out, pkey, indent, "Private Key");
+        }
+int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx)
+        {
+        if (pkey->ameth && pkey->ameth->param_print)
+                return pkey->ameth->param_print(out, pkey, indent, pctx);
+        return unsup_alg(out, pkey, indent, "Parameters");
+        }
+int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
+        {
+        if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
+                return -2;
+        return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
+                                                0, pnid);
        }
diff --git a/src/lib/libssl/src/crypto/evp/p_open.c b/src/lib/libssl/src/crypto/evp/p_open.c
index 9935206d0f..53a59a295c 100644
--- a/src/lib/libssl/src/crypto/evp/p_open.c
+++ b/src/lib/libssl/src/crypto/evp/p_open.c
@@ -95,7 +95,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
                goto err;
                }
-        i=EVP_PKEY_decrypt(key,ek,ekl,priv);
+        i=EVP_PKEY_decrypt_old(key,ek,ekl,priv);
        if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i))
                {
                /* ERROR */
diff --git a/src/lib/libssl/src/crypto/evp/p_seal.c b/src/lib/libssl/src/crypto/evp/p_seal.c
index 8cc8fcb0bd..d8324526e7 100644
--- a/src/lib/libssl/src/crypto/evp/p_seal.c
+++ b/src/lib/libssl/src/crypto/evp/p_seal.c
@@ -87,7 +87,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek
        for (i=0; i<npubk; i++)
                {
-                ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_CTX_key_length(ctx),
+                ekl[i]=EVP_PKEY_encrypt_old(ek[i],key,EVP_CIPHER_CTX_key_length(ctx),
                        pubk[i]);
                if (ekl[i] <= 0) return(-1);
                }
diff --git a/src/lib/libssl/src/crypto/evp/p_sign.c b/src/lib/libssl/src/crypto/evp/p_sign.c
index bf41a0db68..8df6d48a7e 100644
--- a/src/lib/libssl/src/crypto/evp/p_sign.c
+++ b/src/lib/libssl/src/crypto/evp/p_sign.c
@@ -84,6 +84,32 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
        MS_STATIC EVP_MD_CTX tmp_ctx;
        *siglen=0;
+        EVP_MD_CTX_init(&tmp_ctx);
+        EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);   
+        EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+        EVP_MD_CTX_cleanup(&tmp_ctx);
+        if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
+                {
+                EVP_PKEY_CTX *pkctx = NULL;
+                size_t sltmp = (size_t)EVP_PKEY_size(pkey);
+                i = 0;
+                pkctx = EVP_PKEY_CTX_new(pkey, NULL);
+                if (!pkctx)
+                        goto err;
+                if (EVP_PKEY_sign_init(pkctx) <= 0)
+                        goto err;
+                if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
+                        goto err;
+                if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
+                        goto err;
+                *siglen = sltmp;
+                i = 1;
+                err:
+                EVP_PKEY_CTX_free(pkctx);
+                return i;
+                }
        for (i=0; i<4; i++)
                {
                v=ctx->digest->required_pkey_type[i];
@@ -99,28 +125,13 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
                EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
                return(0);
                }
        if (ctx->digest->sign == NULL)
                {
                EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
                return(0);
                }
-        EVP_MD_CTX_init(&tmp_ctx);
+        return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
-        EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
+                pkey->pkey.ptr));
-        if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
-                {
-                EVP_MD_SVCTX sctmp;
-                sctmp.mctx = &tmp_ctx;
-                sctmp.key = pkey->pkey.ptr;
-                i = ctx->digest->sign(ctx->digest->type,
-                        NULL, -1, sigret, siglen, &sctmp);
-                }
-        else
-                {
-                EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
-                i = ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
-                                        pkey->pkey.ptr);
-                }
-        EVP_MD_CTX_cleanup(&tmp_ctx);
-        return i;
        }
diff --git a/src/lib/libssl/src/crypto/evp/p_verify.c b/src/lib/libssl/src/crypto/evp/p_verify.c
index 2d46dffe7e..8db46412f3 100644
--- a/src/lib/libssl/src/crypto/evp/p_verify.c
+++ b/src/lib/libssl/src/crypto/evp/p_verify.c
@@ -70,6 +70,28 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
        int i,ok=0,v;
        MS_STATIC EVP_MD_CTX tmp_ctx;
+        EVP_MD_CTX_init(&tmp_ctx);
+        EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     
+        EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+        EVP_MD_CTX_cleanup(&tmp_ctx);
+        if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
+                {
+                EVP_PKEY_CTX *pkctx = NULL;
+                i = -1;
+                pkctx = EVP_PKEY_CTX_new(pkey, NULL);
+                if (!pkctx)
+                        goto err;
+                if (EVP_PKEY_verify_init(pkctx) <= 0)
+                        goto err;
+                if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
+                        goto err;
+                i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
+                err:
+                EVP_PKEY_CTX_free(pkctx);
+                return i;
+                }
        for (i=0; i<4; i++)
                {
                v=ctx->digest->required_pkey_type[i];
@@ -85,29 +107,13 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
                EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
                return(-1);
                }
-        if (ctx->digest->verify == NULL)
+        if (ctx->digest->verify == NULL)
                {
                EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
                return(0);
                }
-        EVP_MD_CTX_init(&tmp_ctx);
+        return(ctx->digest->verify(ctx->digest->type,m,m_len,
-        EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     
+                sigbuf,siglen,pkey->pkey.ptr));
-        if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
-                {
-                EVP_MD_SVCTX sctmp;
-                sctmp.mctx = &tmp_ctx;
-                sctmp.key = pkey->pkey.ptr;
-                i = ctx->digest->verify(ctx->digest->type,
-                        NULL, -1, sigbuf, siglen, &sctmp);
-                }
-        else
-                {
-                EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
-                i = ctx->digest->verify(ctx->digest->type,m,m_len,
-                                        sigbuf,siglen,pkey->pkey.ptr);
-                }
-        EVP_MD_CTX_cleanup(&tmp_ctx);
-        return i;
        }
diff --git a/src/lib/libssl/src/crypto/ex_data.c b/src/lib/libssl/src/crypto/ex_data.c
index 3b11e7a556..e2bc8298d0 100644
--- a/src/lib/libssl/src/crypto/ex_data.c
+++ b/src/lib/libssl/src/crypto/ex_data.c
@@ -245,18 +245,21 @@ typedef struct st_ex_class_item {
 static int ex_class = CRYPTO_EX_INDEX_USER;
 /* The global hash table of EX_CLASS_ITEM items */
-static LHASH *ex_data = NULL;
+DECLARE_LHASH_OF(EX_CLASS_ITEM);
+static LHASH_OF(EX_CLASS_ITEM) *ex_data = NULL;
 /* The callbacks required in the "ex_data" hash table */
-static unsigned long ex_hash_cb(const void *a_void)
+static unsigned long ex_class_item_hash(const EX_CLASS_ITEM *a)
        {
-        return ((const EX_CLASS_ITEM *)a_void)->class_index;
+        return a->class_index;
        }
-static int ex_cmp_cb(const void *a_void, const void *b_void)
+static IMPLEMENT_LHASH_HASH_FN(ex_class_item, EX_CLASS_ITEM)
+static int ex_class_item_cmp(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b)
        {
-        return (((const EX_CLASS_ITEM *)a_void)->class_index -
+        return a->class_index - b->class_index;
-                ((const EX_CLASS_ITEM *)b_void)->class_index);
        }
+static IMPLEMENT_LHASH_COMP_FN(ex_class_item, EX_CLASS_ITEM)
 /* Internal functions used by the "impl_default" implementation to access the
 * state */
@@ -265,7 +268,8 @@ static int ex_data_check(void)
        {
        int toret = 1;
        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-        if(!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL))
+        if(!ex_data
+           && (ex_data = lh_EX_CLASS_ITEM_new()) == NULL)
                toret = 0;
        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
        return toret;
@@ -298,7 +302,7 @@ static EX_CLASS_ITEM *def_get_class(int class_index)
        EX_DATA_CHECK(return NULL;)
        d.class_index = class_index;
        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-        p = lh_retrieve(ex_data, &d);
+        p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d);
        if(!p)
                {
                gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM));
@@ -313,7 +317,7 @@ static EX_CLASS_ITEM *def_get_class(int class_index)
                                {
                                /* Because we're inside the ex_data lock, the
                                 * return value from the insert will be NULL */
-                                lh_insert(ex_data, gen);
+                                (void)lh_EX_CLASS_ITEM_insert(ex_data, gen);
                                p = gen;
                                }
                        }
@@ -375,8 +379,8 @@ static int int_new_class(void)
 static void int_cleanup(void)
        {
        EX_DATA_CHECK(return;)
-        lh_doall(ex_data, def_cleanup_cb);
+        lh_EX_CLASS_ITEM_doall(ex_data, def_cleanup_cb);
-        lh_free(ex_data);
+        lh_EX_CLASS_ITEM_free(ex_data);
        ex_data = NULL;
        impl = NULL;
        }
@@ -452,7 +456,7 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
                return 0;
        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
-        j = sk_num(from->sk);
+        j = sk_void_num(from->sk);
        if(j < mx)
                mx = j;
        if(mx > 0)
@@ -523,7 +527,7 @@ skip:
                OPENSSL_free(storage);
        if(ad->sk)
                {
-                sk_free(ad->sk);
+                sk_void_free(ad->sk);
                ad->sk=NULL;
                }
        }
@@ -596,24 +600,24 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
        if (ad->sk == NULL)
                {
-                if ((ad->sk=sk_new_null()) == NULL)
+                if ((ad->sk=sk_void_new_null()) == NULL)
                        {
                        CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
                        return(0);
                        }
                }
-        i=sk_num(ad->sk);
+        i=sk_void_num(ad->sk);
        while (i <= idx)
                {
-                if (!sk_push(ad->sk,NULL))
+                if (!sk_void_push(ad->sk,NULL))
                        {
                        CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
                        return(0);
                        }
                i++;
                }
-        sk_set(ad->sk,idx,val);
+        sk_void_set(ad->sk,idx,val);
        return(1);
        }
@@ -623,10 +627,10 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
        {
        if (ad->sk == NULL)
                return(0);
-        else if (idx >= sk_num(ad->sk))
+        else if (idx >= sk_void_num(ad->sk))
                return(0);
        else
-                return(sk_value(ad->sk,idx));
+                return(sk_void_value(ad->sk,idx));
        }
 IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS)
diff --git a/src/lib/libssl/src/crypto/hmac/Makefile b/src/lib/libssl/src/crypto/hmac/Makefile
index 5cfa37d99c..0e91709f64 100644
--- a/src/lib/libssl/src/crypto/hmac/Makefile
+++ b/src/lib/libssl/src/crypto/hmac/Makefile
@@ -17,8 +17,8 @@ TEST=hmactest.c
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC=hmac.c
+LIBSRC=hmac.c hm_ameth.c hm_pmeth.c
-LIBOBJ=hmac.o
+LIBOBJ=hmac.o hm_ameth.o hm_pmeth.o
 SRC= $(LIBSRC)
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -74,13 +74,37 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+hm_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+hm_ameth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+hm_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+hm_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hm_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+hm_ameth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+hm_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hm_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hm_ameth.o: ../../include/openssl/symhacks.h ../asn1/asn1_locl.h ../cryptlib.h
+hm_ameth.o: hm_ameth.c
+hm_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+hm_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+hm_pmeth.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+hm_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+hm_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+hm_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hm_pmeth.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+hm_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hm_pmeth.o: ../../include/openssl/opensslconf.h
+hm_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hm_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+hm_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hm_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+hm_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+hm_pmeth.o: ../cryptlib.h ../evp/evp_locl.h hm_pmeth.c
 hmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 hmac.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-hmac.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+hmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hmac.o: ../../include/openssl/symhacks.h ../cryptlib.h hmac.c
-hmac.o: ../cryptlib.h hmac.c
diff --git a/src/lib/libssl/src/crypto/hmac/hmac.c b/src/lib/libssl/src/crypto/hmac/hmac.c
index cbc1c76a57..45015fe754 100644
--- a/src/lib/libssl/src/crypto/hmac/hmac.c
+++ b/src/lib/libssl/src/crypto/hmac/hmac.c
@@ -61,9 +61,7 @@
 #include "cryptlib.h"
 #include <openssl/hmac.h>
-#ifndef OPENSSL_FIPS
+int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                  const EVP_MD *md, ENGINE *impl)
        {
        int i,j,reset=0;
@@ -84,10 +82,13 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                OPENSSL_assert(j <= (int)sizeof(ctx->key));
                if (j < len)
                        {
-                        EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
+                        if (!EVP_DigestInit_ex(&ctx->md_ctx,md, impl))
-                        EVP_DigestUpdate(&ctx->md_ctx,key,len);
+                                goto err;
-                        EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
+                        if (!EVP_DigestUpdate(&ctx->md_ctx,key,len))
-                                &ctx->key_length);
+                                goto err;
+                        if (!EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
+                                &ctx->key_length))
+                                goto err;
                        }
                else
                        {
@@ -104,31 +105,38 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                {
                for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
                        pad[i]=0x36^ctx->key[i];
-                EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
+                if (!EVP_DigestInit_ex(&ctx->i_ctx,md, impl))
-                EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
+                        goto err;
+                if (!EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)))
+                        goto err;
                for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
                        pad[i]=0x5c^ctx->key[i];
-                EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
+                if (!EVP_DigestInit_ex(&ctx->o_ctx,md, impl))
-                EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
+                        goto err;
+                if (!EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)))
+                        goto err;
                }
-        EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
+        if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx))
+                        goto err;
+        return 1;
+        err:
+        return 0;
        }
-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
-               const EVP_MD *md)
        {
        if(key && md)
            HMAC_CTX_init(ctx);
-        HMAC_Init_ex(ctx,key,len,md, NULL);
+        return HMAC_Init_ex(ctx,key,len,md, NULL);
        }
-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
        {
-        EVP_DigestUpdate(&ctx->md_ctx,data,len);
+        return EVP_DigestUpdate(&ctx->md_ctx,data,len);
        }
-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
        {
        int j;
        unsigned int i;
@@ -136,10 +144,17 @@ void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
        j=EVP_MD_block_size(ctx->md);
-        EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
+        if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
-        EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
+                goto err;
-        EVP_DigestUpdate(&ctx->md_ctx,buf,i);
+        if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx))
-        EVP_DigestFinal_ex(&ctx->md_ctx,md,len);
+                goto err;
+        if (!EVP_DigestUpdate(&ctx->md_ctx,buf,i))
+                goto err;
+        if (!EVP_DigestFinal_ex(&ctx->md_ctx,md,len))
+                goto err;
+        return 1;
+        err:
+        return 0;
        }
 void HMAC_CTX_init(HMAC_CTX *ctx)
@@ -149,6 +164,22 @@ void HMAC_CTX_init(HMAC_CTX *ctx)
        EVP_MD_CTX_init(&ctx->md_ctx);
        }
+int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
+        {
+        if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx))
+                goto err;
+        if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx))
+                goto err;
+        if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
+                goto err;
+        memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
+        dctx->key_length = sctx->key_length;
+        dctx->md = sctx->md;
+        return 1;
+        err:
+        return 0;
+        }
 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
        {
        EVP_MD_CTX_cleanup(&ctx->i_ctx);
@@ -166,11 +197,16 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
        if (md == NULL) md=m;
        HMAC_CTX_init(&c);
-        HMAC_Init(&c,key,key_len,evp_md);
+        if (!HMAC_Init(&c,key,key_len,evp_md))
-        HMAC_Update(&c,d,n);
+                goto err;
-        HMAC_Final(&c,md,md_len);
+        if (!HMAC_Update(&c,d,n))
+                goto err;
+        if (!HMAC_Final(&c,md,md_len))
+                goto err;
        HMAC_CTX_cleanup(&c);
-        return(md);
+        return md;
+        err:
+        return NULL;
        }
 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
@@ -179,5 +215,3 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
        EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
        EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
        }
-#endif
diff --git a/src/lib/libssl/src/crypto/hmac/hmac.h b/src/lib/libssl/src/crypto/hmac/hmac.h
index fc38ffb52b..1be0022190 100644
--- a/src/lib/libssl/src/crypto/hmac/hmac.h
+++ b/src/lib/libssl/src/crypto/hmac/hmac.h
@@ -90,15 +90,16 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx);
 #define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */
-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
               const EVP_MD *md); /* deprecated */
-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                  const EVP_MD *md, ENGINE *impl);
-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
+int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
                    const unsigned char *d, size_t n, unsigned char *md,
                    unsigned int *md_len);
+int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
diff --git a/src/lib/libssl/src/crypto/idea/Makefile b/src/lib/libssl/src/crypto/idea/Makefile
index 55c0d4dbff..b2e7add666 100644
--- a/src/lib/libssl/src/crypto/idea/Makefile
+++ b/src/lib/libssl/src/crypto/idea/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -82,9 +82,5 @@ i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
 i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
 i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
 i_ofb64.o: i_ofb64.c idea_lcl.h
-i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
-i_skey.o: ../../include/openssl/fips.h ../../include/openssl/idea.h
-i_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-i_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-i_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 i_skey.o: i_skey.c idea_lcl.h
diff --git a/src/lib/libssl/src/crypto/idea/idea.h b/src/lib/libssl/src/crypto/idea/idea.h
index a137d4cbce..5782e54b0f 100644
--- a/src/lib/libssl/src/crypto/idea/idea.h
+++ b/src/lib/libssl/src/crypto/idea/idea.h
@@ -83,11 +83,8 @@ typedef struct idea_key_st
 const char *idea_options(void);
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
        IDEA_KEY_SCHEDULE *ks);
-#ifdef OPENSSL_FIPS
-void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-#endif
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
+void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
 void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
 void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
diff --git a/src/lib/libssl/src/crypto/install.com b/src/lib/libssl/src/crypto/install.com
index ffad1f97a7..ad3e4d48c7 100644
--- a/src/lib/libssl/src/crypto/install.com
+++ b/src/lib/libssl/src/crypto/install.com
@@ -3,15 +3,26 @@ $!
 $! Author: Richard Levitte <richard@levitte.org>
 $! Time of creation: 22-MAY-1998 10:13
 $!
+$! Changes by Zoltan Arpadffy <zoli@polarhome.com>
+$!
 $! P1   root of the directory tree
 $!
 $       IF P1 .EQS. ""
 $       THEN
 $           WRITE SYS$OUTPUT "First argument missing."
-$           WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$           WRITE SYS$OUTPUT -
+                  "It should be the directory where you want things installed."
 $           EXIT
 $       ENDIF
 $
+$       IF (F$GETSYI("CPU").LT.128)
+$       THEN
+$           ARCH := VAX
+$       ELSE
+$           ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$           IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$       ENDIF
+$
 $       ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
 $       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
 $       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
@@ -19,30 +30,28 @@ $	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
 $       ROOT = ROOT_DEV + "[" + ROOT_DIR
 $
 $       DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$       DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$       DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:['ARCH'_LIB]
-$       DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
 $       DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
 $
 $       IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
           CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$       IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN -
+$       IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLVLIB:
+           CREATE/DIR/LOG WRK_SSLLIB:
-$       IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLALIB:
 $       IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
           CREATE/DIR/LOG WRK_SSLINCLUDE:
 $
 $       SDIRS := ,-
+                 _'ARCH',-
                 OBJECTS,-
-                 MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,-
+                 MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,-
                 DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,-
                 BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,-
                 BUFFER,BIO,STACK,LHASH,RAND,ERR,-
                 EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,-
                 UI,KRB5,-
-                 STORE,PQUEUE,JPAKE
+                 STORE,CMS,PQUEUE,TS,JPAKE
-$       EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,-
+$       EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h
-                symhacks.h,ossl_typ.h
+$       EXHEADER__'ARCH' := opensslconf.h
 $       EXHEADER_OBJECTS := objects.h,obj_mac.h
 $       EXHEADER_MD2 := md2.h
 $       EXHEADER_MD4 := md4.h
@@ -51,6 +60,7 @@ $	EXHEADER_SHA := sha.h
 $       EXHEADER_MDC2 := mdc2.h
 $       EXHEADER_HMAC := hmac.h
 $       EXHEADER_RIPEMD := ripemd.h
+$       EXHEADER_WHRLPOOL := whrlpool.h
 $       EXHEADER_DES := des.h,des_old.h
 $       EXHEADER_AES := aes.h
 $       EXHEADER_RC2 := rc2.h
@@ -61,6 +71,7 @@ $	EXHEADER_BF := blowfish.h
 $       EXHEADER_CAST := cast.h
 $       EXHEADER_CAMELLIA := camellia.h
 $       EXHEADER_SEED := seed.h
+$       EXHEADER_MODES := modes.h
 $       EXHEADER_BN := bn.h
 $       EXHEADER_EC := ec.h
 $       EXHEADER_RSA := rsa.h
@@ -91,12 +102,13 @@ $	EXHEADER_UI := ui.h,ui_compat.h
 $       EXHEADER_KRB5 := krb5_asn.h
 $!      EXHEADER_STORE := store.h,str_compat.h
 $       EXHEADER_STORE := store.h
-$       EXHEADER_PQUEUE := pqueue.h,pq_compat.h
+$       EXHEADER_CMS := cms.h
+$       EXHEADER_PQUEUE := pqueue.h
+$       EXHEADER_TS := ts.h
 $       EXHEADER_JPAKE := jpake.h
 $       LIBS := LIBCRYPTO
 $
-$       VEXE_DIR := [-.VAX.EXE.CRYPTO]
+$       EXE_DIR := [-.'ARCH'.EXE.CRYPTO]
-$       AEXE_DIR := [-.AXP.EXE.CRYPTO]
 $
 $       I = 0
 $ LOOP_SDIRS: 
@@ -108,7 +120,12 @@ $	IF D .EQS. ""
 $       THEN
 $         COPY 'tmp' WRK_SSLINCLUDE: /LOG
 $       ELSE
-$         COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
+$         IF D .EQS. "_''ARCH'"
+$         THEN
+$           COPY [-.'ARCH'.CRYPTO]'tmp' WRK_SSLINCLUDE: /LOG
+$         ELSE
+$           COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
+$         ENDIF
 $       ENDIF
 $       SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp'
 $       GOTO LOOP_SDIRS
@@ -120,27 +137,16 @@ $	E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
 $       I = I + 1
 $       IF E .EQS. "," THEN GOTO LOOP_LIB_END
 $       SET NOON
-$       IF F$SEARCH(VEXE_DIR+E+".OLB") .NES. ""
+$       IF F$SEARCH(EXE_DIR+E+".OLB") .NES. ""
-$       THEN
-$         COPY 'VEXE_DIR''E'.OLB WRK_SSLVLIB:'E'.OLB/log
-$         SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.OLB
-$       ENDIF
-$       ! Preparing for the time when we have shareable images
-$       IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
-$       THEN
-$         COPY 'VEXE_DIR''E'.EXE WRK_SSLVLIB:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.EXE
-$       ENDIF
-$       IF F$SEARCH(AEXE_DIR+E+".OLB") .NES. ""
 $       THEN
-$         COPY 'AEXE_DIR''E'.OLB WRK_SSLALIB:'E'.OLB/log
+$         COPY 'EXE_DIR''E'.OLB WRK_SSLLIB:'E'.OLB/log
-$         SET FILE/PROT=W:RE WRK_SSLALIB:'E'.OLB
+$         SET FILE/PROT=W:RE WRK_SSLLIB:'E'.OLB
 $       ENDIF
 $       ! Preparing for the time when we have shareable images
-$       IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
+$       IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
 $       THEN
-$         COPY 'AEXE_DIR''E'.EXE WRK_SSLALIB:'E'.EXE/log
+$         COPY 'EXE_DIR''E'.EXE WRK_SSLLIB:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLALIB:'E'.EXE
+$         SET FILE/PROT=W:RE WRK_SSLLIB:'E'.EXE
 $       ENDIF
 $       SET ON
 $       GOTO LOOP_LIB
diff --git a/src/lib/libssl/src/crypto/krb5/Makefile b/src/lib/libssl/src/crypto/krb5/Makefile
index 8efb9e8910..14077390d6 100644
--- a/src/lib/libssl/src/crypto/krb5/Makefile
+++ b/src/lib/libssl/src/crypto/krb5/Makefile
@@ -34,7 +34,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
diff --git a/src/lib/libssl/src/crypto/lhash/Makefile b/src/lib/libssl/src/crypto/lhash/Makefile
index 35f0932971..82bddac474 100644
--- a/src/lib/libssl/src/crypto/lhash/Makefile
+++ b/src/lib/libssl/src/crypto/lhash/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
diff --git a/src/lib/libssl/src/crypto/lhash/lh_stats.c b/src/lib/libssl/src/crypto/lhash/lh_stats.c
index 5aa7766aa6..815615e338 100644
--- a/src/lib/libssl/src/crypto/lhash/lh_stats.c
+++ b/src/lib/libssl/src/crypto/lhash/lh_stats.c
@@ -139,7 +139,7 @@ void lh_node_usage_stats(LHASH *lh, FILE *out)
 #else
 #ifndef OPENSSL_NO_FP_API
-void lh_stats(const LHASH *lh, FILE *fp)
+void lh_stats(const _LHASH *lh, FILE *fp)
        {
        BIO *bp;
@@ -151,7 +151,7 @@ void lh_stats(const LHASH *lh, FILE *fp)
 end:;
        }
-void lh_node_stats(const LHASH *lh, FILE *fp)
+void lh_node_stats(const _LHASH *lh, FILE *fp)
        {
        BIO *bp;
@@ -163,7 +163,7 @@ void lh_node_stats(const LHASH *lh, FILE *fp)
 end:;
        }
-void lh_node_usage_stats(const LHASH *lh, FILE *fp)
+void lh_node_usage_stats(const _LHASH *lh, FILE *fp)
        {
        BIO *bp;
@@ -177,7 +177,7 @@ end:;
 #endif
-void lh_stats_bio(const LHASH *lh, BIO *out)
+void lh_stats_bio(const _LHASH *lh, BIO *out)
        {
        BIO_printf(out,"num_items             = %lu\n",lh->num_items);
        BIO_printf(out,"num_nodes             = %u\n",lh->num_nodes);
@@ -205,7 +205,7 @@ void lh_stats_bio(const LHASH *lh, BIO *out)
 #endif
        }
-void lh_node_stats_bio(const LHASH *lh, BIO *out)
+void lh_node_stats_bio(const _LHASH *lh, BIO *out)
        {
        LHASH_NODE *n;
        unsigned int i,num;
@@ -218,7 +218,7 @@ void lh_node_stats_bio(const LHASH *lh, BIO *out)
                }
        }
-void lh_node_usage_stats_bio(const LHASH *lh, BIO *out)
+void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out)
        {
        LHASH_NODE *n;
        unsigned long num;
diff --git a/src/lib/libssl/src/crypto/lhash/lhash.c b/src/lib/libssl/src/crypto/lhash/lhash.c
index 04ea80203c..47f748081b 100644
--- a/src/lib/libssl/src/crypto/lhash/lhash.c
+++ b/src/lib/libssl/src/crypto/lhash/lhash.c
@@ -107,18 +107,18 @@ const char lh_version[]="lhash" OPENSSL_VERSION_PTEXT;
 #define UP_LOAD         (2*LH_LOAD_MULT) /* load times 256  (default 2) */
 #define DOWN_LOAD       (LH_LOAD_MULT)   /* load times 256  (default 1) */
-static void expand(LHASH *lh);
+static void expand(_LHASH *lh);
-static void contract(LHASH *lh);
+static void contract(_LHASH *lh);
-static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash);
+static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash);
-LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
+_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
        {
-        LHASH *ret;
+        _LHASH *ret;
        int i;
-        if ((ret=(LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL)
+        if ((ret=OPENSSL_malloc(sizeof(_LHASH))) == NULL)
                goto err0;
-        if ((ret->b=(LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
+        if ((ret->b=OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
                goto err1;
        for (i=0; i<MIN_NODES; i++)
                ret->b[i]=NULL;
@@ -154,7 +154,7 @@ err0:
        return(NULL);
        }
-void lh_free(LHASH *lh)
+void lh_free(_LHASH *lh)
        {
        unsigned int i;
        LHASH_NODE *n,*nn;
@@ -176,7 +176,7 @@ void lh_free(LHASH *lh)
        OPENSSL_free(lh);
        }
-void *lh_insert(LHASH *lh, void *data)
+void *lh_insert(_LHASH *lh, void *data)
        {
        unsigned long hash;
        LHASH_NODE *nn,**rn;
@@ -214,7 +214,7 @@ void *lh_insert(LHASH *lh, void *data)
        return(ret);
        }
-void *lh_delete(LHASH *lh, const void *data)
+void *lh_delete(_LHASH *lh, const void *data)
        {
        unsigned long hash;
        LHASH_NODE *nn,**rn;
@@ -245,7 +245,7 @@ void *lh_delete(LHASH *lh, const void *data)
        return(ret);
        }
-void *lh_retrieve(LHASH *lh, const void *data)
+void *lh_retrieve(_LHASH *lh, const void *data)
        {
        unsigned long hash;
        LHASH_NODE **rn;
@@ -267,12 +267,15 @@ void *lh_retrieve(LHASH *lh, const void *data)
        return(ret);
        }
-static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
+static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
                          LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)
        {
        int i;
        LHASH_NODE *a,*n;
+        if (lh == NULL)
+                return;
        /* reverse the order so we search from 'top to bottom'
         * We were having memory leaks otherwise */
        for (i=lh->num_nodes-1; i>=0; i--)
@@ -282,6 +285,8 @@ static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
                        {
                        /* 28/05/91 - eay - n added so items can be deleted
                         * via lh_doall */
+                        /* 22/05/08 - ben - eh? since a is not passed,
+                         * this should not be needed */
                        n=a->next;
                        if(use_arg)
                                func_arg(a->data,arg);
@@ -292,17 +297,17 @@ static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
                }
        }
-void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func)
+void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func)
        {
        doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);
        }
-void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
+void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
        {
        doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
        }
-static void expand(LHASH *lh)
+static void expand(_LHASH *lh)
        {
        LHASH_NODE **n,**n1,**n2,*np;
        unsigned int p,i,j;
@@ -358,7 +363,7 @@ static void expand(LHASH *lh)
                }
        }
-static void contract(LHASH *lh)
+static void contract(_LHASH *lh)
        {
        LHASH_NODE **n,*n1,*np;
@@ -397,7 +402,7 @@ static void contract(LHASH *lh)
                }
        }
-static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash)
+static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash)
        {
        LHASH_NODE **ret,*n1;
        unsigned long hash,nn;
@@ -464,7 +469,7 @@ unsigned long lh_strhash(const char *c)
        return((ret>>16)^ret);
        }
-unsigned long lh_num_items(const LHASH *lh)
+unsigned long lh_num_items(const _LHASH *lh)
        {
        return lh ? lh->num_items : 0;
        }
diff --git a/src/lib/libssl/src/crypto/lhash/lhash.h b/src/lib/libssl/src/crypto/lhash/lhash.h
index d392d0cd80..e7d8763591 100644
--- a/src/lib/libssl/src/crypto/lhash/lhash.h
+++ b/src/lib/libssl/src/crypto/lhash/lhash.h
@@ -98,42 +98,42 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *);
 * macros if the functions are strictly internal. */
 /* First: "hash" functions */
-#define DECLARE_LHASH_HASH_FN(f_name,o_type) \
+#define DECLARE_LHASH_HASH_FN(name, o_type) \
-        unsigned long f_name##_LHASH_HASH(const void *);
+        unsigned long name##_LHASH_HASH(const void *);
-#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \
+#define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
-        unsigned long f_name##_LHASH_HASH(const void *arg) { \
+        unsigned long name##_LHASH_HASH(const void *arg) { \
-                o_type a = (o_type)arg; \
+                const o_type *a = arg; \
-                return f_name(a); }
+                return name##_hash(a); }
-#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
+#define LHASH_HASH_FN(name) name##_LHASH_HASH
 /* Second: "compare" functions */
-#define DECLARE_LHASH_COMP_FN(f_name,o_type) \
+#define DECLARE_LHASH_COMP_FN(name, o_type) \
-        int f_name##_LHASH_COMP(const void *, const void *);
+        int name##_LHASH_COMP(const void *, const void *);
-#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \
+#define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
-        int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \
+        int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
-                o_type a = (o_type)arg1; \
+                const o_type *a = arg1;             \
-                o_type b = (o_type)arg2; \
+                const o_type *b = arg2; \
-                return f_name(a,b); }
+                return name##_cmp(a,b); }
-#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
+#define LHASH_COMP_FN(name) name##_LHASH_COMP
 /* Third: "doall" functions */
-#define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
+#define DECLARE_LHASH_DOALL_FN(name, o_type) \
-        void f_name##_LHASH_DOALL(void *);
+        void name##_LHASH_DOALL(void *);
-#define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
+#define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \
-        void f_name##_LHASH_DOALL(void *arg) { \
+        void name##_LHASH_DOALL(void *arg) { \
-                o_type a = (o_type)arg; \
+                o_type *a = arg; \
-                f_name(a); }
+                name##_doall(a); }
-#define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
+#define LHASH_DOALL_FN(name) name##_LHASH_DOALL
 /* Fourth: "doall_arg" functions */
-#define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+#define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-        void f_name##_LHASH_DOALL_ARG(void *, void *);
+        void name##_LHASH_DOALL_ARG(void *, void *);
-#define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+#define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-        void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
+        void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
-                o_type a = (o_type)arg1; \
+                o_type *a = arg1; \
-                a_type b = (a_type)arg2; \
+                a_type *b = arg2; \
-                f_name(a,b); }
+                name##_doall_arg(a, b); }
-#define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
+#define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
 typedef struct lhash_st
        {
@@ -163,7 +163,8 @@ typedef struct lhash_st
        unsigned long num_hash_comps;
        int error;
-        } LHASH;
+        } _LHASH;       /* Do not use _LHASH directly, use LHASH_OF
+                         * and friends */
 #define LH_LOAD_MULT    256
@@ -171,27 +172,67 @@ typedef struct lhash_st
 * in lh_insert(). */
 #define lh_error(lh)    ((lh)->error)
-LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
+_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
-void lh_free(LHASH *lh);
+void lh_free(_LHASH *lh);
-void *lh_insert(LHASH *lh, void *data);
+void *lh_insert(_LHASH *lh, void *data);
-void *lh_delete(LHASH *lh, const void *data);
+void *lh_delete(_LHASH *lh, const void *data);
-void *lh_retrieve(LHASH *lh, const void *data);
+void *lh_retrieve(_LHASH *lh, const void *data);
-void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func);
+void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func);
-void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
+void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
 unsigned long lh_strhash(const char *c);
-unsigned long lh_num_items(const LHASH *lh);
+unsigned long lh_num_items(const _LHASH *lh);
 #ifndef OPENSSL_NO_FP_API
-void lh_stats(const LHASH *lh, FILE *out);
+void lh_stats(const _LHASH *lh, FILE *out);
-void lh_node_stats(const LHASH *lh, FILE *out);
+void lh_node_stats(const _LHASH *lh, FILE *out);
-void lh_node_usage_stats(const LHASH *lh, FILE *out);
+void lh_node_usage_stats(const _LHASH *lh, FILE *out);
 #endif
 #ifndef OPENSSL_NO_BIO
-void lh_stats_bio(const LHASH *lh, BIO *out);
+void lh_stats_bio(const _LHASH *lh, BIO *out);
-void lh_node_stats_bio(const LHASH *lh, BIO *out);
+void lh_node_stats_bio(const _LHASH *lh, BIO *out);
-void lh_node_usage_stats_bio(const LHASH *lh, BIO *out);
+void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out);
 #endif
+/* Type checking... */
+#define LHASH_OF(type) struct lhash_st_##type
+#define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; }
+#define CHECKED_LHASH_OF(type,lh) \
+  ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh))
+/* Define wrapper functions. */
+#define LHM_lh_new(type, name) \
+  ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name)))
+#define LHM_lh_error(type, lh) \
+  lh_error(CHECKED_LHASH_OF(type,lh))
+#define LHM_lh_insert(type, lh, inst) \
+  ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \
+                     CHECKED_PTR_OF(type, inst)))
+#define LHM_lh_retrieve(type, lh, inst) \
+  ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \
+                       CHECKED_PTR_OF(type, inst)))
+#define LHM_lh_delete(type, lh, inst) \
+  ((type *)lh_delete(CHECKED_LHASH_OF(type, lh),                        \
+                     CHECKED_PTR_OF(type, inst)))
+#define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn)
+#define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \
+  lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg))
+#define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh))
+#define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load)
+#define LHM_lh_node_stats_bio(type, lh, out) \
+  lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out)
+#define LHM_lh_node_usage_stats_bio(type, lh, out) \
+  lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out)
+#define LHM_lh_stats_bio(type, lh, out) \
+  lh_stats_bio(CHECKED_LHASH_OF(type, lh), out)
+#define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh))
+DECLARE_LHASH_OF(OPENSSL_STRING);
+DECLARE_LHASH_OF(OPENSSL_CSTRING);
 #ifdef  __cplusplus
 }
 #endif
diff --git a/src/lib/libssl/src/crypto/md2/Makefile b/src/lib/libssl/src/crypto/md2/Makefile
index 7f43321ab2..17f878aeb7 100644
--- a/src/lib/libssl/src/crypto/md2/Makefile
+++ b/src/lib/libssl/src/crypto/md2/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -74,9 +74,7 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
-md2_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-md2_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-md2_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
 md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 md2_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
diff --git a/src/lib/libssl/src/crypto/md2/md2.h b/src/lib/libssl/src/crypto/md2/md2.h
index d59c9f2593..a46120e7d4 100644
--- a/src/lib/libssl/src/crypto/md2/md2.h
+++ b/src/lib/libssl/src/crypto/md2/md2.h
@@ -81,9 +81,6 @@ typedef struct MD2state_st
        } MD2_CTX;
 const char *MD2_options(void);
-#ifdef OPENSSL_FIPS
-int private_MD2_Init(MD2_CTX *c);
-#endif
 int MD2_Init(MD2_CTX *c);
 int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
 int MD2_Final(unsigned char *md, MD2_CTX *c);
diff --git a/src/lib/libssl/src/crypto/md2/md2_dgst.c b/src/lib/libssl/src/crypto/md2/md2_dgst.c
index cc4eeaf7a7..c57b3da288 100644
--- a/src/lib/libssl/src/crypto/md2/md2_dgst.c
+++ b/src/lib/libssl/src/crypto/md2/md2_dgst.c
@@ -62,11 +62,6 @@
 #include <openssl/md2.h>
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-#include <openssl/err.h>
 const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
@@ -78,7 +73,7 @@ const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
 static void md2_block(MD2_CTX *c, const unsigned char *d);
 /* The magic S table - I have converted it to hex since it is
 * basically just a random byte string. */
-static MD2_INT S[256]={
+static const MD2_INT S[256]={
        0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
        0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
        0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
@@ -121,7 +116,7 @@ const char *MD2_options(void)
                return("md2(int)");
        }
-FIPS_NON_FIPS_MD_Init(MD2)
+int MD2_Init(MD2_CTX *c)
        {
        c->num=0;
        memset(c->state,0,sizeof c->state);
diff --git a/src/lib/libssl/src/crypto/md32_common.h b/src/lib/libssl/src/crypto/md32_common.h
index 61bcd9786f..1cb783944e 100644
--- a/src/lib/libssl/src/crypto/md32_common.h
+++ b/src/lib/libssl/src/crypto/md32_common.h
@@ -241,11 +241,11 @@
 #ifndef PEDANTIC
 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
 #  if defined(__s390x__)
-#   define HOST_c2l(c,l)        ({ asm ("lrv    %0,0(%1)"               \
+#   define HOST_c2l(c,l)        ({ asm ("lrv    %0,%1"                  \
-                                        :"=r"(l) : "r"(c));             \
+                                   :"=d"(l) :"m"(*(const unsigned int *)(c)));\
                                   (c)+=4; (l);                         })
-#   define HOST_l2c(l,c)        ({ asm ("strv   %0,0(%1)"               \
+#   define HOST_l2c(l,c)        ({ asm ("strv   %1,%0"                  \
-                                        : : "r"(l),"r"(c) : "memory");  \
+                                   :"=m"(*(unsigned int *)(c)) :"d"(l));\
                                   (c)+=4; (l);                         })
 #  endif
 # endif
@@ -293,7 +293,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
         * Wei Dai <weidai@eskimo.com> for pointing it out. */
        if (l < c->Nl) /* overflow */
                c->Nh++;
-        c->Nh+=(len>>29);       /* might cause compiler warning on 16-bit */
+        c->Nh+=(HASH_LONG)(len>>29);    /* might cause compiler warning on 16-bit */
        c->Nl=l;
        n = c->num;
@@ -331,7 +331,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
        if (len != 0)
                {
                p = (unsigned char *)c->data;
-                c->num = len;
+                c->num = (unsigned int)len;
                memcpy (p,data,len);
                }
        return 1;
diff --git a/src/lib/libssl/src/crypto/md4/Makefile b/src/lib/libssl/src/crypto/md4/Makefile
index 0bc4896585..c94a1398ed 100644
--- a/src/lib/libssl/src/crypto/md4/Makefile
+++ b/src/lib/libssl/src/crypto/md4/Makefile
@@ -34,7 +34,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -69,19 +69,16 @@ depend:
 dclean:
        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
        mv -f Makefile.new $(MAKEFILE)
+        rm -f ../../include/openssl/$(EXHEADER) ../../test/$(TEST) ../../apps/$(APPS)
 clean:
        rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 # DO NOT DELETE THIS LINE -- make depend depends on it.
-md4_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h
-md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md4_dgst.o: ../../include/openssl/opensslconf.h
-md4_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c
-md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
-md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-md4_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-md4_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md4_dgst.c
 md4_dgst.o: md4_locl.h
 md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
diff --git a/src/lib/libssl/src/crypto/md4/md4.h b/src/lib/libssl/src/crypto/md4/md4.h
index ba1fe4a6ee..c3ed9b3f75 100644
--- a/src/lib/libssl/src/crypto/md4/md4.h
+++ b/src/lib/libssl/src/crypto/md4/md4.h
@@ -77,7 +77,7 @@ extern "C" {
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#if defined(__LP32__)
 #define MD4_LONG unsigned long
 #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define MD4_LONG unsigned long
@@ -105,9 +105,6 @@ typedef struct MD4state_st
        unsigned int num;
        } MD4_CTX;
-#ifdef OPENSSL_FIPS
-int private_MD4_Init(MD4_CTX *c);
-#endif
 int MD4_Init(MD4_CTX *c);
 int MD4_Update(MD4_CTX *c, const void *data, size_t len);
 int MD4_Final(unsigned char *md, MD4_CTX *c);
diff --git a/src/lib/libssl/src/crypto/md4/md4_dgst.c b/src/lib/libssl/src/crypto/md4/md4_dgst.c
index 0f5448601d..e0c42e8596 100644
--- a/src/lib/libssl/src/crypto/md4/md4_dgst.c
+++ b/src/lib/libssl/src/crypto/md4/md4_dgst.c
@@ -59,11 +59,6 @@
 #include <stdio.h>
 #include "md4_locl.h"
 #include <openssl/opensslv.h>
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
@@ -75,15 +70,13 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
-FIPS_NON_FIPS_MD_Init(MD4)
+int MD4_Init(MD4_CTX *c)
        {
+        memset (c,0,sizeof(*c));
        c->A=INIT_DATA_A;
        c->B=INIT_DATA_B;
        c->C=INIT_DATA_C;
        c->D=INIT_DATA_D;
-        c->Nl=0;
-        c->Nh=0;
-        c->num=0;
        return 1;
        }
diff --git a/src/lib/libssl/src/crypto/md5/Makefile b/src/lib/libssl/src/crypto/md5/Makefile
index 3c450fcfc0..9858d53d31 100644
--- a/src/lib/libssl/src/crypto/md5/Makefile
+++ b/src/lib/libssl/src/crypto/md5/Makefile
@@ -38,21 +38,19 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+md5-586.s:      asm/md5-586.pl ../perlasm/x86asm.pl
-mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/md5-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
-        (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > ../$@)
-# COFF
-mx86-cof.s: asm/md5-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) md5-586.pl coff $(CFLAGS) > ../$@)
-# a.out
-mx86-out.s: asm/md5-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) md5-586.pl a.out $(CFLAGS) > ../$@)
-md5-x86_64.s:   asm/md5-x86_64.pl;      $(PERL) asm/md5-x86_64.pl $@
+md5-x86_64.s:   asm/md5-x86_64.pl
+        $(PERL) asm/md5-x86_64.pl $(PERLASM_SCHEME) > $@
+md5-ia64.s: asm/md5-ia64.S
+        $(CC) $(CFLAGS) -E asm/md5-ia64.S | \
+        $(PERL) -ne 's/;\s+/;\n/g; print;' > $@
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -91,13 +89,9 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
-md5_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h
-md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md5_dgst.o: ../../include/openssl/opensslconf.h
-md5_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c
-md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
-md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-md5_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-md5_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md5_dgst.c
 md5_dgst.o: md5_locl.h
 md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
diff --git a/src/lib/libssl/src/crypto/md5/asm/md5-586.pl b/src/lib/libssl/src/crypto/md5/asm/md5-586.pl
index 76ac235f7d..6cb66bb499 100644
--- a/src/lib/libssl/src/crypto/md5/asm/md5-586.pl
+++ b/src/lib/libssl/src/crypto/md5/asm/md5-586.pl
@@ -7,7 +7,8 @@
 $normal=0;
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],$0);
diff --git a/src/lib/libssl/src/crypto/md5/md5.h b/src/lib/libssl/src/crypto/md5/md5.h
index 0761f84a27..4cbf84386b 100644
--- a/src/lib/libssl/src/crypto/md5/md5.h
+++ b/src/lib/libssl/src/crypto/md5/md5.h
@@ -77,7 +77,7 @@ extern "C" {
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#if defined(__LP32__)
 #define MD5_LONG unsigned long
 #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define MD5_LONG unsigned long
@@ -105,9 +105,6 @@ typedef struct MD5state_st
        unsigned int num;
        } MD5_CTX;
-#ifdef OPENSSL_FIPS
-int private_MD5_Init(MD5_CTX *c);
-#endif
 int MD5_Init(MD5_CTX *c);
 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
 int MD5_Final(unsigned char *md, MD5_CTX *c);
diff --git a/src/lib/libssl/src/crypto/md5/md5_dgst.c b/src/lib/libssl/src/crypto/md5/md5_dgst.c
index 47bb9020ee..beace632e3 100644
--- a/src/lib/libssl/src/crypto/md5/md5_dgst.c
+++ b/src/lib/libssl/src/crypto/md5/md5_dgst.c
@@ -59,11 +59,6 @@
 #include <stdio.h>
 #include "md5_locl.h"
 #include <openssl/opensslv.h>
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
@@ -75,15 +70,13 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
-FIPS_NON_FIPS_MD_Init(MD5)
+int MD5_Init(MD5_CTX *c)
        {
+        memset (c,0,sizeof(*c));
        c->A=INIT_DATA_A;
        c->B=INIT_DATA_B;
        c->C=INIT_DATA_C;
        c->D=INIT_DATA_D;
-        c->Nl=0;
-        c->Nh=0;
-        c->num=0;
        return 1;
        }
diff --git a/src/lib/libssl/src/crypto/md5/md5_locl.h b/src/lib/libssl/src/crypto/md5/md5_locl.h
index 84e81b960d..968d577995 100644
--- a/src/lib/libssl/src/crypto/md5/md5_locl.h
+++ b/src/lib/libssl/src/crypto/md5/md5_locl.h
@@ -69,6 +69,8 @@
 # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \
     defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
 #  define md5_block_data_order md5_block_asm_data_order
+# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+#  define md5_block_data_order md5_block_asm_data_order
 # endif
 #endif
diff --git a/src/lib/libssl/src/crypto/mdc2/Makefile b/src/lib/libssl/src/crypto/mdc2/Makefile
index ea25688d88..1d064f17a6 100644
--- a/src/lib/libssl/src/crypto/mdc2/Makefile
+++ b/src/lib/libssl/src/crypto/mdc2/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2.h b/src/lib/libssl/src/crypto/mdc2/mdc2.h
index 7e1354116a..72778a5212 100644
--- a/src/lib/libssl/src/crypto/mdc2/mdc2.h
+++ b/src/lib/libssl/src/crypto/mdc2/mdc2.h
@@ -80,9 +80,7 @@ typedef struct mdc2_ctx_st
        int pad_type; /* either 1 or 2, default 1 */
        } MDC2_CTX;
-#ifdef OPENSSL_FIPS
-int private_MDC2_Init(MDC2_CTX *c);
-#endif
 int MDC2_Init(MDC2_CTX *c);
 int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
 int MDC2_Final(unsigned char *md, MDC2_CTX *c);
diff --git a/src/lib/libssl/src/crypto/mem.c b/src/lib/libssl/src/crypto/mem.c
index 00ebaf0b9b..6f80dd33eb 100644
--- a/src/lib/libssl/src/crypto/mem.c
+++ b/src/lib/libssl/src/crypto/mem.c
@@ -101,7 +101,7 @@ static void (*free_locked_func)(void *)     = free;
 /* may be changed as long as 'allow_customize_debug' is set */
 /* XXX use correct function pointer types */
-#if defined(CRYPTO_MDEBUG) && !defined(OPENSSL_FIPS)
+#ifdef CRYPTO_MDEBUG
 /* use default functions from mem_dbg.c */
 static void (*malloc_debug_func)(void *,int,const char *,int,int)
        = CRYPTO_dbg_malloc;
@@ -110,14 +110,6 @@ static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
 static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
 static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
 static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
-static int  (*push_info_func)(const char *info, const char *file, int line)
-        = CRYPTO_dbg_push_info;
-static int  (*pop_info_func)(void)
-        = CRYPTO_dbg_pop_info;
-static int (*remove_all_info_func)(void)
-        = CRYPTO_dbg_remove_all_info;
 #else
 /* applications can use CRYPTO_malloc_debug_init() to select above case
 * at run-time */
@@ -127,13 +119,6 @@ static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
 static void (*free_debug_func)(void *,int) = NULL;
 static void (*set_debug_options_func)(long) = NULL;
 static long (*get_debug_options_func)(void) = NULL;
-static int  (*push_info_func)(const char *info, const char *file, int line)
-        = NULL;
-static int  (*pop_info_func)(void) = NULL;
-static int (*remove_all_info_func)(void) = NULL;
 #endif
@@ -209,15 +194,6 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
        return 1;
        }
-void CRYPTO_set_mem_info_functions(
-        int  (*push_info_fn)(const char *info, const char *file, int line),
-        int  (*pop_info_fn)(void),
-        int (*remove_all_info_fn)(void))
-        {
-        push_info_func = push_info_fn;
-        pop_info_func = pop_info_fn;
-        remove_all_info_func = remove_all_info_fn;
-        }
 void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t),
        void (**f)(void *))
@@ -274,7 +250,6 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
 void *CRYPTO_malloc_locked(int num, const char *file, int line)
        {
        void *ret = NULL;
-        extern unsigned char cleanse_ctr;
        if (num <= 0) return NULL;
@@ -291,11 +266,15 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
        if (malloc_debug_func != NULL)
                malloc_debug_func(ret, num, file, line, 1);
+#ifndef OPENSSL_CPUID_OBJ
        /* Create a dependency on the value of 'cleanse_ctr' so our memory
         * sanitisation function can't be optimised out. NB: We only do
         * this for >2Kb so the overhead doesn't bother us. */
        if(ret && (num > 2048))
+        {       extern unsigned char cleanse_ctr;
                ((unsigned char *)ret)[0] = cleanse_ctr;
+        }
+#endif
        return ret;
        }
@@ -315,7 +294,6 @@ void CRYPTO_free_locked(void *str)
 void *CRYPTO_malloc(int num, const char *file, int line)
        {
        void *ret = NULL;
-        extern unsigned char cleanse_ctr;
        if (num <= 0) return NULL;
@@ -332,12 +310,23 @@ void *CRYPTO_malloc(int num, const char *file, int line)
        if (malloc_debug_func != NULL)
                malloc_debug_func(ret, num, file, line, 1);
+#ifndef OPENSSL_CPUID_OBJ
        /* Create a dependency on the value of 'cleanse_ctr' so our memory
         * sanitisation function can't be optimised out. NB: We only do
         * this for >2Kb so the overhead doesn't bother us. */
        if(ret && (num > 2048))
+        {       extern unsigned char cleanse_ctr;
                ((unsigned char *)ret)[0] = cleanse_ctr;
+        }
+#endif
+        return ret;
+        }
+char *CRYPTO_strdup(const char *str, const char *file, int line)
+        {
+        char *ret = CRYPTO_malloc(strlen(str)+1, file, line);
+        strcpy(ret, str);
        return ret;
        }
@@ -423,24 +412,3 @@ long CRYPTO_get_mem_debug_options(void)
                return get_debug_options_func();
        return 0;
        }
-int CRYPTO_push_info_(const char *info, const char *file, int line)
-        {
-        if (push_info_func)
-                return push_info_func(info, file, line);
-        return 1;
-        }
-int CRYPTO_pop_info(void)
-        {
-        if (pop_info_func)
-                return pop_info_func();
-        return 1;
-        }
-int CRYPTO_remove_all_info(void)
-        {
-        if (remove_all_info_func)
-                return remove_all_info_func();
-        return 1;
-        }
diff --git a/src/lib/libssl/src/crypto/mem_dbg.c b/src/lib/libssl/src/crypto/mem_dbg.c
index dfeb084799..ac793397f1 100644
--- a/src/lib/libssl/src/crypto/mem_dbg.c
+++ b/src/lib/libssl/src/crypto/mem_dbg.c
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 #include <stdio.h>
 #include <stdlib.h>
@@ -81,8 +134,11 @@ static int mh_mode=CRYPTO_MEM_CHECK_OFF;
 */
 static unsigned long order = 0; /* number of memory requests */
-static LHASH *mh=NULL; /* hash-table of memory requests (address as key);
-                        * access requires MALLOC2 lock */
+DECLARE_LHASH_OF(MEM);
+static LHASH_OF(MEM) *mh=NULL; /* hash-table of memory requests
+                                * (address as key); access requires
+                                * MALLOC2 lock */
 typedef struct app_mem_info_st
@@ -93,8 +149,8 @@ typedef struct app_mem_info_st
 *   CRYPTO_pop_info()           to pop an entry,
 *   CRYPTO_remove_all_info()    to pop all entries.
 */
-        {       
+        {
-        unsigned long thread;
+        CRYPTO_THREADID threadid;
        const char *file;
        int line;
        const char *info;
@@ -104,10 +160,13 @@ typedef struct app_mem_info_st
 static void app_info_free(APP_INFO *);
-static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
+DECLARE_LHASH_OF(APP_INFO);
-                          * that are at the top of their thread's stack
+static LHASH_OF(APP_INFO) *amih=NULL; /* hash-table with those
-                          * (with `thread' as key);
+                                       * app_mem_info_st's that are at
-                          * access requires MALLOC2 lock */
+                                       * the top of their thread's
+                                       * stack (with `thread' as key);
+                                       * access requires MALLOC2
+                                       * lock */
 typedef struct mem_st
 /* memory-block description */
@@ -116,7 +175,7 @@ typedef struct mem_st
        int num;
        const char *file;
        int line;
-        unsigned long thread;
+        CRYPTO_THREADID threadid;
        unsigned long order;
        time_t time;
        APP_INFO *app_info;
@@ -136,11 +195,11 @@ static unsigned int num_disable = 0; /* num_disable > 0
                                      *     iff
                                      * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE)
                                      */
-static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0.
-                                            * CRYPTO_LOCK_MALLOC2 is locked
+/* Valid iff num_disable > 0.  CRYPTO_LOCK_MALLOC2 is locked exactly in this
-                                            * exactly in this case (by the
+ * case (by the thread named in disabling_thread).
-                                            * thread named in disabling_thread).
+ */
-                                            */
+static CRYPTO_THREADID disabling_threadid;
 static void app_info_free(APP_INFO *inf)
        {
@@ -177,7 +236,9 @@ int CRYPTO_mem_ctrl(int mode)
        case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
                if (mh_mode & CRYPTO_MEM_CHECK_ON)
                        {
-                        if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */
+                        CRYPTO_THREADID cur;
+                        CRYPTO_THREADID_current(&cur);
+                        if (!num_disable || CRYPTO_THREADID_cmp(&disabling_threadid, &cur)) /* otherwise we already have the MALLOC2 lock */
                                {
                                /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while
                                 * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if
@@ -195,7 +256,7 @@ int CRYPTO_mem_ctrl(int mode)
                                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
                                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
                                mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
-                                disabling_thread=CRYPTO_thread_id();
+                                CRYPTO_THREADID_cpy(&disabling_threadid, &cur);
                                }
                        num_disable++;
                        }
@@ -228,10 +289,12 @@ int CRYPTO_is_mem_check_on(void)
        if (mh_mode & CRYPTO_MEM_CHECK_ON)
                {
+                CRYPTO_THREADID cur;
+                CRYPTO_THREADID_current(&cur);
                CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);
                ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
-                        || (disabling_thread != CRYPTO_thread_id());
+                        || CRYPTO_THREADID_cmp(&disabling_threadid, &cur);
                CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);
                }
@@ -249,49 +312,49 @@ long CRYPTO_dbg_get_options(void)
        return options;
        }
-/* static int mem_cmp(MEM *a, MEM *b) */
+static int mem_cmp(const MEM *a, const MEM *b)
-static int mem_cmp(const void *a_void, const void *b_void)
        {
 #ifdef _WIN64
-        const char *a=(const char *)((const MEM *)a_void)->addr,
+        const char *ap=(const char *)a->addr,
-                   *b=(const char *)((const MEM *)b_void)->addr;
+                   *bp=(const char *)b->addr;
-        if (a==b)       return 0;
+        if (ap==bp)     return 0;
-        else if (a>b)   return 1;
+        else if (ap>bp) return 1;
        else            return -1;
 #else
-        return((const char *)((const MEM *)a_void)->addr
+        return (const char *)a->addr - (const char *)b->addr;
-                - (const char *)((const MEM *)b_void)->addr);
 #endif
        }
+static IMPLEMENT_LHASH_COMP_FN(mem, MEM)
-/* static unsigned long mem_hash(MEM *a) */
+static unsigned long mem_hash(const MEM *a)
-static unsigned long mem_hash(const void *a_void)
        {
        unsigned long ret;
-        ret=(unsigned long)((const MEM *)a_void)->addr;
+        ret=(unsigned long)a->addr;
        ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
        return(ret);
        }
+static IMPLEMENT_LHASH_HASH_FN(mem, MEM)
 /* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */
 static int app_info_cmp(const void *a_void, const void *b_void)
        {
-        return(((const APP_INFO *)a_void)->thread
+        return CRYPTO_THREADID_cmp(&((const APP_INFO *)a_void)->threadid,
-                != ((const APP_INFO *)b_void)->thread);
+                                &((const APP_INFO *)b_void)->threadid);
        }
+static IMPLEMENT_LHASH_COMP_FN(app_info, APP_INFO)
-/* static unsigned long app_info_hash(APP_INFO *a) */
+static unsigned long app_info_hash(const APP_INFO *a)
-static unsigned long app_info_hash(const void *a_void)
        {
        unsigned long ret;
-        ret=(unsigned long)((const APP_INFO *)a_void)->thread;
+        ret = CRYPTO_THREADID_hash(&a->threadid);
+        /* This is left in as a "who am I to question legacy?" measure */
        ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
        return(ret);
        }
+static IMPLEMENT_LHASH_HASH_FN(app_info, APP_INFO)
 static APP_INFO *pop_info(void)
        {
@@ -300,21 +363,22 @@ static APP_INFO *pop_info(void)
        if (amih != NULL)
                {
-                tmp.thread=CRYPTO_thread_id();
+                CRYPTO_THREADID_current(&tmp.threadid);
-                if ((ret=(APP_INFO *)lh_delete(amih,&tmp)) != NULL)
+                if ((ret=lh_APP_INFO_delete(amih,&tmp)) != NULL)
                        {
                        APP_INFO *next=ret->next;
                        if (next != NULL)
                                {
                                next->references++;
-                                lh_insert(amih,(char *)next);
+                                (void)lh_APP_INFO_insert(amih,next);
                                }
 #ifdef LEVITTE_DEBUG_MEM
-                        if (ret->thread != tmp.thread)
+                        if (CRYPTO_THREADID_cmp(&ret->threadid, &tmp.threadid))
                                {
                                fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
-                                        ret->thread, tmp.thread);
+                                        CRYPTO_THREADID_hash(&ret->threadid),
+                                        CRYPTO_THREADID_hash(&tmp.threadid));
                                abort();
                                }
 #endif
@@ -330,7 +394,7 @@ static APP_INFO *pop_info(void)
        return(ret);
        }
-int CRYPTO_dbg_push_info(const char *info, const char *file, int line)
+int CRYPTO_push_info_(const char *info, const char *file, int line)
        {
        APP_INFO *ami, *amim;
        int ret=0;
@@ -346,7 +410,7 @@ int CRYPTO_dbg_push_info(const char *info, const char *file, int line)
                        }
                if (amih == NULL)
                        {
-                        if ((amih=lh_new(app_info_hash, app_info_cmp)) == NULL)
+                        if ((amih=lh_APP_INFO_new()) == NULL)
                                {
                                OPENSSL_free(ami);
                                ret=0;
@@ -354,20 +418,21 @@ int CRYPTO_dbg_push_info(const char *info, const char *file, int line)
                                }
                        }
-                ami->thread=CRYPTO_thread_id();
+                CRYPTO_THREADID_current(&ami->threadid);
                ami->file=file;
                ami->line=line;
                ami->info=info;
                ami->references=1;
                ami->next=NULL;
-                if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL)
+                if ((amim=lh_APP_INFO_insert(amih,ami)) != NULL)
                        {
 #ifdef LEVITTE_DEBUG_MEM
-                        if (ami->thread != amim->thread)
+                        if (CRYPTO_THREADID_cmp(&ami->threadid, &amim->threadid))
                                {
                                fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
-                                        amim->thread, ami->thread);
+                                        CRYPTO_THREADID_hash(&amim->threadid),
+                                        CRYPTO_THREADID_hash(&ami->threadid));
                                abort();
                                }
 #endif
@@ -380,7 +445,7 @@ int CRYPTO_dbg_push_info(const char *info, const char *file, int line)
        return(ret);
        }
-int CRYPTO_dbg_pop_info(void)
+int CRYPTO_pop_info(void)
        {
        int ret=0;
@@ -395,7 +460,7 @@ int CRYPTO_dbg_pop_info(void)
        return(ret);
        }
-int CRYPTO_dbg_remove_all_info(void)
+int CRYPTO_remove_all_info(void)
        {
        int ret=0;
@@ -439,7 +504,7 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
                                }
                        if (mh == NULL)
                                {
-                                if ((mh=lh_new(mem_hash, mem_cmp)) == NULL)
+                                if ((mh=lh_MEM_new()) == NULL)
                                        {
                                        OPENSSL_free(addr);
                                        OPENSSL_free(m);
@@ -453,9 +518,9 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
                        m->line=line;
                        m->num=num;
                        if (options & V_CRYPTO_MDEBUG_THREAD)
-                                m->thread=CRYPTO_thread_id();
+                                CRYPTO_THREADID_current(&m->threadid);
                        else
-                                m->thread=0;
+                                memset(&m->threadid, 0, sizeof(m->threadid));
                        if (order == break_order_num)
                                {
@@ -464,7 +529,7 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
                                }
                        m->order=order++;
 #ifdef LEVITTE_DEBUG_MEM
-                        fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n",
+                        fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] %c 0x%p (%d)\n",
                                m->order,
                                (before_p & 128) ? '*' : '+',
                                m->addr, m->num);
@@ -474,16 +539,16 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
                        else
                                m->time=0;
-                        tmp.thread=CRYPTO_thread_id();
+                        CRYPTO_THREADID_current(&tmp.threadid);
                        m->app_info=NULL;
                        if (amih != NULL
-                                && (amim=(APP_INFO *)lh_retrieve(amih,(char *)&tmp)) != NULL)
+                            && (amim=lh_APP_INFO_retrieve(amih,&tmp)) != NULL)
                                {
                                m->app_info = amim;
                                amim->references++;
                                }
-                        if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)
+                        if ((mm=lh_MEM_insert(mh, m)) != NULL)
                                {
                                /* Not good, but don't sweat it */
                                if (mm->app_info != NULL)
@@ -516,11 +581,11 @@ void CRYPTO_dbg_free(void *addr, int before_p)
                        MemCheck_off(); /* make sure we hold MALLOC2 lock */
                        m.addr=addr;
-                        mp=(MEM *)lh_delete(mh,(char *)&m);
+                        mp=lh_MEM_delete(mh,&m);
                        if (mp != NULL)
                                {
 #ifdef LEVITTE_DEBUG_MEM
-                        fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n",
+                        fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] - 0x%p (%d)\n",
                                mp->order, mp->addr, mp->num);
 #endif
                                if (mp->app_info != NULL)
@@ -566,18 +631,18 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
                        MemCheck_off(); /* make sure we hold MALLOC2 lock */
                        m.addr=addr1;
-                        mp=(MEM *)lh_delete(mh,(char *)&m);
+                        mp=lh_MEM_delete(mh,&m);
                        if (mp != NULL)
                                {
 #ifdef LEVITTE_DEBUG_MEM
-                                fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n",
+                                fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] * 0x%p (%d) -> 0x%p (%d)\n",
                                        mp->order,
                                        mp->addr, mp->num,
                                        addr2, num);
 #endif
                                mp->addr=addr2;
                                mp->num=num;
-                                lh_insert(mh,(char *)mp);
+                                (void)lh_MEM_insert(mh,mp);
                                }
                        MemCheck_on(); /* release MALLOC2 lock
@@ -596,14 +661,14 @@ typedef struct mem_leak_st
        long bytes;
        } MEM_LEAK;
-static void print_leak(const MEM *m, MEM_LEAK *l)
+static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l)
        {
        char buf[1024];
        char *bufp = buf;
        APP_INFO *amip;
        int ami_cnt;
        struct tm *lcl = NULL;
-        unsigned long ti;
+        CRYPTO_THREADID ti;
 #define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))
@@ -625,7 +690,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
        if (options & V_CRYPTO_MDEBUG_THREAD)
                {
-                BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
+                BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ",
+                        CRYPTO_THREADID_hash(&m->threadid));
                bufp += strlen(bufp);
                }
@@ -642,8 +708,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
        ami_cnt=0;
        if (!amip)
                return;
-        ti=amip->thread;
+        CRYPTO_THREADID_cpy(&ti, &amip->threadid);
-        
        do
                {
                int buf_len;
@@ -653,7 +719,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
                memset(buf,'>',ami_cnt);
                BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
                        " thread=%lu, file=%s, line=%d, info=\"",
-                        amip->thread, amip->file, amip->line);
+                        CRYPTO_THREADID_hash(&amip->threadid), amip->file,
+                        amip->line);
                buf_len=strlen(buf);
                info_len=strlen(amip->info);
                if (128 - buf_len - 3 < info_len)
@@ -673,8 +740,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
                amip = amip->next;
                }
-        while(amip && amip->thread == ti);
+        while(amip && !CRYPTO_THREADID_cmp(&amip->threadid, &ti));
-                
 #ifdef LEVITTE_DEBUG_MEM
        if (amip)
                {
@@ -684,7 +751,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
 #endif
        }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM, MEM_LEAK)
 void CRYPTO_mem_leaks(BIO *b)
        {
@@ -699,12 +766,15 @@ void CRYPTO_mem_leaks(BIO *b)
        ml.bytes=0;
        ml.chunks=0;
        if (mh != NULL)
-                lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak),
+                lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), MEM_LEAK,
-                                (char *)&ml);
+                                 &ml);
        if (ml.chunks != 0)
                {
                BIO_printf(b,"%ld bytes leaked in %d chunks\n",
                           ml.bytes,ml.chunks);
+#ifdef CRYPTO_MDEBUG_ABORT
+                abort();
+#endif
                }
        else
                {
@@ -717,7 +787,7 @@ void CRYPTO_mem_leaks(BIO *b)
                 * XXX    This should be in CRYPTO_mem_leaks_cb,
                 * and CRYPTO_mem_leaks should be implemented by
                 * using CRYPTO_mem_leaks_cb.
-                 * (Also their should be a variant of lh_doall_arg
+                 * (Also there should be a variant of lh_doall_arg
                 * that takes a function pointer instead of a void *;
                 * this would obviate the ugly and illegal
                 * void_fn_to_char kludge in CRYPTO_mem_leaks_cb.
@@ -734,14 +804,14 @@ void CRYPTO_mem_leaks(BIO *b)
                if (mh != NULL)
                        {
-                        lh_free(mh);
+                        lh_MEM_free(mh);
                        mh = NULL;
                        }
                if (amih != NULL)
                        {
-                        if (lh_num_items(amih) == 0) 
+                        if (lh_APP_INFO_num_items(amih) == 0) 
                                {
-                                lh_free(amih);
+                                lh_APP_INFO_free(amih);
                                amih = NULL;
                                }
                        }
@@ -779,39 +849,26 @@ void CRYPTO_mem_leaks_fp(FILE *fp)
 /* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h
 * If this code is restructured, remove the callback type if it is no longer
 * needed. -- Geoff Thorpe */
-static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb)
+/* Can't pass CRYPTO_MEM_LEAK_CB directly to lh_MEM_doall_arg because it
+ * is a function pointer and conversion to void * is prohibited. Instead
+ * pass its address
+ */
+typedef CRYPTO_MEM_LEAK_CB *PCRYPTO_MEM_LEAK_CB;
+static void cb_leak_doall_arg(const MEM *m, PCRYPTO_MEM_LEAK_CB *cb)
        {
-        (**cb)(m->order,m->file,m->line,m->num,m->addr);
+        (*cb)(m->order,m->file,m->line,m->num,m->addr);
        }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, CRYPTO_MEM_LEAK_CB **)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM, PCRYPTO_MEM_LEAK_CB)
 void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb)
        {
        if (mh == NULL) return;
        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
-        lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb);
+        lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), PCRYPTO_MEM_LEAK_CB,
+                         &cb);
        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
        }
-void CRYPTO_malloc_debug_init(void)
-        {
-        CRYPTO_set_mem_debug_functions(
-                CRYPTO_dbg_malloc,
-                CRYPTO_dbg_realloc,
-                CRYPTO_dbg_free,
-                CRYPTO_dbg_set_options,
-                CRYPTO_dbg_get_options);
-        CRYPTO_set_mem_info_functions(
-                CRYPTO_dbg_push_info,
-                CRYPTO_dbg_pop_info,
-                CRYPTO_dbg_remove_all_info);
-        }
-char *CRYPTO_strdup(const char *str, const char *file, int line)
-        {
-        char *ret = CRYPTO_malloc(strlen(str)+1, file, line);
-        strcpy(ret, str);
-        return ret;
-        }
diff --git a/src/lib/libssl/src/crypto/o_str.c b/src/lib/libssl/src/crypto/o_str.c
index 59cc25094b..56104a6c34 100644
--- a/src/lib/libssl/src/crypto/o_str.c
+++ b/src/lib/libssl/src/crypto/o_str.c
@@ -60,7 +60,9 @@
 #include <e_os.h>
 #include "o_str.h"
-#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && !defined(OPENSSL_SYSNAME_WIN32)
+#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \
+    !defined(OPENSSL_SYSNAME_WIN32) && \
+    !defined(NETWARE_CLIB)
 # include <strings.h>
 #endif
diff --git a/src/lib/libssl/src/crypto/o_time.c b/src/lib/libssl/src/crypto/o_time.c
index e29091d650..eecbdd19f0 100644
--- a/src/lib/libssl/src/crypto/o_time.c
+++ b/src/lib/libssl/src/crypto/o_time.c
@@ -2,6 +2,9 @@
 /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2001.
 */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2008.
+ */
 /* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
@@ -73,7 +76,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
        {
        struct tm *ts = NULL;
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
+#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
        /* should return &data, but doesn't on some systems,
           so we don't even look at the return value */
        gmtime_r(timer,result);
@@ -214,4 +217,150 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
                }
 #endif
        return ts;
-        }       
+        }
+/* Take a tm structure and add an offset to it. This avoids any OS issues
+ * with restricted date types and overflows which cause the year 2038
+ * problem.
+ */
+#define SECS_PER_DAY (24 * 60 * 60)
+static long date_to_julian(int y, int m, int d);
+static void julian_to_date(long jd, int *y, int *m, int *d);
+int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
+        {
+        int offset_hms, offset_day;
+        long time_jd;
+        int time_year, time_month, time_day;
+        /* split offset into days and day seconds */
+        offset_day = offset_sec / SECS_PER_DAY;
+        /* Avoid sign issues with % operator */
+        offset_hms  = offset_sec - (offset_day * SECS_PER_DAY);
+        offset_day += off_day;
+        /* Add current time seconds to offset */
+        offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec;
+        /* Adjust day seconds if overflow */
+        if (offset_hms >= SECS_PER_DAY)
+                {
+                offset_day++;
+                offset_hms -= SECS_PER_DAY;
+                }
+        else if (offset_hms < 0)
+                {
+                offset_day--;
+                offset_hms += SECS_PER_DAY;
+                }
+        /* Convert date of time structure into a Julian day number.
+         */
+        time_year = tm->tm_year + 1900;
+        time_month = tm->tm_mon + 1;
+        time_day = tm->tm_mday;
+        time_jd = date_to_julian(time_year, time_month, time_day);
+        /* Work out Julian day of new date */
+        time_jd += offset_day;
+        if (time_jd < 0)
+                return 0;
+        /* Convert Julian day back to date */
+        julian_to_date(time_jd, &time_year, &time_month, &time_day);
+        if (time_year < 1900 || time_year > 9999)
+                return 0;
+        /* Update tm structure */
+        tm->tm_year = time_year - 1900;
+        tm->tm_mon = time_month - 1;
+        tm->tm_mday = time_day;
+        tm->tm_hour = offset_hms / 3600;
+        tm->tm_min = (offset_hms / 60) % 60;
+        tm->tm_sec = offset_hms % 60;
+        return 1;
+                
+}
+/* Convert date to and from julian day
+ * Uses Fliegel & Van Flandern algorithm
+ */
+static long date_to_julian(int y, int m, int d)
+{
+        return (1461 * (y + 4800 + (m - 14) / 12)) / 4 +
+                (367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 -
+                (3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 +
+                d - 32075;
+}
+static void julian_to_date(long jd, int *y, int *m, int *d)
+        {
+        long  L = jd + 68569;
+        long  n = (4 * L) / 146097;
+        long  i, j;
+        L = L - (146097 * n + 3) / 4;
+        i = (4000 * (L + 1)) / 1461001;
+        L = L - (1461 * i) / 4 + 31;
+        j = (80 * L) / 2447;
+        *d = L - (2447 * j) / 80;
+        L = j / 11;
+        *m = j + 2 - (12 * L);
+        *y = 100 * (n - 49) + i + L;
+        }
+#ifdef OPENSSL_TIME_TEST
+#include <stdio.h>
+/* Time checking test code. Check times are identical for a wide range of
+ * offsets. This should be run on a machine with 64 bit time_t or it will
+ * trigger the very errors the routines fix.
+ */
+int main(int argc, char **argv)
+        {
+        long offset;
+        for (offset = 0; offset < 1000000; offset++)
+                {
+                check_time(offset);
+                check_time(-offset);
+                check_time(offset * 1000);
+                check_time(-offset * 1000);
+                }
+        }
+int check_time(long offset)
+        {
+        struct tm tm1, tm2;
+        time_t t1, t2;
+        time(&t1);
+        t2 = t1 + offset;
+        OPENSSL_gmtime(&t2, &tm2);
+        OPENSSL_gmtime(&t1, &tm1);
+        OPENSSL_gmtime_adj(&tm1, 0, offset);
+        if ((tm1.tm_year == tm2.tm_year) &&
+            (tm1.tm_mon == tm2.tm_mon) &&
+            (tm1.tm_mday == tm2.tm_mday) &&
+            (tm1.tm_hour == tm2.tm_hour) &&
+            (tm1.tm_min == tm2.tm_min) &&
+            (tm1.tm_sec == tm2.tm_sec))
+                return 1;
+        fprintf(stderr, "TIME ERROR!!\n");
+        fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n",
+                        tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900,
+                        tm2.tm_hour, tm2.tm_min, tm2.tm_sec);
+        fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n",
+                        tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900,
+                        tm1.tm_hour, tm1.tm_min, tm1.tm_sec);
+        return 0;
+        }
+#endif
diff --git a/src/lib/libssl/src/crypto/o_time.h b/src/lib/libssl/src/crypto/o_time.h
index e66044626d..e391da7508 100644
--- a/src/lib/libssl/src/crypto/o_time.h
+++ b/src/lib/libssl/src/crypto/o_time.h
@@ -62,5 +62,6 @@
 #include <time.h>
 struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
+int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
 #endif
diff --git a/src/lib/libssl/src/crypto/objects/Makefile b/src/lib/libssl/src/crypto/objects/Makefile
index 25e8b23b5d..a8aedbd422 100644
--- a/src/lib/libssl/src/crypto/objects/Makefile
+++ b/src/lib/libssl/src/crypto/objects/Makefile
@@ -18,23 +18,23 @@ TEST=
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c
+LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c
-LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o
+LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o obj_xref.o
 SRC= $(LIBSRC)
 EXHEADER= objects.h obj_mac.h
-HEADER= $(EXHEADER) obj_dat.h
+HEADER= $(EXHEADER) obj_dat.h obj_xref.h
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-all:    obj_dat.h lib
+all:    obj_dat.h obj_xref.h lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -46,6 +46,10 @@ obj_mac.h: objects.pl objects.txt obj_mac.num
        $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
        @sleep 1; touch obj_mac.h; sleep 1
+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
+        $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
+        @sleep 1; touch obj_xref.h; sleep 1
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -117,3 +121,10 @@ obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 obj_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 obj_lib.o: ../cryptlib.h obj_lib.c
+obj_xref.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_xref.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+obj_xref.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+obj_xref.o: ../../include/openssl/opensslconf.h
+obj_xref.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_xref.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_xref.o: ../../include/openssl/symhacks.h obj_xref.c obj_xref.h
diff --git a/src/lib/libssl/src/crypto/objects/o_names.c b/src/lib/libssl/src/crypto/objects/o_names.c
index adb5731f76..84380a96a9 100644
--- a/src/lib/libssl/src/crypto/objects/o_names.c
+++ b/src/lib/libssl/src/crypto/objects/o_names.c
@@ -22,7 +22,8 @@
 /* I use the ex_data stuff to manage the identifiers for the obj_name_types
 * that applications may define.  I only really use the free function field.
 */
-static LHASH *names_lh=NULL;
+DECLARE_LHASH_OF(OBJ_NAME);
+static LHASH_OF(OBJ_NAME) *names_lh=NULL;
 static int names_type_num=OBJ_NAME_TYPE_NUM;
 typedef struct name_funcs_st
@@ -46,11 +47,14 @@ static unsigned long obj_name_hash(const void *a_void);
 /* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */
 static int obj_name_cmp(const void *a_void,const void *b_void);
+static IMPLEMENT_LHASH_HASH_FN(obj_name, OBJ_NAME)
+static IMPLEMENT_LHASH_COMP_FN(obj_name, OBJ_NAME)
 int OBJ_NAME_init(void)
        {
        if (names_lh != NULL) return(1);
        MemCheck_off();
-        names_lh=lh_new(obj_name_hash, obj_name_cmp);
+        names_lh=lh_OBJ_NAME_new();
        MemCheck_on();
        return(names_lh != NULL);
        }
@@ -164,7 +168,7 @@ const char *OBJ_NAME_get(const char *name, int type)
        for (;;)
        {
-                ret=(OBJ_NAME *)lh_retrieve(names_lh,&on);
+                ret=lh_OBJ_NAME_retrieve(names_lh,&on);
                if (ret == NULL) return(NULL);
                if ((ret->alias) && !alias)
                        {
@@ -200,7 +204,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
        onp->type=type;
        onp->data=data;
-        ret=(OBJ_NAME *)lh_insert(names_lh,onp);
+        ret=lh_OBJ_NAME_insert(names_lh,onp);
        if (ret != NULL)
                {
                /* free things */
@@ -217,7 +221,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
                }
        else
                {
-                if (lh_error(names_lh))
+                if (lh_OBJ_NAME_error(names_lh))
                        {
                        /* ERROR */
                        return(0);
@@ -235,7 +239,7 @@ int OBJ_NAME_remove(const char *name, int type)
        type&= ~OBJ_NAME_ALIAS;
        on.name=name;
        on.type=type;
-        ret=(OBJ_NAME *)lh_delete(names_lh,&on);
+        ret=lh_OBJ_NAME_delete(names_lh,&on);
        if (ret != NULL)
                {
                /* free things */
@@ -262,13 +266,13 @@ struct doall
        void *arg;
        };
-static void do_all_fn(const OBJ_NAME *name,struct doall *d)
+static void do_all_fn_doall_arg(const OBJ_NAME *name,struct doall *d)
        {
        if(name->type == d->type)
                d->fn(name,d->arg);
        }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, struct doall *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME, struct doall)
 void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg)
        {
@@ -278,7 +282,8 @@ void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg)
        d.fn=fn;
        d.arg=arg;
-        lh_doall_arg(names_lh,LHASH_DOALL_ARG_FN(do_all_fn),&d);
+        lh_OBJ_NAME_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn),
+                              struct doall, &d);
        }
 struct doall_sorted
@@ -313,7 +318,7 @@ void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
        int n;
        d.type=type;
-        d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names);
+        d.names=OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh)*sizeof *d.names);
        d.n=0;
        OBJ_NAME_do_all(type,do_all_sorted_fn,&d);
@@ -327,18 +332,16 @@ void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
 static int free_type;
-static void names_lh_free(OBJ_NAME *onp)
+static void names_lh_free_doall(OBJ_NAME *onp)
-{
+        {
-        if(onp == NULL)
+        if (onp == NULL)
                return;
-        if ((free_type < 0) || (free_type == onp->type))
+        if (free_type < 0 || free_type == onp->type)
-                {
                OBJ_NAME_remove(onp->name,onp->type);
-                }
        }
-static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *)
+static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME)
 static void name_funcs_free(NAME_FUNCS *ptr)
        {
@@ -352,18 +355,18 @@ void OBJ_NAME_cleanup(int type)
        if (names_lh == NULL) return;
        free_type=type;
-        down_load=names_lh->down_load;
+        down_load=lh_OBJ_NAME_down_load(names_lh);
-        names_lh->down_load=0;
+        lh_OBJ_NAME_down_load(names_lh)=0;
-        lh_doall(names_lh,LHASH_DOALL_FN(names_lh_free));
+        lh_OBJ_NAME_doall(names_lh,LHASH_DOALL_FN(names_lh_free));
        if (type < 0)
                {
-                lh_free(names_lh);
+                lh_OBJ_NAME_free(names_lh);
                sk_NAME_FUNCS_pop_free(name_funcs_stack,name_funcs_free);
                names_lh=NULL;
                name_funcs_stack = NULL;
                }
        else
-                names_lh->down_load=down_load;
+                lh_OBJ_NAME_down_load(names_lh)=down_load;
        }
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c
index 7fd7433241..8a342ba3eb 100644
--- a/src/lib/libssl/src/crypto/objects/obj_dat.c
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.c
@@ -74,16 +74,17 @@
 #define NUM_SN 0
 #define NUM_LN 0
 #define NUM_OBJ 0
-static unsigned char lvalues[1];
+static const unsigned char lvalues[1];
-static ASN1_OBJECT nid_objs[1];
+static const ASN1_OBJECT nid_objs[1];
-static ASN1_OBJECT *sn_objs[1];
+static const unsigned int sn_objs[1];
-static ASN1_OBJECT *ln_objs[1];
+static const unsigned int ln_objs[1];
-static ASN1_OBJECT *obj_objs[1];
+static const unsigned int obj_objs[1];
 #endif
-static int sn_cmp(const void *a, const void *b);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
-static int ln_cmp(const void *a, const void *b);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
-static int obj_cmp(const void *a, const void *b);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
 #define ADDED_DATA      0
 #define ADDED_SNAME     1
 #define ADDED_LNAME     2
@@ -94,30 +95,27 @@ typedef struct added_obj_st
        int type;
        ASN1_OBJECT *obj;
        } ADDED_OBJ;
+DECLARE_LHASH_OF(ADDED_OBJ);
 static int new_nid=NUM_NID;
-static LHASH *added=NULL;
+static LHASH_OF(ADDED_OBJ) *added=NULL;
-static int sn_cmp(const void *a, const void *b)
+static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
-        {
+        { return(strcmp((*a)->sn,nid_objs[*b].sn)); }
-        const ASN1_OBJECT * const *ap = a, * const *bp = b;
-        return(strcmp((*ap)->sn,(*bp)->sn));
-        }
-static int ln_cmp(const void *a, const void *b)
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
-        { 
-        const ASN1_OBJECT * const *ap = a, * const *bp = b;
+static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
-        return(strcmp((*ap)->ln,(*bp)->ln));
+        { return(strcmp((*a)->ln,nid_objs[*b].ln)); }
-        }
-/* static unsigned long add_hash(ADDED_OBJ *ca) */
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
-static unsigned long add_hash(const void *ca_void)
+static unsigned long added_obj_hash(const ADDED_OBJ *ca)
        {
        const ASN1_OBJECT *a;
        int i;
        unsigned long ret=0;
        unsigned char *p;
-        const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
        a=ca->obj;
        switch (ca->type)
@@ -145,14 +143,12 @@ static unsigned long add_hash(const void *ca_void)
        ret|=ca->type<<30L;
        return(ret);
        }
+static IMPLEMENT_LHASH_HASH_FN(added_obj, ADDED_OBJ)
-/* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */
+static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb)
-static int add_cmp(const void *ca_void, const void *cb_void)
        {
        ASN1_OBJECT *a,*b;
        int i;
-        const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
-        const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void;
        i=ca->type-cb->type;
        if (i) return(i);
@@ -179,15 +175,16 @@ static int add_cmp(const void *ca_void, const void *cb_void)
                return 0;
                }
        }
+static IMPLEMENT_LHASH_COMP_FN(added_obj, ADDED_OBJ)
 static int init_added(void)
        {
        if (added != NULL) return(1);
-        added=lh_new(add_hash,add_cmp);
+        added=lh_ADDED_OBJ_new();
        return(added != NULL);
        }
-static void cleanup1(ADDED_OBJ *a)
+static void cleanup1_doall(ADDED_OBJ *a)
        {
        a->obj->nid=0;
        a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC|
@@ -195,28 +192,46 @@ static void cleanup1(ADDED_OBJ *a)
                        ASN1_OBJECT_FLAG_DYNAMIC_DATA;
        }
-static void cleanup2(ADDED_OBJ *a)
+static void cleanup2_doall(ADDED_OBJ *a)
        { a->obj->nid++; }
-static void cleanup3(ADDED_OBJ *a)
+static void cleanup3_doall(ADDED_OBJ *a)
        {
        if (--a->obj->nid == 0)
                ASN1_OBJECT_free(a->obj);
        OPENSSL_free(a);
        }
-static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *)
+static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ)
-static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *)
+static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ)
-static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *)
+static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ)
+/* The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting
+ * to use freed up OIDs. If neccessary the actual freeing up of OIDs is
+ * delayed.
+ */
+int obj_cleanup_defer = 0;
+void check_defer(int nid)
+        {
+        if (!obj_cleanup_defer && nid >= NUM_NID)
+                        obj_cleanup_defer = 1;
+        }
 void OBJ_cleanup(void)
        {
+        if (obj_cleanup_defer)
+                {
+                obj_cleanup_defer = 2;
+                return ;
+                }
        if (added == NULL) return;
-        added->down_load=0;
+        lh_ADDED_OBJ_down_load(added) = 0;
-        lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */
+        lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */
-        lh_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */
+        lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */
-        lh_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */
+        lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */
-        lh_free(added);
+        lh_ADDED_OBJ_free(added);
        added=NULL;
        }
@@ -252,7 +267,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
                        {
                        ao[i]->type=i;
                        ao[i]->obj=o;
-                        aop=(ADDED_OBJ *)lh_insert(added,ao[i]);
+                        aop=lh_ADDED_OBJ_insert(added,ao[i]);
                        /* memory leak, buit should not normally matter */
                        if (aop != NULL)
                                OPENSSL_free(aop);
@@ -292,7 +307,7 @@ ASN1_OBJECT *OBJ_nid2obj(int n)
                ad.type=ADDED_NID;
                ad.obj= &ob;
                ob.nid=n;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL)
                        return(adp->obj);
                else
@@ -324,7 +339,7 @@ const char *OBJ_nid2sn(int n)
                ad.type=ADDED_NID;
                ad.obj= &ob;
                ob.nid=n;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL)
                        return(adp->obj->sn);
                else
@@ -356,7 +371,7 @@ const char *OBJ_nid2ln(int n)
                ad.type=ADDED_NID;
                ad.obj= &ob;
                ob.nid=n;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL)
                        return(adp->obj->ln);
                else
@@ -367,9 +382,22 @@ const char *OBJ_nid2ln(int n)
                }
        }
+static int obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp)
+        {
+        int j;
+        const ASN1_OBJECT *a= *ap;
+        const ASN1_OBJECT *b= &nid_objs[*bp];
+        j=(a->length - b->length);
+        if (j) return(j);
+        return(memcmp(a->data,b->data,a->length));
+        }
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
 int OBJ_obj2nid(const ASN1_OBJECT *a)
        {
-        ASN1_OBJECT **op;
+        const unsigned int *op;
        ADDED_OBJ ad,*adp;
        if (a == NULL)
@@ -381,14 +409,13 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
                {
                ad.type=ADDED_DATA;
                ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL) return (adp->obj->nid);
                }
-        op=(ASN1_OBJECT **)OBJ_bsearch((const char *)&a,(const char *)obj_objs,
+        op=OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ);
-                NUM_OBJ, sizeof(ASN1_OBJECT *),obj_cmp);
        if (op == NULL)
                return(NID_undef);
-        return((*op)->nid);
+        return(nid_objs[*op].nid);
        }
 /* Convert an object name into an ASN1_OBJECT
@@ -441,7 +468,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
        int i,n=0,len,nid, first, use_bn;
        BIGNUM *bl;
        unsigned long l;
-        unsigned char *p;
+        const unsigned char *p;
        char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
        if ((a == NULL) || (a->data == NULL)) {
@@ -456,10 +483,13 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
                s=OBJ_nid2ln(nid);
                if (s == NULL)
                        s=OBJ_nid2sn(nid);
-                if (buf)
+                if (s)
-                        BUF_strlcpy(buf,s,buf_len);
+                        {
-                n=strlen(s);
+                        if (buf)
-                return n;
+                                BUF_strlcpy(buf,s,buf_len);
+                        n=strlen(s);
+                        return n;
+                        }
                }
@@ -607,62 +637,56 @@ int OBJ_txt2nid(const char *s)
 int OBJ_ln2nid(const char *s)
        {
-        ASN1_OBJECT o,*oo= &o,**op;
+        ASN1_OBJECT o;
+        const ASN1_OBJECT *oo= &o;
        ADDED_OBJ ad,*adp;
+        const unsigned int *op;
        o.ln=s;
        if (added != NULL)
                {
                ad.type=ADDED_LNAME;
                ad.obj= &o;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL) return (adp->obj->nid);
                }
-        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN,
+        op=OBJ_bsearch_ln(&oo, ln_objs, NUM_LN);
-                sizeof(ASN1_OBJECT *),ln_cmp);
        if (op == NULL) return(NID_undef);
-        return((*op)->nid);
+        return(nid_objs[*op].nid);
        }
 int OBJ_sn2nid(const char *s)
        {
-        ASN1_OBJECT o,*oo= &o,**op;
+        ASN1_OBJECT o;
+        const ASN1_OBJECT *oo= &o;
        ADDED_OBJ ad,*adp;
+        const unsigned int *op;
        o.sn=s;
        if (added != NULL)
                {
                ad.type=ADDED_SNAME;
                ad.obj= &o;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL) return (adp->obj->nid);
                }
-        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,
+        op=OBJ_bsearch_sn(&oo, sn_objs, NUM_SN);
-                sizeof(ASN1_OBJECT *),sn_cmp);
        if (op == NULL) return(NID_undef);
-        return((*op)->nid);
+        return(nid_objs[*op].nid);
        }
-static int obj_cmp(const void *ap, const void *bp)
+const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
-        {
+                         int (*cmp)(const void *, const void *))
-        int j;
-        const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap;
-        const ASN1_OBJECT *b= *(ASN1_OBJECT * const *)bp;
-        j=(a->length - b->length);
-        if (j) return(j);
-        return(memcmp(a->data,b->data,a->length));
-        }
-const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
-        int (*cmp)(const void *, const void *))
        {
-        return OBJ_bsearch_ex(key, base, num, size, cmp, 0);
+        return OBJ_bsearch_ex_(key, base, num, size, cmp, 0);
        }
-const char *OBJ_bsearch_ex(const char *key, const char *base, int num,
+const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num,
-        int size, int (*cmp)(const void *, const void *), int flags)
+                            int size,
+                            int (*cmp)(const void *, const void *),
+                            int flags)
        {
+        const char *base=base_;
        int l,h,i=0,c=0;
        const char *p = NULL;
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.h b/src/lib/libssl/src/crypto/objects/obj_dat.h
index dccc15e03c..6449be6071 100644
--- a/src/lib/libssl/src/crypto/objects/obj_dat.h
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.h
@@ -62,12 +62,12 @@
 * [including the GNU Public Licence.]
 */
-#define NUM_NID 859
+#define NUM_NID 893
-#define NUM_SN 852
+#define NUM_SN 886
-#define NUM_LN 852
+#define NUM_LN 886
-#define NUM_OBJ 806
+#define NUM_OBJ 840
-static unsigned char lvalues[5722]={
+static const unsigned char lvalues[5824]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -707,7 +707,7 @@ static unsigned char lvalues[5722]={
 0x2B,                                        /* [4582] OBJ_identified_organization */
 0x2B,0x81,0x04,                              /* [4583] OBJ_certicom_arc */
 0x67,0x2B,                                   /* [4586] OBJ_wap */
-0x67,0x2B,0x0D,                              /* [4588] OBJ_wap_wsg */
+0x67,0x2B,0x01,                              /* [4588] OBJ_wap_wsg */
 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,     /* [4591] OBJ_X9_62_id_characteristic_two_basis */
 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4599] OBJ_X9_62_onBasis */
 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4608] OBJ_X9_62_tpBasis */
@@ -763,17 +763,17 @@ static unsigned char lvalues[5722]={
 0x2B,0x81,0x04,0x00,0x25,                    /* [4926] OBJ_sect409r1 */
 0x2B,0x81,0x04,0x00,0x26,                    /* [4931] OBJ_sect571k1 */
 0x2B,0x81,0x04,0x00,0x27,                    /* [4936] OBJ_sect571r1 */
-0x67,0x2B,0x0D,0x04,0x01,                    /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */
+0x67,0x2B,0x01,0x04,0x01,                    /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */
-0x67,0x2B,0x0D,0x04,0x03,                    /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */
+0x67,0x2B,0x01,0x04,0x03,                    /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */
-0x67,0x2B,0x0D,0x04,0x04,                    /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */
+0x67,0x2B,0x01,0x04,0x04,                    /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */
-0x67,0x2B,0x0D,0x04,0x05,                    /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */
+0x67,0x2B,0x01,0x04,0x05,                    /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */
-0x67,0x2B,0x0D,0x04,0x06,                    /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */
+0x67,0x2B,0x01,0x04,0x06,                    /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */
-0x67,0x2B,0x0D,0x04,0x07,                    /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */
+0x67,0x2B,0x01,0x04,0x07,                    /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */
-0x67,0x2B,0x0D,0x04,0x08,                    /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */
+0x67,0x2B,0x01,0x04,0x08,                    /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */
-0x67,0x2B,0x0D,0x04,0x09,                    /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */
+0x67,0x2B,0x01,0x04,0x09,                    /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */
-0x67,0x2B,0x0D,0x04,0x0A,                    /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */
+0x67,0x2B,0x01,0x04,0x0A,                    /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */
-0x67,0x2B,0x0D,0x04,0x0B,                    /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */
+0x67,0x2B,0x01,0x04,0x0B,                    /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */
-0x67,0x2B,0x0D,0x04,0x0C,                    /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */
+0x67,0x2B,0x01,0x04,0x0C,                    /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */
 0x55,0x1D,0x20,0x00,                         /* [4996] OBJ_any_policy */
 0x55,0x1D,0x21,                              /* [5000] OBJ_policy_mappings */
 0x55,0x1D,0x36,                              /* [5003] OBJ_inhibit_any_policy */
@@ -874,9 +874,43 @@ static unsigned char lvalues[5722]={
 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */
 0x55,0x1D,0x2E,                              /* [5710] OBJ_freshest_crl */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03,     /* [5713] OBJ_id_on_permanentIdentifier */
+0x55,0x04,0x0E,                              /* [5721] OBJ_searchGuide */
+0x55,0x04,0x0F,                              /* [5724] OBJ_businessCategory */
+0x55,0x04,0x10,                              /* [5727] OBJ_postalAddress */
+0x55,0x04,0x12,                              /* [5730] OBJ_postOfficeBox */
+0x55,0x04,0x13,                              /* [5733] OBJ_physicalDeliveryOfficeName */
+0x55,0x04,0x14,                              /* [5736] OBJ_telephoneNumber */
+0x55,0x04,0x15,                              /* [5739] OBJ_telexNumber */
+0x55,0x04,0x16,                              /* [5742] OBJ_teletexTerminalIdentifier */
+0x55,0x04,0x17,                              /* [5745] OBJ_facsimileTelephoneNumber */
+0x55,0x04,0x18,                              /* [5748] OBJ_x121Address */
+0x55,0x04,0x19,                              /* [5751] OBJ_internationaliSDNNumber */
+0x55,0x04,0x1A,                              /* [5754] OBJ_registeredAddress */
+0x55,0x04,0x1B,                              /* [5757] OBJ_destinationIndicator */
+0x55,0x04,0x1C,                              /* [5760] OBJ_preferredDeliveryMethod */
+0x55,0x04,0x1D,                              /* [5763] OBJ_presentationAddress */
+0x55,0x04,0x1E,                              /* [5766] OBJ_supportedApplicationContext */
+0x55,0x04,0x1F,                              /* [5769] OBJ_member */
+0x55,0x04,0x20,                              /* [5772] OBJ_owner */
+0x55,0x04,0x21,                              /* [5775] OBJ_roleOccupant */
+0x55,0x04,0x22,                              /* [5778] OBJ_seeAlso */
+0x55,0x04,0x23,                              /* [5781] OBJ_userPassword */
+0x55,0x04,0x24,                              /* [5784] OBJ_userCertificate */
+0x55,0x04,0x25,                              /* [5787] OBJ_cACertificate */
+0x55,0x04,0x26,                              /* [5790] OBJ_authorityRevocationList */
+0x55,0x04,0x27,                              /* [5793] OBJ_certificateRevocationList */
+0x55,0x04,0x28,                              /* [5796] OBJ_crossCertificatePair */
+0x55,0x04,0x2F,                              /* [5799] OBJ_enhancedSearchGuide */
+0x55,0x04,0x30,                              /* [5802] OBJ_protocolInformation */
+0x55,0x04,0x31,                              /* [5805] OBJ_distinguishedName */
+0x55,0x04,0x32,                              /* [5808] OBJ_uniqueMember */
+0x55,0x04,0x33,                              /* [5811] OBJ_houseIdentifier */
+0x55,0x04,0x34,                              /* [5814] OBJ_supportedAlgorithms */
+0x55,0x04,0x35,                              /* [5817] OBJ_deltaRevocationList */
+0x55,0x04,0x36,                              /* [5820] OBJ_dmdName */
 };
-static ASN1_OBJECT nid_objs[NUM_NID]={
+static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"UNDEF","undefined",NID_undef,1,&(lvalues[0]),0},
 {"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[1]),0},
 {"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[7]),0},
@@ -1928,7 +1962,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0},
 {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0},
 {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0},
-{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0},
+{"street","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0},
 {"postalCode","postalCode",NID_postalCode,3,&(lvalues[4465]),0},
 {"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4468]),0},
 {"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8,
@@ -2262,2524 +2296,2681 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
        &(lvalues[5710]),0},
 {"id-on-permanentIdentifier","Permanent Identifier",
        NID_id_on_permanentIdentifier,8,&(lvalues[5713]),0},
+{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5721]),0},
+{"businessCategory","businessCategory",NID_businessCategory,3,
+        &(lvalues[5724]),0},
+{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5727]),0},
+{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5730]),0},
+{"physicalDeliveryOfficeName","physicalDeliveryOfficeName",
+        NID_physicalDeliveryOfficeName,3,&(lvalues[5733]),0},
+{"telephoneNumber","telephoneNumber",NID_telephoneNumber,3,
+        &(lvalues[5736]),0},
+{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5739]),0},
+{"teletexTerminalIdentifier","teletexTerminalIdentifier",
+        NID_teletexTerminalIdentifier,3,&(lvalues[5742]),0},
+{"facsimileTelephoneNumber","facsimileTelephoneNumber",
+        NID_facsimileTelephoneNumber,3,&(lvalues[5745]),0},
+{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5748]),0},
+{"internationaliSDNNumber","internationaliSDNNumber",
+        NID_internationaliSDNNumber,3,&(lvalues[5751]),0},
+{"registeredAddress","registeredAddress",NID_registeredAddress,3,
+        &(lvalues[5754]),0},
+{"destinationIndicator","destinationIndicator",
+        NID_destinationIndicator,3,&(lvalues[5757]),0},
+{"preferredDeliveryMethod","preferredDeliveryMethod",
+        NID_preferredDeliveryMethod,3,&(lvalues[5760]),0},
+{"presentationAddress","presentationAddress",NID_presentationAddress,
+        3,&(lvalues[5763]),0},
+{"supportedApplicationContext","supportedApplicationContext",
+        NID_supportedApplicationContext,3,&(lvalues[5766]),0},
+{"member","member",NID_member,3,&(lvalues[5769]),0},
+{"owner","owner",NID_owner,3,&(lvalues[5772]),0},
+{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5775]),0},
+{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5778]),0},
+{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5781]),0},
+{"userCertificate","userCertificate",NID_userCertificate,3,
+        &(lvalues[5784]),0},
+{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5787]),0},
+{"authorityRevocationList","authorityRevocationList",
+        NID_authorityRevocationList,3,&(lvalues[5790]),0},
+{"certificateRevocationList","certificateRevocationList",
+        NID_certificateRevocationList,3,&(lvalues[5793]),0},
+{"crossCertificatePair","crossCertificatePair",
+        NID_crossCertificatePair,3,&(lvalues[5796]),0},
+{"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide,
+        3,&(lvalues[5799]),0},
+{"protocolInformation","protocolInformation",NID_protocolInformation,
+        3,&(lvalues[5802]),0},
+{"distinguishedName","distinguishedName",NID_distinguishedName,3,
+        &(lvalues[5805]),0},
+{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5808]),0},
+{"houseIdentifier","houseIdentifier",NID_houseIdentifier,3,
+        &(lvalues[5811]),0},
+{"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms,
+        3,&(lvalues[5814]),0},
+{"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList,
+        3,&(lvalues[5817]),0},
+{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5820]),0},
 };
-static ASN1_OBJECT *sn_objs[NUM_SN]={
+static const unsigned int sn_objs[NUM_SN]={
-&(nid_objs[364]),/* "AD_DVCS" */
+364,    /* "AD_DVCS" */
-&(nid_objs[419]),/* "AES-128-CBC" */
+419,    /* "AES-128-CBC" */
-&(nid_objs[421]),/* "AES-128-CFB" */
+421,    /* "AES-128-CFB" */
-&(nid_objs[650]),/* "AES-128-CFB1" */
+650,    /* "AES-128-CFB1" */
-&(nid_objs[653]),/* "AES-128-CFB8" */
+653,    /* "AES-128-CFB8" */
-&(nid_objs[418]),/* "AES-128-ECB" */
+418,    /* "AES-128-ECB" */
-&(nid_objs[420]),/* "AES-128-OFB" */
+420,    /* "AES-128-OFB" */
-&(nid_objs[423]),/* "AES-192-CBC" */
+423,    /* "AES-192-CBC" */
-&(nid_objs[425]),/* "AES-192-CFB" */
+425,    /* "AES-192-CFB" */
-&(nid_objs[651]),/* "AES-192-CFB1" */
+651,    /* "AES-192-CFB1" */
-&(nid_objs[654]),/* "AES-192-CFB8" */
+654,    /* "AES-192-CFB8" */
-&(nid_objs[422]),/* "AES-192-ECB" */
+422,    /* "AES-192-ECB" */
-&(nid_objs[424]),/* "AES-192-OFB" */
+424,    /* "AES-192-OFB" */
-&(nid_objs[427]),/* "AES-256-CBC" */
+427,    /* "AES-256-CBC" */
-&(nid_objs[429]),/* "AES-256-CFB" */
+429,    /* "AES-256-CFB" */
-&(nid_objs[652]),/* "AES-256-CFB1" */
+652,    /* "AES-256-CFB1" */
-&(nid_objs[655]),/* "AES-256-CFB8" */
+655,    /* "AES-256-CFB8" */
-&(nid_objs[426]),/* "AES-256-ECB" */
+426,    /* "AES-256-ECB" */
-&(nid_objs[428]),/* "AES-256-OFB" */
+428,    /* "AES-256-OFB" */
-&(nid_objs[91]),/* "BF-CBC" */
+91,     /* "BF-CBC" */
-&(nid_objs[93]),/* "BF-CFB" */
+93,     /* "BF-CFB" */
-&(nid_objs[92]),/* "BF-ECB" */
+92,     /* "BF-ECB" */
-&(nid_objs[94]),/* "BF-OFB" */
+94,     /* "BF-OFB" */
-&(nid_objs[14]),/* "C" */
+14,     /* "C" */
-&(nid_objs[751]),/* "CAMELLIA-128-CBC" */
+751,    /* "CAMELLIA-128-CBC" */
-&(nid_objs[757]),/* "CAMELLIA-128-CFB" */
+757,    /* "CAMELLIA-128-CFB" */
-&(nid_objs[760]),/* "CAMELLIA-128-CFB1" */
+760,    /* "CAMELLIA-128-CFB1" */
-&(nid_objs[763]),/* "CAMELLIA-128-CFB8" */
+763,    /* "CAMELLIA-128-CFB8" */
-&(nid_objs[754]),/* "CAMELLIA-128-ECB" */
+754,    /* "CAMELLIA-128-ECB" */
-&(nid_objs[766]),/* "CAMELLIA-128-OFB" */
+766,    /* "CAMELLIA-128-OFB" */
-&(nid_objs[752]),/* "CAMELLIA-192-CBC" */
+752,    /* "CAMELLIA-192-CBC" */
-&(nid_objs[758]),/* "CAMELLIA-192-CFB" */
+758,    /* "CAMELLIA-192-CFB" */
-&(nid_objs[761]),/* "CAMELLIA-192-CFB1" */
+761,    /* "CAMELLIA-192-CFB1" */
-&(nid_objs[764]),/* "CAMELLIA-192-CFB8" */
+764,    /* "CAMELLIA-192-CFB8" */
-&(nid_objs[755]),/* "CAMELLIA-192-ECB" */
+755,    /* "CAMELLIA-192-ECB" */
-&(nid_objs[767]),/* "CAMELLIA-192-OFB" */
+767,    /* "CAMELLIA-192-OFB" */
-&(nid_objs[753]),/* "CAMELLIA-256-CBC" */
+753,    /* "CAMELLIA-256-CBC" */
-&(nid_objs[759]),/* "CAMELLIA-256-CFB" */
+759,    /* "CAMELLIA-256-CFB" */
-&(nid_objs[762]),/* "CAMELLIA-256-CFB1" */
+762,    /* "CAMELLIA-256-CFB1" */
-&(nid_objs[765]),/* "CAMELLIA-256-CFB8" */
+765,    /* "CAMELLIA-256-CFB8" */
-&(nid_objs[756]),/* "CAMELLIA-256-ECB" */
+756,    /* "CAMELLIA-256-ECB" */
-&(nid_objs[768]),/* "CAMELLIA-256-OFB" */
+768,    /* "CAMELLIA-256-OFB" */
-&(nid_objs[108]),/* "CAST5-CBC" */
+108,    /* "CAST5-CBC" */
-&(nid_objs[110]),/* "CAST5-CFB" */
+110,    /* "CAST5-CFB" */
-&(nid_objs[109]),/* "CAST5-ECB" */
+109,    /* "CAST5-ECB" */
-&(nid_objs[111]),/* "CAST5-OFB" */
+111,    /* "CAST5-OFB" */
-&(nid_objs[13]),/* "CN" */
+13,     /* "CN" */
-&(nid_objs[141]),/* "CRLReason" */
+141,    /* "CRLReason" */
-&(nid_objs[417]),/* "CSPName" */
+417,    /* "CSPName" */
-&(nid_objs[367]),/* "CrlID" */
+367,    /* "CrlID" */
-&(nid_objs[391]),/* "DC" */
+391,    /* "DC" */
-&(nid_objs[31]),/* "DES-CBC" */
+31,     /* "DES-CBC" */
-&(nid_objs[643]),/* "DES-CDMF" */
+643,    /* "DES-CDMF" */
-&(nid_objs[30]),/* "DES-CFB" */
+30,     /* "DES-CFB" */
-&(nid_objs[656]),/* "DES-CFB1" */
+656,    /* "DES-CFB1" */
-&(nid_objs[657]),/* "DES-CFB8" */
+657,    /* "DES-CFB8" */
-&(nid_objs[29]),/* "DES-ECB" */
+29,     /* "DES-ECB" */
-&(nid_objs[32]),/* "DES-EDE" */
+32,     /* "DES-EDE" */
-&(nid_objs[43]),/* "DES-EDE-CBC" */
+43,     /* "DES-EDE-CBC" */
-&(nid_objs[60]),/* "DES-EDE-CFB" */
+60,     /* "DES-EDE-CFB" */
-&(nid_objs[62]),/* "DES-EDE-OFB" */
+62,     /* "DES-EDE-OFB" */
-&(nid_objs[33]),/* "DES-EDE3" */
+33,     /* "DES-EDE3" */
-&(nid_objs[44]),/* "DES-EDE3-CBC" */
+44,     /* "DES-EDE3-CBC" */
-&(nid_objs[61]),/* "DES-EDE3-CFB" */
+61,     /* "DES-EDE3-CFB" */
-&(nid_objs[658]),/* "DES-EDE3-CFB1" */
+658,    /* "DES-EDE3-CFB1" */
-&(nid_objs[659]),/* "DES-EDE3-CFB8" */
+659,    /* "DES-EDE3-CFB8" */
-&(nid_objs[63]),/* "DES-EDE3-OFB" */
+63,     /* "DES-EDE3-OFB" */
-&(nid_objs[45]),/* "DES-OFB" */
+45,     /* "DES-OFB" */
-&(nid_objs[80]),/* "DESX-CBC" */
+80,     /* "DESX-CBC" */
-&(nid_objs[380]),/* "DOD" */
+380,    /* "DOD" */
-&(nid_objs[116]),/* "DSA" */
+116,    /* "DSA" */
-&(nid_objs[66]),/* "DSA-SHA" */
+66,     /* "DSA-SHA" */
-&(nid_objs[113]),/* "DSA-SHA1" */
+113,    /* "DSA-SHA1" */
-&(nid_objs[70]),/* "DSA-SHA1-old" */
+70,     /* "DSA-SHA1-old" */
-&(nid_objs[67]),/* "DSA-old" */
+67,     /* "DSA-old" */
-&(nid_objs[297]),/* "DVCS" */
+297,    /* "DVCS" */
-&(nid_objs[99]),/* "GN" */
+99,     /* "GN" */
-&(nid_objs[855]),/* "HMAC" */
+855,    /* "HMAC" */
-&(nid_objs[780]),/* "HMAC-MD5" */
+780,    /* "HMAC-MD5" */
-&(nid_objs[781]),/* "HMAC-SHA1" */
+781,    /* "HMAC-SHA1" */
-&(nid_objs[381]),/* "IANA" */
+381,    /* "IANA" */
-&(nid_objs[34]),/* "IDEA-CBC" */
+34,     /* "IDEA-CBC" */
-&(nid_objs[35]),/* "IDEA-CFB" */
+35,     /* "IDEA-CFB" */
-&(nid_objs[36]),/* "IDEA-ECB" */
+36,     /* "IDEA-ECB" */
-&(nid_objs[46]),/* "IDEA-OFB" */
+46,     /* "IDEA-OFB" */
-&(nid_objs[181]),/* "ISO" */
+181,    /* "ISO" */
-&(nid_objs[183]),/* "ISO-US" */
+183,    /* "ISO-US" */
-&(nid_objs[645]),/* "ITU-T" */
+645,    /* "ITU-T" */
-&(nid_objs[646]),/* "JOINT-ISO-ITU-T" */
+646,    /* "JOINT-ISO-ITU-T" */
-&(nid_objs[773]),/* "KISA" */
+773,    /* "KISA" */
-&(nid_objs[15]),/* "L" */
+15,     /* "L" */
-&(nid_objs[856]),/* "LocalKeySet" */
+856,    /* "LocalKeySet" */
-&(nid_objs[ 3]),/* "MD2" */
+ 3,     /* "MD2" */
-&(nid_objs[257]),/* "MD4" */
+257,    /* "MD4" */
-&(nid_objs[ 4]),/* "MD5" */
+ 4,     /* "MD5" */
-&(nid_objs[114]),/* "MD5-SHA1" */
+114,    /* "MD5-SHA1" */
-&(nid_objs[95]),/* "MDC2" */
+95,     /* "MDC2" */
-&(nid_objs[388]),/* "Mail" */
+388,    /* "Mail" */
-&(nid_objs[393]),/* "NULL" */
+393,    /* "NULL" */
-&(nid_objs[404]),/* "NULL" */
+404,    /* "NULL" */
-&(nid_objs[57]),/* "Netscape" */
+57,     /* "Netscape" */
-&(nid_objs[366]),/* "Nonce" */
+366,    /* "Nonce" */
-&(nid_objs[17]),/* "O" */
+17,     /* "O" */
-&(nid_objs[178]),/* "OCSP" */
+178,    /* "OCSP" */
-&(nid_objs[180]),/* "OCSPSigning" */
+180,    /* "OCSPSigning" */
-&(nid_objs[379]),/* "ORG" */
+379,    /* "ORG" */
-&(nid_objs[18]),/* "OU" */
+18,     /* "OU" */
-&(nid_objs[749]),/* "Oakley-EC2N-3" */
+749,    /* "Oakley-EC2N-3" */
-&(nid_objs[750]),/* "Oakley-EC2N-4" */
+750,    /* "Oakley-EC2N-4" */
-&(nid_objs[ 9]),/* "PBE-MD2-DES" */
+ 9,     /* "PBE-MD2-DES" */
-&(nid_objs[168]),/* "PBE-MD2-RC2-64" */
+168,    /* "PBE-MD2-RC2-64" */
-&(nid_objs[10]),/* "PBE-MD5-DES" */
+10,     /* "PBE-MD5-DES" */
-&(nid_objs[169]),/* "PBE-MD5-RC2-64" */
+169,    /* "PBE-MD5-RC2-64" */
-&(nid_objs[147]),/* "PBE-SHA1-2DES" */
+147,    /* "PBE-SHA1-2DES" */
-&(nid_objs[146]),/* "PBE-SHA1-3DES" */
+146,    /* "PBE-SHA1-3DES" */
-&(nid_objs[170]),/* "PBE-SHA1-DES" */
+170,    /* "PBE-SHA1-DES" */
-&(nid_objs[148]),/* "PBE-SHA1-RC2-128" */
+148,    /* "PBE-SHA1-RC2-128" */
-&(nid_objs[149]),/* "PBE-SHA1-RC2-40" */
+149,    /* "PBE-SHA1-RC2-40" */
-&(nid_objs[68]),/* "PBE-SHA1-RC2-64" */
+68,     /* "PBE-SHA1-RC2-64" */
-&(nid_objs[144]),/* "PBE-SHA1-RC4-128" */
+144,    /* "PBE-SHA1-RC4-128" */
-&(nid_objs[145]),/* "PBE-SHA1-RC4-40" */
+145,    /* "PBE-SHA1-RC4-40" */
-&(nid_objs[161]),/* "PBES2" */
+161,    /* "PBES2" */
-&(nid_objs[69]),/* "PBKDF2" */
+69,     /* "PBKDF2" */
-&(nid_objs[162]),/* "PBMAC1" */
+162,    /* "PBMAC1" */
-&(nid_objs[127]),/* "PKIX" */
+127,    /* "PKIX" */
-&(nid_objs[98]),/* "RC2-40-CBC" */
+98,     /* "RC2-40-CBC" */
-&(nid_objs[166]),/* "RC2-64-CBC" */
+166,    /* "RC2-64-CBC" */
-&(nid_objs[37]),/* "RC2-CBC" */
+37,     /* "RC2-CBC" */
-&(nid_objs[39]),/* "RC2-CFB" */
+39,     /* "RC2-CFB" */
-&(nid_objs[38]),/* "RC2-ECB" */
+38,     /* "RC2-ECB" */
-&(nid_objs[40]),/* "RC2-OFB" */
+40,     /* "RC2-OFB" */
-&(nid_objs[ 5]),/* "RC4" */
+ 5,     /* "RC4" */
-&(nid_objs[97]),/* "RC4-40" */
+97,     /* "RC4-40" */
-&(nid_objs[120]),/* "RC5-CBC" */
+120,    /* "RC5-CBC" */
-&(nid_objs[122]),/* "RC5-CFB" */
+122,    /* "RC5-CFB" */
-&(nid_objs[121]),/* "RC5-ECB" */
+121,    /* "RC5-ECB" */
-&(nid_objs[123]),/* "RC5-OFB" */
+123,    /* "RC5-OFB" */
-&(nid_objs[117]),/* "RIPEMD160" */
+117,    /* "RIPEMD160" */
-&(nid_objs[124]),/* "RLE" */
+124,    /* "RLE" */
-&(nid_objs[19]),/* "RSA" */
+19,     /* "RSA" */
-&(nid_objs[ 7]),/* "RSA-MD2" */
+ 7,     /* "RSA-MD2" */
-&(nid_objs[396]),/* "RSA-MD4" */
+396,    /* "RSA-MD4" */
-&(nid_objs[ 8]),/* "RSA-MD5" */
+ 8,     /* "RSA-MD5" */
-&(nid_objs[96]),/* "RSA-MDC2" */
+96,     /* "RSA-MDC2" */
-&(nid_objs[104]),/* "RSA-NP-MD5" */
+104,    /* "RSA-NP-MD5" */
-&(nid_objs[119]),/* "RSA-RIPEMD160" */
+119,    /* "RSA-RIPEMD160" */
-&(nid_objs[42]),/* "RSA-SHA" */
+42,     /* "RSA-SHA" */
-&(nid_objs[65]),/* "RSA-SHA1" */
+65,     /* "RSA-SHA1" */
-&(nid_objs[115]),/* "RSA-SHA1-2" */
+115,    /* "RSA-SHA1-2" */
-&(nid_objs[671]),/* "RSA-SHA224" */
+671,    /* "RSA-SHA224" */
-&(nid_objs[668]),/* "RSA-SHA256" */
+668,    /* "RSA-SHA256" */
-&(nid_objs[669]),/* "RSA-SHA384" */
+669,    /* "RSA-SHA384" */
-&(nid_objs[670]),/* "RSA-SHA512" */
+670,    /* "RSA-SHA512" */
-&(nid_objs[777]),/* "SEED-CBC" */
+777,    /* "SEED-CBC" */
-&(nid_objs[779]),/* "SEED-CFB" */
+779,    /* "SEED-CFB" */
-&(nid_objs[776]),/* "SEED-ECB" */
+776,    /* "SEED-ECB" */
-&(nid_objs[778]),/* "SEED-OFB" */
+778,    /* "SEED-OFB" */
-&(nid_objs[41]),/* "SHA" */
+41,     /* "SHA" */
-&(nid_objs[64]),/* "SHA1" */
+64,     /* "SHA1" */
-&(nid_objs[675]),/* "SHA224" */
+675,    /* "SHA224" */
-&(nid_objs[672]),/* "SHA256" */
+672,    /* "SHA256" */
-&(nid_objs[673]),/* "SHA384" */
+673,    /* "SHA384" */
-&(nid_objs[674]),/* "SHA512" */
+674,    /* "SHA512" */
-&(nid_objs[188]),/* "SMIME" */
+188,    /* "SMIME" */
-&(nid_objs[167]),/* "SMIME-CAPS" */
+167,    /* "SMIME-CAPS" */
-&(nid_objs[100]),/* "SN" */
+100,    /* "SN" */
-&(nid_objs[16]),/* "ST" */
+16,     /* "ST" */
-&(nid_objs[143]),/* "SXNetID" */
+143,    /* "SXNetID" */
-&(nid_objs[458]),/* "UID" */
+458,    /* "UID" */
-&(nid_objs[ 0]),/* "UNDEF" */
+ 0,     /* "UNDEF" */
-&(nid_objs[11]),/* "X500" */
+11,     /* "X500" */
-&(nid_objs[378]),/* "X500algorithms" */
+378,    /* "X500algorithms" */
-&(nid_objs[12]),/* "X509" */
+12,     /* "X509" */
-&(nid_objs[184]),/* "X9-57" */
+184,    /* "X9-57" */
-&(nid_objs[185]),/* "X9cm" */
+185,    /* "X9cm" */
-&(nid_objs[125]),/* "ZLIB" */
+125,    /* "ZLIB" */
-&(nid_objs[478]),/* "aRecord" */
+478,    /* "aRecord" */
-&(nid_objs[289]),/* "aaControls" */
+289,    /* "aaControls" */
-&(nid_objs[287]),/* "ac-auditEntity" */
+287,    /* "ac-auditEntity" */
-&(nid_objs[397]),/* "ac-proxying" */
+397,    /* "ac-proxying" */
-&(nid_objs[288]),/* "ac-targeting" */
+288,    /* "ac-targeting" */
-&(nid_objs[368]),/* "acceptableResponses" */
+368,    /* "acceptableResponses" */
-&(nid_objs[446]),/* "account" */
+446,    /* "account" */
-&(nid_objs[363]),/* "ad_timestamping" */
+363,    /* "ad_timestamping" */
-&(nid_objs[376]),/* "algorithm" */
+376,    /* "algorithm" */
-&(nid_objs[405]),/* "ansi-X9-62" */
+405,    /* "ansi-X9-62" */
-&(nid_objs[746]),/* "anyPolicy" */
+746,    /* "anyPolicy" */
-&(nid_objs[370]),/* "archiveCutoff" */
+370,    /* "archiveCutoff" */
-&(nid_objs[484]),/* "associatedDomain" */
+484,    /* "associatedDomain" */
-&(nid_objs[485]),/* "associatedName" */
+485,    /* "associatedName" */
-&(nid_objs[501]),/* "audio" */
+501,    /* "audio" */
-&(nid_objs[177]),/* "authorityInfoAccess" */
+177,    /* "authorityInfoAccess" */
-&(nid_objs[90]),/* "authorityKeyIdentifier" */
+90,     /* "authorityKeyIdentifier" */
-&(nid_objs[87]),/* "basicConstraints" */
+882,    /* "authorityRevocationList" */
-&(nid_objs[365]),/* "basicOCSPResponse" */
+87,     /* "basicConstraints" */
-&(nid_objs[285]),/* "biometricInfo" */
+365,    /* "basicOCSPResponse" */
-&(nid_objs[494]),/* "buildingName" */
+285,    /* "biometricInfo" */
-&(nid_objs[691]),/* "c2onb191v4" */
+494,    /* "buildingName" */
-&(nid_objs[692]),/* "c2onb191v5" */
+860,    /* "businessCategory" */
-&(nid_objs[697]),/* "c2onb239v4" */
+691,    /* "c2onb191v4" */
-&(nid_objs[698]),/* "c2onb239v5" */
+692,    /* "c2onb191v5" */
-&(nid_objs[684]),/* "c2pnb163v1" */
+697,    /* "c2onb239v4" */
-&(nid_objs[685]),/* "c2pnb163v2" */
+698,    /* "c2onb239v5" */
-&(nid_objs[686]),/* "c2pnb163v3" */
+684,    /* "c2pnb163v1" */
-&(nid_objs[687]),/* "c2pnb176v1" */
+685,    /* "c2pnb163v2" */
-&(nid_objs[693]),/* "c2pnb208w1" */
+686,    /* "c2pnb163v3" */
-&(nid_objs[699]),/* "c2pnb272w1" */
+687,    /* "c2pnb176v1" */
-&(nid_objs[700]),/* "c2pnb304w1" */
+693,    /* "c2pnb208w1" */
-&(nid_objs[702]),/* "c2pnb368w1" */
+699,    /* "c2pnb272w1" */
-&(nid_objs[688]),/* "c2tnb191v1" */
+700,    /* "c2pnb304w1" */
-&(nid_objs[689]),/* "c2tnb191v2" */
+702,    /* "c2pnb368w1" */
-&(nid_objs[690]),/* "c2tnb191v3" */
+688,    /* "c2tnb191v1" */
-&(nid_objs[694]),/* "c2tnb239v1" */
+689,    /* "c2tnb191v2" */
-&(nid_objs[695]),/* "c2tnb239v2" */
+690,    /* "c2tnb191v3" */
-&(nid_objs[696]),/* "c2tnb239v3" */
+694,    /* "c2tnb239v1" */
-&(nid_objs[701]),/* "c2tnb359v1" */
+695,    /* "c2tnb239v2" */
-&(nid_objs[703]),/* "c2tnb431r1" */
+696,    /* "c2tnb239v3" */
-&(nid_objs[483]),/* "cNAMERecord" */
+701,    /* "c2tnb359v1" */
-&(nid_objs[179]),/* "caIssuers" */
+703,    /* "c2tnb431r1" */
-&(nid_objs[785]),/* "caRepository" */
+881,    /* "cACertificate" */
-&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */
+483,    /* "cNAMERecord" */
-&(nid_objs[152]),/* "certBag" */
+179,    /* "caIssuers" */
-&(nid_objs[677]),/* "certicom-arc" */
+785,    /* "caRepository" */
-&(nid_objs[771]),/* "certificateIssuer" */
+443,    /* "caseIgnoreIA5StringSyntax" */
-&(nid_objs[89]),/* "certificatePolicies" */
+152,    /* "certBag" */
-&(nid_objs[54]),/* "challengePassword" */
+677,    /* "certicom-arc" */
-&(nid_objs[407]),/* "characteristic-two-field" */
+771,    /* "certificateIssuer" */
-&(nid_objs[395]),/* "clearance" */
+89,     /* "certificatePolicies" */
-&(nid_objs[130]),/* "clientAuth" */
+883,    /* "certificateRevocationList" */
-&(nid_objs[131]),/* "codeSigning" */
+54,     /* "challengePassword" */
-&(nid_objs[50]),/* "contentType" */
+407,    /* "characteristic-two-field" */
-&(nid_objs[53]),/* "countersignature" */
+395,    /* "clearance" */
-&(nid_objs[153]),/* "crlBag" */
+130,    /* "clientAuth" */
-&(nid_objs[103]),/* "crlDistributionPoints" */
+131,    /* "codeSigning" */
-&(nid_objs[88]),/* "crlNumber" */
+50,     /* "contentType" */
-&(nid_objs[806]),/* "cryptocom" */
+53,     /* "countersignature" */
-&(nid_objs[805]),/* "cryptopro" */
+153,    /* "crlBag" */
-&(nid_objs[500]),/* "dITRedirect" */
+103,    /* "crlDistributionPoints" */
-&(nid_objs[451]),/* "dNSDomain" */
+88,     /* "crlNumber" */
-&(nid_objs[495]),/* "dSAQuality" */
+884,    /* "crossCertificatePair" */
-&(nid_objs[434]),/* "data" */
+806,    /* "cryptocom" */
-&(nid_objs[390]),/* "dcobject" */
+805,    /* "cryptopro" */
-&(nid_objs[140]),/* "deltaCRL" */
+500,    /* "dITRedirect" */
-&(nid_objs[107]),/* "description" */
+451,    /* "dNSDomain" */
-&(nid_objs[28]),/* "dhKeyAgreement" */
+495,    /* "dSAQuality" */
-&(nid_objs[382]),/* "directory" */
+434,    /* "data" */
-&(nid_objs[174]),/* "dnQualifier" */
+390,    /* "dcobject" */
-&(nid_objs[447]),/* "document" */
+140,    /* "deltaCRL" */
-&(nid_objs[471]),/* "documentAuthor" */
+891,    /* "deltaRevocationList" */
-&(nid_objs[468]),/* "documentIdentifier" */
+107,    /* "description" */
-&(nid_objs[472]),/* "documentLocation" */
+871,    /* "destinationIndicator" */
-&(nid_objs[502]),/* "documentPublisher" */
+28,     /* "dhKeyAgreement" */
-&(nid_objs[449]),/* "documentSeries" */
+382,    /* "directory" */
-&(nid_objs[469]),/* "documentTitle" */
+887,    /* "distinguishedName" */
-&(nid_objs[470]),/* "documentVersion" */
+892,    /* "dmdName" */
-&(nid_objs[392]),/* "domain" */
+174,    /* "dnQualifier" */
-&(nid_objs[452]),/* "domainRelatedObject" */
+447,    /* "document" */
-&(nid_objs[802]),/* "dsa_with_SHA224" */
+471,    /* "documentAuthor" */
-&(nid_objs[803]),/* "dsa_with_SHA256" */
+468,    /* "documentIdentifier" */
-&(nid_objs[791]),/* "ecdsa-with-Recommended" */
+472,    /* "documentLocation" */
-&(nid_objs[416]),/* "ecdsa-with-SHA1" */
+502,    /* "documentPublisher" */
-&(nid_objs[793]),/* "ecdsa-with-SHA224" */
+449,    /* "documentSeries" */
-&(nid_objs[794]),/* "ecdsa-with-SHA256" */
+469,    /* "documentTitle" */
-&(nid_objs[795]),/* "ecdsa-with-SHA384" */
+470,    /* "documentVersion" */
-&(nid_objs[796]),/* "ecdsa-with-SHA512" */
+392,    /* "domain" */
-&(nid_objs[792]),/* "ecdsa-with-Specified" */
+452,    /* "domainRelatedObject" */
-&(nid_objs[48]),/* "emailAddress" */
+802,    /* "dsa_with_SHA224" */
-&(nid_objs[132]),/* "emailProtection" */
+803,    /* "dsa_with_SHA256" */
-&(nid_objs[389]),/* "enterprises" */
+791,    /* "ecdsa-with-Recommended" */
-&(nid_objs[384]),/* "experimental" */
+416,    /* "ecdsa-with-SHA1" */
-&(nid_objs[172]),/* "extReq" */
+793,    /* "ecdsa-with-SHA224" */
-&(nid_objs[56]),/* "extendedCertificateAttributes" */
+794,    /* "ecdsa-with-SHA256" */
-&(nid_objs[126]),/* "extendedKeyUsage" */
+795,    /* "ecdsa-with-SHA384" */
-&(nid_objs[372]),/* "extendedStatus" */
+796,    /* "ecdsa-with-SHA512" */
-&(nid_objs[462]),/* "favouriteDrink" */
+792,    /* "ecdsa-with-Specified" */
-&(nid_objs[857]),/* "freshestCRL" */
+48,     /* "emailAddress" */
-&(nid_objs[453]),/* "friendlyCountry" */
+132,    /* "emailProtection" */
-&(nid_objs[490]),/* "friendlyCountryName" */
+885,    /* "enhancedSearchGuide" */
-&(nid_objs[156]),/* "friendlyName" */
+389,    /* "enterprises" */
-&(nid_objs[509]),/* "generationQualifier" */
+384,    /* "experimental" */
-&(nid_objs[815]),/* "gost-mac" */
+172,    /* "extReq" */
-&(nid_objs[811]),/* "gost2001" */
+56,     /* "extendedCertificateAttributes" */
-&(nid_objs[851]),/* "gost2001cc" */
+126,    /* "extendedKeyUsage" */
-&(nid_objs[813]),/* "gost89" */
+372,    /* "extendedStatus" */
-&(nid_objs[814]),/* "gost89-cnt" */
+867,    /* "facsimileTelephoneNumber" */
-&(nid_objs[812]),/* "gost94" */
+462,    /* "favouriteDrink" */
-&(nid_objs[850]),/* "gost94cc" */
+857,    /* "freshestCRL" */
-&(nid_objs[797]),/* "hmacWithMD5" */
+453,    /* "friendlyCountry" */
-&(nid_objs[163]),/* "hmacWithSHA1" */
+490,    /* "friendlyCountryName" */
-&(nid_objs[798]),/* "hmacWithSHA224" */
+156,    /* "friendlyName" */
-&(nid_objs[799]),/* "hmacWithSHA256" */
+509,    /* "generationQualifier" */
-&(nid_objs[800]),/* "hmacWithSHA384" */
+815,    /* "gost-mac" */
-&(nid_objs[801]),/* "hmacWithSHA512" */
+811,    /* "gost2001" */
-&(nid_objs[432]),/* "holdInstructionCallIssuer" */
+851,    /* "gost2001cc" */
-&(nid_objs[430]),/* "holdInstructionCode" */
+813,    /* "gost89" */
-&(nid_objs[431]),/* "holdInstructionNone" */
+814,    /* "gost89-cnt" */
-&(nid_objs[433]),/* "holdInstructionReject" */
+812,    /* "gost94" */
-&(nid_objs[486]),/* "homePostalAddress" */
+850,    /* "gost94cc" */
-&(nid_objs[473]),/* "homeTelephoneNumber" */
+797,    /* "hmacWithMD5" */
-&(nid_objs[466]),/* "host" */
+163,    /* "hmacWithSHA1" */
-&(nid_objs[442]),/* "iA5StringSyntax" */
+798,    /* "hmacWithSHA224" */
-&(nid_objs[783]),/* "id-DHBasedMac" */
+799,    /* "hmacWithSHA256" */
-&(nid_objs[824]),/* "id-Gost28147-89-CryptoPro-A-ParamSet" */
+800,    /* "hmacWithSHA384" */
-&(nid_objs[825]),/* "id-Gost28147-89-CryptoPro-B-ParamSet" */
+801,    /* "hmacWithSHA512" */
-&(nid_objs[826]),/* "id-Gost28147-89-CryptoPro-C-ParamSet" */
+432,    /* "holdInstructionCallIssuer" */
-&(nid_objs[827]),/* "id-Gost28147-89-CryptoPro-D-ParamSet" */
+430,    /* "holdInstructionCode" */
-&(nid_objs[819]),/* "id-Gost28147-89-CryptoPro-KeyMeshing" */
+431,    /* "holdInstructionNone" */
-&(nid_objs[829]),/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
+433,    /* "holdInstructionReject" */
-&(nid_objs[828]),/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
+486,    /* "homePostalAddress" */
-&(nid_objs[830]),/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
+473,    /* "homeTelephoneNumber" */
-&(nid_objs[820]),/* "id-Gost28147-89-None-KeyMeshing" */
+466,    /* "host" */
-&(nid_objs[823]),/* "id-Gost28147-89-TestParamSet" */
+889,    /* "houseIdentifier" */
-&(nid_objs[849]),/* "id-Gost28147-89-cc" */
+442,    /* "iA5StringSyntax" */
-&(nid_objs[840]),/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
+783,    /* "id-DHBasedMac" */
-&(nid_objs[841]),/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
+824,    /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
-&(nid_objs[842]),/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
+825,    /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
-&(nid_objs[843]),/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
+826,    /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
-&(nid_objs[844]),/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
+827,    /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
-&(nid_objs[854]),/* "id-GostR3410-2001-ParamSet-cc" */
+819,    /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
-&(nid_objs[839]),/* "id-GostR3410-2001-TestParamSet" */
+829,    /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
-&(nid_objs[817]),/* "id-GostR3410-2001DH" */
+828,    /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
-&(nid_objs[832]),/* "id-GostR3410-94-CryptoPro-A-ParamSet" */
+830,    /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
-&(nid_objs[833]),/* "id-GostR3410-94-CryptoPro-B-ParamSet" */
+820,    /* "id-Gost28147-89-None-KeyMeshing" */
-&(nid_objs[834]),/* "id-GostR3410-94-CryptoPro-C-ParamSet" */
+823,    /* "id-Gost28147-89-TestParamSet" */
-&(nid_objs[835]),/* "id-GostR3410-94-CryptoPro-D-ParamSet" */
+849,    /* "id-Gost28147-89-cc" */
-&(nid_objs[836]),/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
+840,    /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
-&(nid_objs[837]),/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
+841,    /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
-&(nid_objs[838]),/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
+842,    /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
-&(nid_objs[831]),/* "id-GostR3410-94-TestParamSet" */
+843,    /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
-&(nid_objs[845]),/* "id-GostR3410-94-a" */
+844,    /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
-&(nid_objs[846]),/* "id-GostR3410-94-aBis" */
+854,    /* "id-GostR3410-2001-ParamSet-cc" */
-&(nid_objs[847]),/* "id-GostR3410-94-b" */
+839,    /* "id-GostR3410-2001-TestParamSet" */
-&(nid_objs[848]),/* "id-GostR3410-94-bBis" */
+817,    /* "id-GostR3410-2001DH" */
-&(nid_objs[818]),/* "id-GostR3410-94DH" */
+832,    /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
-&(nid_objs[822]),/* "id-GostR3411-94-CryptoProParamSet" */
+833,    /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
-&(nid_objs[821]),/* "id-GostR3411-94-TestParamSet" */
+834,    /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
-&(nid_objs[807]),/* "id-GostR3411-94-with-GostR3410-2001" */
+835,    /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
-&(nid_objs[853]),/* "id-GostR3411-94-with-GostR3410-2001-cc" */
+836,    /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
-&(nid_objs[808]),/* "id-GostR3411-94-with-GostR3410-94" */
+837,    /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
-&(nid_objs[852]),/* "id-GostR3411-94-with-GostR3410-94-cc" */
+838,    /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
-&(nid_objs[810]),/* "id-HMACGostR3411-94" */
+831,    /* "id-GostR3410-94-TestParamSet" */
-&(nid_objs[782]),/* "id-PasswordBasedMAC" */
+845,    /* "id-GostR3410-94-a" */
-&(nid_objs[266]),/* "id-aca" */
+846,    /* "id-GostR3410-94-aBis" */
-&(nid_objs[355]),/* "id-aca-accessIdentity" */
+847,    /* "id-GostR3410-94-b" */
-&(nid_objs[354]),/* "id-aca-authenticationInfo" */
+848,    /* "id-GostR3410-94-bBis" */
-&(nid_objs[356]),/* "id-aca-chargingIdentity" */
+818,    /* "id-GostR3410-94DH" */
-&(nid_objs[399]),/* "id-aca-encAttrs" */
+822,    /* "id-GostR3411-94-CryptoProParamSet" */
-&(nid_objs[357]),/* "id-aca-group" */
+821,    /* "id-GostR3411-94-TestParamSet" */
-&(nid_objs[358]),/* "id-aca-role" */
+807,    /* "id-GostR3411-94-with-GostR3410-2001" */
-&(nid_objs[176]),/* "id-ad" */
+853,    /* "id-GostR3411-94-with-GostR3410-2001-cc" */
-&(nid_objs[788]),/* "id-aes128-wrap" */
+808,    /* "id-GostR3411-94-with-GostR3410-94" */
-&(nid_objs[789]),/* "id-aes192-wrap" */
+852,    /* "id-GostR3411-94-with-GostR3410-94-cc" */
-&(nid_objs[790]),/* "id-aes256-wrap" */
+810,    /* "id-HMACGostR3411-94" */
-&(nid_objs[262]),/* "id-alg" */
+782,    /* "id-PasswordBasedMAC" */
-&(nid_objs[323]),/* "id-alg-des40" */
+266,    /* "id-aca" */
-&(nid_objs[326]),/* "id-alg-dh-pop" */
+355,    /* "id-aca-accessIdentity" */
-&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */
+354,    /* "id-aca-authenticationInfo" */
-&(nid_objs[324]),/* "id-alg-noSignature" */
+356,    /* "id-aca-chargingIdentity" */
-&(nid_objs[268]),/* "id-cct" */
+399,    /* "id-aca-encAttrs" */
-&(nid_objs[361]),/* "id-cct-PKIData" */
+357,    /* "id-aca-group" */
-&(nid_objs[362]),/* "id-cct-PKIResponse" */
+358,    /* "id-aca-role" */
-&(nid_objs[360]),/* "id-cct-crs" */
+176,    /* "id-ad" */
-&(nid_objs[81]),/* "id-ce" */
+788,    /* "id-aes128-wrap" */
-&(nid_objs[680]),/* "id-characteristic-two-basis" */
+789,    /* "id-aes192-wrap" */
-&(nid_objs[263]),/* "id-cmc" */
+790,    /* "id-aes256-wrap" */
-&(nid_objs[334]),/* "id-cmc-addExtensions" */
+262,    /* "id-alg" */
-&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */
+323,    /* "id-alg-des40" */
-&(nid_objs[330]),/* "id-cmc-dataReturn" */
+326,    /* "id-alg-dh-pop" */
-&(nid_objs[336]),/* "id-cmc-decryptedPOP" */
+325,    /* "id-alg-dh-sig-hmac-sha1" */
-&(nid_objs[335]),/* "id-cmc-encryptedPOP" */
+324,    /* "id-alg-noSignature" */
-&(nid_objs[339]),/* "id-cmc-getCRL" */
+268,    /* "id-cct" */
-&(nid_objs[338]),/* "id-cmc-getCert" */
+361,    /* "id-cct-PKIData" */
-&(nid_objs[328]),/* "id-cmc-identification" */
+362,    /* "id-cct-PKIResponse" */
-&(nid_objs[329]),/* "id-cmc-identityProof" */
+360,    /* "id-cct-crs" */
-&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */
+81,     /* "id-ce" */
-&(nid_objs[344]),/* "id-cmc-popLinkRandom" */
+680,    /* "id-characteristic-two-basis" */
-&(nid_objs[345]),/* "id-cmc-popLinkWitness" */
+263,    /* "id-cmc" */
-&(nid_objs[343]),/* "id-cmc-queryPending" */
+334,    /* "id-cmc-addExtensions" */
-&(nid_objs[333]),/* "id-cmc-recipientNonce" */
+346,    /* "id-cmc-confirmCertAcceptance" */
-&(nid_objs[341]),/* "id-cmc-regInfo" */
+330,    /* "id-cmc-dataReturn" */
-&(nid_objs[342]),/* "id-cmc-responseInfo" */
+336,    /* "id-cmc-decryptedPOP" */
-&(nid_objs[340]),/* "id-cmc-revokeRequest" */
+335,    /* "id-cmc-encryptedPOP" */
-&(nid_objs[332]),/* "id-cmc-senderNonce" */
+339,    /* "id-cmc-getCRL" */
-&(nid_objs[327]),/* "id-cmc-statusInfo" */
+338,    /* "id-cmc-getCert" */
-&(nid_objs[331]),/* "id-cmc-transactionId" */
+328,    /* "id-cmc-identification" */
-&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */
+329,    /* "id-cmc-identityProof" */
-&(nid_objs[408]),/* "id-ecPublicKey" */
+337,    /* "id-cmc-lraPOPWitness" */
-&(nid_objs[508]),/* "id-hex-multipart-message" */
+344,    /* "id-cmc-popLinkRandom" */
-&(nid_objs[507]),/* "id-hex-partial-message" */
+345,    /* "id-cmc-popLinkWitness" */
-&(nid_objs[260]),/* "id-it" */
+343,    /* "id-cmc-queryPending" */
-&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */
+333,    /* "id-cmc-recipientNonce" */
-&(nid_objs[298]),/* "id-it-caProtEncCert" */
+341,    /* "id-cmc-regInfo" */
-&(nid_objs[311]),/* "id-it-confirmWaitTime" */
+342,    /* "id-cmc-responseInfo" */
-&(nid_objs[303]),/* "id-it-currentCRL" */
+340,    /* "id-cmc-revokeRequest" */
-&(nid_objs[300]),/* "id-it-encKeyPairTypes" */
+332,    /* "id-cmc-senderNonce" */
-&(nid_objs[310]),/* "id-it-implicitConfirm" */
+327,    /* "id-cmc-statusInfo" */
-&(nid_objs[308]),/* "id-it-keyPairParamRep" */
+331,    /* "id-cmc-transactionId" */
-&(nid_objs[307]),/* "id-it-keyPairParamReq" */
+787,    /* "id-ct-asciiTextWithCRLF" */
-&(nid_objs[312]),/* "id-it-origPKIMessage" */
+408,    /* "id-ecPublicKey" */
-&(nid_objs[301]),/* "id-it-preferredSymmAlg" */
+508,    /* "id-hex-multipart-message" */
-&(nid_objs[309]),/* "id-it-revPassphrase" */
+507,    /* "id-hex-partial-message" */
-&(nid_objs[299]),/* "id-it-signKeyPairTypes" */
+260,    /* "id-it" */
-&(nid_objs[305]),/* "id-it-subscriptionRequest" */
+302,    /* "id-it-caKeyUpdateInfo" */
-&(nid_objs[306]),/* "id-it-subscriptionResponse" */
+298,    /* "id-it-caProtEncCert" */
-&(nid_objs[784]),/* "id-it-suppLangTags" */
+311,    /* "id-it-confirmWaitTime" */
-&(nid_objs[304]),/* "id-it-unsupportedOIDs" */
+303,    /* "id-it-currentCRL" */
-&(nid_objs[128]),/* "id-kp" */
+300,    /* "id-it-encKeyPairTypes" */
-&(nid_objs[280]),/* "id-mod-attribute-cert" */
+310,    /* "id-it-implicitConfirm" */
-&(nid_objs[274]),/* "id-mod-cmc" */
+308,    /* "id-it-keyPairParamRep" */
-&(nid_objs[277]),/* "id-mod-cmp" */
+307,    /* "id-it-keyPairParamReq" */
-&(nid_objs[284]),/* "id-mod-cmp2000" */
+312,    /* "id-it-origPKIMessage" */
-&(nid_objs[273]),/* "id-mod-crmf" */
+301,    /* "id-it-preferredSymmAlg" */
-&(nid_objs[283]),/* "id-mod-dvcs" */
+309,    /* "id-it-revPassphrase" */
-&(nid_objs[275]),/* "id-mod-kea-profile-88" */
+299,    /* "id-it-signKeyPairTypes" */
-&(nid_objs[276]),/* "id-mod-kea-profile-93" */
+305,    /* "id-it-subscriptionRequest" */
-&(nid_objs[282]),/* "id-mod-ocsp" */
+306,    /* "id-it-subscriptionResponse" */
-&(nid_objs[278]),/* "id-mod-qualified-cert-88" */
+784,    /* "id-it-suppLangTags" */
-&(nid_objs[279]),/* "id-mod-qualified-cert-93" */
+304,    /* "id-it-unsupportedOIDs" */
-&(nid_objs[281]),/* "id-mod-timestamp-protocol" */
+128,    /* "id-kp" */
-&(nid_objs[264]),/* "id-on" */
+280,    /* "id-mod-attribute-cert" */
-&(nid_objs[858]),/* "id-on-permanentIdentifier" */
+274,    /* "id-mod-cmc" */
-&(nid_objs[347]),/* "id-on-personalData" */
+277,    /* "id-mod-cmp" */
-&(nid_objs[265]),/* "id-pda" */
+284,    /* "id-mod-cmp2000" */
-&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */
+273,    /* "id-mod-crmf" */
-&(nid_objs[353]),/* "id-pda-countryOfResidence" */
+283,    /* "id-mod-dvcs" */
-&(nid_objs[348]),/* "id-pda-dateOfBirth" */
+275,    /* "id-mod-kea-profile-88" */
-&(nid_objs[351]),/* "id-pda-gender" */
+276,    /* "id-mod-kea-profile-93" */
-&(nid_objs[349]),/* "id-pda-placeOfBirth" */
+282,    /* "id-mod-ocsp" */
-&(nid_objs[175]),/* "id-pe" */
+278,    /* "id-mod-qualified-cert-88" */
-&(nid_objs[261]),/* "id-pkip" */
+279,    /* "id-mod-qualified-cert-93" */
-&(nid_objs[258]),/* "id-pkix-mod" */
+281,    /* "id-mod-timestamp-protocol" */
-&(nid_objs[269]),/* "id-pkix1-explicit-88" */
+264,    /* "id-on" */
-&(nid_objs[271]),/* "id-pkix1-explicit-93" */
+858,    /* "id-on-permanentIdentifier" */
-&(nid_objs[270]),/* "id-pkix1-implicit-88" */
+347,    /* "id-on-personalData" */
-&(nid_objs[272]),/* "id-pkix1-implicit-93" */
+265,    /* "id-pda" */
-&(nid_objs[662]),/* "id-ppl" */
+352,    /* "id-pda-countryOfCitizenship" */
-&(nid_objs[664]),/* "id-ppl-anyLanguage" */
+353,    /* "id-pda-countryOfResidence" */
-&(nid_objs[667]),/* "id-ppl-independent" */
+348,    /* "id-pda-dateOfBirth" */
-&(nid_objs[665]),/* "id-ppl-inheritAll" */
+351,    /* "id-pda-gender" */
-&(nid_objs[267]),/* "id-qcs" */
+349,    /* "id-pda-placeOfBirth" */
-&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */
+175,    /* "id-pe" */
-&(nid_objs[259]),/* "id-qt" */
+261,    /* "id-pkip" */
-&(nid_objs[164]),/* "id-qt-cps" */
+258,    /* "id-pkix-mod" */
-&(nid_objs[165]),/* "id-qt-unotice" */
+269,    /* "id-pkix1-explicit-88" */
-&(nid_objs[313]),/* "id-regCtrl" */
+271,    /* "id-pkix1-explicit-93" */
-&(nid_objs[316]),/* "id-regCtrl-authenticator" */
+270,    /* "id-pkix1-implicit-88" */
-&(nid_objs[319]),/* "id-regCtrl-oldCertID" */
+272,    /* "id-pkix1-implicit-93" */
-&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */
+662,    /* "id-ppl" */
-&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */
+664,    /* "id-ppl-anyLanguage" */
-&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */
+667,    /* "id-ppl-independent" */
-&(nid_objs[315]),/* "id-regCtrl-regToken" */
+665,    /* "id-ppl-inheritAll" */
-&(nid_objs[314]),/* "id-regInfo" */
+267,    /* "id-qcs" */
-&(nid_objs[322]),/* "id-regInfo-certReq" */
+359,    /* "id-qcs-pkixQCSyntax-v1" */
-&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */
+259,    /* "id-qt" */
-&(nid_objs[512]),/* "id-set" */
+164,    /* "id-qt-cps" */
-&(nid_objs[191]),/* "id-smime-aa" */
+165,    /* "id-qt-unotice" */
-&(nid_objs[215]),/* "id-smime-aa-contentHint" */
+313,    /* "id-regCtrl" */
-&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */
+316,    /* "id-regCtrl-authenticator" */
-&(nid_objs[221]),/* "id-smime-aa-contentReference" */
+319,    /* "id-regCtrl-oldCertID" */
-&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */
+318,    /* "id-regCtrl-pkiArchiveOptions" */
-&(nid_objs[217]),/* "id-smime-aa-encapContentType" */
+317,    /* "id-regCtrl-pkiPublicationInfo" */
-&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */
+320,    /* "id-regCtrl-protocolEncrKey" */
-&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */
+315,    /* "id-regCtrl-regToken" */
-&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */
+314,    /* "id-regInfo" */
-&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */
+322,    /* "id-regInfo-certReq" */
-&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */
+321,    /* "id-regInfo-utf8Pairs" */
-&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */
+512,    /* "id-set" */
-&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */
+191,    /* "id-smime-aa" */
-&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */
+215,    /* "id-smime-aa-contentHint" */
-&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */
+218,    /* "id-smime-aa-contentIdentifier" */
-&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */
+221,    /* "id-smime-aa-contentReference" */
-&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */
+240,    /* "id-smime-aa-dvcs-dvc" */
-&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */
+217,    /* "id-smime-aa-encapContentType" */
-&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */
+222,    /* "id-smime-aa-encrypKeyPref" */
-&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */
+220,    /* "id-smime-aa-equivalentLabels" */
-&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */
+232,    /* "id-smime-aa-ets-CertificateRefs" */
-&(nid_objs[219]),/* "id-smime-aa-macValue" */
+233,    /* "id-smime-aa-ets-RevocationRefs" */
-&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */
+238,    /* "id-smime-aa-ets-archiveTimeStamp" */
-&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */
+237,    /* "id-smime-aa-ets-certCRLTimestamp" */
-&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */
+234,    /* "id-smime-aa-ets-certValues" */
-&(nid_objs[213]),/* "id-smime-aa-securityLabel" */
+227,    /* "id-smime-aa-ets-commitmentType" */
-&(nid_objs[239]),/* "id-smime-aa-signatureType" */
+231,    /* "id-smime-aa-ets-contentTimestamp" */
-&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */
+236,    /* "id-smime-aa-ets-escTimeStamp" */
-&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */
+230,    /* "id-smime-aa-ets-otherSigCert" */
-&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */
+235,    /* "id-smime-aa-ets-revocationValues" */
-&(nid_objs[192]),/* "id-smime-alg" */
+226,    /* "id-smime-aa-ets-sigPolicyId" */
-&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */
+229,    /* "id-smime-aa-ets-signerAttr" */
-&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */
+228,    /* "id-smime-aa-ets-signerLocation" */
-&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */
+219,    /* "id-smime-aa-macValue" */
-&(nid_objs[245]),/* "id-smime-alg-ESDH" */
+214,    /* "id-smime-aa-mlExpandHistory" */
-&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */
+216,    /* "id-smime-aa-msgSigDigest" */
-&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */
+212,    /* "id-smime-aa-receiptRequest" */
-&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */
+213,    /* "id-smime-aa-securityLabel" */
-&(nid_objs[193]),/* "id-smime-cd" */
+239,    /* "id-smime-aa-signatureType" */
-&(nid_objs[248]),/* "id-smime-cd-ldap" */
+223,    /* "id-smime-aa-signingCertificate" */
-&(nid_objs[190]),/* "id-smime-ct" */
+224,    /* "id-smime-aa-smimeEncryptCerts" */
-&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */
+225,    /* "id-smime-aa-timeStampToken" */
-&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */
+192,    /* "id-smime-alg" */
-&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
+243,    /* "id-smime-alg-3DESwrap" */
-&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
+246,    /* "id-smime-alg-CMS3DESwrap" */
-&(nid_objs[205]),/* "id-smime-ct-authData" */
+247,    /* "id-smime-alg-CMSRC2wrap" */
-&(nid_objs[786]),/* "id-smime-ct-compressedData" */
+245,    /* "id-smime-alg-ESDH" */
-&(nid_objs[209]),/* "id-smime-ct-contentInfo" */
+241,    /* "id-smime-alg-ESDHwith3DES" */
-&(nid_objs[206]),/* "id-smime-ct-publishCert" */
+242,    /* "id-smime-alg-ESDHwithRC2" */
-&(nid_objs[204]),/* "id-smime-ct-receipt" */
+244,    /* "id-smime-alg-RC2wrap" */
-&(nid_objs[195]),/* "id-smime-cti" */
+193,    /* "id-smime-cd" */
-&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */
+248,    /* "id-smime-cd-ldap" */
-&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */
+190,    /* "id-smime-ct" */
-&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */
+210,    /* "id-smime-ct-DVCSRequestData" */
-&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */
+211,    /* "id-smime-ct-DVCSResponseData" */
-&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */
+208,    /* "id-smime-ct-TDTInfo" */
-&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */
+207,    /* "id-smime-ct-TSTInfo" */
-&(nid_objs[189]),/* "id-smime-mod" */
+205,    /* "id-smime-ct-authData" */
-&(nid_objs[196]),/* "id-smime-mod-cms" */
+786,    /* "id-smime-ct-compressedData" */
-&(nid_objs[197]),/* "id-smime-mod-ess" */
+209,    /* "id-smime-ct-contentInfo" */
-&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */
+206,    /* "id-smime-ct-publishCert" */
-&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */
+204,    /* "id-smime-ct-receipt" */
-&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */
+195,    /* "id-smime-cti" */
-&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */
+255,    /* "id-smime-cti-ets-proofOfApproval" */
-&(nid_objs[199]),/* "id-smime-mod-msg-v3" */
+256,    /* "id-smime-cti-ets-proofOfCreation" */
-&(nid_objs[198]),/* "id-smime-mod-oid" */
+253,    /* "id-smime-cti-ets-proofOfDelivery" */
-&(nid_objs[194]),/* "id-smime-spq" */
+251,    /* "id-smime-cti-ets-proofOfOrigin" */
-&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */
+252,    /* "id-smime-cti-ets-proofOfReceipt" */
-&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
+254,    /* "id-smime-cti-ets-proofOfSender" */
-&(nid_objs[676]),/* "identified-organization" */
+189,    /* "id-smime-mod" */
-&(nid_objs[461]),/* "info" */
+196,    /* "id-smime-mod-cms" */
-&(nid_objs[748]),/* "inhibitAnyPolicy" */
+197,    /* "id-smime-mod-ess" */
-&(nid_objs[101]),/* "initials" */
+202,    /* "id-smime-mod-ets-eSigPolicy-88" */
-&(nid_objs[647]),/* "international-organizations" */
+203,    /* "id-smime-mod-ets-eSigPolicy-97" */
-&(nid_objs[142]),/* "invalidityDate" */
+200,    /* "id-smime-mod-ets-eSignature-88" */
-&(nid_objs[294]),/* "ipsecEndSystem" */
+201,    /* "id-smime-mod-ets-eSignature-97" */
-&(nid_objs[295]),/* "ipsecTunnel" */
+199,    /* "id-smime-mod-msg-v3" */
-&(nid_objs[296]),/* "ipsecUser" */
+198,    /* "id-smime-mod-oid" */
-&(nid_objs[86]),/* "issuerAltName" */
+194,    /* "id-smime-spq" */
-&(nid_objs[770]),/* "issuingDistributionPoint" */
+250,    /* "id-smime-spq-ets-sqt-unotice" */
-&(nid_objs[492]),/* "janetMailbox" */
+249,    /* "id-smime-spq-ets-sqt-uri" */
-&(nid_objs[150]),/* "keyBag" */
+676,    /* "identified-organization" */
-&(nid_objs[83]),/* "keyUsage" */
+461,    /* "info" */
-&(nid_objs[477]),/* "lastModifiedBy" */
+748,    /* "inhibitAnyPolicy" */
-&(nid_objs[476]),/* "lastModifiedTime" */
+101,    /* "initials" */
-&(nid_objs[157]),/* "localKeyID" */
+647,    /* "international-organizations" */
-&(nid_objs[480]),/* "mXRecord" */
+869,    /* "internationaliSDNNumber" */
-&(nid_objs[460]),/* "mail" */
+142,    /* "invalidityDate" */
-&(nid_objs[493]),/* "mailPreferenceOption" */
+294,    /* "ipsecEndSystem" */
-&(nid_objs[467]),/* "manager" */
+295,    /* "ipsecTunnel" */
-&(nid_objs[809]),/* "md_gost94" */
+296,    /* "ipsecUser" */
-&(nid_objs[182]),/* "member-body" */
+86,     /* "issuerAltName" */
-&(nid_objs[51]),/* "messageDigest" */
+770,    /* "issuingDistributionPoint" */
-&(nid_objs[383]),/* "mgmt" */
+492,    /* "janetMailbox" */
-&(nid_objs[504]),/* "mime-mhs" */
+150,    /* "keyBag" */
-&(nid_objs[506]),/* "mime-mhs-bodies" */
+83,     /* "keyUsage" */
-&(nid_objs[505]),/* "mime-mhs-headings" */
+477,    /* "lastModifiedBy" */
-&(nid_objs[488]),/* "mobileTelephoneNumber" */
+476,    /* "lastModifiedTime" */
-&(nid_objs[136]),/* "msCTLSign" */
+157,    /* "localKeyID" */
-&(nid_objs[135]),/* "msCodeCom" */
+480,    /* "mXRecord" */
-&(nid_objs[134]),/* "msCodeInd" */
+460,    /* "mail" */
-&(nid_objs[138]),/* "msEFS" */
+493,    /* "mailPreferenceOption" */
-&(nid_objs[171]),/* "msExtReq" */
+467,    /* "manager" */
-&(nid_objs[137]),/* "msSGC" */
+809,    /* "md_gost94" */
-&(nid_objs[648]),/* "msSmartcardLogin" */
+875,    /* "member" */
-&(nid_objs[649]),/* "msUPN" */
+182,    /* "member-body" */
-&(nid_objs[481]),/* "nSRecord" */
+51,     /* "messageDigest" */
-&(nid_objs[173]),/* "name" */
+383,    /* "mgmt" */
-&(nid_objs[666]),/* "nameConstraints" */
+504,    /* "mime-mhs" */
-&(nid_objs[369]),/* "noCheck" */
+506,    /* "mime-mhs-bodies" */
-&(nid_objs[403]),/* "noRevAvail" */
+505,    /* "mime-mhs-headings" */
-&(nid_objs[72]),/* "nsBaseUrl" */
+488,    /* "mobileTelephoneNumber" */
-&(nid_objs[76]),/* "nsCaPolicyUrl" */
+136,    /* "msCTLSign" */
-&(nid_objs[74]),/* "nsCaRevocationUrl" */
+135,    /* "msCodeCom" */
-&(nid_objs[58]),/* "nsCertExt" */
+134,    /* "msCodeInd" */
-&(nid_objs[79]),/* "nsCertSequence" */
+138,    /* "msEFS" */
-&(nid_objs[71]),/* "nsCertType" */
+171,    /* "msExtReq" */
-&(nid_objs[78]),/* "nsComment" */
+137,    /* "msSGC" */
-&(nid_objs[59]),/* "nsDataType" */
+648,    /* "msSmartcardLogin" */
-&(nid_objs[75]),/* "nsRenewalUrl" */
+649,    /* "msUPN" */
-&(nid_objs[73]),/* "nsRevocationUrl" */
+481,    /* "nSRecord" */
-&(nid_objs[139]),/* "nsSGC" */
+173,    /* "name" */
-&(nid_objs[77]),/* "nsSslServerName" */
+666,    /* "nameConstraints" */
-&(nid_objs[681]),/* "onBasis" */
+369,    /* "noCheck" */
-&(nid_objs[491]),/* "organizationalStatus" */
+403,    /* "noRevAvail" */
-&(nid_objs[475]),/* "otherMailbox" */
+72,     /* "nsBaseUrl" */
-&(nid_objs[489]),/* "pagerTelephoneNumber" */
+76,     /* "nsCaPolicyUrl" */
-&(nid_objs[374]),/* "path" */
+74,     /* "nsCaRevocationUrl" */
-&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
+58,     /* "nsCertExt" */
-&(nid_objs[499]),/* "personalSignature" */
+79,     /* "nsCertSequence" */
-&(nid_objs[487]),/* "personalTitle" */
+71,     /* "nsCertType" */
-&(nid_objs[464]),/* "photo" */
+78,     /* "nsComment" */
-&(nid_objs[437]),/* "pilot" */
+59,     /* "nsDataType" */
-&(nid_objs[439]),/* "pilotAttributeSyntax" */
+75,     /* "nsRenewalUrl" */
-&(nid_objs[438]),/* "pilotAttributeType" */
+73,     /* "nsRevocationUrl" */
-&(nid_objs[479]),/* "pilotAttributeType27" */
+139,    /* "nsSGC" */
-&(nid_objs[456]),/* "pilotDSA" */
+77,     /* "nsSslServerName" */
-&(nid_objs[441]),/* "pilotGroups" */
+681,    /* "onBasis" */
-&(nid_objs[444]),/* "pilotObject" */
+491,    /* "organizationalStatus" */
-&(nid_objs[440]),/* "pilotObjectClass" */
+475,    /* "otherMailbox" */
-&(nid_objs[455]),/* "pilotOrganization" */
+876,    /* "owner" */
-&(nid_objs[445]),/* "pilotPerson" */
+489,    /* "pagerTelephoneNumber" */
-&(nid_objs[ 2]),/* "pkcs" */
+374,    /* "path" */
-&(nid_objs[186]),/* "pkcs1" */
+112,    /* "pbeWithMD5AndCast5CBC" */
-&(nid_objs[27]),/* "pkcs3" */
+499,    /* "personalSignature" */
-&(nid_objs[187]),/* "pkcs5" */
+487,    /* "personalTitle" */
-&(nid_objs[20]),/* "pkcs7" */
+464,    /* "photo" */
-&(nid_objs[21]),/* "pkcs7-data" */
+863,    /* "physicalDeliveryOfficeName" */
-&(nid_objs[25]),/* "pkcs7-digestData" */
+437,    /* "pilot" */
-&(nid_objs[26]),/* "pkcs7-encryptedData" */
+439,    /* "pilotAttributeSyntax" */
-&(nid_objs[23]),/* "pkcs7-envelopedData" */
+438,    /* "pilotAttributeType" */
-&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
+479,    /* "pilotAttributeType27" */
-&(nid_objs[22]),/* "pkcs7-signedData" */
+456,    /* "pilotDSA" */
-&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
+441,    /* "pilotGroups" */
-&(nid_objs[47]),/* "pkcs9" */
+444,    /* "pilotObject" */
-&(nid_objs[401]),/* "policyConstraints" */
+440,    /* "pilotObjectClass" */
-&(nid_objs[747]),/* "policyMappings" */
+455,    /* "pilotOrganization" */
-&(nid_objs[661]),/* "postalCode" */
+445,    /* "pilotPerson" */
-&(nid_objs[683]),/* "ppBasis" */
+ 2,     /* "pkcs" */
-&(nid_objs[816]),/* "prf-gostr3411-94" */
+186,    /* "pkcs1" */
-&(nid_objs[406]),/* "prime-field" */
+27,     /* "pkcs3" */
-&(nid_objs[409]),/* "prime192v1" */
+187,    /* "pkcs5" */
-&(nid_objs[410]),/* "prime192v2" */
+20,     /* "pkcs7" */
-&(nid_objs[411]),/* "prime192v3" */
+21,     /* "pkcs7-data" */
-&(nid_objs[412]),/* "prime239v1" */
+25,     /* "pkcs7-digestData" */
-&(nid_objs[413]),/* "prime239v2" */
+26,     /* "pkcs7-encryptedData" */
-&(nid_objs[414]),/* "prime239v3" */
+23,     /* "pkcs7-envelopedData" */
-&(nid_objs[415]),/* "prime256v1" */
+24,     /* "pkcs7-signedAndEnvelopedData" */
-&(nid_objs[385]),/* "private" */
+22,     /* "pkcs7-signedData" */
-&(nid_objs[84]),/* "privateKeyUsagePeriod" */
+151,    /* "pkcs8ShroudedKeyBag" */
-&(nid_objs[663]),/* "proxyCertInfo" */
+47,     /* "pkcs9" */
-&(nid_objs[510]),/* "pseudonym" */
+401,    /* "policyConstraints" */
-&(nid_objs[435]),/* "pss" */
+747,    /* "policyMappings" */
-&(nid_objs[286]),/* "qcStatements" */
+862,    /* "postOfficeBox" */
-&(nid_objs[457]),/* "qualityLabelledData" */
+861,    /* "postalAddress" */
-&(nid_objs[450]),/* "rFC822localPart" */
+661,    /* "postalCode" */
-&(nid_objs[400]),/* "role" */
+683,    /* "ppBasis" */
-&(nid_objs[448]),/* "room" */
+872,    /* "preferredDeliveryMethod" */
-&(nid_objs[463]),/* "roomNumber" */
+873,    /* "presentationAddress" */
-&(nid_objs[ 6]),/* "rsaEncryption" */
+816,    /* "prf-gostr3411-94" */
-&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */
+406,    /* "prime-field" */
-&(nid_objs[377]),/* "rsaSignature" */
+409,    /* "prime192v1" */
-&(nid_objs[ 1]),/* "rsadsi" */
+410,    /* "prime192v2" */
-&(nid_objs[482]),/* "sOARecord" */
+411,    /* "prime192v3" */
-&(nid_objs[155]),/* "safeContentsBag" */
+412,    /* "prime239v1" */
-&(nid_objs[291]),/* "sbgp-autonomousSysNum" */
+413,    /* "prime239v2" */
-&(nid_objs[290]),/* "sbgp-ipAddrBlock" */
+414,    /* "prime239v3" */
-&(nid_objs[292]),/* "sbgp-routerIdentifier" */
+415,    /* "prime256v1" */
-&(nid_objs[159]),/* "sdsiCertificate" */
+385,    /* "private" */
-&(nid_objs[704]),/* "secp112r1" */
+84,     /* "privateKeyUsagePeriod" */
-&(nid_objs[705]),/* "secp112r2" */
+886,    /* "protocolInformation" */
-&(nid_objs[706]),/* "secp128r1" */
+663,    /* "proxyCertInfo" */
-&(nid_objs[707]),/* "secp128r2" */
+510,    /* "pseudonym" */
-&(nid_objs[708]),/* "secp160k1" */
+435,    /* "pss" */
-&(nid_objs[709]),/* "secp160r1" */
+286,    /* "qcStatements" */
-&(nid_objs[710]),/* "secp160r2" */
+457,    /* "qualityLabelledData" */
-&(nid_objs[711]),/* "secp192k1" */
+450,    /* "rFC822localPart" */
-&(nid_objs[712]),/* "secp224k1" */
+870,    /* "registeredAddress" */
-&(nid_objs[713]),/* "secp224r1" */
+400,    /* "role" */
-&(nid_objs[714]),/* "secp256k1" */
+877,    /* "roleOccupant" */
-&(nid_objs[715]),/* "secp384r1" */
+448,    /* "room" */
-&(nid_objs[716]),/* "secp521r1" */
+463,    /* "roomNumber" */
-&(nid_objs[154]),/* "secretBag" */
+ 6,     /* "rsaEncryption" */
-&(nid_objs[474]),/* "secretary" */
+644,    /* "rsaOAEPEncryptionSET" */
-&(nid_objs[717]),/* "sect113r1" */
+377,    /* "rsaSignature" */
-&(nid_objs[718]),/* "sect113r2" */
+ 1,     /* "rsadsi" */
-&(nid_objs[719]),/* "sect131r1" */
+482,    /* "sOARecord" */
-&(nid_objs[720]),/* "sect131r2" */
+155,    /* "safeContentsBag" */
-&(nid_objs[721]),/* "sect163k1" */
+291,    /* "sbgp-autonomousSysNum" */
-&(nid_objs[722]),/* "sect163r1" */
+290,    /* "sbgp-ipAddrBlock" */
-&(nid_objs[723]),/* "sect163r2" */
+292,    /* "sbgp-routerIdentifier" */
-&(nid_objs[724]),/* "sect193r1" */
+159,    /* "sdsiCertificate" */
-&(nid_objs[725]),/* "sect193r2" */
+859,    /* "searchGuide" */
-&(nid_objs[726]),/* "sect233k1" */
+704,    /* "secp112r1" */
-&(nid_objs[727]),/* "sect233r1" */
+705,    /* "secp112r2" */
-&(nid_objs[728]),/* "sect239k1" */
+706,    /* "secp128r1" */
-&(nid_objs[729]),/* "sect283k1" */
+707,    /* "secp128r2" */
-&(nid_objs[730]),/* "sect283r1" */
+708,    /* "secp160k1" */
-&(nid_objs[731]),/* "sect409k1" */
+709,    /* "secp160r1" */
-&(nid_objs[732]),/* "sect409r1" */
+710,    /* "secp160r2" */
-&(nid_objs[733]),/* "sect571k1" */
+711,    /* "secp192k1" */
-&(nid_objs[734]),/* "sect571r1" */
+712,    /* "secp224k1" */
-&(nid_objs[386]),/* "security" */
+713,    /* "secp224r1" */
-&(nid_objs[394]),/* "selected-attribute-types" */
+714,    /* "secp256k1" */
-&(nid_objs[105]),/* "serialNumber" */
+715,    /* "secp384r1" */
-&(nid_objs[129]),/* "serverAuth" */
+716,    /* "secp521r1" */
-&(nid_objs[371]),/* "serviceLocator" */
+154,    /* "secretBag" */
-&(nid_objs[625]),/* "set-addPolicy" */
+474,    /* "secretary" */
-&(nid_objs[515]),/* "set-attr" */
+717,    /* "sect113r1" */
-&(nid_objs[518]),/* "set-brand" */
+718,    /* "sect113r2" */
-&(nid_objs[638]),/* "set-brand-AmericanExpress" */
+719,    /* "sect131r1" */
-&(nid_objs[637]),/* "set-brand-Diners" */
+720,    /* "sect131r2" */
-&(nid_objs[636]),/* "set-brand-IATA-ATA" */
+721,    /* "sect163k1" */
-&(nid_objs[639]),/* "set-brand-JCB" */
+722,    /* "sect163r1" */
-&(nid_objs[641]),/* "set-brand-MasterCard" */
+723,    /* "sect163r2" */
-&(nid_objs[642]),/* "set-brand-Novus" */
+724,    /* "sect193r1" */
-&(nid_objs[640]),/* "set-brand-Visa" */
+725,    /* "sect193r2" */
-&(nid_objs[517]),/* "set-certExt" */
+726,    /* "sect233k1" */
-&(nid_objs[513]),/* "set-ctype" */
+727,    /* "sect233r1" */
-&(nid_objs[514]),/* "set-msgExt" */
+728,    /* "sect239k1" */
-&(nid_objs[516]),/* "set-policy" */
+729,    /* "sect283k1" */
-&(nid_objs[607]),/* "set-policy-root" */
+730,    /* "sect283r1" */
-&(nid_objs[624]),/* "set-rootKeyThumb" */
+731,    /* "sect409k1" */
-&(nid_objs[620]),/* "setAttr-Cert" */
+732,    /* "sect409r1" */
-&(nid_objs[631]),/* "setAttr-GenCryptgrm" */
+733,    /* "sect571k1" */
-&(nid_objs[623]),/* "setAttr-IssCap" */
+734,    /* "sect571r1" */
-&(nid_objs[628]),/* "setAttr-IssCap-CVM" */
+386,    /* "security" */
-&(nid_objs[630]),/* "setAttr-IssCap-Sig" */
+878,    /* "seeAlso" */
-&(nid_objs[629]),/* "setAttr-IssCap-T2" */
+394,    /* "selected-attribute-types" */
-&(nid_objs[621]),/* "setAttr-PGWYcap" */
+105,    /* "serialNumber" */
-&(nid_objs[635]),/* "setAttr-SecDevSig" */
+129,    /* "serverAuth" */
-&(nid_objs[632]),/* "setAttr-T2Enc" */
+371,    /* "serviceLocator" */
-&(nid_objs[633]),/* "setAttr-T2cleartxt" */
+625,    /* "set-addPolicy" */
-&(nid_objs[634]),/* "setAttr-TokICCsig" */
+515,    /* "set-attr" */
-&(nid_objs[627]),/* "setAttr-Token-B0Prime" */
+518,    /* "set-brand" */
-&(nid_objs[626]),/* "setAttr-Token-EMV" */
+638,    /* "set-brand-AmericanExpress" */
-&(nid_objs[622]),/* "setAttr-TokenType" */
+637,    /* "set-brand-Diners" */
-&(nid_objs[619]),/* "setCext-IssuerCapabilities" */
+636,    /* "set-brand-IATA-ATA" */
-&(nid_objs[615]),/* "setCext-PGWYcapabilities" */
+639,    /* "set-brand-JCB" */
-&(nid_objs[616]),/* "setCext-TokenIdentifier" */
+641,    /* "set-brand-MasterCard" */
-&(nid_objs[618]),/* "setCext-TokenType" */
+642,    /* "set-brand-Novus" */
-&(nid_objs[617]),/* "setCext-Track2Data" */
+640,    /* "set-brand-Visa" */
-&(nid_objs[611]),/* "setCext-cCertRequired" */
+517,    /* "set-certExt" */
-&(nid_objs[609]),/* "setCext-certType" */
+513,    /* "set-ctype" */
-&(nid_objs[608]),/* "setCext-hashedRoot" */
+514,    /* "set-msgExt" */
-&(nid_objs[610]),/* "setCext-merchData" */
+516,    /* "set-policy" */
-&(nid_objs[613]),/* "setCext-setExt" */
+607,    /* "set-policy-root" */
-&(nid_objs[614]),/* "setCext-setQualf" */
+624,    /* "set-rootKeyThumb" */
-&(nid_objs[612]),/* "setCext-tunneling" */
+620,    /* "setAttr-Cert" */
-&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */
+631,    /* "setAttr-GenCryptgrm" */
-&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */
+623,    /* "setAttr-IssCap" */
-&(nid_objs[570]),/* "setct-AuthReqTBE" */
+628,    /* "setAttr-IssCap-CVM" */
-&(nid_objs[534]),/* "setct-AuthReqTBS" */
+630,    /* "setAttr-IssCap-Sig" */
-&(nid_objs[527]),/* "setct-AuthResBaggage" */
+629,    /* "setAttr-IssCap-T2" */
-&(nid_objs[571]),/* "setct-AuthResTBE" */
+621,    /* "setAttr-PGWYcap" */
-&(nid_objs[572]),/* "setct-AuthResTBEX" */
+635,    /* "setAttr-SecDevSig" */
-&(nid_objs[535]),/* "setct-AuthResTBS" */
+632,    /* "setAttr-T2Enc" */
-&(nid_objs[536]),/* "setct-AuthResTBSX" */
+633,    /* "setAttr-T2cleartxt" */
-&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */
+634,    /* "setAttr-TokICCsig" */
-&(nid_objs[577]),/* "setct-AuthRevReqTBE" */
+627,    /* "setAttr-Token-B0Prime" */
-&(nid_objs[541]),/* "setct-AuthRevReqTBS" */
+626,    /* "setAttr-Token-EMV" */
-&(nid_objs[529]),/* "setct-AuthRevResBaggage" */
+622,    /* "setAttr-TokenType" */
-&(nid_objs[542]),/* "setct-AuthRevResData" */
+619,    /* "setCext-IssuerCapabilities" */
-&(nid_objs[578]),/* "setct-AuthRevResTBE" */
+615,    /* "setCext-PGWYcapabilities" */
-&(nid_objs[579]),/* "setct-AuthRevResTBEB" */
+616,    /* "setCext-TokenIdentifier" */
-&(nid_objs[543]),/* "setct-AuthRevResTBS" */
+618,    /* "setCext-TokenType" */
-&(nid_objs[573]),/* "setct-AuthTokenTBE" */
+617,    /* "setCext-Track2Data" */
-&(nid_objs[537]),/* "setct-AuthTokenTBS" */
+611,    /* "setCext-cCertRequired" */
-&(nid_objs[600]),/* "setct-BCIDistributionTBS" */
+609,    /* "setCext-certType" */
-&(nid_objs[558]),/* "setct-BatchAdminReqData" */
+608,    /* "setCext-hashedRoot" */
-&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */
+610,    /* "setCext-merchData" */
-&(nid_objs[559]),/* "setct-BatchAdminResData" */
+613,    /* "setCext-setExt" */
-&(nid_objs[593]),/* "setct-BatchAdminResTBE" */
+614,    /* "setCext-setQualf" */
-&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */
+612,    /* "setCext-tunneling" */
-&(nid_objs[598]),/* "setct-CRLNotificationTBS" */
+540,    /* "setct-AcqCardCodeMsg" */
-&(nid_objs[580]),/* "setct-CapReqTBE" */
+576,    /* "setct-AcqCardCodeMsgTBE" */
-&(nid_objs[581]),/* "setct-CapReqTBEX" */
+570,    /* "setct-AuthReqTBE" */
-&(nid_objs[544]),/* "setct-CapReqTBS" */
+534,    /* "setct-AuthReqTBS" */
-&(nid_objs[545]),/* "setct-CapReqTBSX" */
+527,    /* "setct-AuthResBaggage" */
-&(nid_objs[546]),/* "setct-CapResData" */
+571,    /* "setct-AuthResTBE" */
-&(nid_objs[582]),/* "setct-CapResTBE" */
+572,    /* "setct-AuthResTBEX" */
-&(nid_objs[583]),/* "setct-CapRevReqTBE" */
+535,    /* "setct-AuthResTBS" */
-&(nid_objs[584]),/* "setct-CapRevReqTBEX" */
+536,    /* "setct-AuthResTBSX" */
-&(nid_objs[547]),/* "setct-CapRevReqTBS" */
+528,    /* "setct-AuthRevReqBaggage" */
-&(nid_objs[548]),/* "setct-CapRevReqTBSX" */
+577,    /* "setct-AuthRevReqTBE" */
-&(nid_objs[549]),/* "setct-CapRevResData" */
+541,    /* "setct-AuthRevReqTBS" */
-&(nid_objs[585]),/* "setct-CapRevResTBE" */
+529,    /* "setct-AuthRevResBaggage" */
-&(nid_objs[538]),/* "setct-CapTokenData" */
+542,    /* "setct-AuthRevResData" */
-&(nid_objs[530]),/* "setct-CapTokenSeq" */
+578,    /* "setct-AuthRevResTBE" */
-&(nid_objs[574]),/* "setct-CapTokenTBE" */
+579,    /* "setct-AuthRevResTBEB" */
-&(nid_objs[575]),/* "setct-CapTokenTBEX" */
+543,    /* "setct-AuthRevResTBS" */
-&(nid_objs[539]),/* "setct-CapTokenTBS" */
+573,    /* "setct-AuthTokenTBE" */
-&(nid_objs[560]),/* "setct-CardCInitResTBS" */
+537,    /* "setct-AuthTokenTBS" */
-&(nid_objs[566]),/* "setct-CertInqReqTBS" */
+600,    /* "setct-BCIDistributionTBS" */
-&(nid_objs[563]),/* "setct-CertReqData" */
+558,    /* "setct-BatchAdminReqData" */
-&(nid_objs[595]),/* "setct-CertReqTBE" */
+592,    /* "setct-BatchAdminReqTBE" */
-&(nid_objs[596]),/* "setct-CertReqTBEX" */
+559,    /* "setct-BatchAdminResData" */
-&(nid_objs[564]),/* "setct-CertReqTBS" */
+593,    /* "setct-BatchAdminResTBE" */
-&(nid_objs[565]),/* "setct-CertResData" */
+599,    /* "setct-CRLNotificationResTBS" */
-&(nid_objs[597]),/* "setct-CertResTBE" */
+598,    /* "setct-CRLNotificationTBS" */
-&(nid_objs[586]),/* "setct-CredReqTBE" */
+580,    /* "setct-CapReqTBE" */
-&(nid_objs[587]),/* "setct-CredReqTBEX" */
+581,    /* "setct-CapReqTBEX" */
-&(nid_objs[550]),/* "setct-CredReqTBS" */
+544,    /* "setct-CapReqTBS" */
-&(nid_objs[551]),/* "setct-CredReqTBSX" */
+545,    /* "setct-CapReqTBSX" */
-&(nid_objs[552]),/* "setct-CredResData" */
+546,    /* "setct-CapResData" */
-&(nid_objs[588]),/* "setct-CredResTBE" */
+582,    /* "setct-CapResTBE" */
-&(nid_objs[589]),/* "setct-CredRevReqTBE" */
+583,    /* "setct-CapRevReqTBE" */
-&(nid_objs[590]),/* "setct-CredRevReqTBEX" */
+584,    /* "setct-CapRevReqTBEX" */
-&(nid_objs[553]),/* "setct-CredRevReqTBS" */
+547,    /* "setct-CapRevReqTBS" */
-&(nid_objs[554]),/* "setct-CredRevReqTBSX" */
+548,    /* "setct-CapRevReqTBSX" */
-&(nid_objs[555]),/* "setct-CredRevResData" */
+549,    /* "setct-CapRevResData" */
-&(nid_objs[591]),/* "setct-CredRevResTBE" */
+585,    /* "setct-CapRevResTBE" */
-&(nid_objs[567]),/* "setct-ErrorTBS" */
+538,    /* "setct-CapTokenData" */
-&(nid_objs[526]),/* "setct-HODInput" */
+530,    /* "setct-CapTokenSeq" */
-&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */
+574,    /* "setct-CapTokenTBE" */
-&(nid_objs[522]),/* "setct-OIData" */
+575,    /* "setct-CapTokenTBEX" */
-&(nid_objs[519]),/* "setct-PANData" */
+539,    /* "setct-CapTokenTBS" */
-&(nid_objs[521]),/* "setct-PANOnly" */
+560,    /* "setct-CardCInitResTBS" */
-&(nid_objs[520]),/* "setct-PANToken" */
+566,    /* "setct-CertInqReqTBS" */
-&(nid_objs[556]),/* "setct-PCertReqData" */
+563,    /* "setct-CertReqData" */
-&(nid_objs[557]),/* "setct-PCertResTBS" */
+595,    /* "setct-CertReqTBE" */
-&(nid_objs[523]),/* "setct-PI" */
+596,    /* "setct-CertReqTBEX" */
-&(nid_objs[532]),/* "setct-PI-TBS" */
+564,    /* "setct-CertReqTBS" */
-&(nid_objs[524]),/* "setct-PIData" */
+565,    /* "setct-CertResData" */
-&(nid_objs[525]),/* "setct-PIDataUnsigned" */
+597,    /* "setct-CertResTBE" */
-&(nid_objs[568]),/* "setct-PIDualSignedTBE" */
+586,    /* "setct-CredReqTBE" */
-&(nid_objs[569]),/* "setct-PIUnsignedTBE" */
+587,    /* "setct-CredReqTBEX" */
-&(nid_objs[531]),/* "setct-PInitResData" */
+550,    /* "setct-CredReqTBS" */
-&(nid_objs[533]),/* "setct-PResData" */
+551,    /* "setct-CredReqTBSX" */
-&(nid_objs[594]),/* "setct-RegFormReqTBE" */
+552,    /* "setct-CredResData" */
-&(nid_objs[562]),/* "setct-RegFormResTBS" */
+588,    /* "setct-CredResTBE" */
-&(nid_objs[606]),/* "setext-cv" */
+589,    /* "setct-CredRevReqTBE" */
-&(nid_objs[601]),/* "setext-genCrypt" */
+590,    /* "setct-CredRevReqTBEX" */
-&(nid_objs[602]),/* "setext-miAuth" */
+553,    /* "setct-CredRevReqTBS" */
-&(nid_objs[604]),/* "setext-pinAny" */
+554,    /* "setct-CredRevReqTBSX" */
-&(nid_objs[603]),/* "setext-pinSecure" */
+555,    /* "setct-CredRevResData" */
-&(nid_objs[605]),/* "setext-track2" */
+591,    /* "setct-CredRevResTBE" */
-&(nid_objs[52]),/* "signingTime" */
+567,    /* "setct-ErrorTBS" */
-&(nid_objs[454]),/* "simpleSecurityObject" */
+526,    /* "setct-HODInput" */
-&(nid_objs[496]),/* "singleLevelQuality" */
+561,    /* "setct-MeAqCInitResTBS" */
-&(nid_objs[387]),/* "snmpv2" */
+522,    /* "setct-OIData" */
-&(nid_objs[660]),/* "streetAddress" */
+519,    /* "setct-PANData" */
-&(nid_objs[85]),/* "subjectAltName" */
+521,    /* "setct-PANOnly" */
-&(nid_objs[769]),/* "subjectDirectoryAttributes" */
+520,    /* "setct-PANToken" */
-&(nid_objs[398]),/* "subjectInfoAccess" */
+556,    /* "setct-PCertReqData" */
-&(nid_objs[82]),/* "subjectKeyIdentifier" */
+557,    /* "setct-PCertResTBS" */
-&(nid_objs[498]),/* "subtreeMaximumQuality" */
+523,    /* "setct-PI" */
-&(nid_objs[497]),/* "subtreeMinimumQuality" */
+532,    /* "setct-PI-TBS" */
-&(nid_objs[402]),/* "targetInformation" */
+524,    /* "setct-PIData" */
-&(nid_objs[459]),/* "textEncodedORAddress" */
+525,    /* "setct-PIDataUnsigned" */
-&(nid_objs[293]),/* "textNotice" */
+568,    /* "setct-PIDualSignedTBE" */
-&(nid_objs[133]),/* "timeStamping" */
+569,    /* "setct-PIUnsignedTBE" */
-&(nid_objs[106]),/* "title" */
+531,    /* "setct-PInitResData" */
-&(nid_objs[682]),/* "tpBasis" */
+533,    /* "setct-PResData" */
-&(nid_objs[375]),/* "trustRoot" */
+594,    /* "setct-RegFormReqTBE" */
-&(nid_objs[436]),/* "ucl" */
+562,    /* "setct-RegFormResTBS" */
-&(nid_objs[55]),/* "unstructuredAddress" */
+606,    /* "setext-cv" */
-&(nid_objs[49]),/* "unstructuredName" */
+601,    /* "setext-genCrypt" */
-&(nid_objs[465]),/* "userClass" */
+602,    /* "setext-miAuth" */
-&(nid_objs[373]),/* "valid" */
+604,    /* "setext-pinAny" */
-&(nid_objs[678]),/* "wap" */
+603,    /* "setext-pinSecure" */
-&(nid_objs[679]),/* "wap-wsg" */
+605,    /* "setext-track2" */
-&(nid_objs[735]),/* "wap-wsg-idm-ecid-wtls1" */
+52,     /* "signingTime" */
-&(nid_objs[743]),/* "wap-wsg-idm-ecid-wtls10" */
+454,    /* "simpleSecurityObject" */
-&(nid_objs[744]),/* "wap-wsg-idm-ecid-wtls11" */
+496,    /* "singleLevelQuality" */
-&(nid_objs[745]),/* "wap-wsg-idm-ecid-wtls12" */
+387,    /* "snmpv2" */
-&(nid_objs[736]),/* "wap-wsg-idm-ecid-wtls3" */
+660,    /* "street" */
-&(nid_objs[737]),/* "wap-wsg-idm-ecid-wtls4" */
+85,     /* "subjectAltName" */
-&(nid_objs[738]),/* "wap-wsg-idm-ecid-wtls5" */
+769,    /* "subjectDirectoryAttributes" */
-&(nid_objs[739]),/* "wap-wsg-idm-ecid-wtls6" */
+398,    /* "subjectInfoAccess" */
-&(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */
+82,     /* "subjectKeyIdentifier" */
-&(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */
+498,    /* "subtreeMaximumQuality" */
-&(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */
+497,    /* "subtreeMinimumQuality" */
-&(nid_objs[804]),/* "whirlpool" */
+890,    /* "supportedAlgorithms" */
-&(nid_objs[503]),/* "x500UniqueIdentifier" */
+874,    /* "supportedApplicationContext" */
-&(nid_objs[158]),/* "x509Certificate" */
+402,    /* "targetInformation" */
-&(nid_objs[160]),/* "x509Crl" */
+864,    /* "telephoneNumber" */
+866,    /* "teletexTerminalIdentifier" */
+865,    /* "telexNumber" */
+459,    /* "textEncodedORAddress" */
+293,    /* "textNotice" */
+133,    /* "timeStamping" */
+106,    /* "title" */
+682,    /* "tpBasis" */
+375,    /* "trustRoot" */
+436,    /* "ucl" */
+888,    /* "uniqueMember" */
+55,     /* "unstructuredAddress" */
+49,     /* "unstructuredName" */
+880,    /* "userCertificate" */
+465,    /* "userClass" */
+879,    /* "userPassword" */
+373,    /* "valid" */
+678,    /* "wap" */
+679,    /* "wap-wsg" */
+735,    /* "wap-wsg-idm-ecid-wtls1" */
+743,    /* "wap-wsg-idm-ecid-wtls10" */
+744,    /* "wap-wsg-idm-ecid-wtls11" */
+745,    /* "wap-wsg-idm-ecid-wtls12" */
+736,    /* "wap-wsg-idm-ecid-wtls3" */
+737,    /* "wap-wsg-idm-ecid-wtls4" */
+738,    /* "wap-wsg-idm-ecid-wtls5" */
+739,    /* "wap-wsg-idm-ecid-wtls6" */
+740,    /* "wap-wsg-idm-ecid-wtls7" */
+741,    /* "wap-wsg-idm-ecid-wtls8" */
+742,    /* "wap-wsg-idm-ecid-wtls9" */
+804,    /* "whirlpool" */
+868,    /* "x121Address" */
+503,    /* "x500UniqueIdentifier" */
+158,    /* "x509Certificate" */
+160,    /* "x509Crl" */
 };
-static ASN1_OBJECT *ln_objs[NUM_LN]={
+static const unsigned int ln_objs[NUM_LN]={
-&(nid_objs[363]),/* "AD Time Stamping" */
+363,    /* "AD Time Stamping" */
-&(nid_objs[405]),/* "ANSI X9.62" */
+405,    /* "ANSI X9.62" */
-&(nid_objs[368]),/* "Acceptable OCSP Responses" */
+368,    /* "Acceptable OCSP Responses" */
-&(nid_objs[664]),/* "Any language" */
+664,    /* "Any language" */
-&(nid_objs[177]),/* "Authority Information Access" */
+177,    /* "Authority Information Access" */
-&(nid_objs[365]),/* "Basic OCSP Response" */
+365,    /* "Basic OCSP Response" */
-&(nid_objs[285]),/* "Biometric Info" */
+285,    /* "Biometric Info" */
-&(nid_objs[179]),/* "CA Issuers" */
+179,    /* "CA Issuers" */
-&(nid_objs[785]),/* "CA Repository" */
+785,    /* "CA Repository" */
-&(nid_objs[131]),/* "Code Signing" */
+131,    /* "Code Signing" */
-&(nid_objs[783]),/* "Diffie-Hellman based MAC" */
+783,    /* "Diffie-Hellman based MAC" */
-&(nid_objs[382]),/* "Directory" */
+382,    /* "Directory" */
-&(nid_objs[392]),/* "Domain" */
+392,    /* "Domain" */
-&(nid_objs[132]),/* "E-mail Protection" */
+132,    /* "E-mail Protection" */
-&(nid_objs[389]),/* "Enterprises" */
+389,    /* "Enterprises" */
-&(nid_objs[384]),/* "Experimental" */
+384,    /* "Experimental" */
-&(nid_objs[372]),/* "Extended OCSP Status" */
+372,    /* "Extended OCSP Status" */
-&(nid_objs[172]),/* "Extension Request" */
+172,    /* "Extension Request" */
-&(nid_objs[813]),/* "GOST 28147-89" */
+813,    /* "GOST 28147-89" */
-&(nid_objs[849]),/* "GOST 28147-89 Cryptocom ParamSet" */
+849,    /* "GOST 28147-89 Cryptocom ParamSet" */
-&(nid_objs[815]),/* "GOST 28147-89 MAC" */
+815,    /* "GOST 28147-89 MAC" */
-&(nid_objs[851]),/* "GOST 34.10-2001 Cryptocom" */
+851,    /* "GOST 34.10-2001 Cryptocom" */
-&(nid_objs[850]),/* "GOST 34.10-94 Cryptocom" */
+850,    /* "GOST 34.10-94 Cryptocom" */
-&(nid_objs[811]),/* "GOST R 34.10-2001" */
+811,    /* "GOST R 34.10-2001" */
-&(nid_objs[817]),/* "GOST R 34.10-2001 DH" */
+817,    /* "GOST R 34.10-2001 DH" */
-&(nid_objs[812]),/* "GOST R 34.10-94" */
+812,    /* "GOST R 34.10-94" */
-&(nid_objs[818]),/* "GOST R 34.10-94 DH" */
+818,    /* "GOST R 34.10-94 DH" */
-&(nid_objs[809]),/* "GOST R 34.11-94" */
+809,    /* "GOST R 34.11-94" */
-&(nid_objs[816]),/* "GOST R 34.11-94 PRF" */
+816,    /* "GOST R 34.11-94 PRF" */
-&(nid_objs[807]),/* "GOST R 34.11-94 with GOST R 34.10-2001" */
+807,    /* "GOST R 34.11-94 with GOST R 34.10-2001" */
-&(nid_objs[853]),/* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */
+853,    /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */
-&(nid_objs[808]),/* "GOST R 34.11-94 with GOST R 34.10-94" */
+808,    /* "GOST R 34.11-94 with GOST R 34.10-94" */
-&(nid_objs[852]),/* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
+852,    /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
-&(nid_objs[854]),/* "GOST R 3410-2001 Parameter Set Cryptocom" */
+854,    /* "GOST R 3410-2001 Parameter Set Cryptocom" */
-&(nid_objs[810]),/* "HMAC GOST 34.11-94" */
+810,    /* "HMAC GOST 34.11-94" */
-&(nid_objs[432]),/* "Hold Instruction Call Issuer" */
+432,    /* "Hold Instruction Call Issuer" */
-&(nid_objs[430]),/* "Hold Instruction Code" */
+430,    /* "Hold Instruction Code" */
-&(nid_objs[431]),/* "Hold Instruction None" */
+431,    /* "Hold Instruction None" */
-&(nid_objs[433]),/* "Hold Instruction Reject" */
+433,    /* "Hold Instruction Reject" */
-&(nid_objs[634]),/* "ICC or token signature" */
+634,    /* "ICC or token signature" */
-&(nid_objs[294]),/* "IPSec End System" */
+294,    /* "IPSec End System" */
-&(nid_objs[295]),/* "IPSec Tunnel" */
+295,    /* "IPSec Tunnel" */
-&(nid_objs[296]),/* "IPSec User" */
+296,    /* "IPSec User" */
-&(nid_objs[182]),/* "ISO Member Body" */
+182,    /* "ISO Member Body" */
-&(nid_objs[183]),/* "ISO US Member Body" */
+183,    /* "ISO US Member Body" */
-&(nid_objs[667]),/* "Independent" */
+667,    /* "Independent" */
-&(nid_objs[665]),/* "Inherit all" */
+665,    /* "Inherit all" */
-&(nid_objs[647]),/* "International Organizations" */
+647,    /* "International Organizations" */
-&(nid_objs[142]),/* "Invalidity Date" */
+142,    /* "Invalidity Date" */
-&(nid_objs[504]),/* "MIME MHS" */
+504,    /* "MIME MHS" */
-&(nid_objs[388]),/* "Mail" */
+388,    /* "Mail" */
-&(nid_objs[383]),/* "Management" */
+383,    /* "Management" */
-&(nid_objs[417]),/* "Microsoft CSP Name" */
+417,    /* "Microsoft CSP Name" */
-&(nid_objs[135]),/* "Microsoft Commercial Code Signing" */
+135,    /* "Microsoft Commercial Code Signing" */
-&(nid_objs[138]),/* "Microsoft Encrypted File System" */
+138,    /* "Microsoft Encrypted File System" */
-&(nid_objs[171]),/* "Microsoft Extension Request" */
+171,    /* "Microsoft Extension Request" */
-&(nid_objs[134]),/* "Microsoft Individual Code Signing" */
+134,    /* "Microsoft Individual Code Signing" */
-&(nid_objs[856]),/* "Microsoft Local Key set" */
+856,    /* "Microsoft Local Key set" */
-&(nid_objs[137]),/* "Microsoft Server Gated Crypto" */
+137,    /* "Microsoft Server Gated Crypto" */
-&(nid_objs[648]),/* "Microsoft Smartcardlogin" */
+648,    /* "Microsoft Smartcardlogin" */
-&(nid_objs[136]),/* "Microsoft Trust List Signing" */
+136,    /* "Microsoft Trust List Signing" */
-&(nid_objs[649]),/* "Microsoft Universal Principal Name" */
+649,    /* "Microsoft Universal Principal Name" */
-&(nid_objs[393]),/* "NULL" */
+393,    /* "NULL" */
-&(nid_objs[404]),/* "NULL" */
+404,    /* "NULL" */
-&(nid_objs[72]),/* "Netscape Base Url" */
+72,     /* "Netscape Base Url" */
-&(nid_objs[76]),/* "Netscape CA Policy Url" */
+76,     /* "Netscape CA Policy Url" */
-&(nid_objs[74]),/* "Netscape CA Revocation Url" */
+74,     /* "Netscape CA Revocation Url" */
-&(nid_objs[71]),/* "Netscape Cert Type" */
+71,     /* "Netscape Cert Type" */
-&(nid_objs[58]),/* "Netscape Certificate Extension" */
+58,     /* "Netscape Certificate Extension" */
-&(nid_objs[79]),/* "Netscape Certificate Sequence" */
+79,     /* "Netscape Certificate Sequence" */
-&(nid_objs[78]),/* "Netscape Comment" */
+78,     /* "Netscape Comment" */
-&(nid_objs[57]),/* "Netscape Communications Corp." */
+57,     /* "Netscape Communications Corp." */
-&(nid_objs[59]),/* "Netscape Data Type" */
+59,     /* "Netscape Data Type" */
-&(nid_objs[75]),/* "Netscape Renewal Url" */
+75,     /* "Netscape Renewal Url" */
-&(nid_objs[73]),/* "Netscape Revocation Url" */
+73,     /* "Netscape Revocation Url" */
-&(nid_objs[77]),/* "Netscape SSL Server Name" */
+77,     /* "Netscape SSL Server Name" */
-&(nid_objs[139]),/* "Netscape Server Gated Crypto" */
+139,    /* "Netscape Server Gated Crypto" */
-&(nid_objs[178]),/* "OCSP" */
+178,    /* "OCSP" */
-&(nid_objs[370]),/* "OCSP Archive Cutoff" */
+370,    /* "OCSP Archive Cutoff" */
-&(nid_objs[367]),/* "OCSP CRL ID" */
+367,    /* "OCSP CRL ID" */
-&(nid_objs[369]),/* "OCSP No Check" */
+369,    /* "OCSP No Check" */
-&(nid_objs[366]),/* "OCSP Nonce" */
+366,    /* "OCSP Nonce" */
-&(nid_objs[371]),/* "OCSP Service Locator" */
+371,    /* "OCSP Service Locator" */
-&(nid_objs[180]),/* "OCSP Signing" */
+180,    /* "OCSP Signing" */
-&(nid_objs[161]),/* "PBES2" */
+161,    /* "PBES2" */
-&(nid_objs[69]),/* "PBKDF2" */
+69,     /* "PBKDF2" */
-&(nid_objs[162]),/* "PBMAC1" */
+162,    /* "PBMAC1" */
-&(nid_objs[127]),/* "PKIX" */
+127,    /* "PKIX" */
-&(nid_objs[858]),/* "Permanent Identifier" */
+858,    /* "Permanent Identifier" */
-&(nid_objs[164]),/* "Policy Qualifier CPS" */
+164,    /* "Policy Qualifier CPS" */
-&(nid_objs[165]),/* "Policy Qualifier User Notice" */
+165,    /* "Policy Qualifier User Notice" */
-&(nid_objs[385]),/* "Private" */
+385,    /* "Private" */
-&(nid_objs[663]),/* "Proxy Certificate Information" */
+663,    /* "Proxy Certificate Information" */
-&(nid_objs[ 1]),/* "RSA Data Security, Inc." */
+ 1,     /* "RSA Data Security, Inc." */
-&(nid_objs[ 2]),/* "RSA Data Security, Inc. PKCS" */
+ 2,     /* "RSA Data Security, Inc. PKCS" */
-&(nid_objs[188]),/* "S/MIME" */
+188,    /* "S/MIME" */
-&(nid_objs[167]),/* "S/MIME Capabilities" */
+167,    /* "S/MIME Capabilities" */
-&(nid_objs[387]),/* "SNMPv2" */
+387,    /* "SNMPv2" */
-&(nid_objs[512]),/* "Secure Electronic Transactions" */
+512,    /* "Secure Electronic Transactions" */
-&(nid_objs[386]),/* "Security" */
+386,    /* "Security" */
-&(nid_objs[394]),/* "Selected Attribute Types" */
+394,    /* "Selected Attribute Types" */
-&(nid_objs[143]),/* "Strong Extranet ID" */
+143,    /* "Strong Extranet ID" */
-&(nid_objs[398]),/* "Subject Information Access" */
+398,    /* "Subject Information Access" */
-&(nid_objs[130]),/* "TLS Web Client Authentication" */
+130,    /* "TLS Web Client Authentication" */
-&(nid_objs[129]),/* "TLS Web Server Authentication" */
+129,    /* "TLS Web Server Authentication" */
-&(nid_objs[133]),/* "Time Stamping" */
+133,    /* "Time Stamping" */
-&(nid_objs[375]),/* "Trust Root" */
+375,    /* "Trust Root" */
-&(nid_objs[12]),/* "X509" */
+12,     /* "X509" */
-&(nid_objs[402]),/* "X509v3 AC Targeting" */
+402,    /* "X509v3 AC Targeting" */
-&(nid_objs[746]),/* "X509v3 Any Policy" */
+746,    /* "X509v3 Any Policy" */
-&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
+90,     /* "X509v3 Authority Key Identifier" */
-&(nid_objs[87]),/* "X509v3 Basic Constraints" */
+87,     /* "X509v3 Basic Constraints" */
-&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
+103,    /* "X509v3 CRL Distribution Points" */
-&(nid_objs[88]),/* "X509v3 CRL Number" */
+88,     /* "X509v3 CRL Number" */
-&(nid_objs[141]),/* "X509v3 CRL Reason Code" */
+141,    /* "X509v3 CRL Reason Code" */
-&(nid_objs[771]),/* "X509v3 Certificate Issuer" */
+771,    /* "X509v3 Certificate Issuer" */
-&(nid_objs[89]),/* "X509v3 Certificate Policies" */
+89,     /* "X509v3 Certificate Policies" */
-&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */
+140,    /* "X509v3 Delta CRL Indicator" */
-&(nid_objs[126]),/* "X509v3 Extended Key Usage" */
+126,    /* "X509v3 Extended Key Usage" */
-&(nid_objs[857]),/* "X509v3 Freshest CRL" */
+857,    /* "X509v3 Freshest CRL" */
-&(nid_objs[748]),/* "X509v3 Inhibit Any Policy" */
+748,    /* "X509v3 Inhibit Any Policy" */
-&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
+86,     /* "X509v3 Issuer Alternative Name" */
-&(nid_objs[770]),/* "X509v3 Issuing Distrubution Point" */
+770,    /* "X509v3 Issuing Distrubution Point" */
-&(nid_objs[83]),/* "X509v3 Key Usage" */
+83,     /* "X509v3 Key Usage" */
-&(nid_objs[666]),/* "X509v3 Name Constraints" */
+666,    /* "X509v3 Name Constraints" */
-&(nid_objs[403]),/* "X509v3 No Revocation Available" */
+403,    /* "X509v3 No Revocation Available" */
-&(nid_objs[401]),/* "X509v3 Policy Constraints" */
+401,    /* "X509v3 Policy Constraints" */
-&(nid_objs[747]),/* "X509v3 Policy Mappings" */
+747,    /* "X509v3 Policy Mappings" */
-&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
+84,     /* "X509v3 Private Key Usage Period" */
-&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */
+85,     /* "X509v3 Subject Alternative Name" */
-&(nid_objs[769]),/* "X509v3 Subject Directory Attributes" */
+769,    /* "X509v3 Subject Directory Attributes" */
-&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
+82,     /* "X509v3 Subject Key Identifier" */
-&(nid_objs[184]),/* "X9.57" */
+184,    /* "X9.57" */
-&(nid_objs[185]),/* "X9.57 CM ?" */
+185,    /* "X9.57 CM ?" */
-&(nid_objs[478]),/* "aRecord" */
+478,    /* "aRecord" */
-&(nid_objs[289]),/* "aaControls" */
+289,    /* "aaControls" */
-&(nid_objs[287]),/* "ac-auditEntity" */
+287,    /* "ac-auditEntity" */
-&(nid_objs[397]),/* "ac-proxying" */
+397,    /* "ac-proxying" */
-&(nid_objs[288]),/* "ac-targeting" */
+288,    /* "ac-targeting" */
-&(nid_objs[446]),/* "account" */
+446,    /* "account" */
-&(nid_objs[364]),/* "ad dvcs" */
+364,    /* "ad dvcs" */
-&(nid_objs[606]),/* "additional verification" */
+606,    /* "additional verification" */
-&(nid_objs[419]),/* "aes-128-cbc" */
+419,    /* "aes-128-cbc" */
-&(nid_objs[421]),/* "aes-128-cfb" */
+421,    /* "aes-128-cfb" */
-&(nid_objs[650]),/* "aes-128-cfb1" */
+650,    /* "aes-128-cfb1" */
-&(nid_objs[653]),/* "aes-128-cfb8" */
+653,    /* "aes-128-cfb8" */
-&(nid_objs[418]),/* "aes-128-ecb" */
+418,    /* "aes-128-ecb" */
-&(nid_objs[420]),/* "aes-128-ofb" */
+420,    /* "aes-128-ofb" */
-&(nid_objs[423]),/* "aes-192-cbc" */
+423,    /* "aes-192-cbc" */
-&(nid_objs[425]),/* "aes-192-cfb" */
+425,    /* "aes-192-cfb" */
-&(nid_objs[651]),/* "aes-192-cfb1" */
+651,    /* "aes-192-cfb1" */
-&(nid_objs[654]),/* "aes-192-cfb8" */
+654,    /* "aes-192-cfb8" */
-&(nid_objs[422]),/* "aes-192-ecb" */
+422,    /* "aes-192-ecb" */
-&(nid_objs[424]),/* "aes-192-ofb" */
+424,    /* "aes-192-ofb" */
-&(nid_objs[427]),/* "aes-256-cbc" */
+427,    /* "aes-256-cbc" */
-&(nid_objs[429]),/* "aes-256-cfb" */
+429,    /* "aes-256-cfb" */
-&(nid_objs[652]),/* "aes-256-cfb1" */
+652,    /* "aes-256-cfb1" */
-&(nid_objs[655]),/* "aes-256-cfb8" */
+655,    /* "aes-256-cfb8" */
-&(nid_objs[426]),/* "aes-256-ecb" */
+426,    /* "aes-256-ecb" */
-&(nid_objs[428]),/* "aes-256-ofb" */
+428,    /* "aes-256-ofb" */
-&(nid_objs[376]),/* "algorithm" */
+376,    /* "algorithm" */
-&(nid_objs[484]),/* "associatedDomain" */
+484,    /* "associatedDomain" */
-&(nid_objs[485]),/* "associatedName" */
+485,    /* "associatedName" */
-&(nid_objs[501]),/* "audio" */
+501,    /* "audio" */
-&(nid_objs[91]),/* "bf-cbc" */
+882,    /* "authorityRevocationList" */
-&(nid_objs[93]),/* "bf-cfb" */
+91,     /* "bf-cbc" */
-&(nid_objs[92]),/* "bf-ecb" */
+93,     /* "bf-cfb" */
-&(nid_objs[94]),/* "bf-ofb" */
+92,     /* "bf-ecb" */
-&(nid_objs[494]),/* "buildingName" */
+94,     /* "bf-ofb" */
-&(nid_objs[691]),/* "c2onb191v4" */
+494,    /* "buildingName" */
-&(nid_objs[692]),/* "c2onb191v5" */
+860,    /* "businessCategory" */
-&(nid_objs[697]),/* "c2onb239v4" */
+691,    /* "c2onb191v4" */
-&(nid_objs[698]),/* "c2onb239v5" */
+692,    /* "c2onb191v5" */
-&(nid_objs[684]),/* "c2pnb163v1" */
+697,    /* "c2onb239v4" */
-&(nid_objs[685]),/* "c2pnb163v2" */
+698,    /* "c2onb239v5" */
-&(nid_objs[686]),/* "c2pnb163v3" */
+684,    /* "c2pnb163v1" */
-&(nid_objs[687]),/* "c2pnb176v1" */
+685,    /* "c2pnb163v2" */
-&(nid_objs[693]),/* "c2pnb208w1" */
+686,    /* "c2pnb163v3" */
-&(nid_objs[699]),/* "c2pnb272w1" */
+687,    /* "c2pnb176v1" */
-&(nid_objs[700]),/* "c2pnb304w1" */
+693,    /* "c2pnb208w1" */
-&(nid_objs[702]),/* "c2pnb368w1" */
+699,    /* "c2pnb272w1" */
-&(nid_objs[688]),/* "c2tnb191v1" */
+700,    /* "c2pnb304w1" */
-&(nid_objs[689]),/* "c2tnb191v2" */
+702,    /* "c2pnb368w1" */
-&(nid_objs[690]),/* "c2tnb191v3" */
+688,    /* "c2tnb191v1" */
-&(nid_objs[694]),/* "c2tnb239v1" */
+689,    /* "c2tnb191v2" */
-&(nid_objs[695]),/* "c2tnb239v2" */
+690,    /* "c2tnb191v3" */
-&(nid_objs[696]),/* "c2tnb239v3" */
+694,    /* "c2tnb239v1" */
-&(nid_objs[701]),/* "c2tnb359v1" */
+695,    /* "c2tnb239v2" */
-&(nid_objs[703]),/* "c2tnb431r1" */
+696,    /* "c2tnb239v3" */
-&(nid_objs[483]),/* "cNAMERecord" */
+701,    /* "c2tnb359v1" */
-&(nid_objs[751]),/* "camellia-128-cbc" */
+703,    /* "c2tnb431r1" */
-&(nid_objs[757]),/* "camellia-128-cfb" */
+881,    /* "cACertificate" */
-&(nid_objs[760]),/* "camellia-128-cfb1" */
+483,    /* "cNAMERecord" */
-&(nid_objs[763]),/* "camellia-128-cfb8" */
+751,    /* "camellia-128-cbc" */
-&(nid_objs[754]),/* "camellia-128-ecb" */
+757,    /* "camellia-128-cfb" */
-&(nid_objs[766]),/* "camellia-128-ofb" */
+760,    /* "camellia-128-cfb1" */
-&(nid_objs[752]),/* "camellia-192-cbc" */
+763,    /* "camellia-128-cfb8" */
-&(nid_objs[758]),/* "camellia-192-cfb" */
+754,    /* "camellia-128-ecb" */
-&(nid_objs[761]),/* "camellia-192-cfb1" */
+766,    /* "camellia-128-ofb" */
-&(nid_objs[764]),/* "camellia-192-cfb8" */
+752,    /* "camellia-192-cbc" */
-&(nid_objs[755]),/* "camellia-192-ecb" */
+758,    /* "camellia-192-cfb" */
-&(nid_objs[767]),/* "camellia-192-ofb" */
+761,    /* "camellia-192-cfb1" */
-&(nid_objs[753]),/* "camellia-256-cbc" */
+764,    /* "camellia-192-cfb8" */
-&(nid_objs[759]),/* "camellia-256-cfb" */
+755,    /* "camellia-192-ecb" */
-&(nid_objs[762]),/* "camellia-256-cfb1" */
+767,    /* "camellia-192-ofb" */
-&(nid_objs[765]),/* "camellia-256-cfb8" */
+753,    /* "camellia-256-cbc" */
-&(nid_objs[756]),/* "camellia-256-ecb" */
+759,    /* "camellia-256-cfb" */
-&(nid_objs[768]),/* "camellia-256-ofb" */
+762,    /* "camellia-256-cfb1" */
-&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */
+765,    /* "camellia-256-cfb8" */
-&(nid_objs[108]),/* "cast5-cbc" */
+756,    /* "camellia-256-ecb" */
-&(nid_objs[110]),/* "cast5-cfb" */
+768,    /* "camellia-256-ofb" */
-&(nid_objs[109]),/* "cast5-ecb" */
+443,    /* "caseIgnoreIA5StringSyntax" */
-&(nid_objs[111]),/* "cast5-ofb" */
+108,    /* "cast5-cbc" */
-&(nid_objs[152]),/* "certBag" */
+110,    /* "cast5-cfb" */
-&(nid_objs[677]),/* "certicom-arc" */
+109,    /* "cast5-ecb" */
-&(nid_objs[517]),/* "certificate extensions" */
+111,    /* "cast5-ofb" */
-&(nid_objs[54]),/* "challengePassword" */
+152,    /* "certBag" */
-&(nid_objs[407]),/* "characteristic-two-field" */
+677,    /* "certicom-arc" */
-&(nid_objs[395]),/* "clearance" */
+517,    /* "certificate extensions" */
-&(nid_objs[633]),/* "cleartext track 2" */
+883,    /* "certificateRevocationList" */
-&(nid_objs[13]),/* "commonName" */
+54,     /* "challengePassword" */
-&(nid_objs[513]),/* "content types" */
+407,    /* "characteristic-two-field" */
-&(nid_objs[50]),/* "contentType" */
+395,    /* "clearance" */
-&(nid_objs[53]),/* "countersignature" */
+633,    /* "cleartext track 2" */
-&(nid_objs[14]),/* "countryName" */
+13,     /* "commonName" */
-&(nid_objs[153]),/* "crlBag" */
+513,    /* "content types" */
-&(nid_objs[806]),/* "cryptocom" */
+50,     /* "contentType" */
-&(nid_objs[805]),/* "cryptopro" */
+53,     /* "countersignature" */
-&(nid_objs[500]),/* "dITRedirect" */
+14,     /* "countryName" */
-&(nid_objs[451]),/* "dNSDomain" */
+153,    /* "crlBag" */
-&(nid_objs[495]),/* "dSAQuality" */
+884,    /* "crossCertificatePair" */
-&(nid_objs[434]),/* "data" */
+806,    /* "cryptocom" */
-&(nid_objs[390]),/* "dcObject" */
+805,    /* "cryptopro" */
-&(nid_objs[31]),/* "des-cbc" */
+500,    /* "dITRedirect" */
-&(nid_objs[643]),/* "des-cdmf" */
+451,    /* "dNSDomain" */
-&(nid_objs[30]),/* "des-cfb" */
+495,    /* "dSAQuality" */
-&(nid_objs[656]),/* "des-cfb1" */
+434,    /* "data" */
-&(nid_objs[657]),/* "des-cfb8" */
+390,    /* "dcObject" */
-&(nid_objs[29]),/* "des-ecb" */
+891,    /* "deltaRevocationList" */
-&(nid_objs[32]),/* "des-ede" */
+31,     /* "des-cbc" */
-&(nid_objs[43]),/* "des-ede-cbc" */
+643,    /* "des-cdmf" */
-&(nid_objs[60]),/* "des-ede-cfb" */
+30,     /* "des-cfb" */
-&(nid_objs[62]),/* "des-ede-ofb" */
+656,    /* "des-cfb1" */
-&(nid_objs[33]),/* "des-ede3" */
+657,    /* "des-cfb8" */
-&(nid_objs[44]),/* "des-ede3-cbc" */
+29,     /* "des-ecb" */
-&(nid_objs[61]),/* "des-ede3-cfb" */
+32,     /* "des-ede" */
-&(nid_objs[658]),/* "des-ede3-cfb1" */
+43,     /* "des-ede-cbc" */
-&(nid_objs[659]),/* "des-ede3-cfb8" */
+60,     /* "des-ede-cfb" */
-&(nid_objs[63]),/* "des-ede3-ofb" */
+62,     /* "des-ede-ofb" */
-&(nid_objs[45]),/* "des-ofb" */
+33,     /* "des-ede3" */
-&(nid_objs[107]),/* "description" */
+44,     /* "des-ede3-cbc" */
-&(nid_objs[80]),/* "desx-cbc" */
+61,     /* "des-ede3-cfb" */
-&(nid_objs[28]),/* "dhKeyAgreement" */
+658,    /* "des-ede3-cfb1" */
-&(nid_objs[11]),/* "directory services (X.500)" */
+659,    /* "des-ede3-cfb8" */
-&(nid_objs[378]),/* "directory services - algorithms" */
+63,     /* "des-ede3-ofb" */
-&(nid_objs[174]),/* "dnQualifier" */
+45,     /* "des-ofb" */
-&(nid_objs[447]),/* "document" */
+107,    /* "description" */
-&(nid_objs[471]),/* "documentAuthor" */
+871,    /* "destinationIndicator" */
-&(nid_objs[468]),/* "documentIdentifier" */
+80,     /* "desx-cbc" */
-&(nid_objs[472]),/* "documentLocation" */
+28,     /* "dhKeyAgreement" */
-&(nid_objs[502]),/* "documentPublisher" */
+11,     /* "directory services (X.500)" */
-&(nid_objs[449]),/* "documentSeries" */
+378,    /* "directory services - algorithms" */
-&(nid_objs[469]),/* "documentTitle" */
+887,    /* "distinguishedName" */
-&(nid_objs[470]),/* "documentVersion" */
+892,    /* "dmdName" */
-&(nid_objs[380]),/* "dod" */
+174,    /* "dnQualifier" */
-&(nid_objs[391]),/* "domainComponent" */
+447,    /* "document" */
-&(nid_objs[452]),/* "domainRelatedObject" */
+471,    /* "documentAuthor" */
-&(nid_objs[116]),/* "dsaEncryption" */
+468,    /* "documentIdentifier" */
-&(nid_objs[67]),/* "dsaEncryption-old" */
+472,    /* "documentLocation" */
-&(nid_objs[66]),/* "dsaWithSHA" */
+502,    /* "documentPublisher" */
-&(nid_objs[113]),/* "dsaWithSHA1" */
+449,    /* "documentSeries" */
-&(nid_objs[70]),/* "dsaWithSHA1-old" */
+469,    /* "documentTitle" */
-&(nid_objs[802]),/* "dsa_with_SHA224" */
+470,    /* "documentVersion" */
-&(nid_objs[803]),/* "dsa_with_SHA256" */
+380,    /* "dod" */
-&(nid_objs[297]),/* "dvcs" */
+391,    /* "domainComponent" */
-&(nid_objs[791]),/* "ecdsa-with-Recommended" */
+452,    /* "domainRelatedObject" */
-&(nid_objs[416]),/* "ecdsa-with-SHA1" */
+116,    /* "dsaEncryption" */
-&(nid_objs[793]),/* "ecdsa-with-SHA224" */
+67,     /* "dsaEncryption-old" */
-&(nid_objs[794]),/* "ecdsa-with-SHA256" */
+66,     /* "dsaWithSHA" */
-&(nid_objs[795]),/* "ecdsa-with-SHA384" */
+113,    /* "dsaWithSHA1" */
-&(nid_objs[796]),/* "ecdsa-with-SHA512" */
+70,     /* "dsaWithSHA1-old" */
-&(nid_objs[792]),/* "ecdsa-with-Specified" */
+802,    /* "dsa_with_SHA224" */
-&(nid_objs[48]),/* "emailAddress" */
+803,    /* "dsa_with_SHA256" */
-&(nid_objs[632]),/* "encrypted track 2" */
+297,    /* "dvcs" */
-&(nid_objs[56]),/* "extendedCertificateAttributes" */
+791,    /* "ecdsa-with-Recommended" */
-&(nid_objs[462]),/* "favouriteDrink" */
+416,    /* "ecdsa-with-SHA1" */
-&(nid_objs[453]),/* "friendlyCountry" */
+793,    /* "ecdsa-with-SHA224" */
-&(nid_objs[490]),/* "friendlyCountryName" */
+794,    /* "ecdsa-with-SHA256" */
-&(nid_objs[156]),/* "friendlyName" */
+795,    /* "ecdsa-with-SHA384" */
-&(nid_objs[631]),/* "generate cryptogram" */
+796,    /* "ecdsa-with-SHA512" */
-&(nid_objs[509]),/* "generationQualifier" */
+792,    /* "ecdsa-with-Specified" */
-&(nid_objs[601]),/* "generic cryptogram" */
+48,     /* "emailAddress" */
-&(nid_objs[99]),/* "givenName" */
+632,    /* "encrypted track 2" */
-&(nid_objs[814]),/* "gost89-cnt" */
+885,    /* "enhancedSearchGuide" */
-&(nid_objs[855]),/* "hmac" */
+56,     /* "extendedCertificateAttributes" */
-&(nid_objs[780]),/* "hmac-md5" */
+867,    /* "facsimileTelephoneNumber" */
-&(nid_objs[781]),/* "hmac-sha1" */
+462,    /* "favouriteDrink" */
-&(nid_objs[797]),/* "hmacWithMD5" */
+453,    /* "friendlyCountry" */
-&(nid_objs[163]),/* "hmacWithSHA1" */
+490,    /* "friendlyCountryName" */
-&(nid_objs[798]),/* "hmacWithSHA224" */
+156,    /* "friendlyName" */
-&(nid_objs[799]),/* "hmacWithSHA256" */
+631,    /* "generate cryptogram" */
-&(nid_objs[800]),/* "hmacWithSHA384" */
+509,    /* "generationQualifier" */
-&(nid_objs[801]),/* "hmacWithSHA512" */
+601,    /* "generic cryptogram" */
-&(nid_objs[486]),/* "homePostalAddress" */
+99,     /* "givenName" */
-&(nid_objs[473]),/* "homeTelephoneNumber" */
+814,    /* "gost89-cnt" */
-&(nid_objs[466]),/* "host" */
+855,    /* "hmac" */
-&(nid_objs[442]),/* "iA5StringSyntax" */
+780,    /* "hmac-md5" */
-&(nid_objs[381]),/* "iana" */
+781,    /* "hmac-sha1" */
-&(nid_objs[824]),/* "id-Gost28147-89-CryptoPro-A-ParamSet" */
+797,    /* "hmacWithMD5" */
-&(nid_objs[825]),/* "id-Gost28147-89-CryptoPro-B-ParamSet" */
+163,    /* "hmacWithSHA1" */
-&(nid_objs[826]),/* "id-Gost28147-89-CryptoPro-C-ParamSet" */
+798,    /* "hmacWithSHA224" */
-&(nid_objs[827]),/* "id-Gost28147-89-CryptoPro-D-ParamSet" */
+799,    /* "hmacWithSHA256" */
-&(nid_objs[819]),/* "id-Gost28147-89-CryptoPro-KeyMeshing" */
+800,    /* "hmacWithSHA384" */
-&(nid_objs[829]),/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
+801,    /* "hmacWithSHA512" */
-&(nid_objs[828]),/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
+486,    /* "homePostalAddress" */
-&(nid_objs[830]),/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
+473,    /* "homeTelephoneNumber" */
-&(nid_objs[820]),/* "id-Gost28147-89-None-KeyMeshing" */
+466,    /* "host" */
-&(nid_objs[823]),/* "id-Gost28147-89-TestParamSet" */
+889,    /* "houseIdentifier" */
-&(nid_objs[840]),/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
+442,    /* "iA5StringSyntax" */
-&(nid_objs[841]),/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
+381,    /* "iana" */
-&(nid_objs[842]),/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
+824,    /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
-&(nid_objs[843]),/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
+825,    /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
-&(nid_objs[844]),/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
+826,    /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
-&(nid_objs[839]),/* "id-GostR3410-2001-TestParamSet" */
+827,    /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
-&(nid_objs[832]),/* "id-GostR3410-94-CryptoPro-A-ParamSet" */
+819,    /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
-&(nid_objs[833]),/* "id-GostR3410-94-CryptoPro-B-ParamSet" */
+829,    /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
-&(nid_objs[834]),/* "id-GostR3410-94-CryptoPro-C-ParamSet" */
+828,    /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
-&(nid_objs[835]),/* "id-GostR3410-94-CryptoPro-D-ParamSet" */
+830,    /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
-&(nid_objs[836]),/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
+820,    /* "id-Gost28147-89-None-KeyMeshing" */
-&(nid_objs[837]),/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
+823,    /* "id-Gost28147-89-TestParamSet" */
-&(nid_objs[838]),/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
+840,    /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
-&(nid_objs[831]),/* "id-GostR3410-94-TestParamSet" */
+841,    /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
-&(nid_objs[845]),/* "id-GostR3410-94-a" */
+842,    /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
-&(nid_objs[846]),/* "id-GostR3410-94-aBis" */
+843,    /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
-&(nid_objs[847]),/* "id-GostR3410-94-b" */
+844,    /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
-&(nid_objs[848]),/* "id-GostR3410-94-bBis" */
+839,    /* "id-GostR3410-2001-TestParamSet" */
-&(nid_objs[822]),/* "id-GostR3411-94-CryptoProParamSet" */
+832,    /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
-&(nid_objs[821]),/* "id-GostR3411-94-TestParamSet" */
+833,    /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
-&(nid_objs[266]),/* "id-aca" */
+834,    /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
-&(nid_objs[355]),/* "id-aca-accessIdentity" */
+835,    /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
-&(nid_objs[354]),/* "id-aca-authenticationInfo" */
+836,    /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
-&(nid_objs[356]),/* "id-aca-chargingIdentity" */
+837,    /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
-&(nid_objs[399]),/* "id-aca-encAttrs" */
+838,    /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
-&(nid_objs[357]),/* "id-aca-group" */
+831,    /* "id-GostR3410-94-TestParamSet" */
-&(nid_objs[358]),/* "id-aca-role" */
+845,    /* "id-GostR3410-94-a" */
-&(nid_objs[176]),/* "id-ad" */
+846,    /* "id-GostR3410-94-aBis" */
-&(nid_objs[788]),/* "id-aes128-wrap" */
+847,    /* "id-GostR3410-94-b" */
-&(nid_objs[789]),/* "id-aes192-wrap" */
+848,    /* "id-GostR3410-94-bBis" */
-&(nid_objs[790]),/* "id-aes256-wrap" */
+822,    /* "id-GostR3411-94-CryptoProParamSet" */
-&(nid_objs[262]),/* "id-alg" */
+821,    /* "id-GostR3411-94-TestParamSet" */
-&(nid_objs[323]),/* "id-alg-des40" */
+266,    /* "id-aca" */
-&(nid_objs[326]),/* "id-alg-dh-pop" */
+355,    /* "id-aca-accessIdentity" */
-&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */
+354,    /* "id-aca-authenticationInfo" */
-&(nid_objs[324]),/* "id-alg-noSignature" */
+356,    /* "id-aca-chargingIdentity" */
-&(nid_objs[268]),/* "id-cct" */
+399,    /* "id-aca-encAttrs" */
-&(nid_objs[361]),/* "id-cct-PKIData" */
+357,    /* "id-aca-group" */
-&(nid_objs[362]),/* "id-cct-PKIResponse" */
+358,    /* "id-aca-role" */
-&(nid_objs[360]),/* "id-cct-crs" */
+176,    /* "id-ad" */
-&(nid_objs[81]),/* "id-ce" */
+788,    /* "id-aes128-wrap" */
-&(nid_objs[680]),/* "id-characteristic-two-basis" */
+789,    /* "id-aes192-wrap" */
-&(nid_objs[263]),/* "id-cmc" */
+790,    /* "id-aes256-wrap" */
-&(nid_objs[334]),/* "id-cmc-addExtensions" */
+262,    /* "id-alg" */
-&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */
+323,    /* "id-alg-des40" */
-&(nid_objs[330]),/* "id-cmc-dataReturn" */
+326,    /* "id-alg-dh-pop" */
-&(nid_objs[336]),/* "id-cmc-decryptedPOP" */
+325,    /* "id-alg-dh-sig-hmac-sha1" */
-&(nid_objs[335]),/* "id-cmc-encryptedPOP" */
+324,    /* "id-alg-noSignature" */
-&(nid_objs[339]),/* "id-cmc-getCRL" */
+268,    /* "id-cct" */
-&(nid_objs[338]),/* "id-cmc-getCert" */
+361,    /* "id-cct-PKIData" */
-&(nid_objs[328]),/* "id-cmc-identification" */
+362,    /* "id-cct-PKIResponse" */
-&(nid_objs[329]),/* "id-cmc-identityProof" */
+360,    /* "id-cct-crs" */
-&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */
+81,     /* "id-ce" */
-&(nid_objs[344]),/* "id-cmc-popLinkRandom" */
+680,    /* "id-characteristic-two-basis" */
-&(nid_objs[345]),/* "id-cmc-popLinkWitness" */
+263,    /* "id-cmc" */
-&(nid_objs[343]),/* "id-cmc-queryPending" */
+334,    /* "id-cmc-addExtensions" */
-&(nid_objs[333]),/* "id-cmc-recipientNonce" */
+346,    /* "id-cmc-confirmCertAcceptance" */
-&(nid_objs[341]),/* "id-cmc-regInfo" */
+330,    /* "id-cmc-dataReturn" */
-&(nid_objs[342]),/* "id-cmc-responseInfo" */
+336,    /* "id-cmc-decryptedPOP" */
-&(nid_objs[340]),/* "id-cmc-revokeRequest" */
+335,    /* "id-cmc-encryptedPOP" */
-&(nid_objs[332]),/* "id-cmc-senderNonce" */
+339,    /* "id-cmc-getCRL" */
-&(nid_objs[327]),/* "id-cmc-statusInfo" */
+338,    /* "id-cmc-getCert" */
-&(nid_objs[331]),/* "id-cmc-transactionId" */
+328,    /* "id-cmc-identification" */
-&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */
+329,    /* "id-cmc-identityProof" */
-&(nid_objs[408]),/* "id-ecPublicKey" */
+337,    /* "id-cmc-lraPOPWitness" */
-&(nid_objs[508]),/* "id-hex-multipart-message" */
+344,    /* "id-cmc-popLinkRandom" */
-&(nid_objs[507]),/* "id-hex-partial-message" */
+345,    /* "id-cmc-popLinkWitness" */
-&(nid_objs[260]),/* "id-it" */
+343,    /* "id-cmc-queryPending" */
-&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */
+333,    /* "id-cmc-recipientNonce" */
-&(nid_objs[298]),/* "id-it-caProtEncCert" */
+341,    /* "id-cmc-regInfo" */
-&(nid_objs[311]),/* "id-it-confirmWaitTime" */
+342,    /* "id-cmc-responseInfo" */
-&(nid_objs[303]),/* "id-it-currentCRL" */
+340,    /* "id-cmc-revokeRequest" */
-&(nid_objs[300]),/* "id-it-encKeyPairTypes" */
+332,    /* "id-cmc-senderNonce" */
-&(nid_objs[310]),/* "id-it-implicitConfirm" */
+327,    /* "id-cmc-statusInfo" */
-&(nid_objs[308]),/* "id-it-keyPairParamRep" */
+331,    /* "id-cmc-transactionId" */
-&(nid_objs[307]),/* "id-it-keyPairParamReq" */
+787,    /* "id-ct-asciiTextWithCRLF" */
-&(nid_objs[312]),/* "id-it-origPKIMessage" */
+408,    /* "id-ecPublicKey" */
-&(nid_objs[301]),/* "id-it-preferredSymmAlg" */
+508,    /* "id-hex-multipart-message" */
-&(nid_objs[309]),/* "id-it-revPassphrase" */
+507,    /* "id-hex-partial-message" */
-&(nid_objs[299]),/* "id-it-signKeyPairTypes" */
+260,    /* "id-it" */
-&(nid_objs[305]),/* "id-it-subscriptionRequest" */
+302,    /* "id-it-caKeyUpdateInfo" */
-&(nid_objs[306]),/* "id-it-subscriptionResponse" */
+298,    /* "id-it-caProtEncCert" */
-&(nid_objs[784]),/* "id-it-suppLangTags" */
+311,    /* "id-it-confirmWaitTime" */
-&(nid_objs[304]),/* "id-it-unsupportedOIDs" */
+303,    /* "id-it-currentCRL" */
-&(nid_objs[128]),/* "id-kp" */
+300,    /* "id-it-encKeyPairTypes" */
-&(nid_objs[280]),/* "id-mod-attribute-cert" */
+310,    /* "id-it-implicitConfirm" */
-&(nid_objs[274]),/* "id-mod-cmc" */
+308,    /* "id-it-keyPairParamRep" */
-&(nid_objs[277]),/* "id-mod-cmp" */
+307,    /* "id-it-keyPairParamReq" */
-&(nid_objs[284]),/* "id-mod-cmp2000" */
+312,    /* "id-it-origPKIMessage" */
-&(nid_objs[273]),/* "id-mod-crmf" */
+301,    /* "id-it-preferredSymmAlg" */
-&(nid_objs[283]),/* "id-mod-dvcs" */
+309,    /* "id-it-revPassphrase" */
-&(nid_objs[275]),/* "id-mod-kea-profile-88" */
+299,    /* "id-it-signKeyPairTypes" */
-&(nid_objs[276]),/* "id-mod-kea-profile-93" */
+305,    /* "id-it-subscriptionRequest" */
-&(nid_objs[282]),/* "id-mod-ocsp" */
+306,    /* "id-it-subscriptionResponse" */
-&(nid_objs[278]),/* "id-mod-qualified-cert-88" */
+784,    /* "id-it-suppLangTags" */
-&(nid_objs[279]),/* "id-mod-qualified-cert-93" */
+304,    /* "id-it-unsupportedOIDs" */
-&(nid_objs[281]),/* "id-mod-timestamp-protocol" */
+128,    /* "id-kp" */
-&(nid_objs[264]),/* "id-on" */
+280,    /* "id-mod-attribute-cert" */
-&(nid_objs[347]),/* "id-on-personalData" */
+274,    /* "id-mod-cmc" */
-&(nid_objs[265]),/* "id-pda" */
+277,    /* "id-mod-cmp" */
-&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */
+284,    /* "id-mod-cmp2000" */
-&(nid_objs[353]),/* "id-pda-countryOfResidence" */
+273,    /* "id-mod-crmf" */
-&(nid_objs[348]),/* "id-pda-dateOfBirth" */
+283,    /* "id-mod-dvcs" */
-&(nid_objs[351]),/* "id-pda-gender" */
+275,    /* "id-mod-kea-profile-88" */
-&(nid_objs[349]),/* "id-pda-placeOfBirth" */
+276,    /* "id-mod-kea-profile-93" */
-&(nid_objs[175]),/* "id-pe" */
+282,    /* "id-mod-ocsp" */
-&(nid_objs[261]),/* "id-pkip" */
+278,    /* "id-mod-qualified-cert-88" */
-&(nid_objs[258]),/* "id-pkix-mod" */
+279,    /* "id-mod-qualified-cert-93" */
-&(nid_objs[269]),/* "id-pkix1-explicit-88" */
+281,    /* "id-mod-timestamp-protocol" */
-&(nid_objs[271]),/* "id-pkix1-explicit-93" */
+264,    /* "id-on" */
-&(nid_objs[270]),/* "id-pkix1-implicit-88" */
+347,    /* "id-on-personalData" */
-&(nid_objs[272]),/* "id-pkix1-implicit-93" */
+265,    /* "id-pda" */
-&(nid_objs[662]),/* "id-ppl" */
+352,    /* "id-pda-countryOfCitizenship" */
-&(nid_objs[267]),/* "id-qcs" */
+353,    /* "id-pda-countryOfResidence" */
-&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */
+348,    /* "id-pda-dateOfBirth" */
-&(nid_objs[259]),/* "id-qt" */
+351,    /* "id-pda-gender" */
-&(nid_objs[313]),/* "id-regCtrl" */
+349,    /* "id-pda-placeOfBirth" */
-&(nid_objs[316]),/* "id-regCtrl-authenticator" */
+175,    /* "id-pe" */
-&(nid_objs[319]),/* "id-regCtrl-oldCertID" */
+261,    /* "id-pkip" */
-&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */
+258,    /* "id-pkix-mod" */
-&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */
+269,    /* "id-pkix1-explicit-88" */
-&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */
+271,    /* "id-pkix1-explicit-93" */
-&(nid_objs[315]),/* "id-regCtrl-regToken" */
+270,    /* "id-pkix1-implicit-88" */
-&(nid_objs[314]),/* "id-regInfo" */
+272,    /* "id-pkix1-implicit-93" */
-&(nid_objs[322]),/* "id-regInfo-certReq" */
+662,    /* "id-ppl" */
-&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */
+267,    /* "id-qcs" */
-&(nid_objs[191]),/* "id-smime-aa" */
+359,    /* "id-qcs-pkixQCSyntax-v1" */
-&(nid_objs[215]),/* "id-smime-aa-contentHint" */
+259,    /* "id-qt" */
-&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */
+313,    /* "id-regCtrl" */
-&(nid_objs[221]),/* "id-smime-aa-contentReference" */
+316,    /* "id-regCtrl-authenticator" */
-&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */
+319,    /* "id-regCtrl-oldCertID" */
-&(nid_objs[217]),/* "id-smime-aa-encapContentType" */
+318,    /* "id-regCtrl-pkiArchiveOptions" */
-&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */
+317,    /* "id-regCtrl-pkiPublicationInfo" */
-&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */
+320,    /* "id-regCtrl-protocolEncrKey" */
-&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */
+315,    /* "id-regCtrl-regToken" */
-&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */
+314,    /* "id-regInfo" */
-&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */
+322,    /* "id-regInfo-certReq" */
-&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */
+321,    /* "id-regInfo-utf8Pairs" */
-&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */
+191,    /* "id-smime-aa" */
-&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */
+215,    /* "id-smime-aa-contentHint" */
-&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */
+218,    /* "id-smime-aa-contentIdentifier" */
-&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */
+221,    /* "id-smime-aa-contentReference" */
-&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */
+240,    /* "id-smime-aa-dvcs-dvc" */
-&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */
+217,    /* "id-smime-aa-encapContentType" */
-&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */
+222,    /* "id-smime-aa-encrypKeyPref" */
-&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */
+220,    /* "id-smime-aa-equivalentLabels" */
-&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */
+232,    /* "id-smime-aa-ets-CertificateRefs" */
-&(nid_objs[219]),/* "id-smime-aa-macValue" */
+233,    /* "id-smime-aa-ets-RevocationRefs" */
-&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */
+238,    /* "id-smime-aa-ets-archiveTimeStamp" */
-&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */
+237,    /* "id-smime-aa-ets-certCRLTimestamp" */
-&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */
+234,    /* "id-smime-aa-ets-certValues" */
-&(nid_objs[213]),/* "id-smime-aa-securityLabel" */
+227,    /* "id-smime-aa-ets-commitmentType" */
-&(nid_objs[239]),/* "id-smime-aa-signatureType" */
+231,    /* "id-smime-aa-ets-contentTimestamp" */
-&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */
+236,    /* "id-smime-aa-ets-escTimeStamp" */
-&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */
+230,    /* "id-smime-aa-ets-otherSigCert" */
-&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */
+235,    /* "id-smime-aa-ets-revocationValues" */
-&(nid_objs[192]),/* "id-smime-alg" */
+226,    /* "id-smime-aa-ets-sigPolicyId" */
-&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */
+229,    /* "id-smime-aa-ets-signerAttr" */
-&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */
+228,    /* "id-smime-aa-ets-signerLocation" */
-&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */
+219,    /* "id-smime-aa-macValue" */
-&(nid_objs[245]),/* "id-smime-alg-ESDH" */
+214,    /* "id-smime-aa-mlExpandHistory" */
-&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */
+216,    /* "id-smime-aa-msgSigDigest" */
-&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */
+212,    /* "id-smime-aa-receiptRequest" */
-&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */
+213,    /* "id-smime-aa-securityLabel" */
-&(nid_objs[193]),/* "id-smime-cd" */
+239,    /* "id-smime-aa-signatureType" */
-&(nid_objs[248]),/* "id-smime-cd-ldap" */
+223,    /* "id-smime-aa-signingCertificate" */
-&(nid_objs[190]),/* "id-smime-ct" */
+224,    /* "id-smime-aa-smimeEncryptCerts" */
-&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */
+225,    /* "id-smime-aa-timeStampToken" */
-&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */
+192,    /* "id-smime-alg" */
-&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
+243,    /* "id-smime-alg-3DESwrap" */
-&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
+246,    /* "id-smime-alg-CMS3DESwrap" */
-&(nid_objs[205]),/* "id-smime-ct-authData" */
+247,    /* "id-smime-alg-CMSRC2wrap" */
-&(nid_objs[786]),/* "id-smime-ct-compressedData" */
+245,    /* "id-smime-alg-ESDH" */
-&(nid_objs[209]),/* "id-smime-ct-contentInfo" */
+241,    /* "id-smime-alg-ESDHwith3DES" */
-&(nid_objs[206]),/* "id-smime-ct-publishCert" */
+242,    /* "id-smime-alg-ESDHwithRC2" */
-&(nid_objs[204]),/* "id-smime-ct-receipt" */
+244,    /* "id-smime-alg-RC2wrap" */
-&(nid_objs[195]),/* "id-smime-cti" */
+193,    /* "id-smime-cd" */
-&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */
+248,    /* "id-smime-cd-ldap" */
-&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */
+190,    /* "id-smime-ct" */
-&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */
+210,    /* "id-smime-ct-DVCSRequestData" */
-&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */
+211,    /* "id-smime-ct-DVCSResponseData" */
-&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */
+208,    /* "id-smime-ct-TDTInfo" */
-&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */
+207,    /* "id-smime-ct-TSTInfo" */
-&(nid_objs[189]),/* "id-smime-mod" */
+205,    /* "id-smime-ct-authData" */
-&(nid_objs[196]),/* "id-smime-mod-cms" */
+786,    /* "id-smime-ct-compressedData" */
-&(nid_objs[197]),/* "id-smime-mod-ess" */
+209,    /* "id-smime-ct-contentInfo" */
-&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */
+206,    /* "id-smime-ct-publishCert" */
-&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */
+204,    /* "id-smime-ct-receipt" */
-&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */
+195,    /* "id-smime-cti" */
-&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */
+255,    /* "id-smime-cti-ets-proofOfApproval" */
-&(nid_objs[199]),/* "id-smime-mod-msg-v3" */
+256,    /* "id-smime-cti-ets-proofOfCreation" */
-&(nid_objs[198]),/* "id-smime-mod-oid" */
+253,    /* "id-smime-cti-ets-proofOfDelivery" */
-&(nid_objs[194]),/* "id-smime-spq" */
+251,    /* "id-smime-cti-ets-proofOfOrigin" */
-&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */
+252,    /* "id-smime-cti-ets-proofOfReceipt" */
-&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
+254,    /* "id-smime-cti-ets-proofOfSender" */
-&(nid_objs[34]),/* "idea-cbc" */
+189,    /* "id-smime-mod" */
-&(nid_objs[35]),/* "idea-cfb" */
+196,    /* "id-smime-mod-cms" */
-&(nid_objs[36]),/* "idea-ecb" */
+197,    /* "id-smime-mod-ess" */
-&(nid_objs[46]),/* "idea-ofb" */
+202,    /* "id-smime-mod-ets-eSigPolicy-88" */
-&(nid_objs[676]),/* "identified-organization" */
+203,    /* "id-smime-mod-ets-eSigPolicy-97" */
-&(nid_objs[461]),/* "info" */
+200,    /* "id-smime-mod-ets-eSignature-88" */
-&(nid_objs[101]),/* "initials" */
+201,    /* "id-smime-mod-ets-eSignature-97" */
-&(nid_objs[749]),/* "ipsec3" */
+199,    /* "id-smime-mod-msg-v3" */
-&(nid_objs[750]),/* "ipsec4" */
+198,    /* "id-smime-mod-oid" */
-&(nid_objs[181]),/* "iso" */
+194,    /* "id-smime-spq" */
-&(nid_objs[623]),/* "issuer capabilities" */
+250,    /* "id-smime-spq-ets-sqt-unotice" */
-&(nid_objs[645]),/* "itu-t" */
+249,    /* "id-smime-spq-ets-sqt-uri" */
-&(nid_objs[492]),/* "janetMailbox" */
+34,     /* "idea-cbc" */
-&(nid_objs[646]),/* "joint-iso-itu-t" */
+35,     /* "idea-cfb" */
-&(nid_objs[150]),/* "keyBag" */
+36,     /* "idea-ecb" */
-&(nid_objs[773]),/* "kisa" */
+46,     /* "idea-ofb" */
-&(nid_objs[477]),/* "lastModifiedBy" */
+676,    /* "identified-organization" */
-&(nid_objs[476]),/* "lastModifiedTime" */
+461,    /* "info" */
-&(nid_objs[157]),/* "localKeyID" */
+101,    /* "initials" */
-&(nid_objs[15]),/* "localityName" */
+869,    /* "internationaliSDNNumber" */
-&(nid_objs[480]),/* "mXRecord" */
+749,    /* "ipsec3" */
-&(nid_objs[493]),/* "mailPreferenceOption" */
+750,    /* "ipsec4" */
-&(nid_objs[467]),/* "manager" */
+181,    /* "iso" */
-&(nid_objs[ 3]),/* "md2" */
+623,    /* "issuer capabilities" */
-&(nid_objs[ 7]),/* "md2WithRSAEncryption" */
+645,    /* "itu-t" */
-&(nid_objs[257]),/* "md4" */
+492,    /* "janetMailbox" */
-&(nid_objs[396]),/* "md4WithRSAEncryption" */
+646,    /* "joint-iso-itu-t" */
-&(nid_objs[ 4]),/* "md5" */
+150,    /* "keyBag" */
-&(nid_objs[114]),/* "md5-sha1" */
+773,    /* "kisa" */
-&(nid_objs[104]),/* "md5WithRSA" */
+477,    /* "lastModifiedBy" */
-&(nid_objs[ 8]),/* "md5WithRSAEncryption" */
+476,    /* "lastModifiedTime" */
-&(nid_objs[95]),/* "mdc2" */
+157,    /* "localKeyID" */
-&(nid_objs[96]),/* "mdc2WithRSA" */
+15,     /* "localityName" */
-&(nid_objs[602]),/* "merchant initiated auth" */
+480,    /* "mXRecord" */
-&(nid_objs[514]),/* "message extensions" */
+493,    /* "mailPreferenceOption" */
-&(nid_objs[51]),/* "messageDigest" */
+467,    /* "manager" */
-&(nid_objs[506]),/* "mime-mhs-bodies" */
+ 3,     /* "md2" */
-&(nid_objs[505]),/* "mime-mhs-headings" */
+ 7,     /* "md2WithRSAEncryption" */
-&(nid_objs[488]),/* "mobileTelephoneNumber" */
+257,    /* "md4" */
-&(nid_objs[481]),/* "nSRecord" */
+396,    /* "md4WithRSAEncryption" */
-&(nid_objs[173]),/* "name" */
+ 4,     /* "md5" */
-&(nid_objs[681]),/* "onBasis" */
+114,    /* "md5-sha1" */
-&(nid_objs[379]),/* "org" */
+104,    /* "md5WithRSA" */
-&(nid_objs[17]),/* "organizationName" */
+ 8,     /* "md5WithRSAEncryption" */
-&(nid_objs[491]),/* "organizationalStatus" */
+95,     /* "mdc2" */
-&(nid_objs[18]),/* "organizationalUnitName" */
+96,     /* "mdc2WithRSA" */
-&(nid_objs[475]),/* "otherMailbox" */
+875,    /* "member" */
-&(nid_objs[489]),/* "pagerTelephoneNumber" */
+602,    /* "merchant initiated auth" */
-&(nid_objs[782]),/* "password based MAC" */
+514,    /* "message extensions" */
-&(nid_objs[374]),/* "path" */
+51,     /* "messageDigest" */
-&(nid_objs[621]),/* "payment gateway capabilities" */
+506,    /* "mime-mhs-bodies" */
-&(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */
+505,    /* "mime-mhs-headings" */
-&(nid_objs[168]),/* "pbeWithMD2AndRC2-CBC" */
+488,    /* "mobileTelephoneNumber" */
-&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
+481,    /* "nSRecord" */
-&(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */
+173,    /* "name" */
-&(nid_objs[169]),/* "pbeWithMD5AndRC2-CBC" */
+681,    /* "onBasis" */
-&(nid_objs[148]),/* "pbeWithSHA1And128BitRC2-CBC" */
+379,    /* "org" */
-&(nid_objs[144]),/* "pbeWithSHA1And128BitRC4" */
+17,     /* "organizationName" */
-&(nid_objs[147]),/* "pbeWithSHA1And2-KeyTripleDES-CBC" */
+491,    /* "organizationalStatus" */
-&(nid_objs[146]),/* "pbeWithSHA1And3-KeyTripleDES-CBC" */
+18,     /* "organizationalUnitName" */
-&(nid_objs[149]),/* "pbeWithSHA1And40BitRC2-CBC" */
+475,    /* "otherMailbox" */
-&(nid_objs[145]),/* "pbeWithSHA1And40BitRC4" */
+876,    /* "owner" */
-&(nid_objs[170]),/* "pbeWithSHA1AndDES-CBC" */
+489,    /* "pagerTelephoneNumber" */
-&(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */
+782,    /* "password based MAC" */
-&(nid_objs[499]),/* "personalSignature" */
+374,    /* "path" */
-&(nid_objs[487]),/* "personalTitle" */
+621,    /* "payment gateway capabilities" */
-&(nid_objs[464]),/* "photo" */
+ 9,     /* "pbeWithMD2AndDES-CBC" */
-&(nid_objs[437]),/* "pilot" */
+168,    /* "pbeWithMD2AndRC2-CBC" */
-&(nid_objs[439]),/* "pilotAttributeSyntax" */
+112,    /* "pbeWithMD5AndCast5CBC" */
-&(nid_objs[438]),/* "pilotAttributeType" */
+10,     /* "pbeWithMD5AndDES-CBC" */
-&(nid_objs[479]),/* "pilotAttributeType27" */
+169,    /* "pbeWithMD5AndRC2-CBC" */
-&(nid_objs[456]),/* "pilotDSA" */
+148,    /* "pbeWithSHA1And128BitRC2-CBC" */
-&(nid_objs[441]),/* "pilotGroups" */
+144,    /* "pbeWithSHA1And128BitRC4" */
-&(nid_objs[444]),/* "pilotObject" */
+147,    /* "pbeWithSHA1And2-KeyTripleDES-CBC" */
-&(nid_objs[440]),/* "pilotObjectClass" */
+146,    /* "pbeWithSHA1And3-KeyTripleDES-CBC" */
-&(nid_objs[455]),/* "pilotOrganization" */
+149,    /* "pbeWithSHA1And40BitRC2-CBC" */
-&(nid_objs[445]),/* "pilotPerson" */
+145,    /* "pbeWithSHA1And40BitRC4" */
-&(nid_objs[186]),/* "pkcs1" */
+170,    /* "pbeWithSHA1AndDES-CBC" */
-&(nid_objs[27]),/* "pkcs3" */
+68,     /* "pbeWithSHA1AndRC2-CBC" */
-&(nid_objs[187]),/* "pkcs5" */
+499,    /* "personalSignature" */
-&(nid_objs[20]),/* "pkcs7" */
+487,    /* "personalTitle" */
-&(nid_objs[21]),/* "pkcs7-data" */
+464,    /* "photo" */
-&(nid_objs[25]),/* "pkcs7-digestData" */
+863,    /* "physicalDeliveryOfficeName" */
-&(nid_objs[26]),/* "pkcs7-encryptedData" */
+437,    /* "pilot" */
-&(nid_objs[23]),/* "pkcs7-envelopedData" */
+439,    /* "pilotAttributeSyntax" */
-&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
+438,    /* "pilotAttributeType" */
-&(nid_objs[22]),/* "pkcs7-signedData" */
+479,    /* "pilotAttributeType27" */
-&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
+456,    /* "pilotDSA" */
-&(nid_objs[47]),/* "pkcs9" */
+441,    /* "pilotGroups" */
-&(nid_objs[661]),/* "postalCode" */
+444,    /* "pilotObject" */
-&(nid_objs[683]),/* "ppBasis" */
+440,    /* "pilotObjectClass" */
-&(nid_objs[406]),/* "prime-field" */
+455,    /* "pilotOrganization" */
-&(nid_objs[409]),/* "prime192v1" */
+445,    /* "pilotPerson" */
-&(nid_objs[410]),/* "prime192v2" */
+186,    /* "pkcs1" */
-&(nid_objs[411]),/* "prime192v3" */
+27,     /* "pkcs3" */
-&(nid_objs[412]),/* "prime239v1" */
+187,    /* "pkcs5" */
-&(nid_objs[413]),/* "prime239v2" */
+20,     /* "pkcs7" */
-&(nid_objs[414]),/* "prime239v3" */
+21,     /* "pkcs7-data" */
-&(nid_objs[415]),/* "prime256v1" */
+25,     /* "pkcs7-digestData" */
-&(nid_objs[510]),/* "pseudonym" */
+26,     /* "pkcs7-encryptedData" */
-&(nid_objs[435]),/* "pss" */
+23,     /* "pkcs7-envelopedData" */
-&(nid_objs[286]),/* "qcStatements" */
+24,     /* "pkcs7-signedAndEnvelopedData" */
-&(nid_objs[457]),/* "qualityLabelledData" */
+22,     /* "pkcs7-signedData" */
-&(nid_objs[450]),/* "rFC822localPart" */
+151,    /* "pkcs8ShroudedKeyBag" */
-&(nid_objs[98]),/* "rc2-40-cbc" */
+47,     /* "pkcs9" */
-&(nid_objs[166]),/* "rc2-64-cbc" */
+862,    /* "postOfficeBox" */
-&(nid_objs[37]),/* "rc2-cbc" */
+861,    /* "postalAddress" */
-&(nid_objs[39]),/* "rc2-cfb" */
+661,    /* "postalCode" */
-&(nid_objs[38]),/* "rc2-ecb" */
+683,    /* "ppBasis" */
-&(nid_objs[40]),/* "rc2-ofb" */
+872,    /* "preferredDeliveryMethod" */
-&(nid_objs[ 5]),/* "rc4" */
+873,    /* "presentationAddress" */
-&(nid_objs[97]),/* "rc4-40" */
+406,    /* "prime-field" */
-&(nid_objs[120]),/* "rc5-cbc" */
+409,    /* "prime192v1" */
-&(nid_objs[122]),/* "rc5-cfb" */
+410,    /* "prime192v2" */
-&(nid_objs[121]),/* "rc5-ecb" */
+411,    /* "prime192v3" */
-&(nid_objs[123]),/* "rc5-ofb" */
+412,    /* "prime239v1" */
-&(nid_objs[460]),/* "rfc822Mailbox" */
+413,    /* "prime239v2" */
-&(nid_objs[117]),/* "ripemd160" */
+414,    /* "prime239v3" */
-&(nid_objs[119]),/* "ripemd160WithRSA" */
+415,    /* "prime256v1" */
-&(nid_objs[400]),/* "role" */
+886,    /* "protocolInformation" */
-&(nid_objs[448]),/* "room" */
+510,    /* "pseudonym" */
-&(nid_objs[463]),/* "roomNumber" */
+435,    /* "pss" */
-&(nid_objs[19]),/* "rsa" */
+286,    /* "qcStatements" */
-&(nid_objs[ 6]),/* "rsaEncryption" */
+457,    /* "qualityLabelledData" */
-&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */
+450,    /* "rFC822localPart" */
-&(nid_objs[377]),/* "rsaSignature" */
+98,     /* "rc2-40-cbc" */
-&(nid_objs[124]),/* "run length compression" */
+166,    /* "rc2-64-cbc" */
-&(nid_objs[482]),/* "sOARecord" */
+37,     /* "rc2-cbc" */
-&(nid_objs[155]),/* "safeContentsBag" */
+39,     /* "rc2-cfb" */
-&(nid_objs[291]),/* "sbgp-autonomousSysNum" */
+38,     /* "rc2-ecb" */
-&(nid_objs[290]),/* "sbgp-ipAddrBlock" */
+40,     /* "rc2-ofb" */
-&(nid_objs[292]),/* "sbgp-routerIdentifier" */
+ 5,     /* "rc4" */
-&(nid_objs[159]),/* "sdsiCertificate" */
+97,     /* "rc4-40" */
-&(nid_objs[704]),/* "secp112r1" */
+120,    /* "rc5-cbc" */
-&(nid_objs[705]),/* "secp112r2" */
+122,    /* "rc5-cfb" */
-&(nid_objs[706]),/* "secp128r1" */
+121,    /* "rc5-ecb" */
-&(nid_objs[707]),/* "secp128r2" */
+123,    /* "rc5-ofb" */
-&(nid_objs[708]),/* "secp160k1" */
+870,    /* "registeredAddress" */
-&(nid_objs[709]),/* "secp160r1" */
+460,    /* "rfc822Mailbox" */
-&(nid_objs[710]),/* "secp160r2" */
+117,    /* "ripemd160" */
-&(nid_objs[711]),/* "secp192k1" */
+119,    /* "ripemd160WithRSA" */
-&(nid_objs[712]),/* "secp224k1" */
+400,    /* "role" */
-&(nid_objs[713]),/* "secp224r1" */
+877,    /* "roleOccupant" */
-&(nid_objs[714]),/* "secp256k1" */
+448,    /* "room" */
-&(nid_objs[715]),/* "secp384r1" */
+463,    /* "roomNumber" */
-&(nid_objs[716]),/* "secp521r1" */
+19,     /* "rsa" */
-&(nid_objs[154]),/* "secretBag" */
+ 6,     /* "rsaEncryption" */
-&(nid_objs[474]),/* "secretary" */
+644,    /* "rsaOAEPEncryptionSET" */
-&(nid_objs[717]),/* "sect113r1" */
+377,    /* "rsaSignature" */
-&(nid_objs[718]),/* "sect113r2" */
+124,    /* "run length compression" */
-&(nid_objs[719]),/* "sect131r1" */
+482,    /* "sOARecord" */
-&(nid_objs[720]),/* "sect131r2" */
+155,    /* "safeContentsBag" */
-&(nid_objs[721]),/* "sect163k1" */
+291,    /* "sbgp-autonomousSysNum" */
-&(nid_objs[722]),/* "sect163r1" */
+290,    /* "sbgp-ipAddrBlock" */
-&(nid_objs[723]),/* "sect163r2" */
+292,    /* "sbgp-routerIdentifier" */
-&(nid_objs[724]),/* "sect193r1" */
+159,    /* "sdsiCertificate" */
-&(nid_objs[725]),/* "sect193r2" */
+859,    /* "searchGuide" */
-&(nid_objs[726]),/* "sect233k1" */
+704,    /* "secp112r1" */
-&(nid_objs[727]),/* "sect233r1" */
+705,    /* "secp112r2" */
-&(nid_objs[728]),/* "sect239k1" */
+706,    /* "secp128r1" */
-&(nid_objs[729]),/* "sect283k1" */
+707,    /* "secp128r2" */
-&(nid_objs[730]),/* "sect283r1" */
+708,    /* "secp160k1" */
-&(nid_objs[731]),/* "sect409k1" */
+709,    /* "secp160r1" */
-&(nid_objs[732]),/* "sect409r1" */
+710,    /* "secp160r2" */
-&(nid_objs[733]),/* "sect571k1" */
+711,    /* "secp192k1" */
-&(nid_objs[734]),/* "sect571r1" */
+712,    /* "secp224k1" */
-&(nid_objs[635]),/* "secure device signature" */
+713,    /* "secp224r1" */
-&(nid_objs[777]),/* "seed-cbc" */
+714,    /* "secp256k1" */
-&(nid_objs[779]),/* "seed-cfb" */
+715,    /* "secp384r1" */
-&(nid_objs[776]),/* "seed-ecb" */
+716,    /* "secp521r1" */
-&(nid_objs[778]),/* "seed-ofb" */
+154,    /* "secretBag" */
-&(nid_objs[105]),/* "serialNumber" */
+474,    /* "secretary" */
-&(nid_objs[625]),/* "set-addPolicy" */
+717,    /* "sect113r1" */
-&(nid_objs[515]),/* "set-attr" */
+718,    /* "sect113r2" */
-&(nid_objs[518]),/* "set-brand" */
+719,    /* "sect131r1" */
-&(nid_objs[638]),/* "set-brand-AmericanExpress" */
+720,    /* "sect131r2" */
-&(nid_objs[637]),/* "set-brand-Diners" */
+721,    /* "sect163k1" */
-&(nid_objs[636]),/* "set-brand-IATA-ATA" */
+722,    /* "sect163r1" */
-&(nid_objs[639]),/* "set-brand-JCB" */
+723,    /* "sect163r2" */
-&(nid_objs[641]),/* "set-brand-MasterCard" */
+724,    /* "sect193r1" */
-&(nid_objs[642]),/* "set-brand-Novus" */
+725,    /* "sect193r2" */
-&(nid_objs[640]),/* "set-brand-Visa" */
+726,    /* "sect233k1" */
-&(nid_objs[516]),/* "set-policy" */
+727,    /* "sect233r1" */
-&(nid_objs[607]),/* "set-policy-root" */
+728,    /* "sect239k1" */
-&(nid_objs[624]),/* "set-rootKeyThumb" */
+729,    /* "sect283k1" */
-&(nid_objs[620]),/* "setAttr-Cert" */
+730,    /* "sect283r1" */
-&(nid_objs[628]),/* "setAttr-IssCap-CVM" */
+731,    /* "sect409k1" */
-&(nid_objs[630]),/* "setAttr-IssCap-Sig" */
+732,    /* "sect409r1" */
-&(nid_objs[629]),/* "setAttr-IssCap-T2" */
+733,    /* "sect571k1" */
-&(nid_objs[627]),/* "setAttr-Token-B0Prime" */
+734,    /* "sect571r1" */
-&(nid_objs[626]),/* "setAttr-Token-EMV" */
+635,    /* "secure device signature" */
-&(nid_objs[622]),/* "setAttr-TokenType" */
+878,    /* "seeAlso" */
-&(nid_objs[619]),/* "setCext-IssuerCapabilities" */
+777,    /* "seed-cbc" */
-&(nid_objs[615]),/* "setCext-PGWYcapabilities" */
+779,    /* "seed-cfb" */
-&(nid_objs[616]),/* "setCext-TokenIdentifier" */
+776,    /* "seed-ecb" */
-&(nid_objs[618]),/* "setCext-TokenType" */
+778,    /* "seed-ofb" */
-&(nid_objs[617]),/* "setCext-Track2Data" */
+105,    /* "serialNumber" */
-&(nid_objs[611]),/* "setCext-cCertRequired" */
+625,    /* "set-addPolicy" */
-&(nid_objs[609]),/* "setCext-certType" */
+515,    /* "set-attr" */
-&(nid_objs[608]),/* "setCext-hashedRoot" */
+518,    /* "set-brand" */
-&(nid_objs[610]),/* "setCext-merchData" */
+638,    /* "set-brand-AmericanExpress" */
-&(nid_objs[613]),/* "setCext-setExt" */
+637,    /* "set-brand-Diners" */
-&(nid_objs[614]),/* "setCext-setQualf" */
+636,    /* "set-brand-IATA-ATA" */
-&(nid_objs[612]),/* "setCext-tunneling" */
+639,    /* "set-brand-JCB" */
-&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */
+641,    /* "set-brand-MasterCard" */
-&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */
+642,    /* "set-brand-Novus" */
-&(nid_objs[570]),/* "setct-AuthReqTBE" */
+640,    /* "set-brand-Visa" */
-&(nid_objs[534]),/* "setct-AuthReqTBS" */
+516,    /* "set-policy" */
-&(nid_objs[527]),/* "setct-AuthResBaggage" */
+607,    /* "set-policy-root" */
-&(nid_objs[571]),/* "setct-AuthResTBE" */
+624,    /* "set-rootKeyThumb" */
-&(nid_objs[572]),/* "setct-AuthResTBEX" */
+620,    /* "setAttr-Cert" */
-&(nid_objs[535]),/* "setct-AuthResTBS" */
+628,    /* "setAttr-IssCap-CVM" */
-&(nid_objs[536]),/* "setct-AuthResTBSX" */
+630,    /* "setAttr-IssCap-Sig" */
-&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */
+629,    /* "setAttr-IssCap-T2" */
-&(nid_objs[577]),/* "setct-AuthRevReqTBE" */
+627,    /* "setAttr-Token-B0Prime" */
-&(nid_objs[541]),/* "setct-AuthRevReqTBS" */
+626,    /* "setAttr-Token-EMV" */
-&(nid_objs[529]),/* "setct-AuthRevResBaggage" */
+622,    /* "setAttr-TokenType" */
-&(nid_objs[542]),/* "setct-AuthRevResData" */
+619,    /* "setCext-IssuerCapabilities" */
-&(nid_objs[578]),/* "setct-AuthRevResTBE" */
+615,    /* "setCext-PGWYcapabilities" */
-&(nid_objs[579]),/* "setct-AuthRevResTBEB" */
+616,    /* "setCext-TokenIdentifier" */
-&(nid_objs[543]),/* "setct-AuthRevResTBS" */
+618,    /* "setCext-TokenType" */
-&(nid_objs[573]),/* "setct-AuthTokenTBE" */
+617,    /* "setCext-Track2Data" */
-&(nid_objs[537]),/* "setct-AuthTokenTBS" */
+611,    /* "setCext-cCertRequired" */
-&(nid_objs[600]),/* "setct-BCIDistributionTBS" */
+609,    /* "setCext-certType" */
-&(nid_objs[558]),/* "setct-BatchAdminReqData" */
+608,    /* "setCext-hashedRoot" */
-&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */
+610,    /* "setCext-merchData" */
-&(nid_objs[559]),/* "setct-BatchAdminResData" */
+613,    /* "setCext-setExt" */
-&(nid_objs[593]),/* "setct-BatchAdminResTBE" */
+614,    /* "setCext-setQualf" */
-&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */
+612,    /* "setCext-tunneling" */
-&(nid_objs[598]),/* "setct-CRLNotificationTBS" */
+540,    /* "setct-AcqCardCodeMsg" */
-&(nid_objs[580]),/* "setct-CapReqTBE" */
+576,    /* "setct-AcqCardCodeMsgTBE" */
-&(nid_objs[581]),/* "setct-CapReqTBEX" */
+570,    /* "setct-AuthReqTBE" */
-&(nid_objs[544]),/* "setct-CapReqTBS" */
+534,    /* "setct-AuthReqTBS" */
-&(nid_objs[545]),/* "setct-CapReqTBSX" */
+527,    /* "setct-AuthResBaggage" */
-&(nid_objs[546]),/* "setct-CapResData" */
+571,    /* "setct-AuthResTBE" */
-&(nid_objs[582]),/* "setct-CapResTBE" */
+572,    /* "setct-AuthResTBEX" */
-&(nid_objs[583]),/* "setct-CapRevReqTBE" */
+535,    /* "setct-AuthResTBS" */
-&(nid_objs[584]),/* "setct-CapRevReqTBEX" */
+536,    /* "setct-AuthResTBSX" */
-&(nid_objs[547]),/* "setct-CapRevReqTBS" */
+528,    /* "setct-AuthRevReqBaggage" */
-&(nid_objs[548]),/* "setct-CapRevReqTBSX" */
+577,    /* "setct-AuthRevReqTBE" */
-&(nid_objs[549]),/* "setct-CapRevResData" */
+541,    /* "setct-AuthRevReqTBS" */
-&(nid_objs[585]),/* "setct-CapRevResTBE" */
+529,    /* "setct-AuthRevResBaggage" */
-&(nid_objs[538]),/* "setct-CapTokenData" */
+542,    /* "setct-AuthRevResData" */
-&(nid_objs[530]),/* "setct-CapTokenSeq" */
+578,    /* "setct-AuthRevResTBE" */
-&(nid_objs[574]),/* "setct-CapTokenTBE" */
+579,    /* "setct-AuthRevResTBEB" */
-&(nid_objs[575]),/* "setct-CapTokenTBEX" */
+543,    /* "setct-AuthRevResTBS" */
-&(nid_objs[539]),/* "setct-CapTokenTBS" */
+573,    /* "setct-AuthTokenTBE" */
-&(nid_objs[560]),/* "setct-CardCInitResTBS" */
+537,    /* "setct-AuthTokenTBS" */
-&(nid_objs[566]),/* "setct-CertInqReqTBS" */
+600,    /* "setct-BCIDistributionTBS" */
-&(nid_objs[563]),/* "setct-CertReqData" */
+558,    /* "setct-BatchAdminReqData" */
-&(nid_objs[595]),/* "setct-CertReqTBE" */
+592,    /* "setct-BatchAdminReqTBE" */
-&(nid_objs[596]),/* "setct-CertReqTBEX" */
+559,    /* "setct-BatchAdminResData" */
-&(nid_objs[564]),/* "setct-CertReqTBS" */
+593,    /* "setct-BatchAdminResTBE" */
-&(nid_objs[565]),/* "setct-CertResData" */
+599,    /* "setct-CRLNotificationResTBS" */
-&(nid_objs[597]),/* "setct-CertResTBE" */
+598,    /* "setct-CRLNotificationTBS" */
-&(nid_objs[586]),/* "setct-CredReqTBE" */
+580,    /* "setct-CapReqTBE" */
-&(nid_objs[587]),/* "setct-CredReqTBEX" */
+581,    /* "setct-CapReqTBEX" */
-&(nid_objs[550]),/* "setct-CredReqTBS" */
+544,    /* "setct-CapReqTBS" */
-&(nid_objs[551]),/* "setct-CredReqTBSX" */
+545,    /* "setct-CapReqTBSX" */
-&(nid_objs[552]),/* "setct-CredResData" */
+546,    /* "setct-CapResData" */
-&(nid_objs[588]),/* "setct-CredResTBE" */
+582,    /* "setct-CapResTBE" */
-&(nid_objs[589]),/* "setct-CredRevReqTBE" */
+583,    /* "setct-CapRevReqTBE" */
-&(nid_objs[590]),/* "setct-CredRevReqTBEX" */
+584,    /* "setct-CapRevReqTBEX" */
-&(nid_objs[553]),/* "setct-CredRevReqTBS" */
+547,    /* "setct-CapRevReqTBS" */
-&(nid_objs[554]),/* "setct-CredRevReqTBSX" */
+548,    /* "setct-CapRevReqTBSX" */
-&(nid_objs[555]),/* "setct-CredRevResData" */
+549,    /* "setct-CapRevResData" */
-&(nid_objs[591]),/* "setct-CredRevResTBE" */
+585,    /* "setct-CapRevResTBE" */
-&(nid_objs[567]),/* "setct-ErrorTBS" */
+538,    /* "setct-CapTokenData" */
-&(nid_objs[526]),/* "setct-HODInput" */
+530,    /* "setct-CapTokenSeq" */
-&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */
+574,    /* "setct-CapTokenTBE" */
-&(nid_objs[522]),/* "setct-OIData" */
+575,    /* "setct-CapTokenTBEX" */
-&(nid_objs[519]),/* "setct-PANData" */
+539,    /* "setct-CapTokenTBS" */
-&(nid_objs[521]),/* "setct-PANOnly" */
+560,    /* "setct-CardCInitResTBS" */
-&(nid_objs[520]),/* "setct-PANToken" */
+566,    /* "setct-CertInqReqTBS" */
-&(nid_objs[556]),/* "setct-PCertReqData" */
+563,    /* "setct-CertReqData" */
-&(nid_objs[557]),/* "setct-PCertResTBS" */
+595,    /* "setct-CertReqTBE" */
-&(nid_objs[523]),/* "setct-PI" */
+596,    /* "setct-CertReqTBEX" */
-&(nid_objs[532]),/* "setct-PI-TBS" */
+564,    /* "setct-CertReqTBS" */
-&(nid_objs[524]),/* "setct-PIData" */
+565,    /* "setct-CertResData" */
-&(nid_objs[525]),/* "setct-PIDataUnsigned" */
+597,    /* "setct-CertResTBE" */
-&(nid_objs[568]),/* "setct-PIDualSignedTBE" */
+586,    /* "setct-CredReqTBE" */
-&(nid_objs[569]),/* "setct-PIUnsignedTBE" */
+587,    /* "setct-CredReqTBEX" */
-&(nid_objs[531]),/* "setct-PInitResData" */
+550,    /* "setct-CredReqTBS" */
-&(nid_objs[533]),/* "setct-PResData" */
+551,    /* "setct-CredReqTBSX" */
-&(nid_objs[594]),/* "setct-RegFormReqTBE" */
+552,    /* "setct-CredResData" */
-&(nid_objs[562]),/* "setct-RegFormResTBS" */
+588,    /* "setct-CredResTBE" */
-&(nid_objs[604]),/* "setext-pinAny" */
+589,    /* "setct-CredRevReqTBE" */
-&(nid_objs[603]),/* "setext-pinSecure" */
+590,    /* "setct-CredRevReqTBEX" */
-&(nid_objs[605]),/* "setext-track2" */
+553,    /* "setct-CredRevReqTBS" */
-&(nid_objs[41]),/* "sha" */
+554,    /* "setct-CredRevReqTBSX" */
-&(nid_objs[64]),/* "sha1" */
+555,    /* "setct-CredRevResData" */
-&(nid_objs[115]),/* "sha1WithRSA" */
+591,    /* "setct-CredRevResTBE" */
-&(nid_objs[65]),/* "sha1WithRSAEncryption" */
+567,    /* "setct-ErrorTBS" */
-&(nid_objs[675]),/* "sha224" */
+526,    /* "setct-HODInput" */
-&(nid_objs[671]),/* "sha224WithRSAEncryption" */
+561,    /* "setct-MeAqCInitResTBS" */
-&(nid_objs[672]),/* "sha256" */
+522,    /* "setct-OIData" */
-&(nid_objs[668]),/* "sha256WithRSAEncryption" */
+519,    /* "setct-PANData" */
-&(nid_objs[673]),/* "sha384" */
+521,    /* "setct-PANOnly" */
-&(nid_objs[669]),/* "sha384WithRSAEncryption" */
+520,    /* "setct-PANToken" */
-&(nid_objs[674]),/* "sha512" */
+556,    /* "setct-PCertReqData" */
-&(nid_objs[670]),/* "sha512WithRSAEncryption" */
+557,    /* "setct-PCertResTBS" */
-&(nid_objs[42]),/* "shaWithRSAEncryption" */
+523,    /* "setct-PI" */
-&(nid_objs[52]),/* "signingTime" */
+532,    /* "setct-PI-TBS" */
-&(nid_objs[454]),/* "simpleSecurityObject" */
+524,    /* "setct-PIData" */
-&(nid_objs[496]),/* "singleLevelQuality" */
+525,    /* "setct-PIDataUnsigned" */
-&(nid_objs[16]),/* "stateOrProvinceName" */
+568,    /* "setct-PIDualSignedTBE" */
-&(nid_objs[660]),/* "streetAddress" */
+569,    /* "setct-PIUnsignedTBE" */
-&(nid_objs[498]),/* "subtreeMaximumQuality" */
+531,    /* "setct-PInitResData" */
-&(nid_objs[497]),/* "subtreeMinimumQuality" */
+533,    /* "setct-PResData" */
-&(nid_objs[100]),/* "surname" */
+594,    /* "setct-RegFormReqTBE" */
-&(nid_objs[459]),/* "textEncodedORAddress" */
+562,    /* "setct-RegFormResTBS" */
-&(nid_objs[293]),/* "textNotice" */
+604,    /* "setext-pinAny" */
-&(nid_objs[106]),/* "title" */
+603,    /* "setext-pinSecure" */
-&(nid_objs[682]),/* "tpBasis" */
+605,    /* "setext-track2" */
-&(nid_objs[436]),/* "ucl" */
+41,     /* "sha" */
-&(nid_objs[ 0]),/* "undefined" */
+64,     /* "sha1" */
-&(nid_objs[55]),/* "unstructuredAddress" */
+115,    /* "sha1WithRSA" */
-&(nid_objs[49]),/* "unstructuredName" */
+65,     /* "sha1WithRSAEncryption" */
-&(nid_objs[465]),/* "userClass" */
+675,    /* "sha224" */
-&(nid_objs[458]),/* "userId" */
+671,    /* "sha224WithRSAEncryption" */
-&(nid_objs[373]),/* "valid" */
+672,    /* "sha256" */
-&(nid_objs[678]),/* "wap" */
+668,    /* "sha256WithRSAEncryption" */
-&(nid_objs[679]),/* "wap-wsg" */
+673,    /* "sha384" */
-&(nid_objs[735]),/* "wap-wsg-idm-ecid-wtls1" */
+669,    /* "sha384WithRSAEncryption" */
-&(nid_objs[743]),/* "wap-wsg-idm-ecid-wtls10" */
+674,    /* "sha512" */
-&(nid_objs[744]),/* "wap-wsg-idm-ecid-wtls11" */
+670,    /* "sha512WithRSAEncryption" */
-&(nid_objs[745]),/* "wap-wsg-idm-ecid-wtls12" */
+42,     /* "shaWithRSAEncryption" */
-&(nid_objs[736]),/* "wap-wsg-idm-ecid-wtls3" */
+52,     /* "signingTime" */
-&(nid_objs[737]),/* "wap-wsg-idm-ecid-wtls4" */
+454,    /* "simpleSecurityObject" */
-&(nid_objs[738]),/* "wap-wsg-idm-ecid-wtls5" */
+496,    /* "singleLevelQuality" */
-&(nid_objs[739]),/* "wap-wsg-idm-ecid-wtls6" */
+16,     /* "stateOrProvinceName" */
-&(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */
+660,    /* "streetAddress" */
-&(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */
+498,    /* "subtreeMaximumQuality" */
-&(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */
+497,    /* "subtreeMinimumQuality" */
-&(nid_objs[804]),/* "whirlpool" */
+890,    /* "supportedAlgorithms" */
-&(nid_objs[503]),/* "x500UniqueIdentifier" */
+874,    /* "supportedApplicationContext" */
-&(nid_objs[158]),/* "x509Certificate" */
+100,    /* "surname" */
-&(nid_objs[160]),/* "x509Crl" */
+864,    /* "telephoneNumber" */
-&(nid_objs[125]),/* "zlib compression" */
+866,    /* "teletexTerminalIdentifier" */
+865,    /* "telexNumber" */
+459,    /* "textEncodedORAddress" */
+293,    /* "textNotice" */
+106,    /* "title" */
+682,    /* "tpBasis" */
+436,    /* "ucl" */
+ 0,     /* "undefined" */
+888,    /* "uniqueMember" */
+55,     /* "unstructuredAddress" */
+49,     /* "unstructuredName" */
+880,    /* "userCertificate" */
+465,    /* "userClass" */
+458,    /* "userId" */
+879,    /* "userPassword" */
+373,    /* "valid" */
+678,    /* "wap" */
+679,    /* "wap-wsg" */
+735,    /* "wap-wsg-idm-ecid-wtls1" */
+743,    /* "wap-wsg-idm-ecid-wtls10" */
+744,    /* "wap-wsg-idm-ecid-wtls11" */
+745,    /* "wap-wsg-idm-ecid-wtls12" */
+736,    /* "wap-wsg-idm-ecid-wtls3" */
+737,    /* "wap-wsg-idm-ecid-wtls4" */
+738,    /* "wap-wsg-idm-ecid-wtls5" */
+739,    /* "wap-wsg-idm-ecid-wtls6" */
+740,    /* "wap-wsg-idm-ecid-wtls7" */
+741,    /* "wap-wsg-idm-ecid-wtls8" */
+742,    /* "wap-wsg-idm-ecid-wtls9" */
+804,    /* "whirlpool" */
+868,    /* "x121Address" */
+503,    /* "x500UniqueIdentifier" */
+158,    /* "x509Certificate" */
+160,    /* "x509Crl" */
+125,    /* "zlib compression" */
 };
-static ASN1_OBJECT *obj_objs[NUM_OBJ]={
+static const unsigned int obj_objs[NUM_OBJ]={
-&(nid_objs[ 0]),/* OBJ_undef                        0 */
+ 0,     /* OBJ_undef                        0 */
-&(nid_objs[393]),/* OBJ_joint_iso_ccitt              OBJ_joint_iso_itu_t */
+393,    /* OBJ_joint_iso_ccitt              OBJ_joint_iso_itu_t */
-&(nid_objs[404]),/* OBJ_ccitt                        OBJ_itu_t */
+404,    /* OBJ_ccitt                        OBJ_itu_t */
-&(nid_objs[645]),/* OBJ_itu_t                        0 */
+645,    /* OBJ_itu_t                        0 */
-&(nid_objs[434]),/* OBJ_data                         0 9 */
+434,    /* OBJ_data                         0 9 */
-&(nid_objs[181]),/* OBJ_iso                          1 */
+181,    /* OBJ_iso                          1 */
-&(nid_objs[182]),/* OBJ_member_body                  1 2 */
+182,    /* OBJ_member_body                  1 2 */
-&(nid_objs[379]),/* OBJ_org                          1 3 */
+379,    /* OBJ_org                          1 3 */
-&(nid_objs[676]),/* OBJ_identified_organization      1 3 */
+676,    /* OBJ_identified_organization      1 3 */
-&(nid_objs[646]),/* OBJ_joint_iso_itu_t              2 */
+646,    /* OBJ_joint_iso_itu_t              2 */
-&(nid_objs[11]),/* OBJ_X500                         2 5 */
+11,     /* OBJ_X500                         2 5 */
-&(nid_objs[647]),/* OBJ_international_organizations  2 23 */
+647,    /* OBJ_international_organizations  2 23 */
-&(nid_objs[380]),/* OBJ_dod                          1 3 6 */
+380,    /* OBJ_dod                          1 3 6 */
-&(nid_objs[12]),/* OBJ_X509                         2 5 4 */
+12,     /* OBJ_X509                         2 5 4 */
-&(nid_objs[378]),/* OBJ_X500algorithms               2 5 8 */
+378,    /* OBJ_X500algorithms               2 5 8 */
-&(nid_objs[81]),/* OBJ_id_ce                        2 5 29 */
+81,     /* OBJ_id_ce                        2 5 29 */
-&(nid_objs[512]),/* OBJ_id_set                       2 23 42 */
+512,    /* OBJ_id_set                       2 23 42 */
-&(nid_objs[678]),/* OBJ_wap                          2 23 43 */
+678,    /* OBJ_wap                          2 23 43 */
-&(nid_objs[435]),/* OBJ_pss                          0 9 2342 */
+435,    /* OBJ_pss                          0 9 2342 */
-&(nid_objs[183]),/* OBJ_ISO_US                       1 2 840 */
+183,    /* OBJ_ISO_US                       1 2 840 */
-&(nid_objs[381]),/* OBJ_iana                         1 3 6 1 */
+381,    /* OBJ_iana                         1 3 6 1 */
-&(nid_objs[677]),/* OBJ_certicom_arc                 1 3 132 */
+677,    /* OBJ_certicom_arc                 1 3 132 */
-&(nid_objs[394]),/* OBJ_selected_attribute_types     2 5 1 5 */
+394,    /* OBJ_selected_attribute_types     2 5 1 5 */
-&(nid_objs[13]),/* OBJ_commonName                   2 5 4 3 */
+13,     /* OBJ_commonName                   2 5 4 3 */
-&(nid_objs[100]),/* OBJ_surname                      2 5 4 4 */
+100,    /* OBJ_surname                      2 5 4 4 */
-&(nid_objs[105]),/* OBJ_serialNumber                 2 5 4 5 */
+105,    /* OBJ_serialNumber                 2 5 4 5 */
-&(nid_objs[14]),/* OBJ_countryName                  2 5 4 6 */
+14,     /* OBJ_countryName                  2 5 4 6 */
-&(nid_objs[15]),/* OBJ_localityName                 2 5 4 7 */
+15,     /* OBJ_localityName                 2 5 4 7 */
-&(nid_objs[16]),/* OBJ_stateOrProvinceName          2 5 4 8 */
+16,     /* OBJ_stateOrProvinceName          2 5 4 8 */
-&(nid_objs[660]),/* OBJ_streetAddress                2 5 4 9 */
+660,    /* OBJ_streetAddress                2 5 4 9 */
-&(nid_objs[17]),/* OBJ_organizationName             2 5 4 10 */
+17,     /* OBJ_organizationName             2 5 4 10 */
-&(nid_objs[18]),/* OBJ_organizationalUnitName       2 5 4 11 */
+18,     /* OBJ_organizationalUnitName       2 5 4 11 */
-&(nid_objs[106]),/* OBJ_title                        2 5 4 12 */
+106,    /* OBJ_title                        2 5 4 12 */
-&(nid_objs[107]),/* OBJ_description                  2 5 4 13 */
+107,    /* OBJ_description                  2 5 4 13 */
-&(nid_objs[661]),/* OBJ_postalCode                   2 5 4 17 */
+859,    /* OBJ_searchGuide                  2 5 4 14 */
-&(nid_objs[173]),/* OBJ_name                         2 5 4 41 */
+860,    /* OBJ_businessCategory             2 5 4 15 */
-&(nid_objs[99]),/* OBJ_givenName                    2 5 4 42 */
+861,    /* OBJ_postalAddress                2 5 4 16 */
-&(nid_objs[101]),/* OBJ_initials                     2 5 4 43 */
+661,    /* OBJ_postalCode                   2 5 4 17 */
-&(nid_objs[509]),/* OBJ_generationQualifier          2 5 4 44 */
+862,    /* OBJ_postOfficeBox                2 5 4 18 */
-&(nid_objs[503]),/* OBJ_x500UniqueIdentifier         2 5 4 45 */
+863,    /* OBJ_physicalDeliveryOfficeName   2 5 4 19 */
-&(nid_objs[174]),/* OBJ_dnQualifier                  2 5 4 46 */
+864,    /* OBJ_telephoneNumber              2 5 4 20 */
-&(nid_objs[510]),/* OBJ_pseudonym                    2 5 4 65 */
+865,    /* OBJ_telexNumber                  2 5 4 21 */
-&(nid_objs[400]),/* OBJ_role                         2 5 4 72 */
+866,    /* OBJ_teletexTerminalIdentifier    2 5 4 22 */
-&(nid_objs[769]),/* OBJ_subject_directory_attributes 2 5 29 9 */
+867,    /* OBJ_facsimileTelephoneNumber     2 5 4 23 */
-&(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */
+868,    /* OBJ_x121Address                  2 5 4 24 */
-&(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */
+869,    /* OBJ_internationaliSDNNumber      2 5 4 25 */
-&(nid_objs[84]),/* OBJ_private_key_usage_period     2 5 29 16 */
+870,    /* OBJ_registeredAddress            2 5 4 26 */
-&(nid_objs[85]),/* OBJ_subject_alt_name             2 5 29 17 */
+871,    /* OBJ_destinationIndicator         2 5 4 27 */
-&(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */
+872,    /* OBJ_preferredDeliveryMethod      2 5 4 28 */
-&(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */
+873,    /* OBJ_presentationAddress          2 5 4 29 */
-&(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */
+874,    /* OBJ_supportedApplicationContext  2 5 4 30 */
-&(nid_objs[141]),/* OBJ_crl_reason                   2 5 29 21 */
+875,    /* OBJ_member                       2 5 4 31 */
-&(nid_objs[430]),/* OBJ_hold_instruction_code        2 5 29 23 */
+876,    /* OBJ_owner                        2 5 4 32 */
-&(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */
+877,    /* OBJ_roleOccupant                 2 5 4 33 */
-&(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */
+878,    /* OBJ_seeAlso                      2 5 4 34 */
-&(nid_objs[770]),/* OBJ_issuing_distribution_point   2 5 29 28 */
+879,    /* OBJ_userPassword                 2 5 4 35 */
-&(nid_objs[771]),/* OBJ_certificate_issuer           2 5 29 29 */
+880,    /* OBJ_userCertificate              2 5 4 36 */
-&(nid_objs[666]),/* OBJ_name_constraints             2 5 29 30 */
+881,    /* OBJ_cACertificate                2 5 4 37 */
-&(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
+882,    /* OBJ_authorityRevocationList      2 5 4 38 */
-&(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
+883,    /* OBJ_certificateRevocationList    2 5 4 39 */
-&(nid_objs[747]),/* OBJ_policy_mappings              2 5 29 33 */
+884,    /* OBJ_crossCertificatePair         2 5 4 40 */
-&(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
+173,    /* OBJ_name                         2 5 4 41 */
-&(nid_objs[401]),/* OBJ_policy_constraints           2 5 29 36 */
+99,     /* OBJ_givenName                    2 5 4 42 */
-&(nid_objs[126]),/* OBJ_ext_key_usage                2 5 29 37 */
+101,    /* OBJ_initials                     2 5 4 43 */
-&(nid_objs[857]),/* OBJ_freshest_crl                 2 5 29 46 */
+509,    /* OBJ_generationQualifier          2 5 4 44 */
-&(nid_objs[748]),/* OBJ_inhibit_any_policy           2 5 29 54 */
+503,    /* OBJ_x500UniqueIdentifier         2 5 4 45 */
-&(nid_objs[402]),/* OBJ_target_information           2 5 29 55 */
+174,    /* OBJ_dnQualifier                  2 5 4 46 */
-&(nid_objs[403]),/* OBJ_no_rev_avail                 2 5 29 56 */
+885,    /* OBJ_enhancedSearchGuide          2 5 4 47 */
-&(nid_objs[513]),/* OBJ_set_ctype                    2 23 42 0 */
+886,    /* OBJ_protocolInformation          2 5 4 48 */
-&(nid_objs[514]),/* OBJ_set_msgExt                   2 23 42 1 */
+887,    /* OBJ_distinguishedName            2 5 4 49 */
-&(nid_objs[515]),/* OBJ_set_attr                     2 23 42 3 */
+888,    /* OBJ_uniqueMember                 2 5 4 50 */
-&(nid_objs[516]),/* OBJ_set_policy                   2 23 42 5 */
+889,    /* OBJ_houseIdentifier              2 5 4 51 */
-&(nid_objs[517]),/* OBJ_set_certExt                  2 23 42 7 */
+890,    /* OBJ_supportedAlgorithms          2 5 4 52 */
-&(nid_objs[518]),/* OBJ_set_brand                    2 23 42 8 */
+891,    /* OBJ_deltaRevocationList          2 5 4 53 */
-&(nid_objs[679]),/* OBJ_wap_wsg                      2 23 43 13 */
+892,    /* OBJ_dmdName                      2 5 4 54 */
-&(nid_objs[382]),/* OBJ_Directory                    1 3 6 1 1 */
+510,    /* OBJ_pseudonym                    2 5 4 65 */
-&(nid_objs[383]),/* OBJ_Management                   1 3 6 1 2 */
+400,    /* OBJ_role                         2 5 4 72 */
-&(nid_objs[384]),/* OBJ_Experimental                 1 3 6 1 3 */
+769,    /* OBJ_subject_directory_attributes 2 5 29 9 */
-&(nid_objs[385]),/* OBJ_Private                      1 3 6 1 4 */
+82,     /* OBJ_subject_key_identifier       2 5 29 14 */
-&(nid_objs[386]),/* OBJ_Security                     1 3 6 1 5 */
+83,     /* OBJ_key_usage                    2 5 29 15 */
-&(nid_objs[387]),/* OBJ_SNMPv2                       1 3 6 1 6 */
+84,     /* OBJ_private_key_usage_period     2 5 29 16 */
-&(nid_objs[388]),/* OBJ_Mail                         1 3 6 1 7 */
+85,     /* OBJ_subject_alt_name             2 5 29 17 */
-&(nid_objs[376]),/* OBJ_algorithm                    1 3 14 3 2 */
+86,     /* OBJ_issuer_alt_name              2 5 29 18 */
-&(nid_objs[395]),/* OBJ_clearance                    2 5 1 5 55 */
+87,     /* OBJ_basic_constraints            2 5 29 19 */
-&(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
+88,     /* OBJ_crl_number                   2 5 29 20 */
-&(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
+141,    /* OBJ_crl_reason                   2 5 29 21 */
-&(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
+430,    /* OBJ_hold_instruction_code        2 5 29 23 */
-&(nid_objs[746]),/* OBJ_any_policy                   2 5 29 32 0 */
+142,    /* OBJ_invalidity_date              2 5 29 24 */
-&(nid_objs[519]),/* OBJ_setct_PANData                2 23 42 0 0 */
+140,    /* OBJ_delta_crl                    2 5 29 27 */
-&(nid_objs[520]),/* OBJ_setct_PANToken               2 23 42 0 1 */
+770,    /* OBJ_issuing_distribution_point   2 5 29 28 */
-&(nid_objs[521]),/* OBJ_setct_PANOnly                2 23 42 0 2 */
+771,    /* OBJ_certificate_issuer           2 5 29 29 */
-&(nid_objs[522]),/* OBJ_setct_OIData                 2 23 42 0 3 */
+666,    /* OBJ_name_constraints             2 5 29 30 */
-&(nid_objs[523]),/* OBJ_setct_PI                     2 23 42 0 4 */
+103,    /* OBJ_crl_distribution_points      2 5 29 31 */
-&(nid_objs[524]),/* OBJ_setct_PIData                 2 23 42 0 5 */
+89,     /* OBJ_certificate_policies         2 5 29 32 */
-&(nid_objs[525]),/* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */
+747,    /* OBJ_policy_mappings              2 5 29 33 */
-&(nid_objs[526]),/* OBJ_setct_HODInput               2 23 42 0 7 */
+90,     /* OBJ_authority_key_identifier     2 5 29 35 */
-&(nid_objs[527]),/* OBJ_setct_AuthResBaggage         2 23 42 0 8 */
+401,    /* OBJ_policy_constraints           2 5 29 36 */
-&(nid_objs[528]),/* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */
+126,    /* OBJ_ext_key_usage                2 5 29 37 */
-&(nid_objs[529]),/* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */
+857,    /* OBJ_freshest_crl                 2 5 29 46 */
-&(nid_objs[530]),/* OBJ_setct_CapTokenSeq            2 23 42 0 11 */
+748,    /* OBJ_inhibit_any_policy           2 5 29 54 */
-&(nid_objs[531]),/* OBJ_setct_PInitResData           2 23 42 0 12 */
+402,    /* OBJ_target_information           2 5 29 55 */
-&(nid_objs[532]),/* OBJ_setct_PI_TBS                 2 23 42 0 13 */
+403,    /* OBJ_no_rev_avail                 2 5 29 56 */
-&(nid_objs[533]),/* OBJ_setct_PResData               2 23 42 0 14 */
+513,    /* OBJ_set_ctype                    2 23 42 0 */
-&(nid_objs[534]),/* OBJ_setct_AuthReqTBS             2 23 42 0 16 */
+514,    /* OBJ_set_msgExt                   2 23 42 1 */
-&(nid_objs[535]),/* OBJ_setct_AuthResTBS             2 23 42 0 17 */
+515,    /* OBJ_set_attr                     2 23 42 3 */
-&(nid_objs[536]),/* OBJ_setct_AuthResTBSX            2 23 42 0 18 */
+516,    /* OBJ_set_policy                   2 23 42 5 */
-&(nid_objs[537]),/* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */
+517,    /* OBJ_set_certExt                  2 23 42 7 */
-&(nid_objs[538]),/* OBJ_setct_CapTokenData           2 23 42 0 20 */
+518,    /* OBJ_set_brand                    2 23 42 8 */
-&(nid_objs[539]),/* OBJ_setct_CapTokenTBS            2 23 42 0 21 */
+679,    /* OBJ_wap_wsg                      2 23 43 1 */
-&(nid_objs[540]),/* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */
+382,    /* OBJ_Directory                    1 3 6 1 1 */
-&(nid_objs[541]),/* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */
+383,    /* OBJ_Management                   1 3 6 1 2 */
-&(nid_objs[542]),/* OBJ_setct_AuthRevResData         2 23 42 0 24 */
+384,    /* OBJ_Experimental                 1 3 6 1 3 */
-&(nid_objs[543]),/* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */
+385,    /* OBJ_Private                      1 3 6 1 4 */
-&(nid_objs[544]),/* OBJ_setct_CapReqTBS              2 23 42 0 26 */
+386,    /* OBJ_Security                     1 3 6 1 5 */
-&(nid_objs[545]),/* OBJ_setct_CapReqTBSX             2 23 42 0 27 */
+387,    /* OBJ_SNMPv2                       1 3 6 1 6 */
-&(nid_objs[546]),/* OBJ_setct_CapResData             2 23 42 0 28 */
+388,    /* OBJ_Mail                         1 3 6 1 7 */
-&(nid_objs[547]),/* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */
+376,    /* OBJ_algorithm                    1 3 14 3 2 */
-&(nid_objs[548]),/* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */
+395,    /* OBJ_clearance                    2 5 1 5 55 */
-&(nid_objs[549]),/* OBJ_setct_CapRevResData          2 23 42 0 31 */
+19,     /* OBJ_rsa                          2 5 8 1 1 */
-&(nid_objs[550]),/* OBJ_setct_CredReqTBS             2 23 42 0 32 */
+96,     /* OBJ_mdc2WithRSA                  2 5 8 3 100 */
-&(nid_objs[551]),/* OBJ_setct_CredReqTBSX            2 23 42 0 33 */
+95,     /* OBJ_mdc2                         2 5 8 3 101 */
-&(nid_objs[552]),/* OBJ_setct_CredResData            2 23 42 0 34 */
+746,    /* OBJ_any_policy                   2 5 29 32 0 */
-&(nid_objs[553]),/* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */
+519,    /* OBJ_setct_PANData                2 23 42 0 0 */
-&(nid_objs[554]),/* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */
+520,    /* OBJ_setct_PANToken               2 23 42 0 1 */
-&(nid_objs[555]),/* OBJ_setct_CredRevResData         2 23 42 0 37 */
+521,    /* OBJ_setct_PANOnly                2 23 42 0 2 */
-&(nid_objs[556]),/* OBJ_setct_PCertReqData           2 23 42 0 38 */
+522,    /* OBJ_setct_OIData                 2 23 42 0 3 */
-&(nid_objs[557]),/* OBJ_setct_PCertResTBS            2 23 42 0 39 */
+523,    /* OBJ_setct_PI                     2 23 42 0 4 */
-&(nid_objs[558]),/* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */
+524,    /* OBJ_setct_PIData                 2 23 42 0 5 */
-&(nid_objs[559]),/* OBJ_setct_BatchAdminResData      2 23 42 0 41 */
+525,    /* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */
-&(nid_objs[560]),/* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */
+526,    /* OBJ_setct_HODInput               2 23 42 0 7 */
-&(nid_objs[561]),/* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */
+527,    /* OBJ_setct_AuthResBaggage         2 23 42 0 8 */
-&(nid_objs[562]),/* OBJ_setct_RegFormResTBS          2 23 42 0 44 */
+528,    /* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */
-&(nid_objs[563]),/* OBJ_setct_CertReqData            2 23 42 0 45 */
+529,    /* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */
-&(nid_objs[564]),/* OBJ_setct_CertReqTBS             2 23 42 0 46 */
+530,    /* OBJ_setct_CapTokenSeq            2 23 42 0 11 */
-&(nid_objs[565]),/* OBJ_setct_CertResData            2 23 42 0 47 */
+531,    /* OBJ_setct_PInitResData           2 23 42 0 12 */
-&(nid_objs[566]),/* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */
+532,    /* OBJ_setct_PI_TBS                 2 23 42 0 13 */
-&(nid_objs[567]),/* OBJ_setct_ErrorTBS               2 23 42 0 49 */
+533,    /* OBJ_setct_PResData               2 23 42 0 14 */
-&(nid_objs[568]),/* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */
+534,    /* OBJ_setct_AuthReqTBS             2 23 42 0 16 */
-&(nid_objs[569]),/* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */
+535,    /* OBJ_setct_AuthResTBS             2 23 42 0 17 */
-&(nid_objs[570]),/* OBJ_setct_AuthReqTBE             2 23 42 0 52 */
+536,    /* OBJ_setct_AuthResTBSX            2 23 42 0 18 */
-&(nid_objs[571]),/* OBJ_setct_AuthResTBE             2 23 42 0 53 */
+537,    /* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */
-&(nid_objs[572]),/* OBJ_setct_AuthResTBEX            2 23 42 0 54 */
+538,    /* OBJ_setct_CapTokenData           2 23 42 0 20 */
-&(nid_objs[573]),/* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */
+539,    /* OBJ_setct_CapTokenTBS            2 23 42 0 21 */
-&(nid_objs[574]),/* OBJ_setct_CapTokenTBE            2 23 42 0 56 */
+540,    /* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */
-&(nid_objs[575]),/* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */
+541,    /* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */
-&(nid_objs[576]),/* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */
+542,    /* OBJ_setct_AuthRevResData         2 23 42 0 24 */
-&(nid_objs[577]),/* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */
+543,    /* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */
-&(nid_objs[578]),/* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */
+544,    /* OBJ_setct_CapReqTBS              2 23 42 0 26 */
-&(nid_objs[579]),/* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */
+545,    /* OBJ_setct_CapReqTBSX             2 23 42 0 27 */
-&(nid_objs[580]),/* OBJ_setct_CapReqTBE              2 23 42 0 62 */
+546,    /* OBJ_setct_CapResData             2 23 42 0 28 */
-&(nid_objs[581]),/* OBJ_setct_CapReqTBEX             2 23 42 0 63 */
+547,    /* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */
-&(nid_objs[582]),/* OBJ_setct_CapResTBE              2 23 42 0 64 */
+548,    /* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */
-&(nid_objs[583]),/* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */
+549,    /* OBJ_setct_CapRevResData          2 23 42 0 31 */
-&(nid_objs[584]),/* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */
+550,    /* OBJ_setct_CredReqTBS             2 23 42 0 32 */
-&(nid_objs[585]),/* OBJ_setct_CapRevResTBE           2 23 42 0 67 */
+551,    /* OBJ_setct_CredReqTBSX            2 23 42 0 33 */
-&(nid_objs[586]),/* OBJ_setct_CredReqTBE             2 23 42 0 68 */
+552,    /* OBJ_setct_CredResData            2 23 42 0 34 */
-&(nid_objs[587]),/* OBJ_setct_CredReqTBEX            2 23 42 0 69 */
+553,    /* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */
-&(nid_objs[588]),/* OBJ_setct_CredResTBE             2 23 42 0 70 */
+554,    /* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */
-&(nid_objs[589]),/* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */
+555,    /* OBJ_setct_CredRevResData         2 23 42 0 37 */
-&(nid_objs[590]),/* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */
+556,    /* OBJ_setct_PCertReqData           2 23 42 0 38 */
-&(nid_objs[591]),/* OBJ_setct_CredRevResTBE          2 23 42 0 73 */
+557,    /* OBJ_setct_PCertResTBS            2 23 42 0 39 */
-&(nid_objs[592]),/* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */
+558,    /* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */
-&(nid_objs[593]),/* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */
+559,    /* OBJ_setct_BatchAdminResData      2 23 42 0 41 */
-&(nid_objs[594]),/* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */
+560,    /* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */
-&(nid_objs[595]),/* OBJ_setct_CertReqTBE             2 23 42 0 77 */
+561,    /* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */
-&(nid_objs[596]),/* OBJ_setct_CertReqTBEX            2 23 42 0 78 */
+562,    /* OBJ_setct_RegFormResTBS          2 23 42 0 44 */
-&(nid_objs[597]),/* OBJ_setct_CertResTBE             2 23 42 0 79 */
+563,    /* OBJ_setct_CertReqData            2 23 42 0 45 */
-&(nid_objs[598]),/* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */
+564,    /* OBJ_setct_CertReqTBS             2 23 42 0 46 */
-&(nid_objs[599]),/* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */
+565,    /* OBJ_setct_CertResData            2 23 42 0 47 */
-&(nid_objs[600]),/* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */
+566,    /* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */
-&(nid_objs[601]),/* OBJ_setext_genCrypt              2 23 42 1 1 */
+567,    /* OBJ_setct_ErrorTBS               2 23 42 0 49 */
-&(nid_objs[602]),/* OBJ_setext_miAuth                2 23 42 1 3 */
+568,    /* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */
-&(nid_objs[603]),/* OBJ_setext_pinSecure             2 23 42 1 4 */
+569,    /* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */
-&(nid_objs[604]),/* OBJ_setext_pinAny                2 23 42 1 5 */
+570,    /* OBJ_setct_AuthReqTBE             2 23 42 0 52 */
-&(nid_objs[605]),/* OBJ_setext_track2                2 23 42 1 7 */
+571,    /* OBJ_setct_AuthResTBE             2 23 42 0 53 */
-&(nid_objs[606]),/* OBJ_setext_cv                    2 23 42 1 8 */
+572,    /* OBJ_setct_AuthResTBEX            2 23 42 0 54 */
-&(nid_objs[620]),/* OBJ_setAttr_Cert                 2 23 42 3 0 */
+573,    /* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */
-&(nid_objs[621]),/* OBJ_setAttr_PGWYcap              2 23 42 3 1 */
+574,    /* OBJ_setct_CapTokenTBE            2 23 42 0 56 */
-&(nid_objs[622]),/* OBJ_setAttr_TokenType            2 23 42 3 2 */
+575,    /* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */
-&(nid_objs[623]),/* OBJ_setAttr_IssCap               2 23 42 3 3 */
+576,    /* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */
-&(nid_objs[607]),/* OBJ_set_policy_root              2 23 42 5 0 */
+577,    /* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */
-&(nid_objs[608]),/* OBJ_setCext_hashedRoot           2 23 42 7 0 */
+578,    /* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */
-&(nid_objs[609]),/* OBJ_setCext_certType             2 23 42 7 1 */
+579,    /* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */
-&(nid_objs[610]),/* OBJ_setCext_merchData            2 23 42 7 2 */
+580,    /* OBJ_setct_CapReqTBE              2 23 42 0 62 */
-&(nid_objs[611]),/* OBJ_setCext_cCertRequired        2 23 42 7 3 */
+581,    /* OBJ_setct_CapReqTBEX             2 23 42 0 63 */
-&(nid_objs[612]),/* OBJ_setCext_tunneling            2 23 42 7 4 */
+582,    /* OBJ_setct_CapResTBE              2 23 42 0 64 */
-&(nid_objs[613]),/* OBJ_setCext_setExt               2 23 42 7 5 */
+583,    /* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */
-&(nid_objs[614]),/* OBJ_setCext_setQualf             2 23 42 7 6 */
+584,    /* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */
-&(nid_objs[615]),/* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */
+585,    /* OBJ_setct_CapRevResTBE           2 23 42 0 67 */
-&(nid_objs[616]),/* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */
+586,    /* OBJ_setct_CredReqTBE             2 23 42 0 68 */
-&(nid_objs[617]),/* OBJ_setCext_Track2Data           2 23 42 7 9 */
+587,    /* OBJ_setct_CredReqTBEX            2 23 42 0 69 */
-&(nid_objs[618]),/* OBJ_setCext_TokenType            2 23 42 7 10 */
+588,    /* OBJ_setct_CredResTBE             2 23 42 0 70 */
-&(nid_objs[619]),/* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */
+589,    /* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */
-&(nid_objs[636]),/* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */
+590,    /* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */
-&(nid_objs[640]),/* OBJ_set_brand_Visa               2 23 42 8 4 */
+591,    /* OBJ_setct_CredRevResTBE          2 23 42 0 73 */
-&(nid_objs[641]),/* OBJ_set_brand_MasterCard         2 23 42 8 5 */
+592,    /* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */
-&(nid_objs[637]),/* OBJ_set_brand_Diners             2 23 42 8 30 */
+593,    /* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */
-&(nid_objs[638]),/* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
+594,    /* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */
-&(nid_objs[639]),/* OBJ_set_brand_JCB                2 23 42 8 35 */
+595,    /* OBJ_setct_CertReqTBE             2 23 42 0 77 */
-&(nid_objs[805]),/* OBJ_cryptopro                    1 2 643 2 2 */
+596,    /* OBJ_setct_CertReqTBEX            2 23 42 0 78 */
-&(nid_objs[806]),/* OBJ_cryptocom                    1 2 643 2 9 */
+597,    /* OBJ_setct_CertResTBE             2 23 42 0 79 */
-&(nid_objs[184]),/* OBJ_X9_57                        1 2 840 10040 */
+598,    /* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */
-&(nid_objs[405]),/* OBJ_ansi_X9_62                   1 2 840 10045 */
+599,    /* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */
-&(nid_objs[389]),/* OBJ_Enterprises                  1 3 6 1 4 1 */
+600,    /* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */
-&(nid_objs[504]),/* OBJ_mime_mhs                     1 3 6 1 7 1 */
+601,    /* OBJ_setext_genCrypt              2 23 42 1 1 */
-&(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
+602,    /* OBJ_setext_miAuth                2 23 42 1 3 */
-&(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
+603,    /* OBJ_setext_pinSecure             2 23 42 1 4 */
-&(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
+604,    /* OBJ_setext_pinAny                2 23 42 1 5 */
-&(nid_objs[45]),/* OBJ_des_ofb64                    1 3 14 3 2 8 */
+605,    /* OBJ_setext_track2                2 23 42 1 7 */
-&(nid_objs[30]),/* OBJ_des_cfb64                    1 3 14 3 2 9 */
+606,    /* OBJ_setext_cv                    2 23 42 1 8 */
-&(nid_objs[377]),/* OBJ_rsaSignature                 1 3 14 3 2 11 */
+620,    /* OBJ_setAttr_Cert                 2 23 42 3 0 */
-&(nid_objs[67]),/* OBJ_dsa_2                        1 3 14 3 2 12 */
+621,    /* OBJ_setAttr_PGWYcap              2 23 42 3 1 */
-&(nid_objs[66]),/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
+622,    /* OBJ_setAttr_TokenType            2 23 42 3 2 */
-&(nid_objs[42]),/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
+623,    /* OBJ_setAttr_IssCap               2 23 42 3 3 */
-&(nid_objs[32]),/* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
+607,    /* OBJ_set_policy_root              2 23 42 5 0 */
-&(nid_objs[41]),/* OBJ_sha                          1 3 14 3 2 18 */
+608,    /* OBJ_setCext_hashedRoot           2 23 42 7 0 */
-&(nid_objs[64]),/* OBJ_sha1                         1 3 14 3 2 26 */
+609,    /* OBJ_setCext_certType             2 23 42 7 1 */
-&(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
+610,    /* OBJ_setCext_merchData            2 23 42 7 2 */
-&(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
+611,    /* OBJ_setCext_cCertRequired        2 23 42 7 3 */
-&(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */
+612,    /* OBJ_setCext_tunneling            2 23 42 7 4 */
-&(nid_objs[143]),/* OBJ_sxnet                        1 3 101 1 4 1 */
+613,    /* OBJ_setCext_setExt               2 23 42 7 5 */
-&(nid_objs[721]),/* OBJ_sect163k1                    1 3 132 0 1 */
+614,    /* OBJ_setCext_setQualf             2 23 42 7 6 */
-&(nid_objs[722]),/* OBJ_sect163r1                    1 3 132 0 2 */
+615,    /* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */
-&(nid_objs[728]),/* OBJ_sect239k1                    1 3 132 0 3 */
+616,    /* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */
-&(nid_objs[717]),/* OBJ_sect113r1                    1 3 132 0 4 */
+617,    /* OBJ_setCext_Track2Data           2 23 42 7 9 */
-&(nid_objs[718]),/* OBJ_sect113r2                    1 3 132 0 5 */
+618,    /* OBJ_setCext_TokenType            2 23 42 7 10 */
-&(nid_objs[704]),/* OBJ_secp112r1                    1 3 132 0 6 */
+619,    /* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */
-&(nid_objs[705]),/* OBJ_secp112r2                    1 3 132 0 7 */
+636,    /* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */
-&(nid_objs[709]),/* OBJ_secp160r1                    1 3 132 0 8 */
+640,    /* OBJ_set_brand_Visa               2 23 42 8 4 */
-&(nid_objs[708]),/* OBJ_secp160k1                    1 3 132 0 9 */
+641,    /* OBJ_set_brand_MasterCard         2 23 42 8 5 */
-&(nid_objs[714]),/* OBJ_secp256k1                    1 3 132 0 10 */
+637,    /* OBJ_set_brand_Diners             2 23 42 8 30 */
-&(nid_objs[723]),/* OBJ_sect163r2                    1 3 132 0 15 */
+638,    /* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
-&(nid_objs[729]),/* OBJ_sect283k1                    1 3 132 0 16 */
+639,    /* OBJ_set_brand_JCB                2 23 42 8 35 */
-&(nid_objs[730]),/* OBJ_sect283r1                    1 3 132 0 17 */
+805,    /* OBJ_cryptopro                    1 2 643 2 2 */
-&(nid_objs[719]),/* OBJ_sect131r1                    1 3 132 0 22 */
+806,    /* OBJ_cryptocom                    1 2 643 2 9 */
-&(nid_objs[720]),/* OBJ_sect131r2                    1 3 132 0 23 */
+184,    /* OBJ_X9_57                        1 2 840 10040 */
-&(nid_objs[724]),/* OBJ_sect193r1                    1 3 132 0 24 */
+405,    /* OBJ_ansi_X9_62                   1 2 840 10045 */
-&(nid_objs[725]),/* OBJ_sect193r2                    1 3 132 0 25 */
+389,    /* OBJ_Enterprises                  1 3 6 1 4 1 */
-&(nid_objs[726]),/* OBJ_sect233k1                    1 3 132 0 26 */
+504,    /* OBJ_mime_mhs                     1 3 6 1 7 1 */
-&(nid_objs[727]),/* OBJ_sect233r1                    1 3 132 0 27 */
+104,    /* OBJ_md5WithRSA                   1 3 14 3 2 3 */
-&(nid_objs[706]),/* OBJ_secp128r1                    1 3 132 0 28 */
+29,     /* OBJ_des_ecb                      1 3 14 3 2 6 */
-&(nid_objs[707]),/* OBJ_secp128r2                    1 3 132 0 29 */
+31,     /* OBJ_des_cbc                      1 3 14 3 2 7 */
-&(nid_objs[710]),/* OBJ_secp160r2                    1 3 132 0 30 */
+45,     /* OBJ_des_ofb64                    1 3 14 3 2 8 */
-&(nid_objs[711]),/* OBJ_secp192k1                    1 3 132 0 31 */
+30,     /* OBJ_des_cfb64                    1 3 14 3 2 9 */
-&(nid_objs[712]),/* OBJ_secp224k1                    1 3 132 0 32 */
+377,    /* OBJ_rsaSignature                 1 3 14 3 2 11 */
-&(nid_objs[713]),/* OBJ_secp224r1                    1 3 132 0 33 */
+67,     /* OBJ_dsa_2                        1 3 14 3 2 12 */
-&(nid_objs[715]),/* OBJ_secp384r1                    1 3 132 0 34 */
+66,     /* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
-&(nid_objs[716]),/* OBJ_secp521r1                    1 3 132 0 35 */
+42,     /* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
-&(nid_objs[731]),/* OBJ_sect409k1                    1 3 132 0 36 */
+32,     /* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
-&(nid_objs[732]),/* OBJ_sect409r1                    1 3 132 0 37 */
+41,     /* OBJ_sha                          1 3 14 3 2 18 */
-&(nid_objs[733]),/* OBJ_sect571k1                    1 3 132 0 38 */
+64,     /* OBJ_sha1                         1 3 14 3 2 26 */
-&(nid_objs[734]),/* OBJ_sect571r1                    1 3 132 0 39 */
+70,     /* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
-&(nid_objs[624]),/* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */
+115,    /* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
-&(nid_objs[625]),/* OBJ_set_addPolicy                2 23 42 3 0 1 */
+117,    /* OBJ_ripemd160                    1 3 36 3 2 1 */
-&(nid_objs[626]),/* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */
+143,    /* OBJ_sxnet                        1 3 101 1 4 1 */
-&(nid_objs[627]),/* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */
+721,    /* OBJ_sect163k1                    1 3 132 0 1 */
-&(nid_objs[628]),/* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */
+722,    /* OBJ_sect163r1                    1 3 132 0 2 */
-&(nid_objs[629]),/* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */
+728,    /* OBJ_sect239k1                    1 3 132 0 3 */
-&(nid_objs[630]),/* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */
+717,    /* OBJ_sect113r1                    1 3 132 0 4 */
-&(nid_objs[642]),/* OBJ_set_brand_Novus              2 23 42 8 6011 */
+718,    /* OBJ_sect113r2                    1 3 132 0 5 */
-&(nid_objs[735]),/* OBJ_wap_wsg_idm_ecid_wtls1       2 23 43 13 4 1 */
+704,    /* OBJ_secp112r1                    1 3 132 0 6 */
-&(nid_objs[736]),/* OBJ_wap_wsg_idm_ecid_wtls3       2 23 43 13 4 3 */
+705,    /* OBJ_secp112r2                    1 3 132 0 7 */
-&(nid_objs[737]),/* OBJ_wap_wsg_idm_ecid_wtls4       2 23 43 13 4 4 */
+709,    /* OBJ_secp160r1                    1 3 132 0 8 */
-&(nid_objs[738]),/* OBJ_wap_wsg_idm_ecid_wtls5       2 23 43 13 4 5 */
+708,    /* OBJ_secp160k1                    1 3 132 0 9 */
-&(nid_objs[739]),/* OBJ_wap_wsg_idm_ecid_wtls6       2 23 43 13 4 6 */
+714,    /* OBJ_secp256k1                    1 3 132 0 10 */
-&(nid_objs[740]),/* OBJ_wap_wsg_idm_ecid_wtls7       2 23 43 13 4 7 */
+723,    /* OBJ_sect163r2                    1 3 132 0 15 */
-&(nid_objs[741]),/* OBJ_wap_wsg_idm_ecid_wtls8       2 23 43 13 4 8 */
+729,    /* OBJ_sect283k1                    1 3 132 0 16 */
-&(nid_objs[742]),/* OBJ_wap_wsg_idm_ecid_wtls9       2 23 43 13 4 9 */
+730,    /* OBJ_sect283r1                    1 3 132 0 17 */
-&(nid_objs[743]),/* OBJ_wap_wsg_idm_ecid_wtls10      2 23 43 13 4 10 */
+719,    /* OBJ_sect131r1                    1 3 132 0 22 */
-&(nid_objs[744]),/* OBJ_wap_wsg_idm_ecid_wtls11      2 23 43 13 4 11 */
+720,    /* OBJ_sect131r2                    1 3 132 0 23 */
-&(nid_objs[745]),/* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 13 4 12 */
+724,    /* OBJ_sect193r1                    1 3 132 0 24 */
-&(nid_objs[804]),/* OBJ_whirlpool                    1 0 10118 3 0 55 */
+725,    /* OBJ_sect193r2                    1 3 132 0 25 */
-&(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666 1 */
+726,    /* OBJ_sect233k1                    1 3 132 0 26 */
-&(nid_objs[773]),/* OBJ_kisa                         1 2 410 200004 */
+727,    /* OBJ_sect233r1                    1 3 132 0 27 */
-&(nid_objs[807]),/* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
+706,    /* OBJ_secp128r1                    1 3 132 0 28 */
-&(nid_objs[808]),/* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
+707,    /* OBJ_secp128r2                    1 3 132 0 29 */
-&(nid_objs[809]),/* OBJ_id_GostR3411_94              1 2 643 2 2 9 */
+710,    /* OBJ_secp160r2                    1 3 132 0 30 */
-&(nid_objs[810]),/* OBJ_id_HMACGostR3411_94          1 2 643 2 2 10 */
+711,    /* OBJ_secp192k1                    1 3 132 0 31 */
-&(nid_objs[811]),/* OBJ_id_GostR3410_2001            1 2 643 2 2 19 */
+712,    /* OBJ_secp224k1                    1 3 132 0 32 */
-&(nid_objs[812]),/* OBJ_id_GostR3410_94              1 2 643 2 2 20 */
+713,    /* OBJ_secp224r1                    1 3 132 0 33 */
-&(nid_objs[813]),/* OBJ_id_Gost28147_89              1 2 643 2 2 21 */
+715,    /* OBJ_secp384r1                    1 3 132 0 34 */
-&(nid_objs[815]),/* OBJ_id_Gost28147_89_MAC          1 2 643 2 2 22 */
+716,    /* OBJ_secp521r1                    1 3 132 0 35 */
-&(nid_objs[816]),/* OBJ_id_GostR3411_94_prf          1 2 643 2 2 23 */
+731,    /* OBJ_sect409k1                    1 3 132 0 36 */
-&(nid_objs[817]),/* OBJ_id_GostR3410_2001DH          1 2 643 2 2 98 */
+732,    /* OBJ_sect409r1                    1 3 132 0 37 */
-&(nid_objs[818]),/* OBJ_id_GostR3410_94DH            1 2 643 2 2 99 */
+733,    /* OBJ_sect571k1                    1 3 132 0 38 */
-&(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
+734,    /* OBJ_sect571r1                    1 3 132 0 39 */
-&(nid_objs[185]),/* OBJ_X9cm                         1 2 840 10040 4 */
+624,    /* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */
-&(nid_objs[127]),/* OBJ_id_pkix                      1 3 6 1 5 5 7 */
+625,    /* OBJ_set_addPolicy                2 23 42 3 0 1 */
-&(nid_objs[505]),/* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
+626,    /* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */
-&(nid_objs[506]),/* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
+627,    /* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */
-&(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
+628,    /* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */
-&(nid_objs[631]),/* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */
+629,    /* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */
-&(nid_objs[632]),/* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */
+630,    /* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */
-&(nid_objs[633]),/* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */
+642,    /* OBJ_set_brand_Novus              2 23 42 8 6011 */
-&(nid_objs[634]),/* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
+735,    /* OBJ_wap_wsg_idm_ecid_wtls1       2 23 43 1 4 1 */
-&(nid_objs[635]),/* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
+736,    /* OBJ_wap_wsg_idm_ecid_wtls3       2 23 43 1 4 3 */
-&(nid_objs[436]),/* OBJ_ucl                          0 9 2342 19200300 */
+737,    /* OBJ_wap_wsg_idm_ecid_wtls4       2 23 43 1 4 4 */
-&(nid_objs[820]),/* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */
+738,    /* OBJ_wap_wsg_idm_ecid_wtls5       2 23 43 1 4 5 */
-&(nid_objs[819]),/* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */
+739,    /* OBJ_wap_wsg_idm_ecid_wtls6       2 23 43 1 4 6 */
-&(nid_objs[845]),/* OBJ_id_GostR3410_94_a            1 2 643 2 2 20 1 */
+740,    /* OBJ_wap_wsg_idm_ecid_wtls7       2 23 43 1 4 7 */
-&(nid_objs[846]),/* OBJ_id_GostR3410_94_aBis         1 2 643 2 2 20 2 */
+741,    /* OBJ_wap_wsg_idm_ecid_wtls8       2 23 43 1 4 8 */
-&(nid_objs[847]),/* OBJ_id_GostR3410_94_b            1 2 643 2 2 20 3 */
+742,    /* OBJ_wap_wsg_idm_ecid_wtls9       2 23 43 1 4 9 */
-&(nid_objs[848]),/* OBJ_id_GostR3410_94_bBis         1 2 643 2 2 20 4 */
+743,    /* OBJ_wap_wsg_idm_ecid_wtls10      2 23 43 1 4 10 */
-&(nid_objs[821]),/* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */
+744,    /* OBJ_wap_wsg_idm_ecid_wtls11      2 23 43 1 4 11 */
-&(nid_objs[822]),/* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */
+745,    /* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 1 4 12 */
-&(nid_objs[823]),/* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */
+804,    /* OBJ_whirlpool                    1 0 10118 3 0 55 */
-&(nid_objs[824]),/* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */
+124,    /* OBJ_rle_compression              1 1 1 1 666 1 */
-&(nid_objs[825]),/* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */
+773,    /* OBJ_kisa                         1 2 410 200004 */
-&(nid_objs[826]),/* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */
+807,    /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
-&(nid_objs[827]),/* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */
+808,    /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
-&(nid_objs[828]),/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */
+809,    /* OBJ_id_GostR3411_94              1 2 643 2 2 9 */
-&(nid_objs[829]),/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */
+810,    /* OBJ_id_HMACGostR3411_94          1 2 643 2 2 10 */
-&(nid_objs[830]),/* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */
+811,    /* OBJ_id_GostR3410_2001            1 2 643 2 2 19 */
-&(nid_objs[831]),/* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */
+812,    /* OBJ_id_GostR3410_94              1 2 643 2 2 20 */
-&(nid_objs[832]),/* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */
+813,    /* OBJ_id_Gost28147_89              1 2 643 2 2 21 */
-&(nid_objs[833]),/* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */
+815,    /* OBJ_id_Gost28147_89_MAC          1 2 643 2 2 22 */
-&(nid_objs[834]),/* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */
+816,    /* OBJ_id_GostR3411_94_prf          1 2 643 2 2 23 */
-&(nid_objs[835]),/* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */
+817,    /* OBJ_id_GostR3410_2001DH          1 2 643 2 2 98 */
-&(nid_objs[836]),/* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */
+818,    /* OBJ_id_GostR3410_94DH            1 2 643 2 2 99 */
-&(nid_objs[837]),/* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */
+ 1,     /* OBJ_rsadsi                       1 2 840 113549 */
-&(nid_objs[838]),/* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */
+185,    /* OBJ_X9cm                         1 2 840 10040 4 */
-&(nid_objs[839]),/* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */
+127,    /* OBJ_id_pkix                      1 3 6 1 5 5 7 */
-&(nid_objs[840]),/* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */
+505,    /* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
-&(nid_objs[841]),/* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */
+506,    /* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
-&(nid_objs[842]),/* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */
+119,    /* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
-&(nid_objs[843]),/* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */
+631,    /* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */
-&(nid_objs[844]),/* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */
+632,    /* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */
-&(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */
+633,    /* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */
-&(nid_objs[431]),/* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
+634,    /* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
-&(nid_objs[432]),/* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
+635,    /* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
-&(nid_objs[433]),/* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */
+436,    /* OBJ_ucl                          0 9 2342 19200300 */
-&(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */
+820,    /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */
-&(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
+819,    /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */
-&(nid_objs[406]),/* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */
+845,    /* OBJ_id_GostR3410_94_a            1 2 643 2 2 20 1 */
-&(nid_objs[407]),/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
+846,    /* OBJ_id_GostR3410_94_aBis         1 2 643 2 2 20 2 */
-&(nid_objs[408]),/* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
+847,    /* OBJ_id_GostR3410_94_b            1 2 643 2 2 20 3 */
-&(nid_objs[416]),/* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
+848,    /* OBJ_id_GostR3410_94_bBis         1 2 643 2 2 20 4 */
-&(nid_objs[791]),/* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
+821,    /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */
-&(nid_objs[792]),/* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
+822,    /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */
-&(nid_objs[258]),/* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
+823,    /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */
-&(nid_objs[175]),/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
+824,    /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */
-&(nid_objs[259]),/* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
+825,    /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */
-&(nid_objs[128]),/* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
+826,    /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */
-&(nid_objs[260]),/* OBJ_id_it                        1 3 6 1 5 5 7 4 */
+827,    /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */
-&(nid_objs[261]),/* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */
+828,    /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */
-&(nid_objs[262]),/* OBJ_id_alg                       1 3 6 1 5 5 7 6 */
+829,    /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */
-&(nid_objs[263]),/* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */
+830,    /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */
-&(nid_objs[264]),/* OBJ_id_on                        1 3 6 1 5 5 7 8 */
+831,    /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */
-&(nid_objs[265]),/* OBJ_id_pda                       1 3 6 1 5 5 7 9 */
+832,    /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */
-&(nid_objs[266]),/* OBJ_id_aca                       1 3 6 1 5 5 7 10 */
+833,    /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */
-&(nid_objs[267]),/* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
+834,    /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */
-&(nid_objs[268]),/* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
+835,    /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */
-&(nid_objs[662]),/* OBJ_id_ppl                       1 3 6 1 5 5 7 21 */
+836,    /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */
-&(nid_objs[176]),/* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
+837,    /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */
-&(nid_objs[507]),/* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
+838,    /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */
-&(nid_objs[508]),/* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
+839,    /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */
-&(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */
+840,    /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */
-&(nid_objs[754]),/* OBJ_camellia_128_ecb             0 3 4401 5 3 1 9 1 */
+841,    /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */
-&(nid_objs[766]),/* OBJ_camellia_128_ofb128          0 3 4401 5 3 1 9 3 */
+842,    /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */
-&(nid_objs[757]),/* OBJ_camellia_128_cfb128          0 3 4401 5 3 1 9 4 */
+843,    /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */
-&(nid_objs[755]),/* OBJ_camellia_192_ecb             0 3 4401 5 3 1 9 21 */
+844,    /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */
-&(nid_objs[767]),/* OBJ_camellia_192_ofb128          0 3 4401 5 3 1 9 23 */
+ 2,     /* OBJ_pkcs                         1 2 840 113549 1 */
-&(nid_objs[758]),/* OBJ_camellia_192_cfb128          0 3 4401 5 3 1 9 24 */
+431,    /* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
-&(nid_objs[756]),/* OBJ_camellia_256_ecb             0 3 4401 5 3 1 9 41 */
+432,    /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
-&(nid_objs[768]),/* OBJ_camellia_256_ofb128          0 3 4401 5 3 1 9 43 */
+433,    /* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */
-&(nid_objs[759]),/* OBJ_camellia_256_cfb128          0 3 4401 5 3 1 9 44 */
+116,    /* OBJ_dsa                          1 2 840 10040 4 1 */
-&(nid_objs[437]),/* OBJ_pilot                        0 9 2342 19200300 100 */
+113,    /* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
-&(nid_objs[776]),/* OBJ_seed_ecb                     1 2 410 200004 1 3 */
+406,    /* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */
-&(nid_objs[777]),/* OBJ_seed_cbc                     1 2 410 200004 1 4 */
+407,    /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
-&(nid_objs[779]),/* OBJ_seed_cfb128                  1 2 410 200004 1 5 */
+408,    /* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
-&(nid_objs[778]),/* OBJ_seed_ofb128                  1 2 410 200004 1 6 */
+416,    /* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
-&(nid_objs[852]),/* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */
+791,    /* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
-&(nid_objs[853]),/* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */
+792,    /* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
-&(nid_objs[850]),/* OBJ_id_GostR3410_94_cc           1 2 643 2 9 1 5 3 */
+258,    /* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
-&(nid_objs[851]),/* OBJ_id_GostR3410_2001_cc         1 2 643 2 9 1 5 4 */
+175,    /* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
-&(nid_objs[849]),/* OBJ_id_Gost28147_89_cc           1 2 643 2 9 1 6 1 */
+259,    /* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
-&(nid_objs[854]),/* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */
+128,    /* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
-&(nid_objs[186]),/* OBJ_pkcs1                        1 2 840 113549 1 1 */
+260,    /* OBJ_id_it                        1 3 6 1 5 5 7 4 */
-&(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */
+261,    /* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */
-&(nid_objs[187]),/* OBJ_pkcs5                        1 2 840 113549 1 5 */
+262,    /* OBJ_id_alg                       1 3 6 1 5 5 7 6 */
-&(nid_objs[20]),/* OBJ_pkcs7                        1 2 840 113549 1 7 */
+263,    /* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */
-&(nid_objs[47]),/* OBJ_pkcs9                        1 2 840 113549 1 9 */
+264,    /* OBJ_id_on                        1 3 6 1 5 5 7 8 */
-&(nid_objs[ 3]),/* OBJ_md2                          1 2 840 113549 2 2 */
+265,    /* OBJ_id_pda                       1 3 6 1 5 5 7 9 */
-&(nid_objs[257]),/* OBJ_md4                          1 2 840 113549 2 4 */
+266,    /* OBJ_id_aca                       1 3 6 1 5 5 7 10 */
-&(nid_objs[ 4]),/* OBJ_md5                          1 2 840 113549 2 5 */
+267,    /* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
-&(nid_objs[797]),/* OBJ_hmacWithMD5                  1 2 840 113549 2 6 */
+268,    /* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
-&(nid_objs[163]),/* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
+662,    /* OBJ_id_ppl                       1 3 6 1 5 5 7 21 */
-&(nid_objs[798]),/* OBJ_hmacWithSHA224               1 2 840 113549 2 8 */
+176,    /* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
-&(nid_objs[799]),/* OBJ_hmacWithSHA256               1 2 840 113549 2 9 */
+507,    /* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
-&(nid_objs[800]),/* OBJ_hmacWithSHA384               1 2 840 113549 2 10 */
+508,    /* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
-&(nid_objs[801]),/* OBJ_hmacWithSHA512               1 2 840 113549 2 11 */
+57,     /* OBJ_netscape                     2 16 840 1 113730 */
-&(nid_objs[37]),/* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
+754,    /* OBJ_camellia_128_ecb             0 3 4401 5 3 1 9 1 */
-&(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
+766,    /* OBJ_camellia_128_ofb128          0 3 4401 5 3 1 9 3 */
-&(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
+757,    /* OBJ_camellia_128_cfb128          0 3 4401 5 3 1 9 4 */
-&(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
+755,    /* OBJ_camellia_192_ecb             0 3 4401 5 3 1 9 21 */
-&(nid_objs[643]),/* OBJ_des_cdmf                     1 2 840 113549 3 10 */
+767,    /* OBJ_camellia_192_ofb128          0 3 4401 5 3 1 9 23 */
-&(nid_objs[680]),/* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */
+758,    /* OBJ_camellia_192_cfb128          0 3 4401 5 3 1 9 24 */
-&(nid_objs[684]),/* OBJ_X9_62_c2pnb163v1             1 2 840 10045 3 0 1 */
+756,    /* OBJ_camellia_256_ecb             0 3 4401 5 3 1 9 41 */
-&(nid_objs[685]),/* OBJ_X9_62_c2pnb163v2             1 2 840 10045 3 0 2 */
+768,    /* OBJ_camellia_256_ofb128          0 3 4401 5 3 1 9 43 */
-&(nid_objs[686]),/* OBJ_X9_62_c2pnb163v3             1 2 840 10045 3 0 3 */
+759,    /* OBJ_camellia_256_cfb128          0 3 4401 5 3 1 9 44 */
-&(nid_objs[687]),/* OBJ_X9_62_c2pnb176v1             1 2 840 10045 3 0 4 */
+437,    /* OBJ_pilot                        0 9 2342 19200300 100 */
-&(nid_objs[688]),/* OBJ_X9_62_c2tnb191v1             1 2 840 10045 3 0 5 */
+776,    /* OBJ_seed_ecb                     1 2 410 200004 1 3 */
-&(nid_objs[689]),/* OBJ_X9_62_c2tnb191v2             1 2 840 10045 3 0 6 */
+777,    /* OBJ_seed_cbc                     1 2 410 200004 1 4 */
-&(nid_objs[690]),/* OBJ_X9_62_c2tnb191v3             1 2 840 10045 3 0 7 */
+779,    /* OBJ_seed_cfb128                  1 2 410 200004 1 5 */
-&(nid_objs[691]),/* OBJ_X9_62_c2onb191v4             1 2 840 10045 3 0 8 */
+778,    /* OBJ_seed_ofb128                  1 2 410 200004 1 6 */
-&(nid_objs[692]),/* OBJ_X9_62_c2onb191v5             1 2 840 10045 3 0 9 */
+852,    /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */
-&(nid_objs[693]),/* OBJ_X9_62_c2pnb208w1             1 2 840 10045 3 0 10 */
+853,    /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */
-&(nid_objs[694]),/* OBJ_X9_62_c2tnb239v1             1 2 840 10045 3 0 11 */
+850,    /* OBJ_id_GostR3410_94_cc           1 2 643 2 9 1 5 3 */
-&(nid_objs[695]),/* OBJ_X9_62_c2tnb239v2             1 2 840 10045 3 0 12 */
+851,    /* OBJ_id_GostR3410_2001_cc         1 2 643 2 9 1 5 4 */
-&(nid_objs[696]),/* OBJ_X9_62_c2tnb239v3             1 2 840 10045 3 0 13 */
+849,    /* OBJ_id_Gost28147_89_cc           1 2 643 2 9 1 6 1 */
-&(nid_objs[697]),/* OBJ_X9_62_c2onb239v4             1 2 840 10045 3 0 14 */
+854,    /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */
-&(nid_objs[698]),/* OBJ_X9_62_c2onb239v5             1 2 840 10045 3 0 15 */
+186,    /* OBJ_pkcs1                        1 2 840 113549 1 1 */
-&(nid_objs[699]),/* OBJ_X9_62_c2pnb272w1             1 2 840 10045 3 0 16 */
+27,     /* OBJ_pkcs3                        1 2 840 113549 1 3 */
-&(nid_objs[700]),/* OBJ_X9_62_c2pnb304w1             1 2 840 10045 3 0 17 */
+187,    /* OBJ_pkcs5                        1 2 840 113549 1 5 */
-&(nid_objs[701]),/* OBJ_X9_62_c2tnb359v1             1 2 840 10045 3 0 18 */
+20,     /* OBJ_pkcs7                        1 2 840 113549 1 7 */
-&(nid_objs[702]),/* OBJ_X9_62_c2pnb368w1             1 2 840 10045 3 0 19 */
+47,     /* OBJ_pkcs9                        1 2 840 113549 1 9 */
-&(nid_objs[703]),/* OBJ_X9_62_c2tnb431r1             1 2 840 10045 3 0 20 */
+ 3,     /* OBJ_md2                          1 2 840 113549 2 2 */
-&(nid_objs[409]),/* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */
+257,    /* OBJ_md4                          1 2 840 113549 2 4 */
-&(nid_objs[410]),/* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */
+ 4,     /* OBJ_md5                          1 2 840 113549 2 5 */
-&(nid_objs[411]),/* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */
+797,    /* OBJ_hmacWithMD5                  1 2 840 113549 2 6 */
-&(nid_objs[412]),/* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */
+163,    /* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
-&(nid_objs[413]),/* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
+798,    /* OBJ_hmacWithSHA224               1 2 840 113549 2 8 */
-&(nid_objs[414]),/* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
+799,    /* OBJ_hmacWithSHA256               1 2 840 113549 2 9 */
-&(nid_objs[415]),/* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
+800,    /* OBJ_hmacWithSHA384               1 2 840 113549 2 10 */
-&(nid_objs[793]),/* OBJ_ecdsa_with_SHA224            1 2 840 10045 4 3 1 */
+801,    /* OBJ_hmacWithSHA512               1 2 840 113549 2 11 */
-&(nid_objs[794]),/* OBJ_ecdsa_with_SHA256            1 2 840 10045 4 3 2 */
+37,     /* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
-&(nid_objs[795]),/* OBJ_ecdsa_with_SHA384            1 2 840 10045 4 3 3 */
+ 5,     /* OBJ_rc4                          1 2 840 113549 3 4 */
-&(nid_objs[796]),/* OBJ_ecdsa_with_SHA512            1 2 840 10045 4 3 4 */
+44,     /* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
-&(nid_objs[269]),/* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
+120,    /* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
-&(nid_objs[270]),/* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
+643,    /* OBJ_des_cdmf                     1 2 840 113549 3 10 */
-&(nid_objs[271]),/* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
+680,    /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */
-&(nid_objs[272]),/* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */
+684,    /* OBJ_X9_62_c2pnb163v1             1 2 840 10045 3 0 1 */
-&(nid_objs[273]),/* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */
+685,    /* OBJ_X9_62_c2pnb163v2             1 2 840 10045 3 0 2 */
-&(nid_objs[274]),/* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */
+686,    /* OBJ_X9_62_c2pnb163v3             1 2 840 10045 3 0 3 */
-&(nid_objs[275]),/* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */
+687,    /* OBJ_X9_62_c2pnb176v1             1 2 840 10045 3 0 4 */
-&(nid_objs[276]),/* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */
+688,    /* OBJ_X9_62_c2tnb191v1             1 2 840 10045 3 0 5 */
-&(nid_objs[277]),/* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */
+689,    /* OBJ_X9_62_c2tnb191v2             1 2 840 10045 3 0 6 */
-&(nid_objs[278]),/* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */
+690,    /* OBJ_X9_62_c2tnb191v3             1 2 840 10045 3 0 7 */
-&(nid_objs[279]),/* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */
+691,    /* OBJ_X9_62_c2onb191v4             1 2 840 10045 3 0 8 */
-&(nid_objs[280]),/* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */
+692,    /* OBJ_X9_62_c2onb191v5             1 2 840 10045 3 0 9 */
-&(nid_objs[281]),/* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */
+693,    /* OBJ_X9_62_c2pnb208w1             1 2 840 10045 3 0 10 */
-&(nid_objs[282]),/* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */
+694,    /* OBJ_X9_62_c2tnb239v1             1 2 840 10045 3 0 11 */
-&(nid_objs[283]),/* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */
+695,    /* OBJ_X9_62_c2tnb239v2             1 2 840 10045 3 0 12 */
-&(nid_objs[284]),/* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */
+696,    /* OBJ_X9_62_c2tnb239v3             1 2 840 10045 3 0 13 */
-&(nid_objs[177]),/* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
+697,    /* OBJ_X9_62_c2onb239v4             1 2 840 10045 3 0 14 */
-&(nid_objs[285]),/* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */
+698,    /* OBJ_X9_62_c2onb239v5             1 2 840 10045 3 0 15 */
-&(nid_objs[286]),/* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */
+699,    /* OBJ_X9_62_c2pnb272w1             1 2 840 10045 3 0 16 */
-&(nid_objs[287]),/* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
+700,    /* OBJ_X9_62_c2pnb304w1             1 2 840 10045 3 0 17 */
-&(nid_objs[288]),/* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
+701,    /* OBJ_X9_62_c2tnb359v1             1 2 840 10045 3 0 18 */
-&(nid_objs[289]),/* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
+702,    /* OBJ_X9_62_c2pnb368w1             1 2 840 10045 3 0 19 */
-&(nid_objs[290]),/* OBJ_sbgp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
+703,    /* OBJ_X9_62_c2tnb431r1             1 2 840 10045 3 0 20 */
-&(nid_objs[291]),/* OBJ_sbgp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
+409,    /* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */
-&(nid_objs[292]),/* OBJ_sbgp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
+410,    /* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */
-&(nid_objs[397]),/* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
+411,    /* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */
-&(nid_objs[398]),/* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
+412,    /* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */
-&(nid_objs[663]),/* OBJ_proxyCertInfo                1 3 6 1 5 5 7 1 14 */
+413,    /* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
-&(nid_objs[164]),/* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
+414,    /* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
-&(nid_objs[165]),/* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
+415,    /* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
-&(nid_objs[293]),/* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
+793,    /* OBJ_ecdsa_with_SHA224            1 2 840 10045 4 3 1 */
-&(nid_objs[129]),/* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
+794,    /* OBJ_ecdsa_with_SHA256            1 2 840 10045 4 3 2 */
-&(nid_objs[130]),/* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
+795,    /* OBJ_ecdsa_with_SHA384            1 2 840 10045 4 3 3 */
-&(nid_objs[131]),/* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
+796,    /* OBJ_ecdsa_with_SHA512            1 2 840 10045 4 3 4 */
-&(nid_objs[132]),/* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
+269,    /* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
-&(nid_objs[294]),/* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */
+270,    /* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
-&(nid_objs[295]),/* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */
+271,    /* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
-&(nid_objs[296]),/* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */
+272,    /* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */
-&(nid_objs[133]),/* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
+273,    /* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */
-&(nid_objs[180]),/* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
+274,    /* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */
-&(nid_objs[297]),/* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
+275,    /* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */
-&(nid_objs[298]),/* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
+276,    /* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */
-&(nid_objs[299]),/* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
+277,    /* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */
-&(nid_objs[300]),/* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
+278,    /* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */
-&(nid_objs[301]),/* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */
+279,    /* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */
-&(nid_objs[302]),/* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */
+280,    /* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */
-&(nid_objs[303]),/* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */
+281,    /* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */
-&(nid_objs[304]),/* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */
+282,    /* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */
-&(nid_objs[305]),/* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */
+283,    /* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */
-&(nid_objs[306]),/* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */
+284,    /* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */
-&(nid_objs[307]),/* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */
+177,    /* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
-&(nid_objs[308]),/* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */
+285,    /* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */
-&(nid_objs[309]),/* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */
+286,    /* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */
-&(nid_objs[310]),/* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */
+287,    /* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
-&(nid_objs[311]),/* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
+288,    /* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
-&(nid_objs[312]),/* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
+289,    /* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
-&(nid_objs[784]),/* OBJ_id_it_suppLangTags           1 3 6 1 5 5 7 4 16 */
+290,    /* OBJ_sbgp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
-&(nid_objs[313]),/* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
+291,    /* OBJ_sbgp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
-&(nid_objs[314]),/* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
+292,    /* OBJ_sbgp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
-&(nid_objs[323]),/* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
+397,    /* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
-&(nid_objs[324]),/* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */
+398,    /* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
-&(nid_objs[325]),/* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */
+663,    /* OBJ_proxyCertInfo                1 3 6 1 5 5 7 1 14 */
-&(nid_objs[326]),/* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */
+164,    /* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
-&(nid_objs[327]),/* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */
+165,    /* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
-&(nid_objs[328]),/* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */
+293,    /* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
-&(nid_objs[329]),/* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */
+129,    /* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
-&(nid_objs[330]),/* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */
+130,    /* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
-&(nid_objs[331]),/* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */
+131,    /* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
-&(nid_objs[332]),/* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */
+132,    /* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
-&(nid_objs[333]),/* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */
+294,    /* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */
-&(nid_objs[334]),/* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */
+295,    /* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */
-&(nid_objs[335]),/* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */
+296,    /* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */
-&(nid_objs[336]),/* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */
+133,    /* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
-&(nid_objs[337]),/* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */
+180,    /* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
-&(nid_objs[338]),/* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */
+297,    /* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
-&(nid_objs[339]),/* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */
+298,    /* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
-&(nid_objs[340]),/* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */
+299,    /* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
-&(nid_objs[341]),/* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */
+300,    /* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
-&(nid_objs[342]),/* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */
+301,    /* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */
-&(nid_objs[343]),/* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */
+302,    /* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */
-&(nid_objs[344]),/* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */
+303,    /* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */
-&(nid_objs[345]),/* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */
+304,    /* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */
-&(nid_objs[346]),/* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
+305,    /* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */
-&(nid_objs[347]),/* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
+306,    /* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */
-&(nid_objs[858]),/* OBJ_id_on_permanentIdentifier    1 3 6 1 5 5 7 8 3 */
+307,    /* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */
-&(nid_objs[348]),/* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
+308,    /* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */
-&(nid_objs[349]),/* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
+309,    /* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */
-&(nid_objs[351]),/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
+310,    /* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */
-&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
+311,    /* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
-&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
+312,    /* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
-&(nid_objs[354]),/* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
+784,    /* OBJ_id_it_suppLangTags           1 3 6 1 5 5 7 4 16 */
-&(nid_objs[355]),/* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
+313,    /* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
-&(nid_objs[356]),/* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
+314,    /* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
-&(nid_objs[357]),/* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
+323,    /* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
-&(nid_objs[358]),/* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
+324,    /* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */
-&(nid_objs[399]),/* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
+325,    /* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */
-&(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
+326,    /* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */
-&(nid_objs[360]),/* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
+327,    /* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */
-&(nid_objs[361]),/* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
+328,    /* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */
-&(nid_objs[362]),/* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */
+329,    /* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */
-&(nid_objs[664]),/* OBJ_id_ppl_anyLanguage           1 3 6 1 5 5 7 21 0 */
+330,    /* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */
-&(nid_objs[665]),/* OBJ_id_ppl_inheritAll            1 3 6 1 5 5 7 21 1 */
+331,    /* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */
-&(nid_objs[667]),/* OBJ_Independent                  1 3 6 1 5 5 7 21 2 */
+332,    /* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */
-&(nid_objs[178]),/* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
+333,    /* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */
-&(nid_objs[179]),/* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
+334,    /* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */
-&(nid_objs[363]),/* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */
+335,    /* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */
-&(nid_objs[364]),/* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
+336,    /* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */
-&(nid_objs[785]),/* OBJ_caRepository                 1 3 6 1 5 5 7 48 5 */
+337,    /* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */
-&(nid_objs[780]),/* OBJ_hmac_md5                     1 3 6 1 5 5 8 1 1 */
+338,    /* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */
-&(nid_objs[781]),/* OBJ_hmac_sha1                    1 3 6 1 5 5 8 1 2 */
+339,    /* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */
-&(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
+340,    /* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */
-&(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
+341,    /* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */
-&(nid_objs[438]),/* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
+342,    /* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */
-&(nid_objs[439]),/* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
+343,    /* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */
-&(nid_objs[440]),/* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
+344,    /* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */
-&(nid_objs[441]),/* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
+345,    /* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */
-&(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
+346,    /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
-&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
+347,    /* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
-&(nid_objs[782]),/* OBJ_id_PasswordBasedMAC          1 2 840 113533 7 66 13 */
+858,    /* OBJ_id_on_permanentIdentifier    1 3 6 1 5 5 7 8 3 */
-&(nid_objs[783]),/* OBJ_id_DHBasedMac                1 2 840 113533 7 66 30 */
+348,    /* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
-&(nid_objs[ 6]),/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
+349,    /* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
-&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
+351,    /* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
-&(nid_objs[396]),/* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
+352,    /* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
-&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
+353,    /* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
-&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
+354,    /* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
-&(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
+355,    /* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
-&(nid_objs[668]),/* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */
+356,    /* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
-&(nid_objs[669]),/* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */
+357,    /* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
-&(nid_objs[670]),/* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */
+358,    /* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
-&(nid_objs[671]),/* OBJ_sha224WithRSAEncryption      1 2 840 113549 1 1 14 */
+399,    /* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
-&(nid_objs[28]),/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
+359,    /* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
-&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
+360,    /* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
-&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
+361,    /* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
-&(nid_objs[168]),/* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */
+362,    /* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */
-&(nid_objs[169]),/* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */
+664,    /* OBJ_id_ppl_anyLanguage           1 3 6 1 5 5 7 21 0 */
-&(nid_objs[170]),/* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */
+665,    /* OBJ_id_ppl_inheritAll            1 3 6 1 5 5 7 21 1 */
-&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */
+667,    /* OBJ_Independent                  1 3 6 1 5 5 7 21 2 */
-&(nid_objs[69]),/* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */
+178,    /* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
-&(nid_objs[161]),/* OBJ_pbes2                        1 2 840 113549 1 5 13 */
+179,    /* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
-&(nid_objs[162]),/* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
+363,    /* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */
-&(nid_objs[21]),/* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
+364,    /* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
-&(nid_objs[22]),/* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
+785,    /* OBJ_caRepository                 1 3 6 1 5 5 7 48 5 */
-&(nid_objs[23]),/* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
+780,    /* OBJ_hmac_md5                     1 3 6 1 5 5 8 1 1 */
-&(nid_objs[24]),/* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
+781,    /* OBJ_hmac_sha1                    1 3 6 1 5 5 8 1 2 */
-&(nid_objs[25]),/* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
+58,     /* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
-&(nid_objs[26]),/* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
+59,     /* OBJ_netscape_data_type           2 16 840 1 113730 2 */
-&(nid_objs[48]),/* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
+438,    /* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
-&(nid_objs[49]),/* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
+439,    /* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
-&(nid_objs[50]),/* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
+440,    /* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
-&(nid_objs[51]),/* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
+441,    /* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
-&(nid_objs[52]),/* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
+108,    /* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
-&(nid_objs[53]),/* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
+112,    /* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
-&(nid_objs[54]),/* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
+782,    /* OBJ_id_PasswordBasedMAC          1 2 840 113533 7 66 13 */
-&(nid_objs[55]),/* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
+783,    /* OBJ_id_DHBasedMac                1 2 840 113533 7 66 30 */
-&(nid_objs[56]),/* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
+ 6,     /* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
-&(nid_objs[172]),/* OBJ_ext_req                      1 2 840 113549 1 9 14 */
+ 7,     /* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
-&(nid_objs[167]),/* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */
+396,    /* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
-&(nid_objs[188]),/* OBJ_SMIME                        1 2 840 113549 1 9 16 */
+ 8,     /* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
-&(nid_objs[156]),/* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
+65,     /* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
-&(nid_objs[157]),/* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
+644,    /* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
-&(nid_objs[681]),/* OBJ_X9_62_onBasis                1 2 840 10045 1 2 3 1 */
+668,    /* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */
-&(nid_objs[682]),/* OBJ_X9_62_tpBasis                1 2 840 10045 1 2 3 2 */
+669,    /* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */
-&(nid_objs[683]),/* OBJ_X9_62_ppBasis                1 2 840 10045 1 2 3 3 */
+670,    /* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */
-&(nid_objs[417]),/* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
+671,    /* OBJ_sha224WithRSAEncryption      1 2 840 113549 1 1 14 */
-&(nid_objs[856]),/* OBJ_LocalKeySet                  1 3 6 1 4 1 311 17 2 */
+28,     /* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
-&(nid_objs[390]),/* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
+ 9,     /* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
-&(nid_objs[91]),/* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
+10,     /* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
-&(nid_objs[315]),/* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
+168,    /* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */
-&(nid_objs[316]),/* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
+169,    /* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */
-&(nid_objs[317]),/* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
+170,    /* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */
-&(nid_objs[318]),/* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
+68,     /* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */
-&(nid_objs[319]),/* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */
+69,     /* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */
-&(nid_objs[320]),/* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */
+161,    /* OBJ_pbes2                        1 2 840 113549 1 5 13 */
-&(nid_objs[321]),/* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */
+162,    /* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
-&(nid_objs[322]),/* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */
+21,     /* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
-&(nid_objs[365]),/* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */
+22,     /* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
-&(nid_objs[366]),/* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */
+23,     /* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
-&(nid_objs[367]),/* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */
+24,     /* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
-&(nid_objs[368]),/* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
+25,     /* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
-&(nid_objs[369]),/* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */
+26,     /* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
-&(nid_objs[370]),/* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */
+48,     /* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
-&(nid_objs[371]),/* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */
+49,     /* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
-&(nid_objs[372]),/* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */
+50,     /* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
-&(nid_objs[373]),/* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
+51,     /* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
-&(nid_objs[374]),/* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
+52,     /* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
-&(nid_objs[375]),/* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
+53,     /* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
-&(nid_objs[418]),/* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */
+54,     /* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
-&(nid_objs[419]),/* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
+55,     /* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
-&(nid_objs[420]),/* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
+56,     /* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
-&(nid_objs[421]),/* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
+172,    /* OBJ_ext_req                      1 2 840 113549 1 9 14 */
-&(nid_objs[788]),/* OBJ_id_aes128_wrap               2 16 840 1 101 3 4 1 5 */
+167,    /* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */
-&(nid_objs[422]),/* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
+188,    /* OBJ_SMIME                        1 2 840 113549 1 9 16 */
-&(nid_objs[423]),/* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
+156,    /* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
-&(nid_objs[424]),/* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
+157,    /* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
-&(nid_objs[425]),/* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
+681,    /* OBJ_X9_62_onBasis                1 2 840 10045 1 2 3 1 */
-&(nid_objs[789]),/* OBJ_id_aes192_wrap               2 16 840 1 101 3 4 1 25 */
+682,    /* OBJ_X9_62_tpBasis                1 2 840 10045 1 2 3 2 */
-&(nid_objs[426]),/* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
+683,    /* OBJ_X9_62_ppBasis                1 2 840 10045 1 2 3 3 */
-&(nid_objs[427]),/* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
+417,    /* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
-&(nid_objs[428]),/* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
+856,    /* OBJ_LocalKeySet                  1 3 6 1 4 1 311 17 2 */
-&(nid_objs[429]),/* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
+390,    /* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
-&(nid_objs[790]),/* OBJ_id_aes256_wrap               2 16 840 1 101 3 4 1 45 */
+91,     /* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
-&(nid_objs[672]),/* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
+315,    /* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
-&(nid_objs[673]),/* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
+316,    /* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
-&(nid_objs[674]),/* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
+317,    /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
-&(nid_objs[675]),/* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */
+318,    /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
-&(nid_objs[802]),/* OBJ_dsa_with_SHA224              2 16 840 1 101 3 4 3 1 */
+319,    /* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */
-&(nid_objs[803]),/* OBJ_dsa_with_SHA256              2 16 840 1 101 3 4 3 2 */
+320,    /* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */
-&(nid_objs[71]),/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
+321,    /* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */
-&(nid_objs[72]),/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
+322,    /* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */
-&(nid_objs[73]),/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
+365,    /* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */
-&(nid_objs[74]),/* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
+366,    /* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */
-&(nid_objs[75]),/* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
+367,    /* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */
-&(nid_objs[76]),/* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
+368,    /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
-&(nid_objs[77]),/* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
+369,    /* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */
-&(nid_objs[78]),/* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
+370,    /* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */
-&(nid_objs[79]),/* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
+371,    /* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */
-&(nid_objs[139]),/* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
+372,    /* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */
-&(nid_objs[458]),/* OBJ_userId                       0 9 2342 19200300 100 1 1 */
+373,    /* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
-&(nid_objs[459]),/* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */
+374,    /* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
-&(nid_objs[460]),/* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */
+375,    /* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
-&(nid_objs[461]),/* OBJ_info                         0 9 2342 19200300 100 1 4 */
+418,    /* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */
-&(nid_objs[462]),/* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */
+419,    /* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
-&(nid_objs[463]),/* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */
+420,    /* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
-&(nid_objs[464]),/* OBJ_photo                        0 9 2342 19200300 100 1 7 */
+421,    /* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
-&(nid_objs[465]),/* OBJ_userClass                    0 9 2342 19200300 100 1 8 */
+788,    /* OBJ_id_aes128_wrap               2 16 840 1 101 3 4 1 5 */
-&(nid_objs[466]),/* OBJ_host                         0 9 2342 19200300 100 1 9 */
+422,    /* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
-&(nid_objs[467]),/* OBJ_manager                      0 9 2342 19200300 100 1 10 */
+423,    /* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
-&(nid_objs[468]),/* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */
+424,    /* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
-&(nid_objs[469]),/* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */
+425,    /* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
-&(nid_objs[470]),/* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */
+789,    /* OBJ_id_aes192_wrap               2 16 840 1 101 3 4 1 25 */
-&(nid_objs[471]),/* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */
+426,    /* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
-&(nid_objs[472]),/* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */
+427,    /* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
-&(nid_objs[473]),/* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */
+428,    /* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
-&(nid_objs[474]),/* OBJ_secretary                    0 9 2342 19200300 100 1 21 */
+429,    /* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
-&(nid_objs[475]),/* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */
+790,    /* OBJ_id_aes256_wrap               2 16 840 1 101 3 4 1 45 */
-&(nid_objs[476]),/* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */
+672,    /* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
-&(nid_objs[477]),/* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */
+673,    /* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
-&(nid_objs[391]),/* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
+674,    /* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
-&(nid_objs[478]),/* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */
+675,    /* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */
-&(nid_objs[479]),/* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */
+802,    /* OBJ_dsa_with_SHA224              2 16 840 1 101 3 4 3 1 */
-&(nid_objs[480]),/* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */
+803,    /* OBJ_dsa_with_SHA256              2 16 840 1 101 3 4 3 2 */
-&(nid_objs[481]),/* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */
+71,     /* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
-&(nid_objs[482]),/* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */
+72,     /* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
-&(nid_objs[483]),/* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */
+73,     /* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
-&(nid_objs[484]),/* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */
+74,     /* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
-&(nid_objs[485]),/* OBJ_associatedName               0 9 2342 19200300 100 1 38 */
+75,     /* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
-&(nid_objs[486]),/* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */
+76,     /* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
-&(nid_objs[487]),/* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */
+77,     /* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
-&(nid_objs[488]),/* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */
+78,     /* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
-&(nid_objs[489]),/* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */
+79,     /* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
-&(nid_objs[490]),/* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */
+139,    /* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
-&(nid_objs[491]),/* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */
+458,    /* OBJ_userId                       0 9 2342 19200300 100 1 1 */
-&(nid_objs[492]),/* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */
+459,    /* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */
-&(nid_objs[493]),/* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */
+460,    /* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */
-&(nid_objs[494]),/* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */
+461,    /* OBJ_info                         0 9 2342 19200300 100 1 4 */
-&(nid_objs[495]),/* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */
+462,    /* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */
-&(nid_objs[496]),/* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */
+463,    /* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */
-&(nid_objs[497]),/* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */
+464,    /* OBJ_photo                        0 9 2342 19200300 100 1 7 */
-&(nid_objs[498]),/* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */
+465,    /* OBJ_userClass                    0 9 2342 19200300 100 1 8 */
-&(nid_objs[499]),/* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */
+466,    /* OBJ_host                         0 9 2342 19200300 100 1 9 */
-&(nid_objs[500]),/* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */
+467,    /* OBJ_manager                      0 9 2342 19200300 100 1 10 */
-&(nid_objs[501]),/* OBJ_audio                        0 9 2342 19200300 100 1 55 */
+468,    /* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */
-&(nid_objs[502]),/* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */
+469,    /* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */
-&(nid_objs[442]),/* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */
+470,    /* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */
-&(nid_objs[443]),/* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */
+471,    /* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */
-&(nid_objs[444]),/* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */
+472,    /* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */
-&(nid_objs[445]),/* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */
+473,    /* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */
-&(nid_objs[446]),/* OBJ_account                      0 9 2342 19200300 100 4 5 */
+474,    /* OBJ_secretary                    0 9 2342 19200300 100 1 21 */
-&(nid_objs[447]),/* OBJ_document                     0 9 2342 19200300 100 4 6 */
+475,    /* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */
-&(nid_objs[448]),/* OBJ_room                         0 9 2342 19200300 100 4 7 */
+476,    /* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */
-&(nid_objs[449]),/* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */
+477,    /* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */
-&(nid_objs[392]),/* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
+391,    /* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
-&(nid_objs[450]),/* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */
+478,    /* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */
-&(nid_objs[451]),/* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */
+479,    /* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */
-&(nid_objs[452]),/* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */
+480,    /* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */
-&(nid_objs[453]),/* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */
+481,    /* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */
-&(nid_objs[454]),/* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */
+482,    /* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */
-&(nid_objs[455]),/* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
+483,    /* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */
-&(nid_objs[456]),/* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
+484,    /* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */
-&(nid_objs[457]),/* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
+485,    /* OBJ_associatedName               0 9 2342 19200300 100 1 38 */
-&(nid_objs[189]),/* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
+486,    /* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */
-&(nid_objs[190]),/* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
+487,    /* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */
-&(nid_objs[191]),/* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
+488,    /* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */
-&(nid_objs[192]),/* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */
+489,    /* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */
-&(nid_objs[193]),/* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */
+490,    /* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */
-&(nid_objs[194]),/* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */
+491,    /* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */
-&(nid_objs[195]),/* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */
+492,    /* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */
-&(nid_objs[158]),/* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */
+493,    /* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */
-&(nid_objs[159]),/* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */
+494,    /* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */
-&(nid_objs[160]),/* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */
+495,    /* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */
-&(nid_objs[144]),/* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */
+496,    /* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */
-&(nid_objs[145]),/* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */
+497,    /* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */
-&(nid_objs[146]),/* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
+498,    /* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */
-&(nid_objs[147]),/* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
+499,    /* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */
-&(nid_objs[148]),/* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
+500,    /* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */
-&(nid_objs[149]),/* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */
+501,    /* OBJ_audio                        0 9 2342 19200300 100 1 55 */
-&(nid_objs[171]),/* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */
+502,    /* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */
-&(nid_objs[134]),/* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
+442,    /* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */
-&(nid_objs[135]),/* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
+443,    /* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */
-&(nid_objs[136]),/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
+444,    /* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */
-&(nid_objs[137]),/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
+445,    /* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */
-&(nid_objs[138]),/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
+446,    /* OBJ_account                      0 9 2342 19200300 100 4 5 */
-&(nid_objs[648]),/* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
+447,    /* OBJ_document                     0 9 2342 19200300 100 4 6 */
-&(nid_objs[649]),/* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
+448,    /* OBJ_room                         0 9 2342 19200300 100 4 7 */
-&(nid_objs[751]),/* OBJ_camellia_128_cbc             1 2 392 200011 61 1 1 1 2 */
+449,    /* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */
-&(nid_objs[752]),/* OBJ_camellia_192_cbc             1 2 392 200011 61 1 1 1 3 */
+392,    /* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
-&(nid_objs[753]),/* OBJ_camellia_256_cbc             1 2 392 200011 61 1 1 1 4 */
+450,    /* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */
-&(nid_objs[196]),/* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
+451,    /* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */
-&(nid_objs[197]),/* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
+452,    /* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */
-&(nid_objs[198]),/* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
+453,    /* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */
-&(nid_objs[199]),/* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */
+454,    /* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */
-&(nid_objs[200]),/* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
+455,    /* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
-&(nid_objs[201]),/* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
+456,    /* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
-&(nid_objs[202]),/* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
+457,    /* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
-&(nid_objs[203]),/* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
+189,    /* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
-&(nid_objs[204]),/* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */
+190,    /* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
-&(nid_objs[205]),/* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */
+191,    /* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
-&(nid_objs[206]),/* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */
+192,    /* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */
-&(nid_objs[207]),/* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */
+193,    /* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */
-&(nid_objs[208]),/* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */
+194,    /* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */
-&(nid_objs[209]),/* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
+195,    /* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */
-&(nid_objs[210]),/* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
+158,    /* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */
-&(nid_objs[211]),/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
+159,    /* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */
-&(nid_objs[786]),/* OBJ_id_smime_ct_compressedData   1 2 840 113549 1 9 16 1 9 */
+160,    /* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */
-&(nid_objs[787]),/* OBJ_id_ct_asciiTextWithCRLF      1 2 840 113549 1 9 16 1 27 */
+144,    /* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */
-&(nid_objs[212]),/* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
+145,    /* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */
-&(nid_objs[213]),/* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
+146,    /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
-&(nid_objs[214]),/* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
+147,    /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
-&(nid_objs[215]),/* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */
+148,    /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
-&(nid_objs[216]),/* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */
+149,    /* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */
-&(nid_objs[217]),/* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
+171,    /* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */
-&(nid_objs[218]),/* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
+134,    /* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
-&(nid_objs[219]),/* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */
+135,    /* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
-&(nid_objs[220]),/* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
+136,    /* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
-&(nid_objs[221]),/* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
+137,    /* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
-&(nid_objs[222]),/* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */
+138,    /* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
-&(nid_objs[223]),/* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
+648,    /* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
-&(nid_objs[224]),/* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
+649,    /* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
-&(nid_objs[225]),/* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */
+751,    /* OBJ_camellia_128_cbc             1 2 392 200011 61 1 1 1 2 */
-&(nid_objs[226]),/* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */
+752,    /* OBJ_camellia_192_cbc             1 2 392 200011 61 1 1 1 3 */
-&(nid_objs[227]),/* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
+753,    /* OBJ_camellia_256_cbc             1 2 392 200011 61 1 1 1 4 */
-&(nid_objs[228]),/* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
+196,    /* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
-&(nid_objs[229]),/* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */
+197,    /* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
-&(nid_objs[230]),/* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
+198,    /* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
-&(nid_objs[231]),/* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
+199,    /* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */
-&(nid_objs[232]),/* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
+200,    /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
-&(nid_objs[233]),/* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
+201,    /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
-&(nid_objs[234]),/* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */
+202,    /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
-&(nid_objs[235]),/* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
+203,    /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
-&(nid_objs[236]),/* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
+204,    /* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */
-&(nid_objs[237]),/* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
+205,    /* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */
-&(nid_objs[238]),/* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
+206,    /* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */
-&(nid_objs[239]),/* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
+207,    /* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */
-&(nid_objs[240]),/* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
+208,    /* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */
-&(nid_objs[241]),/* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
+209,    /* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
-&(nid_objs[242]),/* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
+210,    /* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
-&(nid_objs[243]),/* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
+211,    /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
-&(nid_objs[244]),/* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */
+786,    /* OBJ_id_smime_ct_compressedData   1 2 840 113549 1 9 16 1 9 */
-&(nid_objs[245]),/* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
+787,    /* OBJ_id_ct_asciiTextWithCRLF      1 2 840 113549 1 9 16 1 27 */
-&(nid_objs[246]),/* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
+212,    /* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
-&(nid_objs[247]),/* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
+213,    /* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
-&(nid_objs[125]),/* OBJ_zlib_compression             1 2 840 113549 1 9 16 3 8 */
+214,    /* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
-&(nid_objs[248]),/* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
+215,    /* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */
-&(nid_objs[249]),/* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
+216,    /* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */
-&(nid_objs[250]),/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
+217,    /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
-&(nid_objs[251]),/* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
+218,    /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
-&(nid_objs[252]),/* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
+219,    /* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */
-&(nid_objs[253]),/* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
+220,    /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
-&(nid_objs[254]),/* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
+221,    /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
-&(nid_objs[255]),/* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
+222,    /* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */
-&(nid_objs[256]),/* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
+223,    /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
-&(nid_objs[150]),/* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */
+224,    /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
-&(nid_objs[151]),/* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */
+225,    /* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */
-&(nid_objs[152]),/* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */
+226,    /* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */
-&(nid_objs[153]),/* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */
+227,    /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
-&(nid_objs[154]),/* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
+228,    /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
-&(nid_objs[155]),/* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
+229,    /* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */
-&(nid_objs[34]),/* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
+230,    /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
+231,    /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
+232,    /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
+233,    /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
+234,    /* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */
+235,    /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
+236,    /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
+237,    /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
+238,    /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
+239,    /* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
+240,    /* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
+241,    /* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
+242,    /* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
+243,    /* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
+244,    /* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */
+245,    /* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
+246,    /* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
+247,    /* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
+125,    /* OBJ_zlib_compression             1 2 840 113549 1 9 16 3 8 */
+248,    /* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
+249,    /* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
+250,    /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
+251,    /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
+252,    /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
+253,    /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
+254,    /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
+255,    /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
+256,    /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
+150,    /* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */
+151,    /* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */
+152,    /* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */
+153,    /* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */
+154,    /* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
+155,    /* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
+34,     /* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
 };
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.pl b/src/lib/libssl/src/crypto/objects/obj_dat.pl
index 7de2f77afd..c67f71c327 100644
--- a/src/lib/libssl/src/crypto/objects/obj_dat.pl
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.pl
@@ -2,9 +2,7 @@
 # fixes bug in floating point emulation on sparc64 when
 # this script produces off-by-one output on sparc64
-eval 'use integer;';
+use integer;
-print STDERR "Warning: perl module integer not found.\n" if ($@);
 sub obj_cmp
        {
@@ -150,13 +148,13 @@ for ($i=0; $i<$n; $i++)
 @a=grep(defined($sn{$nid{$_}}),0 .. $n);
 foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a)
        {
-        push(@sn,sprintf("&(nid_objs[%2d]),/* \"$sn{$nid{$_}}\" */\n",$_));
+        push(@sn,sprintf("%2d,\t/* \"$sn{$nid{$_}}\" */\n",$_));
        }
 @a=grep(defined($ln{$nid{$_}}),0 .. $n);
 foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a)
        {
-        push(@ln,sprintf("&(nid_objs[%2d]),/* \"$ln{$nid{$_}}\" */\n",$_));
+        push(@ln,sprintf("%2d,\t/* \"$ln{$nid{$_}}\" */\n",$_));
        }
 @a=grep(defined($obj{$nid{$_}}),0 .. $n);
@@ -166,7 +164,7 @@ foreach (sort obj_cmp @a)
        $v=$objd{$m};
        $v =~ s/L//g;
        $v =~ s/,/ /g;
-        push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v));
+        push(@ob,sprintf("%2d,\t/* %-32s %s */\n",$_,$m,$v));
        }
 print OUT <<'EOF';
@@ -241,11 +239,11 @@ printf OUT "#define NUM_SN %d\n",$#sn+1;
 printf OUT "#define NUM_LN %d\n",$#ln+1;
 printf OUT "#define NUM_OBJ %d\n\n",$#ob+1;
-printf OUT "static unsigned char lvalues[%d]={\n",$lvalues+1;
+printf OUT "static const unsigned char lvalues[%d]={\n",$lvalues+1;
 print OUT @lvalues;
 print OUT "};\n\n";
-printf OUT "static ASN1_OBJECT nid_objs[NUM_NID]={\n";
+printf OUT "static const ASN1_OBJECT nid_objs[NUM_NID]={\n";
 foreach (@out)
        {
        if (length($_) > 75)
@@ -269,15 +267,15 @@ foreach (@out)
        }
 print  OUT "};\n\n";
-printf OUT "static ASN1_OBJECT *sn_objs[NUM_SN]={\n";
+printf OUT "static const unsigned int sn_objs[NUM_SN]={\n";
 print  OUT @sn;
 print  OUT "};\n\n";
-printf OUT "static ASN1_OBJECT *ln_objs[NUM_LN]={\n";
+printf OUT "static const unsigned int ln_objs[NUM_LN]={\n";
 print  OUT @ln;
 print  OUT "};\n\n";
-printf OUT "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n";
+printf OUT "static const unsigned int obj_objs[NUM_OBJ]={\n";
 print  OUT @ob;
 print  OUT "};\n\n";
diff --git a/src/lib/libssl/src/crypto/objects/obj_err.c b/src/lib/libssl/src/crypto/objects/obj_err.c
index 12b48850c6..2e7a034c3f 100644
--- a/src/lib/libssl/src/crypto/objects/obj_err.c
+++ b/src/lib/libssl/src/crypto/objects/obj_err.c
@@ -1,6 +1,6 @@
 /* crypto/objects/obj_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/src/crypto/objects/obj_lib.c b/src/lib/libssl/src/crypto/objects/obj_lib.c
index 706fa0b0e7..23e9d48cdf 100644
--- a/src/lib/libssl/src/crypto/objects/obj_lib.c
+++ b/src/lib/libssl/src/crypto/objects/obj_lib.c
@@ -66,7 +66,8 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
        {
        ASN1_OBJECT *r;
        int i;
-        char *ln=NULL;
+        char *ln=NULL,*sn=NULL;
+        unsigned char *data=NULL;
        if (o == NULL) return(NULL);
        if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
@@ -79,42 +80,42 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
                OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB);
                return(NULL);
                }
-        r->data=OPENSSL_malloc(o->length);
+        data=OPENSSL_malloc(o->length);
-        if (r->data == NULL)
+        if (data == NULL)
                goto err;
        if (o->data != NULL)
-                memcpy(r->data,o->data,o->length);
+                memcpy(data,o->data,o->length);
+        /* once data attached to object it remains const */
+        r->data = data;
        r->length=o->length;
        r->nid=o->nid;
        r->ln=r->sn=NULL;
        if (o->ln != NULL)
                {
                i=strlen(o->ln)+1;
-                r->ln=ln=OPENSSL_malloc(i);
+                ln=OPENSSL_malloc(i);
-                if (r->ln == NULL) goto err;
+                if (ln == NULL) goto err;
                memcpy(ln,o->ln,i);
+                r->ln=ln;
                }
        if (o->sn != NULL)
                {
-                char *s;
                i=strlen(o->sn)+1;
-                r->sn=s=OPENSSL_malloc(i);
+                sn=OPENSSL_malloc(i);
-                if (r->sn == NULL) goto err;
+                if (sn == NULL) goto err;
-                memcpy(s,o->sn,i);
+                memcpy(sn,o->sn,i);
+                r->sn=sn;
                }
        r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC|
                ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA);
        return(r);
 err:
        OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE);
-        if (r != NULL)
+        if (ln != NULL)         OPENSSL_free(ln);
-                {
+        if (sn != NULL)         OPENSSL_free(sn);
-                if (ln != NULL) OPENSSL_free(ln);
+        if (data != NULL)       OPENSSL_free(data);
-                if (r->data != NULL) OPENSSL_free(r->data);
+        if (r != NULL)          OPENSSL_free(r);
-                OPENSSL_free(r);
-                }
        return(NULL);
        }
diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.h b/src/lib/libssl/src/crypto/objects/obj_mac.h
index ad5f7cfc10..282f11a8a8 100644
--- a/src/lib/libssl/src/crypto/objects/obj_mac.h
+++ b/src/lib/libssl/src/crypto/objects/obj_mac.h
@@ -122,7 +122,7 @@
 #define SN_wap_wsg              "wap-wsg"
 #define NID_wap_wsg             679
-#define OBJ_wap_wsg             OBJ_wap,13L
+#define OBJ_wap_wsg             OBJ_wap,1L
 #define SN_selected_attribute_types             "selected-attribute-types"
 #define LN_selected_attribute_types             "Selected Attribute Types"
@@ -2049,6 +2049,7 @@
 #define NID_stateOrProvinceName         16
 #define OBJ_stateOrProvinceName         OBJ_X509,8L
+#define SN_streetAddress                "street"
 #define LN_streetAddress                "streetAddress"
 #define NID_streetAddress               660
 #define OBJ_streetAddress               OBJ_X509,9L
@@ -2063,6 +2064,7 @@
 #define NID_organizationalUnitName              18
 #define OBJ_organizationalUnitName              OBJ_X509,11L
+#define SN_title                "title"
 #define LN_title                "title"
 #define NID_title               106
 #define OBJ_title               OBJ_X509,12L
@@ -2071,10 +2073,114 @@
 #define NID_description         107
 #define OBJ_description         OBJ_X509,13L
+#define LN_searchGuide          "searchGuide"
+#define NID_searchGuide         859
+#define OBJ_searchGuide         OBJ_X509,14L
+#define LN_businessCategory             "businessCategory"
+#define NID_businessCategory            860
+#define OBJ_businessCategory            OBJ_X509,15L
+#define LN_postalAddress                "postalAddress"
+#define NID_postalAddress               861
+#define OBJ_postalAddress               OBJ_X509,16L
 #define LN_postalCode           "postalCode"
 #define NID_postalCode          661
 #define OBJ_postalCode          OBJ_X509,17L
+#define LN_postOfficeBox                "postOfficeBox"
+#define NID_postOfficeBox               862
+#define OBJ_postOfficeBox               OBJ_X509,18L
+#define LN_physicalDeliveryOfficeName           "physicalDeliveryOfficeName"
+#define NID_physicalDeliveryOfficeName          863
+#define OBJ_physicalDeliveryOfficeName          OBJ_X509,19L
+#define LN_telephoneNumber              "telephoneNumber"
+#define NID_telephoneNumber             864
+#define OBJ_telephoneNumber             OBJ_X509,20L
+#define LN_telexNumber          "telexNumber"
+#define NID_telexNumber         865
+#define OBJ_telexNumber         OBJ_X509,21L
+#define LN_teletexTerminalIdentifier            "teletexTerminalIdentifier"
+#define NID_teletexTerminalIdentifier           866
+#define OBJ_teletexTerminalIdentifier           OBJ_X509,22L
+#define LN_facsimileTelephoneNumber             "facsimileTelephoneNumber"
+#define NID_facsimileTelephoneNumber            867
+#define OBJ_facsimileTelephoneNumber            OBJ_X509,23L
+#define LN_x121Address          "x121Address"
+#define NID_x121Address         868
+#define OBJ_x121Address         OBJ_X509,24L
+#define LN_internationaliSDNNumber              "internationaliSDNNumber"
+#define NID_internationaliSDNNumber             869
+#define OBJ_internationaliSDNNumber             OBJ_X509,25L
+#define LN_registeredAddress            "registeredAddress"
+#define NID_registeredAddress           870
+#define OBJ_registeredAddress           OBJ_X509,26L
+#define LN_destinationIndicator         "destinationIndicator"
+#define NID_destinationIndicator                871
+#define OBJ_destinationIndicator                OBJ_X509,27L
+#define LN_preferredDeliveryMethod              "preferredDeliveryMethod"
+#define NID_preferredDeliveryMethod             872
+#define OBJ_preferredDeliveryMethod             OBJ_X509,28L
+#define LN_presentationAddress          "presentationAddress"
+#define NID_presentationAddress         873
+#define OBJ_presentationAddress         OBJ_X509,29L
+#define LN_supportedApplicationContext          "supportedApplicationContext"
+#define NID_supportedApplicationContext         874
+#define OBJ_supportedApplicationContext         OBJ_X509,30L
+#define SN_member               "member"
+#define NID_member              875
+#define OBJ_member              OBJ_X509,31L
+#define SN_owner                "owner"
+#define NID_owner               876
+#define OBJ_owner               OBJ_X509,32L
+#define LN_roleOccupant         "roleOccupant"
+#define NID_roleOccupant                877
+#define OBJ_roleOccupant                OBJ_X509,33L
+#define SN_seeAlso              "seeAlso"
+#define NID_seeAlso             878
+#define OBJ_seeAlso             OBJ_X509,34L
+#define LN_userPassword         "userPassword"
+#define NID_userPassword                879
+#define OBJ_userPassword                OBJ_X509,35L
+#define LN_userCertificate              "userCertificate"
+#define NID_userCertificate             880
+#define OBJ_userCertificate             OBJ_X509,36L
+#define LN_cACertificate                "cACertificate"
+#define NID_cACertificate               881
+#define OBJ_cACertificate               OBJ_X509,37L
+#define LN_authorityRevocationList              "authorityRevocationList"
+#define NID_authorityRevocationList             882
+#define OBJ_authorityRevocationList             OBJ_X509,38L
+#define LN_certificateRevocationList            "certificateRevocationList"
+#define NID_certificateRevocationList           883
+#define OBJ_certificateRevocationList           OBJ_X509,39L
+#define LN_crossCertificatePair         "crossCertificatePair"
+#define NID_crossCertificatePair                884
+#define OBJ_crossCertificatePair                OBJ_X509,40L
 #define SN_name         "name"
 #define LN_name         "name"
 #define NID_name                173
@@ -2085,6 +2191,7 @@
 #define NID_givenName           99
 #define OBJ_givenName           OBJ_X509,42L
+#define SN_initials             "initials"
 #define LN_initials             "initials"
 #define NID_initials            101
 #define OBJ_initials            OBJ_X509,43L
@@ -2102,6 +2209,38 @@
 #define NID_dnQualifier         174
 #define OBJ_dnQualifier         OBJ_X509,46L
+#define LN_enhancedSearchGuide          "enhancedSearchGuide"
+#define NID_enhancedSearchGuide         885
+#define OBJ_enhancedSearchGuide         OBJ_X509,47L
+#define LN_protocolInformation          "protocolInformation"
+#define NID_protocolInformation         886
+#define OBJ_protocolInformation         OBJ_X509,48L
+#define LN_distinguishedName            "distinguishedName"
+#define NID_distinguishedName           887
+#define OBJ_distinguishedName           OBJ_X509,49L
+#define LN_uniqueMember         "uniqueMember"
+#define NID_uniqueMember                888
+#define OBJ_uniqueMember                OBJ_X509,50L
+#define LN_houseIdentifier              "houseIdentifier"
+#define NID_houseIdentifier             889
+#define OBJ_houseIdentifier             OBJ_X509,51L
+#define LN_supportedAlgorithms          "supportedAlgorithms"
+#define NID_supportedAlgorithms         890
+#define OBJ_supportedAlgorithms         OBJ_X509,52L
+#define LN_deltaRevocationList          "deltaRevocationList"
+#define NID_deltaRevocationList         891
+#define OBJ_deltaRevocationList         OBJ_X509,53L
+#define SN_dmdName              "dmdName"
+#define NID_dmdName             892
+#define OBJ_dmdName             OBJ_X509,54L
 #define LN_pseudonym            "pseudonym"
 #define NID_pseudonym           510
 #define OBJ_pseudonym           OBJ_X509,65L
diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.num b/src/lib/libssl/src/crypto/objects/obj_mac.num
index e3f56bc52c..8c50aac27f 100644
--- a/src/lib/libssl/src/crypto/objects/obj_mac.num
+++ b/src/lib/libssl/src/crypto/objects/obj_mac.num
@@ -856,3 +856,37 @@ hmac		855
 LocalKeySet             856
 freshest_crl            857
 id_on_permanentIdentifier               858
+searchGuide             859
+businessCategory                860
+postalAddress           861
+postOfficeBox           862
+physicalDeliveryOfficeName              863
+telephoneNumber         864
+telexNumber             865
+teletexTerminalIdentifier               866
+facsimileTelephoneNumber                867
+x121Address             868
+internationaliSDNNumber         869
+registeredAddress               870
+destinationIndicator            871
+preferredDeliveryMethod         872
+presentationAddress             873
+supportedApplicationContext             874
+member          875
+owner           876
+roleOccupant            877
+seeAlso         878
+userPassword            879
+userCertificate         880
+cACertificate           881
+authorityRevocationList         882
+certificateRevocationList               883
+crossCertificatePair            884
+enhancedSearchGuide             885
+protocolInformation             886
+distinguishedName               887
+uniqueMember            888
+houseIdentifier         889
+supportedAlgorithms             890
+deltaRevocationList             891
+dmdName         892
diff --git a/src/lib/libssl/src/crypto/objects/objects.h b/src/lib/libssl/src/crypto/objects/objects.h
index 7242f76fb0..bd0ee52feb 100644
--- a/src/lib/libssl/src/crypto/objects/objects.h
+++ b/src/lib/libssl/src/crypto/objects/objects.h
@@ -1011,10 +1011,91 @@ int		OBJ_txt2nid(const char *s);
 int             OBJ_ln2nid(const char *s);
 int             OBJ_sn2nid(const char *s);
 int             OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
-const char *    OBJ_bsearch(const char *key,const char *base,int num,int size,
+const void *    OBJ_bsearch_(const void *key,const void *base,int num,int size,
-        int (*cmp)(const void *, const void *));
+                             int (*cmp)(const void *, const void *));
-const char *    OBJ_bsearch_ex(const char *key,const char *base,int num,
+const void *    OBJ_bsearch_ex_(const void *key,const void *base,int num,
-        int size, int (*cmp)(const void *, const void *), int flags);
+                                int size,
+                                int (*cmp)(const void *, const void *),
+                                int flags);
+#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm)    \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \
+  static int nm##_cmp(type1 const *, type2 const *); \
+  scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
+#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)   \
+  _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
+#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)     \
+  type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
+/*
+ * Unsolved problem: if a type is actually a pointer type, like
+ * nid_triple is, then its impossible to get a const where you need
+ * it. Consider:
+ *
+ * typedef int nid_triple[3];
+ * const void *a_;
+ * const nid_triple const *a = a_;
+ *
+ * The assignement discards a const because what you really want is:
+ *
+ * const int const * const *a = a_;
+ *
+ * But if you do that, you lose the fact that a is an array of 3 ints,
+ * which breaks comparison functions.
+ *
+ * Thus we end up having to cast, sadly, or unpack the
+ * declarations. Or, as I finally did in this case, delcare nid_triple
+ * to be a struct, which it should have been in the first place.
+ *
+ * Ben, August 2008.
+ *
+ * Also, strictly speaking not all types need be const, but handling
+ * the non-constness means a lot of complication, and in practice
+ * comparison routines do always not touch their arguments.
+ */
+#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm)  \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
+      { \
+      type1 const *a = a_; \
+      type2 const *b = b_; \
+      return nm##_cmp(a,b); \
+      } \
+  static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+      { \
+      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
+                                        nm##_cmp_BSEARCH_CMP_FN); \
+      } \
+      extern void dummy_prototype(void)
+#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)   \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
+      { \
+      type1 const *a = a_; \
+      type2 const *b = b_; \
+      return nm##_cmp(a,b); \
+      } \
+  type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+      { \
+      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
+                                        nm##_cmp_BSEARCH_CMP_FN); \
+      } \
+      extern void dummy_prototype(void)
+#define OBJ_bsearch(type1,key,type2,base,num,cmp)                              \
+  ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+                         num,sizeof(type2),                             \
+                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
+                          (void)CHECKED_PTR_OF(type2,cmp##_type_2),     \
+                          cmp##_BSEARCH_CMP_FN)))
+#define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags)                      \
+  ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+                         num,sizeof(type2),                             \
+                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
+                          (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
+                          cmp##_BSEARCH_CMP_FN)),flags)
 int             OBJ_new_nid(int num);
 int             OBJ_add_object(const ASN1_OBJECT *obj);
@@ -1022,6 +1103,14 @@ int		OBJ_create(const char *oid,const char *sn,const char *ln);
 void            OBJ_cleanup(void );
 int             OBJ_create_objects(BIO *in);
+int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
+int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
+int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
+void OBJ_sigid_free(void);
+extern int obj_cleanup_defer;
+void check_defer(int nid);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
diff --git a/src/lib/libssl/src/crypto/objects/objects.pl b/src/lib/libssl/src/crypto/objects/objects.pl
index 76c06cc8f9..15c00bbd52 100644
--- a/src/lib/libssl/src/crypto/objects/objects.pl
+++ b/src/lib/libssl/src/crypto/objects/objects.pl
@@ -14,6 +14,8 @@ while(<NUMIN>)
        $Cname =~ s/^X//;
        if (defined($nidn{$mynum}))
                { die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; }
+        if (defined($nid{$Cname}))
+                { die "$ARGV[1]:$o:There's already an object with name ",$Cname," on line ",$order{$nid{$Cname}},"\n"; }
        $nid{$Cname} = $mynum;
        $nidn{$mynum} = $Cname;
        $order{$mynum} = $o;
@@ -102,6 +104,7 @@ while (<IN>)
                $max_nid++;
                $nid{$Cname} = $max_nid;
                $nidn{$max_nid} = $Cname;
+print STDERR "Added OID $Cname\n";
                }
        $Cname="";
        }
diff --git a/src/lib/libssl/src/crypto/objects/objects.txt b/src/lib/libssl/src/crypto/objects/objects.txt
index a6a811b8e7..e61fe60cbf 100644
--- a/src/lib/libssl/src/crypto/objects/objects.txt
+++ b/src/lib/libssl/src/crypto/objects/objects.txt
@@ -20,7 +20,7 @@ identified-organization 132	: certicom-arc
 joint-iso-itu-t 23      : international-organizations   : International Organizations
 international-organizations 43  : wap
-wap 13                  : wap-wsg
+wap 1                   : wap-wsg
 joint-iso-itu-t 5 1 5   : selected-attribute-types      : Selected Attribute Types
@@ -664,18 +664,52 @@ X509 5			: 			: serialNumber
 X509 6                  : C                     : countryName
 X509 7                  : L                     : localityName
 X509 8                  : ST                    : stateOrProvinceName
-X509 9                  :                       : streetAddress
+X509 9                  : street                : streetAddress
 X509 10                 : O                     : organizationName
 X509 11                 : OU                    : organizationalUnitName
-X509 12                 :                       : title
+X509 12                 : title                 : title
 X509 13                 :                       : description
-X509 17                 :                       : postalCode
+X509 14                 :                       : searchGuide
+X509 15                 :                       : businessCategory
+X509 16                 :                       : postalAddress
+X509 17                 :                       : postalCode
+X509 18                 :                       : postOfficeBox
+X509 19                 :                       : physicalDeliveryOfficeName
+X509 20                 :                       : telephoneNumber
+X509 21                 :                       : telexNumber
+X509 22                 :                       : teletexTerminalIdentifier
+X509 23                 :                       : facsimileTelephoneNumber
+X509 24                 :                       : x121Address
+X509 25                 :                       : internationaliSDNNumber
+X509 26                 :                       : registeredAddress
+X509 27                 :                       : destinationIndicator
+X509 28                 :                       : preferredDeliveryMethod
+X509 29                 :                       : presentationAddress
+X509 30                 :                       : supportedApplicationContext
+X509 31                 : member                :
+X509 32                 : owner                 :
+X509 33                 :                       : roleOccupant
+X509 34                 : seeAlso               :
+X509 35                 :                       : userPassword
+X509 36                 :                       : userCertificate
+X509 37                 :                       : cACertificate
+X509 38                 :                       : authorityRevocationList
+X509 39                 :                       : certificateRevocationList
+X509 40                 :                       : crossCertificatePair
 X509 41                 : name                  : name
 X509 42                 : GN                    : givenName
-X509 43                 :                       : initials
+X509 43                 : initials              : initials
 X509 44                 :                       : generationQualifier
 X509 45                 :                       : x500UniqueIdentifier
 X509 46                 : dnQualifier           : dnQualifier
+X509 47                 :                       : enhancedSearchGuide
+X509 48                 :                       : protocolInformation
+X509 49                 :                       : distinguishedName
+X509 50                 :                       : uniqueMember
+X509 51                 :                       : houseIdentifier
+X509 52                 :                       : supportedAlgorithms
+X509 53                 :                       : deltaRevocationList
+X509 54                 : dmdName               :
 X509 65                 :                       : pseudonym
 X509 72                 : role                  : role
diff --git a/src/lib/libssl/src/crypto/ocsp/Makefile b/src/lib/libssl/src/crypto/ocsp/Makefile
index 30a00b3372..60c414cf4d 100644
--- a/src/lib/libssl/src/crypto/ocsp/Makefile
+++ b/src/lib/libssl/src/crypto/ocsp/Makefile
@@ -36,7 +36,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -82,10 +82,9 @@ ocsp_asn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_asn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-ocsp_asn.o: ../../include/openssl/opensslconf.h
 ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 ocsp_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -98,25 +97,24 @@ ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_cl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_cl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_cl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_cl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_cl.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ocsp_cl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-ocsp_cl.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-ocsp_cl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c
+ocsp_cl.o: ../cryptlib.h ocsp_cl.c
 ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 ocsp_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 ocsp_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_err.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-ocsp_err.o: ../../include/openssl/opensslconf.h
 ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -129,9 +127,9 @@ ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_ext.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_ext.o: ../../include/openssl/opensslconf.h
 ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 ocsp_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -144,22 +142,21 @@ ocsp_ht.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_ht.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_ht.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_ht.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_ht.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_ht.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_ht.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_ht.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ocsp_ht.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-ocsp_ht.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_ht.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ocsp_ht.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_ht.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-ocsp_ht.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ht.o: ../../include/openssl/x509v3.h ocsp_ht.c
-ocsp_ht.o: ocsp_ht.c
 ocsp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-ocsp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ocsp_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ocsp_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-ocsp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 ocsp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 ocsp_lib.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
 ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -174,10 +171,9 @@ ocsp_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 ocsp_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 ocsp_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_prn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-ocsp_prn.o: ../../include/openssl/opensslconf.h
 ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -191,9 +187,9 @@ ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_srv.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_srv.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_srv.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_srv.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_srv.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_srv.o: ../../include/openssl/opensslconf.h
 ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -206,10 +202,9 @@ ocsp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 ocsp_vfy.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 ocsp_vfy.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_vfy.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-ocsp_vfy.o: ../../include/openssl/opensslconf.h
 ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 ocsp_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp.h b/src/lib/libssl/src/crypto/ocsp/ocsp.h
index a0577a717e..31e45744ba 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp.h
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp.h
@@ -64,6 +64,7 @@
 #ifndef HEADER_OCSP_H
 #define HEADER_OCSP_H
+#include <openssl/ossl_typ.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/safestack.h>
@@ -394,17 +395,20 @@ typedef struct ocsp_service_locator_st
 #define ASN1_BIT_STRING_digest(data,type,md,len) \
        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
-#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)
 #define OCSP_CERTSTATUS_dup(cs)\
                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
+OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
                                                                int maxline);
 int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
 void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                const char *name, const char *value);
 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
@@ -474,11 +478,6 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
                        X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
                        STACK_OF(X509) *certs, unsigned long flags);
-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
-                                void *data, STACK_OF(ASN1_OBJECT) *sk);
-#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \
-        ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)
 X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
 X509_EXTENSION *OCSP_accept_responses_new(char **oids);
@@ -547,9 +546,9 @@ DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
 DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
 DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
-char *OCSP_response_status_str(long s);
+const char *OCSP_response_status_str(long s);
-char *OCSP_cert_status_str(long s);
+const char *OCSP_cert_status_str(long s);
-char *OCSP_crl_reason_str(long s);
+const char *OCSP_crl_reason_str(long s);
 int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
 int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
@@ -582,7 +581,8 @@ void ERR_load_OCSP_strings(void);
 #define OCSP_F_OCSP_REQUEST_VERIFY                       116
 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC                  111
 #define OCSP_F_OCSP_SENDREQ_BIO                          112
-#define OCSP_F_PARSE_HTTP_LINE1                          117
+#define OCSP_F_OCSP_SENDREQ_NBIO                         117
+#define OCSP_F_PARSE_HTTP_LINE1                          118
 #define OCSP_F_REQUEST_VERIFY                            113
 /* Reason codes. */
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c b/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c
index 17bab5fc59..9c14d9da27 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c
@@ -155,7 +155,6 @@ int OCSP_request_sign(OCSP_REQUEST   *req,
                        goto err;
        if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
-        if (!dgst) dgst = EVP_sha1();
        if (key)
                {
                if (!X509_check_private_key(signer, key))
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_err.c b/src/lib/libssl/src/crypto/ocsp/ocsp_err.c
index d2f2e79f44..0cedcea682 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_err.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_err.c
@@ -1,6 +1,6 @@
 /* crypto/ocsp/ocsp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -86,6 +86,7 @@ static ERR_STRING_DATA OCSP_str_functs[]=
 {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY),  "OCSP_request_verify"},
 {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC),     "OCSP_response_get1_basic"},
 {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO),     "OCSP_sendreq_bio"},
+{ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO),    "OCSP_sendreq_nbio"},
 {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1),     "PARSE_HTTP_LINE1"},
 {ERR_FUNC(OCSP_F_REQUEST_VERIFY),       "REQUEST_VERIFY"},
 {0,NULL}
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c
index 815cc29d58..ec884cb08f 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c
@@ -264,7 +264,7 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
        }
 /* also CRL Entry Extensions */
+#if 0
 ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
                                void *data, STACK_OF(ASN1_OBJECT) *sk)
        {
@@ -305,6 +305,7 @@ err:
        if (b) OPENSSL_free(b);
        return NULL;
        }
+#endif
 /* Nonce handling functions */
@@ -442,17 +443,10 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
                if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
                        goto err;
                }
-        if (!(x = X509_EXTENSION_new())) goto err;
+        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
-        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
-        if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid,
-                                    NULL)))
-                goto err;
-        OCSP_CRLID_free(cid);
-        return x;
 err:
-        if (x) X509_EXTENSION_free(x);
        if (cid) OCSP_CRLID_free(cid);
-        return NULL;
+        return x;
        }
 /*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
@@ -470,18 +464,10 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids)
                        sk_ASN1_OBJECT_push(sk, o);
                oids++;
                }
-        if (!(x = X509_EXTENSION_new())) goto err;
+        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
-        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
-                goto err;
-        if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL,
-                                    sk)))
-                goto err;
-        sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-        return x;
 err:
-        if (x) X509_EXTENSION_free(x);
        if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-        return NULL;
+        return x;
        }
 /*  ArchiveCutoff ::= GeneralizedTime */
@@ -492,16 +478,10 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
        if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
        if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
-        if (!(x = X509_EXTENSION_new())) goto err;
+        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
-        if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
-        if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value,
-                                    i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err;
-        ASN1_GENERALIZEDTIME_free(gt);
-        return x;
 err:
        if (gt) ASN1_GENERALIZEDTIME_free(gt);
-        if (x) X509_EXTENSION_free(x);
+        return x;
-        return NULL;
        }
 /* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
@@ -530,16 +510,9 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
                if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
                urls++;
                }
-        if (!(x = X509_EXTENSION_new())) goto err;
+        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
-        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) 
-                goto err;
-        if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value,
-                                    i2d_OCSP_SERVICELOC,sloc,NULL))) goto err;
-        OCSP_SERVICELOC_free(sloc);
-        return x;
 err:
-        if (x) X509_EXTENSION_free(x);
        if (sloc) OCSP_SERVICELOC_free(sloc);
-        return NULL;
+        return x;
        }
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c b/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c
index 6abb30b2c0..12bbfcffd1 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c
@@ -118,39 +118,65 @@ void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
        OPENSSL_free(rctx);
        }
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req)
-                                                                int maxline)
        {
-        static char post_hdr[] = "POST %s HTTP/1.0\r\n"
+        static const char req_hdr[] =
        "Content-Type: application/ocsp-request\r\n"
        "Content-Length: %d\r\n\r\n";
+        if (BIO_printf(rctx->mem, req_hdr, i2d_OCSP_REQUEST(req, NULL)) <= 0)
+                return 0;
+        if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0)
+                return 0;
+        rctx->state = OHS_ASN1_WRITE;
+        rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
+        return 1;
+        }
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                const char *name, const char *value)
+        {
+        if (!name)
+                return 0;
+        if (BIO_puts(rctx->mem, name) <= 0)
+                return 0;
+        if (value)
+                {
+                if (BIO_write(rctx->mem, ": ", 2) != 2)
+                        return 0;
+                if (BIO_puts(rctx->mem, value) <= 0)
+                        return 0;
+                }
+        if (BIO_write(rctx->mem, "\r\n", 2) != 2)
+                return 0;
+        return 1;
+        }
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
+                                                                int maxline)
+        {
+        static const char post_hdr[] = "POST %s HTTP/1.0\r\n";
        OCSP_REQ_CTX *rctx;
        rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
-        rctx->state = OHS_FIRSTLINE;
+        rctx->state = OHS_ERROR;
        rctx->mem = BIO_new(BIO_s_mem());
        rctx->io = io;
+        rctx->asn1_len = 0;
        if (maxline > 0)
                rctx->iobuflen = maxline;
        else
                rctx->iobuflen = OCSP_MAX_LINE_LEN;
        rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
+        if (!rctx->iobuf)
+                return 0;
        if (!path)
                path = "/";
-        if (BIO_printf(rctx->mem, post_hdr, path,
+        if (BIO_printf(rctx->mem, post_hdr, path) <= 0)
-                                i2d_OCSP_REQUEST(req, NULL)) <= 0)
-                {
-                rctx->state = OHS_ERROR;
                return 0;
-                }
-        if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0)
+        if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
-                {
-                rctx->state = OHS_ERROR;
                return 0;
-                }
-        rctx->state = OHS_ASN1_WRITE;
-        rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
        return rctx;
        }
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c b/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c
index 27450811d7..36905d76cd 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c
@@ -69,6 +69,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
+#include <openssl/asn1t.h>
 /* Convert a certificate and its issuer to an OCSP_CERTID */
@@ -260,3 +261,5 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
        return 0;
        }
+IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c b/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c
index 3dfb51c1e4..1695c9c4ad 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c
@@ -85,21 +85,21 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent)
 typedef struct
        {
        long t;
-        char *m;
+        const char *m;
        } OCSP_TBLSTR;
-static char *table2string(long s, OCSP_TBLSTR *ts, int len)
+static const char *table2string(long s, const OCSP_TBLSTR *ts, int len)
 {
-        OCSP_TBLSTR *p;
+        const OCSP_TBLSTR *p;
        for (p=ts; p < ts + len; p++)
                if (p->t == s)
                         return p->m;
        return "(UNKNOWN)";
 }
-char *OCSP_response_status_str(long s)
+const char *OCSP_response_status_str(long s)
        {
-        static OCSP_TBLSTR rstat_tbl[] = {
+        static const OCSP_TBLSTR rstat_tbl[] = {
                { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
                { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
                { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
@@ -109,18 +109,18 @@ char *OCSP_response_status_str(long s)
        return table2string(s, rstat_tbl, 6);
        } 
-char *OCSP_cert_status_str(long s)
+const char *OCSP_cert_status_str(long s)
        {
-        static OCSP_TBLSTR cstat_tbl[] = {
+        static const OCSP_TBLSTR cstat_tbl[] = {
                { V_OCSP_CERTSTATUS_GOOD, "good" },
                { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
                { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } };
        return table2string(s, cstat_tbl, 3);
        } 
-char *OCSP_crl_reason_str(long s)
+const char *OCSP_crl_reason_str(long s)
        {
-        OCSP_TBLSTR reason_tbl[] = {
+        static const OCSP_TBLSTR reason_tbl[] = {
          { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
          { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
          { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
@@ -266,15 +266,16 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
                        if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
                                goto err;
                        }
-                if (!BIO_write(bp,"\n",1)) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
                if (!X509V3_extensions_print(bp,
                                        "Response Single Extensions",
                                        single->singleExtensions, flags, 8))
                                                        goto err;
-                if (!BIO_write(bp,"\n",1)) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
                }
        if (!X509V3_extensions_print(bp, "Response Extensions",
                                        rd->responseExtensions, flags, 4))
+                                                        goto err;
        if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
                                                        goto err;
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
index 4a0c3870d8..415d67e61c 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
@@ -308,6 +308,8 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                        }
                mdlen = EVP_MD_size(dgst);
+                if (mdlen < 0)
+                    return -1;
                if ((cid->issuerNameHash->length != mdlen) ||
                   (cid->issuerKeyHash->length != mdlen))
                        return 0;
@@ -316,7 +318,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                        return -1;
                if (memcmp(md, cid->issuerNameHash->data, mdlen))
                        return 0;
-                X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
+                X509_pubkey_digest(cert, dgst, md, NULL);
                if (memcmp(md, cid->issuerKeyHash->data, mdlen))
                        return 0;
diff --git a/src/lib/libssl/src/crypto/opensslconf.h b/src/lib/libssl/src/crypto/opensslconf.h
index 60505327d3..c21b3913f0 100644
--- a/src/lib/libssl/src/crypto/opensslconf.h
+++ b/src/lib/libssl/src/crypto/opensslconf.h
@@ -5,15 +5,6 @@
 #ifndef OPENSSL_DOING_MAKEDEPEND
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
 #ifndef OPENSSL_NO_GMP
 # define OPENSSL_NO_GMP
 #endif
@@ -23,8 +14,8 @@
 #ifndef OPENSSL_NO_KRB5
 # define OPENSSL_NO_KRB5
 #endif
-#ifndef OPENSSL_NO_MDC2
+#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MDC2
+# define OPENSSL_NO_MD2
 #endif
 #ifndef OPENSSL_NO_RC5
 # define OPENSSL_NO_RC5
@@ -32,8 +23,8 @@
 #ifndef OPENSSL_NO_RFC3779
 # define OPENSSL_NO_RFC3779
 #endif
-#ifndef OPENSSL_NO_SEED
+#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_SEED
+# define OPENSSL_NO_STORE
 #endif
 #endif /* OPENSSL_DOING_MAKEDEPEND */
@@ -47,15 +38,6 @@
   who haven't had the time to do the appropriate changes in their
   applications.  */
 #ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
-#  define NO_CMS
-# endif
 # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
 #  define NO_GMP
 # endif
@@ -65,8 +47,8 @@
 # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
 #  define NO_KRB5
 # endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MDC2
+#  define NO_MD2
 # endif
 # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
 #  define NO_RC5
@@ -74,28 +56,13 @@
 # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
 #  define NO_RFC3779
 # endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_SEED
+#  define NO_STORE
 # endif
 #endif
 /* crypto/opensslconf.h.in */
-#ifdef OPENSSL_DOING_MAKEDEPEND
-/* Include any symbols here that have to be explicitly set to enable a feature
- * that should be visible to makedepend.
- *
- * [Our "make depend" doesn't actually look at this, we use actual build settings
- * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
- */
-#ifndef OPENSSL_FIPS
-#define OPENSSL_FIPS
-#endif
-#endif
 /* Generate 80386 code? */
 #undef I386_ONLY
@@ -159,14 +126,9 @@
 /* Should we define BN_DIV2W here? */
 /* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
 #undef SIXTY_FOUR_BIT_LONG
 #undef SIXTY_FOUR_BIT
 #define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
 #endif
 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
diff --git a/src/lib/libssl/src/crypto/opensslconf.h.in b/src/lib/libssl/src/crypto/opensslconf.h.in
index 1c77f03c3d..97e3745563 100644
--- a/src/lib/libssl/src/crypto/opensslconf.h.in
+++ b/src/lib/libssl/src/crypto/opensslconf.h.in
@@ -1,20 +1,5 @@
 /* crypto/opensslconf.h.in */
-#ifdef OPENSSL_DOING_MAKEDEPEND
-/* Include any symbols here that have to be explicitly set to enable a feature
- * that should be visible to makedepend.
- *
- * [Our "make depend" doesn't actually look at this, we use actual build settings
- * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
- */
-#ifndef OPENSSL_FIPS
-#define OPENSSL_FIPS
-#endif
-#endif
 /* Generate 80386 code? */
 #undef I386_ONLY
@@ -78,14 +63,9 @@
 /* Should we define BN_DIV2W here? */
 /* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
 #undef SIXTY_FOUR_BIT_LONG
 #undef SIXTY_FOUR_BIT
 #define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
 #endif
 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h
index c6207f76b2..2fb110fa0e 100644
--- a/src/lib/libssl/src/crypto/opensslv.h
+++ b/src/lib/libssl/src/crypto/opensslv.h
@@ -12,7 +12,7 @@
 * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
 * 0.9.3          0x0090300f
 * 0.9.3a         0x0090301f
- * 0.9.4          0x0090400f
+ * 0.9.4          0x0090400f
 * 1.2.3z         0x102031af
 *
 * For continuity reasons (because 0.9.5 is already out, and is coded
@@ -25,11 +25,11 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER  0x009080bfL
+#define OPENSSL_VERSION_NUMBER  0x1000001fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8k-fips 25 Mar 2009"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.0a-fips 1 Jun 2010"
 #else
-#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8k 25 Mar 2009"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.0a 1 Jun 2010"
 #endif
 #define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
@@ -83,7 +83,7 @@
 * should only keep the versions that are binary compatible with the current.
 */
 #define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "0.9.8"
+#define SHLIB_VERSION_NUMBER "1.0.0"
 #endif /* HEADER_OPENSSLV_H */
diff --git a/src/lib/libssl/src/crypto/ossl_typ.h b/src/lib/libssl/src/crypto/ossl_typ.h
index 0e7a380880..12bd7014de 100644
--- a/src/lib/libssl/src/crypto/ossl_typ.h
+++ b/src/lib/libssl/src/crypto/ossl_typ.h
@@ -95,6 +95,8 @@ typedef int ASN1_BOOLEAN;
 typedef int ASN1_NULL;
 #endif
+typedef struct asn1_pctx_st ASN1_PCTX;
 #ifdef OPENSSL_SYS_WIN32
 #undef X509_NAME
 #undef X509_EXTENSIONS
@@ -122,6 +124,11 @@ typedef struct env_md_st EVP_MD;
 typedef struct env_md_ctx_st EVP_MD_CTX;
 typedef struct evp_pkey_st EVP_PKEY;
+typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
+typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
+typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
 typedef struct dh_st DH;
 typedef struct dh_method DH_METHOD;
@@ -139,11 +146,14 @@ typedef struct ecdsa_method ECDSA_METHOD;
 typedef struct x509_st X509;
 typedef struct X509_algor_st X509_ALGOR;
 typedef struct X509_crl_st X509_CRL;
+typedef struct x509_crl_method_st X509_CRL_METHOD;
+typedef struct x509_revoked_st X509_REVOKED;
 typedef struct X509_name_st X509_NAME;
+typedef struct X509_pubkey_st X509_PUBKEY;
 typedef struct x509_store_st X509_STORE;
 typedef struct x509_store_ctx_st X509_STORE_CTX;
-typedef struct ssl_st SSL;
-typedef struct ssl_ctx_st SSL_CTX;
+typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
 typedef struct v3_ext_ctx X509V3_CTX;
 typedef struct conf_st CONF;
@@ -157,12 +167,19 @@ typedef struct ui_method_st UI_METHOD;
 typedef struct st_ERR_FNS ERR_FNS;
 typedef struct engine_st ENGINE;
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
 typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
 typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
 typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
 typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
+typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
+typedef struct DIST_POINT_st DIST_POINT;
+typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
+typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
 #define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
 #define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
diff --git a/src/lib/libssl/src/crypto/pem/Makefile b/src/lib/libssl/src/crypto/pem/Makefile
index 669f36612c..2cc7801529 100644
--- a/src/lib/libssl/src/crypto/pem/Makefile
+++ b/src/lib/libssl/src/crypto/pem/Makefile
@@ -18,10 +18,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \
-        pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c
+        pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c
 LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \
-        pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o
+        pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o pvkfmt.o
 SRC= $(LIBSRC)
@@ -36,7 +36,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -83,39 +83,36 @@ pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 pem_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c
-pem_all.o: ../cryptlib.h pem_all.c
 pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pem_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pem_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pem_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pem_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-pem_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_err.o: ../../include/openssl/x509_vfy.h pem_err.c
-pem_err.o: pem_err.c
 pem_info.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_info.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 pem_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pem_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pem_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pem_info.o: ../../include/openssl/opensslconf.h
 pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
@@ -128,8 +125,8 @@ pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 pem_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -139,43 +136,43 @@ pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_lib.c
+pem_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+pem_lib.o: pem_lib.c
 pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_oth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_oth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_oth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_oth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_oth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-pem_oth.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-pem_oth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-pem_oth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_oth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_oth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_oth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_oth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_oth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_oth.c
-pem_oth.o: ../cryptlib.h pem_oth.c
 pem_pk8.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_pk8.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_pk8.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_pk8.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_pk8.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_pk8.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_pk8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-pem_pk8.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
-pem_pk8.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-pem_pk8.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+pem_pk8.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pem_pk8.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_pk8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pem_pk8.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_pk8.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pem_pk8.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pk8.c
+pem_pk8.o: ../cryptlib.h pem_pk8.c
 pem_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 pem_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 pem_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -184,15 +181,16 @@ pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 pem_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 pem_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pkey.c
+pem_pkey.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+pem_pkey.o: pem_pkey.c
 pem_seal.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_seal.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_seal.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_seal.o: ../../include/openssl/opensslconf.h
 pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -205,9 +203,9 @@ pem_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_sign.o: ../../include/openssl/opensslconf.h
 pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -220,9 +218,9 @@ pem_x509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_x509.o: ../../include/openssl/opensslconf.h
 pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -234,12 +232,27 @@ pem_xaux.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_xaux.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_xaux.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_xaux.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_xaux.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_xaux.o: ../../include/openssl/opensslconf.h
 pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pem_xaux.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 pem_xaux.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 pem_xaux.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_xaux.c
+pvkfmt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pvkfmt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pvkfmt.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+pvkfmt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pvkfmt.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pvkfmt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pvkfmt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pvkfmt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pvkfmt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pvkfmt.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pvkfmt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pvkfmt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pvkfmt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pvkfmt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pvkfmt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pvkfmt.c
diff --git a/src/lib/libssl/src/crypto/pem/pem.h b/src/lib/libssl/src/crypto/pem/pem.h
index 6c193f1cbf..8a6ababe3a 100644
--- a/src/lib/libssl/src/crypto/pem/pem.h
+++ b/src/lib/libssl/src/crypto/pem/pem.h
@@ -134,6 +134,7 @@ extern "C" {
 #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
 #define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
 #define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
+#define PEM_STRING_PARAMETERS   "PARAMETERS"
 #define PEM_STRING_CMS          "CMS"
  /* Note that this structure is initialised by PEM_SealInit and cleaned up
@@ -183,11 +184,8 @@ typedef struct pem_ctx_st
        int num_recipient;
        PEM_USER **recipient;
-#ifndef OPENSSL_NO_STACK
+        /* XXX(ben): don#t think this is used! 
-        STACK *x509_chain;      /* certificate chain */
+                STACK *x509_chain;      / * certificate chain */
-#else
-        char *x509_chain;       /* certificate chain */
-#endif
        EVP_MD *md;             /* signature type */
        int md_enc;             /* is the md encrypted or not? */
@@ -224,28 +222,19 @@ typedef struct pem_ctx_st
 #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
 type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
 { \
-    return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \
+return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
-                                str, fp, \
-                                CHECKED_PPTR_OF(type, x), \
-                                cb, u); \
 } 
 #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
 int PEM_write_##name(FILE *fp, type *x) \
 { \
-    return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
+return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
-                          str, fp, \
-                          CHECKED_PTR_OF(type, x), \
-                          NULL, NULL, 0, NULL, NULL); \
 }
 #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
 int PEM_write_##name(FILE *fp, const type *x) \
 { \
-    return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
+return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
-                          str, fp, \
-                          CHECKED_PTR_OF(const type, x), \
-                          NULL, NULL, 0, NULL, NULL); \
 }
 #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
@@ -253,10 +242,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, \
                  void *u) \
        { \
-            return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
+        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
-                                  str, fp, \
-                                  CHECKED_PTR_OF(type, x), \
-                                  enc, kstr, klen, cb, u); \
        }
 #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
@@ -264,10 +250,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, \
                  void *u) \
        { \
-            return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
+        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
-                                  str, fp, \
-                                  CHECKED_PTR_OF(const type, x), \
-                                  enc, kstr, klen, cb, u); \
        }
 #endif
@@ -275,48 +258,33 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
 #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
 type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
 { \
-    return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \
+return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
-                                    str, bp, \
-                                    CHECKED_PPTR_OF(type, x), \
-                                    cb, u); \
 }
 #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
 int PEM_write_bio_##name(BIO *bp, type *x) \
 { \
-    return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
+return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
-                              str, bp, \
-                              CHECKED_PTR_OF(type, x), \
-                              NULL, NULL, 0, NULL, NULL); \
 }
 #define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
 int PEM_write_bio_##name(BIO *bp, const type *x) \
 { \
-    return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
+return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
-                              str, bp, \
-                              CHECKED_PTR_OF(const type, x), \
-                              NULL, NULL, 0, NULL, NULL); \
 }
 #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
 int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
        { \
-            return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
-                                      str, bp, \
-                                      CHECKED_PTR_OF(type, x), \
-                                      enc, kstr, klen, cb, u); \
        }
 #define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
 int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
        { \
-            return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
-                                      str, bp, \
-                                      CHECKED_PTR_OF(const type, x), \
-                                      enc, kstr, klen, cb, u); \
        }
 #define IMPLEMENT_PEM_write(name, type, str, asn1) \
@@ -353,11 +321,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 /* These are the same except they are for the declarations */
-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API)
+#if defined(OPENSSL_NO_FP_API)
 #define DECLARE_PEM_read_fp(name, type) /**/
 #define DECLARE_PEM_write_fp(name, type) /**/
-#define DECLARE_PEM_write_fp_const(name, type) /**/
 #define DECLARE_PEM_write_cb_fp(name, type) /**/
 #else
@@ -428,138 +395,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
        DECLARE_PEM_read(name, type) \
        DECLARE_PEM_write_cb(name, type)
-#ifdef SSLEAY_MACROS
-#define PEM_write_SSL_SESSION(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
-                        PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_X509(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
-                (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
-                        NULL,NULL,0,NULL,NULL)
-#define PEM_write_X509_CRL(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
-                        fp,(char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
-                        (char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_RSAPublicKey(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
-                        PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
-                        (char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write((int (*)())i2d_PrivateKey,\
-                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-                        bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_PKCS7(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_DHparams(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
-                        (char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
-                        PEM_STRING_X509,fp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
-        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
-#define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)
-#define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)
-#define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)
-#define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)
-#define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)
-#define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)
-#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
-        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
-#define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \
-        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)
-#define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \
-        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)
-#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \
-                (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \
-        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
-                                                        (char **)x,cb,u)
-#define PEM_write_bio_X509(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
-                (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
-                        NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_X509_CRL(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
-                        bp,(char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
-                        bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_bio_RSAPublicKey(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
-                        PEM_STRING_RSA_PUBLIC,\
-                        bp,(char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
-                        bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
-                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-                        bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_bio_PKCS7(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_DHparams(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
-                        bp,(char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_DSAparams(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
-                        PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
-                        PEM_STRING_X509,bp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
-#define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)
-#define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)
-#define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)
-#define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)
-#define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)
-#define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)
-#define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)
-#define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)
-#define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)
-#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \
-                (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\
-                                                        (char **)x,cb,u)
-#endif
 #if 1
 /* "userdata": new with OpenSSL 0.9.4 */
 typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
@@ -581,40 +416,25 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char
             pem_password_cb *cb, void *u);
 void *  PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
                          void **x, pem_password_cb *cb, void *u);
+int     PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x,
-#define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \
-    ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \
-                              name, bp,                 \
-                              CHECKED_PPTR_OF(type, x), \
-                              cb, u))
-int     PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x,
                           const EVP_CIPHER *enc,unsigned char *kstr,int klen,
                           pem_password_cb *cb, void *u);
-#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \
-    (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \
-                        name, bp,                  \
-                        CHECKED_PTR_OF(type, x), \
-                        enc, kstr, klen, cb, u))
 STACK_OF(X509_INFO) *   PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
 int     PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
                unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
 #endif
-#ifndef OPENSSL_SYS_WIN16
 int     PEM_read(FILE *fp, char **name, char **header,
                unsigned char **data,long *len);
 int     PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
 void *  PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
                      pem_password_cb *cb, void *u);
 int     PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp,
-                       char *x,const EVP_CIPHER *enc,unsigned char *kstr,
+                       void *x,const EVP_CIPHER *enc,unsigned char *kstr,
                       int klen,pem_password_cb *callback, void *u);
 STACK_OF(X509_INFO) *   PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
        pem_password_cb *cb, void *u);
-#endif
 int     PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
                EVP_MD *md_type, unsigned char **ek, int *ekl,
@@ -633,7 +453,6 @@ int	PEM_def_callback(char *buf, int num, int w, void *key);
 void    PEM_proc_type(char *buf, int type);
 void    PEM_dek_info(char *buf, const char *type, int len, char *str);
-#ifndef SSLEAY_MACROS
 #include <openssl/symhacks.h>
@@ -719,7 +538,21 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, vo
 int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
                              char *kstr,int klen, pem_password_cb *cd, void *u);
-#endif /* SSLEAY_MACROS */
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
+int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
+EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
+EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
+EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
+EVP_PKEY *b2i_PublicKey_bio(BIO *in);
+int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
+int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
+#ifndef OPENSSL_NO_RC4
+EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
+int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+                pem_password_cb *cb, void *u);
+#endif
 /* BEGIN ERROR CODES */
@@ -731,10 +564,22 @@ void ERR_load_PEM_strings(void);
 /* Error codes for the PEM functions. */
 /* Function codes. */
+#define PEM_F_B2I_DSS                                    127
+#define PEM_F_B2I_PVK_BIO                                128
+#define PEM_F_B2I_RSA                                    129
+#define PEM_F_CHECK_BITLEN_DSA                           130
+#define PEM_F_CHECK_BITLEN_RSA                           131
 #define PEM_F_D2I_PKCS8PRIVATEKEY_BIO                    120
 #define PEM_F_D2I_PKCS8PRIVATEKEY_FP                     121
+#define PEM_F_DO_B2I                                     132
+#define PEM_F_DO_B2I_BIO                                 133
+#define PEM_F_DO_BLOB_HEADER                             134
 #define PEM_F_DO_PK8PKEY                                 126
 #define PEM_F_DO_PK8PKEY_FP                              125
+#define PEM_F_DO_PVK_BODY                                135
+#define PEM_F_DO_PVK_HEADER                              136
+#define PEM_F_I2B_PVK                                    137
+#define PEM_F_I2B_PVK_BIO                                138
 #define PEM_F_LOAD_IV                                    101
 #define PEM_F_PEM_ASN1_READ                              102
 #define PEM_F_PEM_ASN1_READ_BIO                          103
@@ -747,6 +592,7 @@ void ERR_load_PEM_strings(void);
 #define PEM_F_PEM_PK8PKEY                                119
 #define PEM_F_PEM_READ                                   108
 #define PEM_F_PEM_READ_BIO                               109
+#define PEM_F_PEM_READ_BIO_PARAMETERS                    140
 #define PEM_F_PEM_READ_BIO_PRIVATEKEY                    123
 #define PEM_F_PEM_READ_PRIVATEKEY                        124
 #define PEM_F_PEM_SEALFINAL                              110
@@ -754,6 +600,7 @@ void ERR_load_PEM_strings(void);
 #define PEM_F_PEM_SIGNFINAL                              112
 #define PEM_F_PEM_WRITE                                  113
 #define PEM_F_PEM_WRITE_BIO                              114
+#define PEM_F_PEM_WRITE_PRIVATEKEY                       139
 #define PEM_F_PEM_X509_INFO_READ                         115
 #define PEM_F_PEM_X509_INFO_READ_BIO                     116
 #define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
@@ -763,18 +610,30 @@ void ERR_load_PEM_strings(void);
 #define PEM_R_BAD_DECRYPT                                101
 #define PEM_R_BAD_END_LINE                               102
 #define PEM_R_BAD_IV_CHARS                               103
+#define PEM_R_BAD_MAGIC_NUMBER                           116
 #define PEM_R_BAD_PASSWORD_READ                          104
+#define PEM_R_BAD_VERSION_NUMBER                         117
+#define PEM_R_BIO_WRITE_FAILURE                          118
+#define PEM_R_CIPHER_IS_NULL                             127
 #define PEM_R_ERROR_CONVERTING_PRIVATE_KEY               115
+#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB                 119
+#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB                  120
+#define PEM_R_INCONSISTENT_HEADER                        121
+#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR                 122
+#define PEM_R_KEYBLOB_TOO_SHORT                          123
 #define PEM_R_NOT_DEK_INFO                               105
 #define PEM_R_NOT_ENCRYPTED                              106
 #define PEM_R_NOT_PROC_TYPE                              107
 #define PEM_R_NO_START_LINE                              108
 #define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
 #define PEM_R_PUBLIC_KEY_NO_RSA                          110
+#define PEM_R_PVK_DATA_TOO_SHORT                         124
+#define PEM_R_PVK_TOO_SHORT                              125
 #define PEM_R_READ_KEY                                   111
 #define PEM_R_SHORT_HEADER                               112
 #define PEM_R_UNSUPPORTED_CIPHER                         113
 #define PEM_R_UNSUPPORTED_ENCRYPTION                     114
+#define PEM_R_UNSUPPORTED_KEY_COMPONENTS                 126
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/crypto/pem/pem_all.c b/src/lib/libssl/src/crypto/pem/pem_all.c
index 69dd19bf2e..3e7a6093ad 100644
--- a/src/lib/libssl/src/crypto/pem/pem_all.c
+++ b/src/lib/libssl/src/crypto/pem/pem_all.c
@@ -110,7 +110,6 @@
 */
 #include <stdio.h>
-#undef SSLEAY_MACROS
 #include "cryptlib.h"
 #include <openssl/bio.h>
 #include <openssl/evp.h>
@@ -194,49 +193,7 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 #endif
-#ifdef OPENSSL_FIPS
-int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_RSA(k, x);
-        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_RSA(k, x);
-        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-#endif
-#else
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
-#endif
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
@@ -263,50 +220,10 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
 {
        EVP_PKEY *pktmp;
        pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
-        return pkey_get_dsa(pktmp, dsa);
+        return pkey_get_dsa(pktmp, dsa);        /* will free pktmp */
 }
-#ifdef OPENSSL_FIPS
-int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_DSA(k, x);
-        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_DSA(k, x);
-        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-#endif
-#else
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
-#endif
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 #ifndef OPENSSL_NO_FP_API
@@ -316,7 +233,7 @@ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
 {
        EVP_PKEY *pktmp;
        pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
-        return pkey_get_dsa(pktmp, dsa);
+        return pkey_get_dsa(pktmp, dsa);        /* will free pktmp */
 }
 #endif
@@ -347,54 +264,13 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
 {
        EVP_PKEY *pktmp;
        pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
-        return pkey_get_eckey(pktmp, key);
+        return pkey_get_eckey(pktmp, key);      /* will free pktmp */
 }
 IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
-#ifdef OPENSSL_FIPS
-int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_EC_KEY(k, x);
-        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_EC_KEY(k, x);
-        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-#endif
-#else
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
-#endif
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 #ifndef OPENSSL_NO_FP_API
@@ -404,7 +280,7 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
 {
        EVP_PKEY *pktmp;
        pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
-        return pkey_get_eckey(pktmp, eckey);
+        return pkey_get_eckey(pktmp, eckey);    /* will free pktmp */
 }
 #endif
@@ -417,66 +293,4 @@ IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 #endif
-/* The PrivateKey case is not that straightforward.
- *   IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
- * does not work, RSA and DSA keys have specific strings.
- * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
- * appropriate.)
- */
-#ifdef OPENSSL_FIPS
-static const char *pkey_str(EVP_PKEY *x)
-        {
-        switch (x->type)
-                {
-                case EVP_PKEY_RSA:
-                return PEM_STRING_RSA;
-                case EVP_PKEY_DSA:
-                return PEM_STRING_DSA;
-                case EVP_PKEY_EC:
-                return PEM_STRING_ECPRIVATEKEY;
-                default:
-                return NULL;
-                }
-        }
-int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-        {
-                if (FIPS_mode())
-                        return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
-                                                (char *)kstr, klen, cb, u);
-                else
-                        return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
-                        pkey_str(x), bp,(char *)x,enc,kstr,klen,cb,u);
-        }
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-        {
-                if (FIPS_mode())
-                        return PEM_write_PKCS8PrivateKey(fp, x, enc,
-                                                (char *)kstr, klen, cb, u);
-                else
-                        return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey,
-                        pkey_str(x), fp,(char *)x,enc,kstr,klen,cb,u);
-        }
-#endif
-#else
-IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\
-                        (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey)
-#endif
 IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/src/lib/libssl/src/crypto/pem/pem_err.c b/src/lib/libssl/src/crypto/pem/pem_err.c
index 3133563d77..d644aeedd4 100644
--- a/src/lib/libssl/src/crypto/pem/pem_err.c
+++ b/src/lib/libssl/src/crypto/pem/pem_err.c
@@ -1,6 +1,6 @@
 /* crypto/pem/pem_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,10 +70,22 @@
 static ERR_STRING_DATA PEM_str_functs[]=
        {
+{ERR_FUNC(PEM_F_B2I_DSS),       "B2I_DSS"},
+{ERR_FUNC(PEM_F_B2I_PVK_BIO),   "b2i_PVK_bio"},
+{ERR_FUNC(PEM_F_B2I_RSA),       "B2I_RSA"},
+{ERR_FUNC(PEM_F_CHECK_BITLEN_DSA),      "CHECK_BITLEN_DSA"},
+{ERR_FUNC(PEM_F_CHECK_BITLEN_RSA),      "CHECK_BITLEN_RSA"},
 {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO),       "d2i_PKCS8PrivateKey_bio"},
 {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP),        "d2i_PKCS8PrivateKey_fp"},
+{ERR_FUNC(PEM_F_DO_B2I),        "DO_B2I"},
+{ERR_FUNC(PEM_F_DO_B2I_BIO),    "DO_B2I_BIO"},
+{ERR_FUNC(PEM_F_DO_BLOB_HEADER),        "DO_BLOB_HEADER"},
 {ERR_FUNC(PEM_F_DO_PK8PKEY),    "DO_PK8PKEY"},
 {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
+{ERR_FUNC(PEM_F_DO_PVK_BODY),   "DO_PVK_BODY"},
+{ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"},
+{ERR_FUNC(PEM_F_I2B_PVK),       "I2B_PVK"},
+{ERR_FUNC(PEM_F_I2B_PVK_BIO),   "i2b_PVK_bio"},
 {ERR_FUNC(PEM_F_LOAD_IV),       "LOAD_IV"},
 {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
 {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO),     "PEM_ASN1_read_bio"},
@@ -86,6 +98,7 @@ static ERR_STRING_DATA PEM_str_functs[]=
 {ERR_FUNC(PEM_F_PEM_PK8PKEY),   "PEM_PK8PKEY"},
 {ERR_FUNC(PEM_F_PEM_READ),      "PEM_read"},
 {ERR_FUNC(PEM_F_PEM_READ_BIO),  "PEM_read_bio"},
+{ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS),       "PEM_read_bio_Parameters"},
 {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY),       "PEM_READ_BIO_PRIVATEKEY"},
 {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY),   "PEM_READ_PRIVATEKEY"},
 {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
@@ -93,6 +106,7 @@ static ERR_STRING_DATA PEM_str_functs[]=
 {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
 {ERR_FUNC(PEM_F_PEM_WRITE),     "PEM_write"},
 {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
+{ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY),  "PEM_WRITE_PRIVATEKEY"},
 {ERR_FUNC(PEM_F_PEM_X509_INFO_READ),    "PEM_X509_INFO_read"},
 {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO),        "PEM_X509_INFO_read_bio"},
 {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO),       "PEM_X509_INFO_write_bio"},
@@ -105,18 +119,30 @@ static ERR_STRING_DATA PEM_str_reasons[]=
 {ERR_REASON(PEM_R_BAD_DECRYPT)           ,"bad decrypt"},
 {ERR_REASON(PEM_R_BAD_END_LINE)          ,"bad end line"},
 {ERR_REASON(PEM_R_BAD_IV_CHARS)          ,"bad iv chars"},
+{ERR_REASON(PEM_R_BAD_MAGIC_NUMBER)      ,"bad magic number"},
 {ERR_REASON(PEM_R_BAD_PASSWORD_READ)     ,"bad password read"},
+{ERR_REASON(PEM_R_BAD_VERSION_NUMBER)    ,"bad version number"},
+{ERR_REASON(PEM_R_BIO_WRITE_FAILURE)     ,"bio write failure"},
+{ERR_REASON(PEM_R_CIPHER_IS_NULL)        ,"cipher is null"},
 {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"},
+{ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),"expecting private key blob"},
+{ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),"expecting public key blob"},
+{ERR_REASON(PEM_R_INCONSISTENT_HEADER)   ,"inconsistent header"},
+{ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),"keyblob header parse error"},
+{ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT)     ,"keyblob too short"},
 {ERR_REASON(PEM_R_NOT_DEK_INFO)          ,"not dek info"},
 {ERR_REASON(PEM_R_NOT_ENCRYPTED)         ,"not encrypted"},
 {ERR_REASON(PEM_R_NOT_PROC_TYPE)         ,"not proc type"},
 {ERR_REASON(PEM_R_NO_START_LINE)         ,"no start line"},
 {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"},
 {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA)     ,"public key no rsa"},
+{ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT)    ,"pvk data too short"},
+{ERR_REASON(PEM_R_PVK_TOO_SHORT)         ,"pvk too short"},
 {ERR_REASON(PEM_R_READ_KEY)              ,"read key"},
 {ERR_REASON(PEM_R_SHORT_HEADER)          ,"short header"},
 {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
 {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"},
+{ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),"unsupported key components"},
 {0,NULL}
        };
diff --git a/src/lib/libssl/src/crypto/pem/pem_info.c b/src/lib/libssl/src/crypto/pem/pem_info.c
index 3a273f6f70..1b2be527ed 100644
--- a/src/lib/libssl/src/crypto/pem/pem_info.c
+++ b/src/lib/libssl/src/crypto/pem/pem_info.c
@@ -98,8 +98,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pe
        long len,error=0;
        int ok=0;
        STACK_OF(X509_INFO) *ret=NULL;
-        unsigned int i,raw;
+        unsigned int i,raw,ptype;
-        d2i_of_void *d2i;
+        d2i_of_void *d2i = 0;
        if (sk == NULL)
                {
@@ -116,6 +116,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pe
        for (;;)
                {
                raw=0;
+                ptype = 0;
                i=PEM_read_bio(bp,&name,&header,&data,&len);
                if (i == 0)
                        {
@@ -166,7 +167,6 @@ start:
 #ifndef OPENSSL_NO_RSA
                        if (strcmp(name,PEM_STRING_RSA) == 0)
                        {
-                        d2i=(D2I_OF(void))d2i_RSAPrivateKey;
                        if (xi->x_pkey != NULL) 
                                {
                                if (!sk_X509_INFO_push(ret,xi)) goto err;
@@ -178,10 +178,8 @@ start:
                        xi->enc_len=0;
                        xi->x_pkey=X509_PKEY_new();
-                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+                        ptype=EVP_PKEY_RSA;
-                                goto err;
+                        pp=&xi->x_pkey->dec_pkey;
-                        xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA;
-                        pp=&(xi->x_pkey->dec_pkey->pkey.rsa);
                        if ((int)strlen(header) > 10) /* assume encrypted */
                                raw=1;
                        }
@@ -202,10 +200,8 @@ start:
                        xi->enc_len=0;
                        xi->x_pkey=X509_PKEY_new();
-                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+                        ptype = EVP_PKEY_DSA;
-                                goto err;
+                        pp=&xi->x_pkey->dec_pkey;
-                        xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA;
-                        pp=&xi->x_pkey->dec_pkey->pkey.dsa;
                        if ((int)strlen(header) > 10) /* assume encrypted */
                                raw=1;
                        }
@@ -226,10 +222,8 @@ start:
                        xi->enc_len=0;
 
                        xi->x_pkey=X509_PKEY_new();
-                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+                        ptype = EVP_PKEY_EC;
-                                goto err;
+                        pp=&xi->x_pkey->dec_pkey;
-                        xi->x_pkey->dec_pkey->type=EVP_PKEY_EC;
-                        pp=&(xi->x_pkey->dec_pkey->pkey.ec);
                        if ((int)strlen(header) > 10) /* assume encrypted */
                                raw=1;
                        }
@@ -251,7 +245,15 @@ start:
                                if (!PEM_do_header(&cipher,data,&len,cb,u))
                                        goto err;
                                p=data;
-                                if (d2i(pp,&p,len) == NULL)
+                                if (ptype)
+                                        {
+                                        if (!d2i_PrivateKey(ptype, pp, &p, len))
+                                                {
+                                                PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
+                                                goto err;
+                                                }
+                                        }
+                                else if (d2i(pp,&p,len) == NULL)
                                        {
                                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
                                        goto err;
@@ -337,6 +339,12 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
                {
                if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
                        {
+                        if (enc == NULL)
+                                {
+                                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_CIPHER_IS_NULL);
+                                goto err;
+                                }
                        /* copy from weirdo names into more normal things */
                        iv=xi->enc_cipher.iv;
                        data=(unsigned char *)xi->enc_data;
diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c
index cbafefe416..42e4861bc1 100644
--- a/src/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/src/lib/libssl/src/crypto/pem/pem_lib.c
@@ -57,6 +57,7 @@
 */
 #include <stdio.h>
+#include <ctype.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
@@ -65,9 +66,13 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
+#include "asn1_locl.h"
 #ifndef OPENSSL_NO_DES
 #include <openssl/des.h>
 #endif
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
 const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
@@ -75,6 +80,7 @@ const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
 static int load_iv(char **fromp,unsigned char *to, int num);
 static int check_pem(const char *nm, const char *name);
+int pem_check_suffix(const char *pem_str, const char *suffix);
 int PEM_def_callback(char *buf, int num, int w, void *key)
        {
@@ -99,7 +105,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
        for (;;)
                {
-                i=EVP_read_pw_string(buf,num,prompt,w);
+                i=EVP_read_pw_string_min(buf,MIN_LENGTH,num,prompt,w);
                if (i != 0)
                        {
                        PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
@@ -183,20 +189,54 @@ static int check_pem(const char *nm, const char *name)
        /* Make PEM_STRING_EVP_PKEY match any private key */
-        if(!strcmp(nm,PEM_STRING_PKCS8) &&
+        if(!strcmp(name,PEM_STRING_EVP_PKEY))
-                !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+                {
+                int slen;
-        if(!strcmp(nm,PEM_STRING_PKCS8INF) &&
+                const EVP_PKEY_ASN1_METHOD *ameth;
-                 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+                if(!strcmp(nm,PEM_STRING_PKCS8))
+                        return 1;
-        if(!strcmp(nm,PEM_STRING_RSA) &&
+                if(!strcmp(nm,PEM_STRING_PKCS8INF))
-                !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+                        return 1;
+                slen = pem_check_suffix(nm, "PRIVATE KEY"); 
+                if (slen > 0)
+                        {
+                        /* NB: ENGINE implementations wont contain
+                         * a deprecated old private key decode function
+                         * so don't look for them.
+                         */
+                        ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+                        if (ameth && ameth->old_priv_decode)
+                                return 1;
+                        }
+                return 0;
+                }
-        if(!strcmp(nm,PEM_STRING_DSA) &&
+        if(!strcmp(name,PEM_STRING_PARAMETERS))
-                 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+                {
+                int slen;
+                const EVP_PKEY_ASN1_METHOD *ameth;
+                slen = pem_check_suffix(nm, "PARAMETERS"); 
+                if (slen > 0)
+                        {
+                        ENGINE *e;
+                        ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
+                        if (ameth)
+                                {
+                                int r;
+                                if (ameth->param_decode)
+                                        r = 1;
+                                else
+                                        r = 0;
+#ifndef OPENSSL_NO_ENGINE
+                                if (e)
+                                        ENGINE_finish(e);
+#endif
+                                return r;
+                                }
+                        }
+                return 0;
+                }
-        if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) &&
-                 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
        /* Permit older strings */
        if(!strcmp(nm,PEM_STRING_X509_OLD) &&
@@ -219,6 +259,14 @@ static int check_pem(const char *nm, const char *name)
        if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
                !strcmp(name, PEM_STRING_PKCS7)) return 1;
+#ifndef OPENSSL_NO_CMS
+        if(!strcmp(nm, PEM_STRING_X509) &&
+                !strcmp(name, PEM_STRING_CMS)) return 1;
+        /* Allow CMS to be read from PKCS#7 headers */
+        if(!strcmp(nm, PEM_STRING_PKCS7) &&
+                !strcmp(name, PEM_STRING_CMS)) return 1;
+#endif
        return 0;
 }
@@ -264,7 +312,7 @@ err:
 #ifndef OPENSSL_NO_FP_API
 int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
-                   char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                   void *x, const EVP_CIPHER *enc, unsigned char *kstr,
                   int klen, pem_password_cb *callback, void *u)
        {
        BIO *b;
@@ -283,7 +331,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
 #endif
 int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
-                       char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                       void *x, const EVP_CIPHER *enc, unsigned char *kstr,
                       int klen, pem_password_cb *callback, void *u)
        {
        EVP_CIPHER_CTX ctx;
@@ -782,3 +830,25 @@ err:
        BUF_MEM_free(dataB);
        return(0);
        }
+/* Check pem string and return prefix length.
+ * If for example the pem_str == "RSA PRIVATE KEY" and suffix = "PRIVATE KEY"
+ * the return value is 3 for the string "RSA".
+ */
+int pem_check_suffix(const char *pem_str, const char *suffix)
+        {
+        int pem_len = strlen(pem_str);
+        int suffix_len = strlen(suffix);
+        const char *p;
+        if (suffix_len + 1 >= pem_len)
+                return 0;
+        p = pem_str + pem_len - suffix_len;
+        if (strcmp(p, suffix))
+                return 0;
+        p--;
+        if (*p != ' ')
+                return 0;
+        return p - pem_str;
+        }
diff --git a/src/lib/libssl/src/crypto/pem/pem_pkey.c b/src/lib/libssl/src/crypto/pem/pem_pkey.c
index 4da4c31ce5..8ecf24903b 100644
--- a/src/lib/libssl/src/crypto/pem/pem_pkey.c
+++ b/src/lib/libssl/src/crypto/pem/pem_pkey.c
@@ -65,7 +65,12 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs12.h>
 #include <openssl/pem.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include "asn1_locl.h"
+int pem_check_suffix(const char *pem_str, const char *suffix);
 EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
        {
@@ -73,19 +78,14 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
        const unsigned char *p=NULL;
        unsigned char *data=NULL;
        long len;
+        int slen;
        EVP_PKEY *ret=NULL;
        if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
                return NULL;
        p = data;
-        if (strcmp(nm,PEM_STRING_RSA) == 0)
+        if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
-                ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len);
-        else if (strcmp(nm,PEM_STRING_DSA) == 0)
-                ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);
-        else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0)
-                ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len);
-        else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
                PKCS8_PRIV_KEY_INFO *p8inf;
                p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
                if(!p8inf) goto p8err;
@@ -119,7 +119,14 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
                        *x = ret;
                }
                PKCS8_PRIV_KEY_INFO_free(p8inf);
-        }
+        } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0)
+                {
+                const EVP_PKEY_ASN1_METHOD *ameth;
+                ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+                if (!ameth || !ameth->old_priv_decode)
+                        goto p8err;
+                ret=d2i_PrivateKey(ameth->pkey_id,x,&p,len);
+                }
 p8err:
        if (ret == NULL)
                PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);
@@ -130,6 +137,74 @@ err:
        return(ret);
        }
+int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+        {
+        char pem_str[80];
+        if (!x->ameth || x->ameth->priv_encode)
+                return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
+                                                        (char *)kstr, klen,
+                                                        cb, u);
+        BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
+                                pem_str,bp,x,enc,kstr,klen,cb,u);
+        }
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
+        {
+        char *nm=NULL;
+        const unsigned char *p=NULL;
+        unsigned char *data=NULL;
+        long len;
+        int slen;
+        EVP_PKEY *ret=NULL;
+        if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS,
+                                                                bp, 0, NULL))
+                return NULL;
+        p = data;
+        if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0)
+                {
+                ret = EVP_PKEY_new();
+                if (!ret)
+                        goto err;
+                if (!EVP_PKEY_set_type_str(ret, nm, slen)
+                        || !ret->ameth->param_decode
+                        || !ret->ameth->param_decode(ret, &p, len))
+                        {
+                        EVP_PKEY_free(ret);
+                        ret = NULL;
+                        goto err;
+                        }
+                if(x)
+                        {
+                        if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
+                        *x = ret;
+                        }
+                }
+err:
+        if (ret == NULL)
+                PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS,ERR_R_ASN1_LIB);
+        OPENSSL_free(nm);
+        OPENSSL_free(data);
+        return(ret);
+        }
+int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
+        {
+        char pem_str[80];
+        if (!x->ameth || !x->ameth->param_encode)
+                return 0;
+        BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str);
+        return PEM_ASN1_write_bio(
+                (i2d_of_void *)x->ameth->param_encode,
+                                pem_str,bp,x,NULL,NULL,0,0,NULL);
+        }
 #ifndef OPENSSL_NO_FP_API
 EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
        {
@@ -146,4 +221,22 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void
        BIO_free(b);
        return(ret);
        }
+int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new_fp(fp, BIO_NOCLOSE)) == NULL)
+                {
+                PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY,ERR_R_BUF_LIB);
+                return 0;
+                }
+        ret=PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
+        BIO_free(b);
+        return ret;
+        }
 #endif
diff --git a/src/lib/libssl/src/crypto/pem/pem_seal.c b/src/lib/libssl/src/crypto/pem/pem_seal.c
index 4e554e5481..59690b56ae 100644
--- a/src/lib/libssl/src/crypto/pem/pem_seal.c
+++ b/src/lib/libssl/src/crypto/pem/pem_seal.c
@@ -100,7 +100,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
        EVP_CIPHER_CTX_init(&ctx->cipher);
        ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
-        if (!ret) goto err;
+        if (ret <= 0) goto err;
        /* base64 encode the keys */
        for (i=0; i<npubk; i++)
diff --git a/src/lib/libssl/src/crypto/pem/pem_x509.c b/src/lib/libssl/src/crypto/pem/pem_x509.c
index 3f709f13e6..b531057dc9 100644
--- a/src/lib/libssl/src/crypto/pem/pem_x509.c
+++ b/src/lib/libssl/src/crypto/pem/pem_x509.c
@@ -57,7 +57,6 @@
 */
 #include <stdio.h>
-#undef SSLEAY_MACROS
 #include "cryptlib.h"
 #include <openssl/bio.h>
 #include <openssl/evp.h>
diff --git a/src/lib/libssl/src/crypto/pem/pem_xaux.c b/src/lib/libssl/src/crypto/pem/pem_xaux.c
index 7cc7491009..328f796200 100644
--- a/src/lib/libssl/src/crypto/pem/pem_xaux.c
+++ b/src/lib/libssl/src/crypto/pem/pem_xaux.c
@@ -57,7 +57,6 @@
 */
 #include <stdio.h>
-#undef SSLEAY_MACROS
 #include "cryptlib.h"
 #include <openssl/bio.h>
 #include <openssl/evp.h>
diff --git a/src/lib/libssl/src/crypto/perlasm/x86asm.pl b/src/lib/libssl/src/crypto/perlasm/x86asm.pl
index 5979122158..28080caaa6 100644
--- a/src/lib/libssl/src/crypto/perlasm/x86asm.pl
+++ b/src/lib/libssl/src/crypto/perlasm/x86asm.pl
@@ -1,130 +1,207 @@
-#!/usr/local/bin/perl
+#!/usr/bin/env perl
 # require 'x86asm.pl';
-# &asm_init("cpp","des-586.pl");
+# &asm_init(<flavor>,"des-586.pl"[,$i386only]);
-# XXX
+# &function_begin("foo");
-# XXX
+# ...
-# main'asm_finish
+# &function_end("foo");
+# &asm_finish
-sub main'asm_finish
-        {
+$out=();
-        &file_end();
+$i386=0;
-        &asm_finish_cpp() if $cpp;
-        print &asm_get_output();
+# AUTOLOAD is this context has quite unpleasant side effect, namely
-        }
+# that typos in function calls effectively go to assembler output,
+# but on the pros side we don't have to implement one subroutine per
-sub main'asm_init
+# each opcode...
-        {
+sub ::AUTOLOAD
-        ($type,$fn,$i386)=@_;
+{ my $opcode = $AUTOLOAD;
-        $filename=$fn;
+    die "more than 4 arguments passed to $opcode" if ($#_>3);
-        $elf=$cpp=$coff=$aout=$win32=$netware=$mwerks=0;
-        if (    ($type eq "elf"))
+    $opcode =~ s/.*:://;
-                { $elf=1; require "x86unix.pl"; }
+    if    ($opcode =~ /^push/) { $stack+=4; }
-        elsif ( ($type eq "a.out"))
+    elsif ($opcode =~ /^pop/)  { $stack-=4; }
-                { $aout=1; require "x86unix.pl"; }
-        elsif ( ($type eq "coff" or $type eq "gaswin"))
+    &generic($opcode,@_) or die "undefined subroutine \&$AUTOLOAD";
-                { $coff=1; require "x86unix.pl"; }
+}
-        elsif ( ($type eq "cpp"))
-                { $cpp=1; require "x86unix.pl"; }
+sub ::emit
-        elsif ( ($type eq "win32"))
+{ my $opcode=shift;
-                { $win32=1; require "x86ms.pl"; }
-        elsif ( ($type eq "win32n"))
+    if ($#_==-1)    { push(@out,"\t$opcode\n");                         }
-                { $win32=1; require "x86nasm.pl"; }
+    else            { push(@out,"\t$opcode\t".join(',',@_)."\n");       }
-        elsif ( ($type eq "nw-nasm"))
+}
-                { $netware=1; require "x86nasm.pl"; }
-        elsif ( ($type eq "nw-mwasm"))
+sub ::LB
-                { $netware=1; $mwerks=1; require "x86nasm.pl"; }
+{   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'low byte'";
-        else
+  $1."l";
-                {
+}
-                print STDERR <<"EOF";
+sub ::HB
+{   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'high byte'";
+  $1."h";
+}
+sub ::stack_push{ my $num=$_[0]*4; $stack+=$num; &sub("esp",$num);      }
+sub ::stack_pop { my $num=$_[0]*4; $stack-=$num; &add("esp",$num);      }
+sub ::blindpop  { &pop($_[0]); $stack+=4;                               }
+sub ::wparam    { &DWP($stack+4*$_[0],"esp");                           }
+sub ::swtmp     { &DWP(4*$_[0],"esp");                                  }
+sub ::bswap
+{   if ($i386)  # emulate bswap for i386
+    {   &comment("bswap @_");
+        &xchg(&HB(@_),&LB(@_));
+        &ror (@_,16);
+        &xchg(&HB(@_),&LB(@_));
+    }
+    else
+    {   &generic("bswap",@_);   }
+}
+# These are made-up opcodes introduced over the years essentially
+# by ignorance, just alias them to real ones...
+sub ::movb      { &mov(@_);     }
+sub ::xorb      { &xor(@_);     }
+sub ::rotl      { &rol(@_);     }
+sub ::rotr      { &ror(@_);     }
+sub ::exch      { &xchg(@_);    }
+sub ::halt      { &hlt;         }
+sub ::movz      { &movzx(@_);   }
+sub ::pushf     { &pushfd;      }
+sub ::popf      { &popfd;       }
+# 3 argument instructions
+sub ::movq
+{ my($p1,$p2,$optimize)=@_;
+    if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)
+    # movq between mmx registers can sink Intel CPUs
+    {   &::pshufw($p1,$p2,0xe4);                }
+    else
+    {   &::generic("movq",@_);                  }
+}
+# label management
+$lbdecor="L";           # local label decoration, set by package
+$label="000";
+sub ::islabel           # see is argument is a known label
+{ my $i;
+    foreach $i (values %label) { return $i if ($i eq $_[0]); }
+  $label{$_[0]};        # can be undef
+}
+sub ::label             # instantiate a function-scope label
+{   if (!defined($label{$_[0]}))
+    {   $label{$_[0]}="${lbdecor}${label}${_[0]}"; $label++;   }
+  $label{$_[0]};
+}
+sub ::LABEL             # instantiate a file-scope label
+{   $label{$_[0]}=$_[1] if (!defined($label{$_[0]}));
+  $label{$_[0]};
+}
+sub ::static_label      { &::LABEL($_[0],$lbdecor.$_[0]); }
+sub ::set_label_B       { push(@out,"@_:\n"); }
+sub ::set_label
+{ my $label=&::label($_[0]);
+    &::align($_[1]) if ($_[1]>1);
+    &::set_label_B($label);
+  $label;
+}
+sub ::wipe_labels       # wipes function-scope labels
+{   foreach $i (keys %label)
+    {   delete $label{$i} if ($label{$i} =~ /^\Q${lbdecor}\E[0-9]{3}/); }
+}
+# subroutine management
+sub ::function_begin
+{   &function_begin_B(@_);
+    $stack=4;
+    &push("ebp");
+    &push("ebx");
+    &push("esi");
+    &push("edi");
+}
+sub ::function_end
+{   &pop("edi");
+    &pop("esi");
+    &pop("ebx");
+    &pop("ebp");
+    &ret();
+    &function_end_B(@_);
+    $stack=0;
+    &wipe_labels();
+}
+sub ::function_end_A
+{   &pop("edi");
+    &pop("esi");
+    &pop("ebx");
+    &pop("ebp");
+    &ret();
+    $stack+=16; # readjust esp as if we didn't pop anything
+}
+sub ::asciz
+{ my @str=unpack("C*",shift);
+    push @str,0;
+    while ($#str>15) {
+        &data_byte(@str[0..15]);
+        foreach (0..15) { shift @str; }
+    }
+    &data_byte(@str) if (@str);
+}
+sub ::asm_finish
+{   &file_end();
+    print @out;
+}
+sub ::asm_init
+{ my ($type,$fn,$cpu)=@_;
+    $filename=$fn;
+    $i386=$cpu;
+    $elf=$cpp=$coff=$aout=$macosx=$win32=$netware=$mwerks=0;
+    if    (($type eq "elf"))
+    {   $elf=1;                 require "x86gas.pl";    }
+    elsif (($type eq "a\.out"))
+    {   $aout=1;                require "x86gas.pl";    }
+    elsif (($type eq "coff" or $type eq "gaswin"))
+    {   $coff=1;                require "x86gas.pl";    }
+    elsif (($type eq "win32n"))
+    {   $win32=1;               require "x86nasm.pl";   }
+    elsif (($type eq "nw-nasm"))
+    {   $netware=1;             require "x86nasm.pl";   }
+    #elsif (($type eq "nw-mwasm"))
+    #{  $netware=1; $mwerks=1;  require "x86nasm.pl";   }
+    elsif (($type eq "win32"))
+    {   $win32=1;               require "x86masm.pl";   }
+    elsif (($type eq "macosx"))
+    {   $aout=1; $macosx=1;     require "x86gas.pl";    }
+    else
+    {   print STDERR <<"EOF";
 Pick one target type from
        elf     - Linux, FreeBSD, Solaris x86, etc.
-        a.out   - OpenBSD, DJGPP, etc.
+        a.out   - DJGPP, elder OpenBSD, etc.
        coff    - GAS/COFF such as Win32 targets
-        win32   - Windows 95/Windows NT
        win32n  - Windows 95/Windows NT NASM format
        nw-nasm - NetWare NASM format
-        nw-mwasm- NetWare Metrowerks Assembler
+        macosx  - Mac OS X
 EOF
-                exit(1);
+        exit(1);
-                }
+    }
-        $pic=0;
+    $pic=0;
-        for (@ARGV) {   $pic=1 if (/\-[fK]PIC/i);       }
+    for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); }
-        &asm_init_output();
+    $filename =~ s/\.pl$//;
+    &file($filename);
-&comment("Don't even think of reading this code");
+}
-&comment("It was automatically generated by $filename");
-&comment("Which is a perl program used to generate the x86 assember for");
-&comment("any of ELF, a.out, COFF, Win32, ...");
-&comment("eric <eay\@cryptsoft.com>");
-&comment("");
-        $filename =~ s/\.pl$//;
-        &file($filename);
-        }
-sub asm_finish_cpp
-        {
-        return unless $cpp;
-        local($tmp,$i);
-        foreach $i (&get_labels())
-                {
-                $tmp.="#define $i _$i\n";
-                }
-        print <<"EOF";
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-#if defined(OUT) || (defined(BSDI) && !defined(ELF))
-$tmp
-#endif
-#ifdef OUT
-#define OK      1
-#define ALIGN   4
-#if defined(__CYGWIN__) || defined(__DJGPP__) || (__MINGW32__)
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)       .def a; .scl 2; .type 32; .endef
-#endif /* __CYGWIN || __DJGPP */
-#endif
-#if defined(BSDI) && !defined(ELF)
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-/* Let the Assembler begin :-) */
-EOF
-        }
 1;
diff --git a/src/lib/libssl/src/crypto/perlasm/x86nasm.pl b/src/lib/libssl/src/crypto/perlasm/x86nasm.pl
index fa38f89c09..ce2bed9bb2 100644
--- a/src/lib/libssl/src/crypto/perlasm/x86nasm.pl
+++ b/src/lib/libssl/src/crypto/perlasm/x86nasm.pl
@@ -1,455 +1,166 @@
-#!/usr/local/bin/perl
+#!/usr/bin/env perl
 package x86nasm;
-$label="L000";
+*out=\@::out;
-$under=($main'netware)?'':'_';
-%lb=(   'eax',  'al',
+$::lbdecor="L\$";               # local label decoration
-        'ebx',  'bl',
+$nmdecor=$::netware?"":"_";     # external name decoration
-        'ecx',  'cl',
+$drdecor=$::mwerks?".":"";      # directive decoration
-        'edx',  'dl',
-        'ax',   'al',
-        'bx',   'bl',
-        'cx',   'cl',
-        'dx',   'dl',
-        );
-%hb=(   'eax',  'ah',
+$initseg="";
-        'ebx',  'bh',
-        'ecx',  'ch',
-        'edx',  'dh',
-        'ax',   'ah',
-        'bx',   'bh',
-        'cx',   'ch',
-        'dx',   'dh',
-        );
-sub main'asm_init_output { @out=(); }
+sub ::generic
-sub main'asm_get_output { return(@out); }
+{ my $opcode=shift;
-sub main'get_labels { return(@labels); }
+  my $tmp;
-sub main'external_label
+    if (!$::mwerks)
-{
+    {   if    ($opcode =~ m/^j/o && $#_==0) # optimize jumps
-        push(@labels,@_);
+        {   $_[0] = "NEAR $_[0]";       }
-        foreach (@_) {
+        elsif ($opcode eq "lea" && $#_==1)  # wipe storage qualifier from lea
-                push(@out,".") if ($main'mwerks);
+        {   $_[1] =~ s/^[^\[]*\[/\[/o;  }
-                push(@out, "extern\t${under}$_\n");
+    }
-        }
+    &::emit($opcode,@_);
+  1;
 }
+#
-sub main'LB
+# opcodes not covered by ::generic above, mostly inconsistent namings...
-        {
+#
-        (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+sub ::call      { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
-        return($lb{$_[0]});
+sub ::call_ptr  { &::emit("call",@_);   }
-        }
+sub ::jmp_ptr   { &::emit("jmp",@_);    }
-sub main'HB
-        {
-        (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
-        return($hb{$_[0]});
-        }
-sub main'BP
-        {
-        &get_mem("BYTE",@_);
-        }
-sub main'DWP
-        {
-        &get_mem("DWORD",@_);
-        }
-sub main'QWP
-        {
-        &get_mem("",@_);
-        }
-sub main'BC
-        {
-        return (($main'mwerks)?"":"BYTE ")."@_";
-        }
-sub main'DWC
-        {
-        return (($main'mwerks)?"":"DWORD ")."@_";
-        }
-sub main'stack_push
-        {
-        my($num)=@_;
-        $stack+=$num*4;
-        &main'sub("esp",$num*4);
-        }
-sub main'stack_pop
-        {
-        my($num)=@_;
-        $stack-=$num*4;
-        &main'add("esp",$num*4);
-        }
 sub get_mem
-        {
+{ my($size,$addr,$reg1,$reg2,$idx)=@_;
-        my($size,$addr,$reg1,$reg2,$idx)=@_;
+  my($post,$ret);
-        my($t,$post);
-        my($ret)=$size;
+    if ($size ne "")
-        if ($ret ne "")
+    {   $ret .= "$size";
-                {
+        $ret .= " PTR" if ($::mwerks);
-                $ret .= " PTR" if ($main'mwerks);
+        $ret .= " ";
-                $ret .= " ";
+    }
-                }
+    $ret .= "[";
-        $ret .= "[";
-        $addr =~ s/^\s+//;
+    $addr =~ s/^\s+//;
-        if ($addr =~ /^(.+)\+(.+)$/)
+    # prepend global references with optional underscore
-                {
+    $addr =~ s/^([^\+\-0-9][^\+\-]*)/::islabel($1) or "$nmdecor$1"/ige;
-                $reg2=&conv($1);
+    # put address arithmetic expression in parenthesis
-                $addr="$under$2";
+    $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
-                }
-        elsif ($addr =~ /^[_a-z][_a-z0-9]*$/i)
+    if (($addr ne "") && ($addr ne 0))
-                {
+    {   if ($addr !~ /^-/)      { $ret .= "$addr+"; }
-                $addr="$under$addr";
+        else                    { $post=$addr;      }
-                }
+    }
-        if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; }
+    if ($reg2 ne "")
+    {   $idx!=0 or $idx=1;
-        $reg1="$regs{$reg1}" if defined($regs{$reg1});
+        $ret .= "$reg2*$idx";
-        $reg2="$regs{$reg2}" if defined($regs{$reg2});
+        $ret .= "+$reg1" if ($reg1 ne "");
-        if (($addr ne "") && ($addr ne 0))
+    }
-                {
+    else
-                if ($addr !~ /^-/)
+    {   $ret .= "$reg1";   }
-                        { $ret.="${addr}+"; }
-                else    { $post=$addr; }
+    $ret .= "$post]";
-                }
+    $ret =~ s/\+\]/]/; # in case $addr was the only argument
-        if ($reg2 ne "")
-                {
+  $ret;
-                $t="";
+}
-                $t="*$idx" if ($idx != 0);
+sub ::BP        { &get_mem("BYTE",@_);  }
-                $reg1="+".$reg1 if ("$reg1$post" ne "");
+sub ::DWP       { &get_mem("DWORD",@_); }
-                $ret.="$reg2$t$reg1$post]";
+sub ::QWP       { &get_mem("",@_);      }
-                }
+sub ::BC        { (($::mwerks)?"":"BYTE ")."@_";  }
-        else
+sub ::DWC       { (($::mwerks)?"":"DWORD ")."@_"; }
-                {
-                $ret.="$reg1$post]"
+sub ::file
-                }
+{   if ($::mwerks)      { push(@out,".section\t.text,64\n"); }
-        $ret =~ s/\+\]/]/; # in case $addr was the only argument
+    else
-        return($ret);
+    { my $tmp=<<___;
-        }
+%ifidn __OUTPUT_FORMAT__,obj
+section code    use32 class=code align=64
-sub main'mov    { &out2("mov",@_); }
+%elifidn __OUTPUT_FORMAT__,win32
-sub main'movb   { &out2("mov",@_); }
+\$\@feat.00 equ 1
-sub main'and    { &out2("and",@_); }
+section .text   code align=64
-sub main'or     { &out2("or",@_); }
-sub main'shl    { &out2("shl",@_); }
-sub main'shr    { &out2("shr",@_); }
-sub main'xor    { &out2("xor",@_); }
-sub main'xorb   { &out2("xor",@_); }
-sub main'add    { &out2("add",@_); }
-sub main'adc    { &out2("adc",@_); }
-sub main'sub    { &out2("sub",@_); }
-sub main'sbb    { &out2("sbb",@_); }
-sub main'rotl   { &out2("rol",@_); }
-sub main'rotr   { &out2("ror",@_); }
-sub main'exch   { &out2("xchg",@_); }
-sub main'cmp    { &out2("cmp",@_); }
-sub main'lea    { &out2("lea",@_); }
-sub main'mul    { &out1("mul",@_); }
-sub main'imul   { &out2("imul",@_); }
-sub main'div    { &out1("div",@_); }
-sub main'dec    { &out1("dec",@_); }
-sub main'inc    { &out1("inc",@_); }
-sub main'jmp    { &out1("jmp",@_); }
-sub main'jmp_ptr { &out1p("jmp",@_); }
-# This is a bit of a kludge: declare all branches as NEAR.
-$near=($main'mwerks)?'':'NEAR';
-sub main'je     { &out1("je $near",@_); }
-sub main'jle    { &out1("jle $near",@_); }
-sub main'jz     { &out1("jz $near",@_); }
-sub main'jge    { &out1("jge $near",@_); }
-sub main'jl     { &out1("jl $near",@_); }
-sub main'ja     { &out1("ja $near",@_); }
-sub main'jae    { &out1("jae $near",@_); }
-sub main'jb     { &out1("jb $near",@_); }
-sub main'jbe    { &out1("jbe $near",@_); }
-sub main'jc     { &out1("jc $near",@_); }
-sub main'jnc    { &out1("jnc $near",@_); }
-sub main'jnz    { &out1("jnz $near",@_); }
-sub main'jne    { &out1("jne $near",@_); }
-sub main'jno    { &out1("jno $near",@_); }
-sub main'push   { &out1("push",@_); $stack+=4; }
-sub main'pop    { &out1("pop",@_); $stack-=4; }
-sub main'pushf  { &out0("pushfd"); $stack+=4; }
-sub main'popf   { &out0("popfd"); $stack-=4; }
-sub main'bswap  { &out1("bswap",@_); &using486(); }
-sub main'not    { &out1("not",@_); }
-sub main'call   { &out1("call",($_[0]=~/^\@L/?'':$under).$_[0]); }
-sub main'call_ptr { &out1p("call",@_); }
-sub main'ret    { &out0("ret"); }
-sub main'nop    { &out0("nop"); }
-sub main'test   { &out2("test",@_); }
-sub main'bt     { &out2("bt",@_); }
-sub main'leave  { &out0("leave"); }
-sub main'cpuid  { &out0("cpuid"); }
-sub main'rdtsc  { &out0("rdtsc"); }
-sub main'halt   { &out0("hlt"); }
-sub main'movz   { &out2("movzx",@_); }
-sub main'neg    { &out1("neg",@_); }
-sub main'cld    { &out0("cld"); }
-# SSE2
-sub main'emms   { &out0("emms"); }
-sub main'movd   { &out2("movd",@_); }
-sub main'movq   { &out2("movq",@_); }
-sub main'movdqu { &out2("movdqu",@_); }
-sub main'movdqa { &out2("movdqa",@_); }
-sub main'movdq2q{ &out2("movdq2q",@_); }
-sub main'movq2dq{ &out2("movq2dq",@_); }
-sub main'paddq  { &out2("paddq",@_); }
-sub main'pmuludq{ &out2("pmuludq",@_); }
-sub main'psrlq  { &out2("psrlq",@_); }
-sub main'psllq  { &out2("psllq",@_); }
-sub main'pxor   { &out2("pxor",@_); }
-sub main'por    { &out2("por",@_); }
-sub main'pand   { &out2("pand",@_); }
-sub out2
-        {
-        my($name,$p1,$p2)=@_;
-        my($l,$t);
-        push(@out,"\t$name\t");
-        if (!$main'mwerks and $name eq "lea")
-                {
-                $p1 =~ s/^[^\[]*\[/\[/;
-                $p2 =~ s/^[^\[]*\[/\[/;
-                }
-        $t=&conv($p1).",";
-        $l=length($t);
-        push(@out,$t);
-        $l=4-($l+9)/8;
-        push(@out,"\t" x $l);
-        push(@out,&conv($p2));
-        push(@out,"\n");
-        }
-sub out0
-        {
-        my($name)=@_;
-        push(@out,"\t$name\n");
-        }
-sub out1
-        {
-        my($name,$p1)=@_;
-        my($l,$t);
-        push(@out,"\t$name\t".&conv($p1)."\n");
-        }
-sub conv
-        {
-        my($p)=@_;
-        $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
-        return $p;
-        }
-sub using486
-        {
-        return if $using486;
-        $using486++;
-        grep(s/\.386/\.486/,@out);
-        }
-sub main'file
-        {
-        if ($main'mwerks)       { push(@out,".section\t.text\n"); }
-        else    {
-                local $tmp=<<___;
-%ifdef __omf__
-section code    use32 class=code
 %else
-section .text
+section .text   code
 %endif
 ___
-                push(@out,$tmp);
-                }
-        }
-sub main'function_begin
-        {
-        my($func,$extra)=@_;
-        push(@labels,$func);
-        push(@out,".") if ($main'mwerks);
-        my($tmp)=<<"EOF";
-global  $under$func
-$under$func:
-        push    ebp
-        push    ebx
-        push    esi
-        push    edi
-EOF
-        push(@out,$tmp);
-        $stack=20;
-        }
-sub main'function_begin_B
-        {
-        my($func,$extra)=@_;
-        push(@out,".") if ($main'mwerks);
-        my($tmp)=<<"EOF";
-global  $under$func
-$under$func:
-EOF
-        push(@out,$tmp);
-        $stack=4;
-        }
-sub main'function_end
-        {
-        my($func)=@_;
-        my($tmp)=<<"EOF";
-        pop     edi
-        pop     esi
-        pop     ebx
-        pop     ebp
-        ret
-EOF
        push(@out,$tmp);
-        $stack=0;
+    }
-        %label=();
+}
-        }
-sub main'function_end_B
-        {
-        $stack=0;
-        %label=();
-        }
-sub main'function_end_A
-        {
-        my($func)=@_;
-        my($tmp)=<<"EOF";
-        pop     edi
-        pop     esi
-        pop     ebx
-        pop     ebp
-        ret
-EOF
-        push(@out,$tmp);
-        }
-sub main'file_end
-        {
-        }
-sub main'wparam
-        {
-        my($num)=@_;
-        return(&main'DWP($stack+$num*4,"esp","",0));
-        }
-sub main'swtmp
+sub ::function_begin_B
-        {
+{ my $func=shift;
-        return(&main'DWP($_[0]*4,"esp","",0));
+  my $global=($func !~ /^_/);
-        }
+  my $begin="${::lbdecor}_${func}_begin";
-# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+    $begin =~ s/^\@/./ if ($::mwerks);  # the torture never stops
-#sub main'wtmp
-#       {
-#       my($num)=@_;
-#
-#       return(&main'DWP(-(($num+1)*4),"esp","",0));
-#       }
-sub main'comment
+    &::LABEL($func,$global?"$begin":"$nmdecor$func");
-        {
+    $func=$nmdecor.$func;
-        foreach (@_)
-                {
-                push(@out,"\t; $_\n");
-                }
-        }
-sub main'public_label
+    push(@out,"${drdecor}global $func\n")       if ($global);
-        {
+    push(@out,"${drdecor}align  16\n");
-        $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]}));
+    push(@out,"$func:\n");
-        push(@out,".") if ($main'mwerks);
+    push(@out,"$begin:\n")                      if ($global);
-        push(@out,"global\t$label{$_[0]}\n");
+    $::stack=4;
-        }
+}
-sub main'label
+sub ::function_end_B
-        {
+{   $::stack=0;
-        if (!defined($label{$_[0]}))
+    &::wipe_labels();
-                {
+}
-                $label{$_[0]}="\@${label}${_[0]}";
-                $label++;
-                }
-        return($label{$_[0]});
-        }
-sub main'set_label
+sub ::file_end
-        {
+{   if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
-        if (!defined($label{$_[0]}))
+    {   my $comm=<<___;
-                {
+${drdecor}segment       .bss
-                $label{$_[0]}="\@${label}${_[0]}";
+${drdecor}common        ${nmdecor}OPENSSL_ia32cap_P 4
-                $label++;
+___
-                }
+        # comment out OPENSSL_ia32cap_P declarations
-        if ($_[1]!=0 && $_[1]>1)
+        grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out;
-                {
+        push (@out,$comm)
-                main'align($_[1]);
+    }
-                }
+    push (@out,$initseg) if ($initseg);         
-        push(@out,"$label{$_[0]}:\n");
+}
-        }
-sub main'data_byte
+sub ::comment {   foreach (@_) { push(@out,"\t; $_\n"); }   }
-        {
-        push(@out,(($main'mwerks)?".byte\t":"DB\t").join(',',@_)."\n");
-        }
-sub main'data_word
+sub ::external_label
-        {
+{   foreach(@_)
-        push(@out,(($main'mwerks)?".long\t":"DD\t").join(',',@_)."\n");
+    {   push(@out,"${drdecor}extern\t".&::LABEL($_,$nmdecor.$_)."\n");   }
-        }
+}
-sub main'align
+sub ::public_label
-        {
+{   push(@out,"${drdecor}global\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");  }
-        push(@out,".") if ($main'mwerks);
-        push(@out,"align\t$_[0]\n");
-        }
-sub out1p
+sub ::data_byte
-        {
+{   push(@out,(($::mwerks)?".byte\t":"db\t").join(',',@_)."\n");        }
-        my($name,$p1)=@_;
-        my($l,$t);
-        push(@out,"\t$name\t".&conv($p1)."\n");
+sub ::data_word
-        }
+{   push(@out,(($::mwerks)?".long\t":"dd\t").join(',',@_)."\n");        }
-sub main'picmeup
+sub ::align
-        {
+{   push(@out,"${drdecor}align\t$_[0]\n");      }
-        local($dst,$sym)=@_;
-        &main'lea($dst,&main'DWP($sym));
-        }
-sub main'blindpop { &out1("pop",@_); }
+sub ::picmeup
+{ my($dst,$sym)=@_;
+    &::lea($dst,&::DWP($sym));
+}
-sub main'initseg
+sub ::initseg
-        {
+{ my $f=$nmdecor.shift;
-        local($f)=@_;
+    if ($::win32)
-        if ($main'win32)
+    {   $initseg=<<___;
-                {
+segment .CRT\$XCU data align=4
-                local($tmp)=<<___;
+extern  $f
-segment .CRT\$XCU data
+dd      $f
-extern  $under$f
-DD      $under$f
 ___
-                push(@out,$tmp);
+    }
-                }
+}
-        }
+sub ::dataseg
+{   if ($mwerks)        { push(@out,".section\t.data,4\n");   }
+    else                { push(@out,"section\t.data align=4\n"); }
+}
 1;
diff --git a/src/lib/libssl/src/crypto/pkcs12/Makefile b/src/lib/libssl/src/crypto/pkcs12/Makefile
index eed226b30d..3a7498fe7a 100644
--- a/src/lib/libssl/src/crypto/pkcs12/Makefile
+++ b/src/lib/libssl/src/crypto/pkcs12/Makefile
@@ -39,7 +39,7 @@ test:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -85,37 +85,36 @@ p12_add.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_add.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_add.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_add.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_add.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_add.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_add.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_add.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_add.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_add.c
-p12_add.o: ../cryptlib.h p12_add.c
 p12_asn.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p12_asn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p12_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p12_asn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_asn.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_asn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p12_asn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-p12_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_asn.c
+p12_asn.o: ../cryptlib.h p12_asn.c
 p12_attr.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_attr.o: ../../include/openssl/opensslconf.h
 p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -127,9 +126,9 @@ p12_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_crpt.o: ../../include/openssl/opensslconf.h
 p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -141,23 +140,22 @@ p12_crt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_crt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_crt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_crt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_crt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_crt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_crt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_crt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crt.c
-p12_crt.o: ../cryptlib.h p12_crt.c
 p12_decr.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_decr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_decr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_decr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_decr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_decr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_decr.o: ../../include/openssl/opensslconf.h
 p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -169,9 +167,9 @@ p12_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_init.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_init.o: ../../include/openssl/opensslconf.h
 p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -184,22 +182,22 @@ p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p12_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p12_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p12_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p12_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_key.c
+p12_key.o: ../cryptlib.h p12_key.c
 p12_kiss.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_kiss.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_kiss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_kiss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_kiss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_kiss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_kiss.o: ../../include/openssl/opensslconf.h
 p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -211,10 +209,9 @@ p12_mutl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_mutl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_mutl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_mutl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_mutl.o: ../../include/openssl/opensslconf.h
 p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
@@ -226,9 +223,8 @@ p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p12_npas.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_npas.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_npas.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_npas.o: ../../include/openssl/opensslconf.h
 p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
@@ -241,53 +237,50 @@ p12_p8d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_p8d.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_p8d.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_p8d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_p8d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_p8d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_p8d.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_p8d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_p8d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8d.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_p8d.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8d.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8d.c
-p12_p8d.o: ../cryptlib.h p12_p8d.c
 p12_p8e.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_p8e.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_p8e.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_p8e.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_p8e.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_p8e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_p8e.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_p8e.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_p8e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_p8e.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_p8e.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8e.c
-p12_p8e.o: ../cryptlib.h p12_p8e.c
 p12_utl.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_utl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_utl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_utl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_utl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_utl.c
-p12_utl.o: ../cryptlib.h p12_utl.c
 pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk12err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk12err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk12err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pk12err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pk12err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pk12err.o: ../../include/openssl/x509_vfy.h pk12err.c
+pk12err.o: pk12err.c
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_add.c b/src/lib/libssl/src/crypto/pkcs12/p12_add.c
index 1f3e378f5c..27ac5facfa 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_add.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_add.c
@@ -106,6 +106,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
             PKCS8_PRIV_KEY_INFO *p8)
 {
        PKCS12_SAFEBAG *bag;
+        const EVP_CIPHER *pbe_ciph;
        /* Set up the safe bag */
        if (!(bag = PKCS12_SAFEBAG_new())) {
@@ -114,8 +115,14 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
        }
        bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+        pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+        if (pbe_ciph)
+                pbe_nid = -1;
        if (!(bag->value.shkeybag = 
-          PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
+          PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
                                                                         p8))) {
                PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
                return NULL;
@@ -164,6 +171,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
 {
        PKCS7 *p7;
        X509_ALGOR *pbe;
+        const EVP_CIPHER *pbe_ciph;
        if (!(p7 = PKCS7_new())) {
                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
                return NULL;
@@ -173,7 +181,15 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
                                PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
                return NULL;
        }
-        if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
+        pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+        if (pbe_ciph)
+                pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
+        else
+                pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+        if (!pbe) {
                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_attr.c b/src/lib/libssl/src/crypto/pkcs12/p12_attr.c
index 68d6c5ad15..e4d9c25647 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_attr.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_attr.c
@@ -139,7 +139,7 @@ char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
        ASN1_TYPE *atype;
        if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;
        if (atype->type != V_ASN1_BMPSTRING) return NULL;
-        return uni2asc(atype->value.bmpstring->data,
+        return OPENSSL_uni2asc(atype->value.bmpstring->data,
                                 atype->value.bmpstring->length);
 }
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crpt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crpt.c
index f8b952e27e..b71d07b4d0 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_crpt.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_crpt.c
@@ -60,28 +60,10 @@
 #include "cryptlib.h"
 #include <openssl/pkcs12.h>
-/* PKCS#12 specific PBE functions */
+/* PKCS#12 PBE algorithms now in static table */
 void PKCS12_PBE_add(void)
 {
-#ifndef OPENSSL_NO_RC4
-EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
-                                                         PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
-                                                         PKCS12_PBE_keyivgen);
-#endif
-#ifndef OPENSSL_NO_DES
-EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
-                        EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 
-                        EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
-#endif
-#ifndef OPENSSL_NO_RC2
-EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
-                                        EVP_sha1(), PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
-                                        EVP_sha1(), PKCS12_PBE_keyivgen);
-#endif
 }
 int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
index 9522342fa5..96b131defa 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
@@ -59,10 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/pkcs12.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
@@ -94,14 +90,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
        /* Set defaults */
        if (!nid_cert)
-                {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-                else
-#endif
                nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
-                }
        if (!nid_key)
                nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
        if (!iter)
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_key.c b/src/lib/libssl/src/crypto/pkcs12/p12_key.c
index 9e57eee4a4..a29794bbbc 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_key.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_key.c
@@ -81,15 +81,18 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
        int ret;
        unsigned char *unipass;
        int uniplen;
        if(!pass) {
                unipass = NULL;
                uniplen = 0;
-        } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
+        } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
                PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
                return 0;
        }
        ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
                                                 id, iter, n, out, md_type);
+        if (ret <= 0)
+            return 0;
        if(unipass) {
                OPENSSL_cleanse(unipass, uniplen);      /* Clear password from memory */
                OPENSSL_free(unipass);
@@ -129,6 +132,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 #endif
        v = EVP_MD_block_size (md_type);
        u = EVP_MD_size (md_type);
+        if (u < 0)
+            return 0;
        D = OPENSSL_malloc (v);
        Ai = OPENSSL_malloc (u);
        B = OPENSSL_malloc (v + 1);
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c b/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c
index 5c4c6ec988..292cc3ed4a 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c
@@ -63,16 +63,13 @@
 /* Simplified PKCS#12 routines */
 static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
-                EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+                EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
 static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-                       int passlen, EVP_PKEY **pkey, X509 **cert,
+                       int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
-                       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
-                       char *keymatch);
 static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-                        EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+                        EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
-                        ASN1_OCTET_STRING **keyid, char *keymatch);
 /* Parse and decrypt a PKCS#12 structure returning user key, user cert
 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
@@ -83,24 +80,20 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
             STACK_OF(X509) **ca)
 {
+        STACK_OF(X509) *ocerts = NULL;
+        X509 *x = NULL;
        /* Check for NULL PKCS12 structure */
-        if(!p12) {
+        if(!p12)
+                {
                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
                return 0;
-        }
-        /* Allocate stack for ca certificates if needed */
-        if ((ca != NULL) && (*ca == NULL)) {
-                if (!(*ca = sk_X509_new_null())) {
-                        PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
-                        return 0;
                }
-        }
-        if(pkey) *pkey = NULL;
+        if(pkey)
-        if(cert) *cert = NULL;
+                *pkey = NULL;
+        if(cert)
+                *cert = NULL;
        /* Check the mac */
@@ -122,19 +115,61 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                goto err;
        }
-        if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
+        /* Allocate stack for other certificates */
+        ocerts = sk_X509_new_null();
+        if (!ocerts)
+                {
+                PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        if (!parse_pk12 (p12, pass, -1, pkey, ocerts))
                {
                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
                goto err;
                }
+        while ((x = sk_X509_pop(ocerts)))
+                {
+                if (pkey && *pkey && cert && !*cert)
+                        {
+                        if (X509_check_private_key(x, *pkey))
+                                {
+                                *cert = x;
+                                x = NULL;
+                                }
+                        }
+                if (ca && x)
+                        {
+                        if (!*ca)
+                                *ca = sk_X509_new_null();
+                        if (!*ca)
+                                goto err;
+                        if (!sk_X509_push(*ca, x))
+                                goto err;
+                        x = NULL;
+                        }
+                if (x)
+                        X509_free(x);
+                }
+        if (ocerts)
+                sk_X509_pop_free(ocerts, X509_free);
        return 1;
 err:
-        if (pkey && *pkey) EVP_PKEY_free(*pkey);
+        if (pkey && *pkey)
-        if (cert && *cert) X509_free(*cert);
+                EVP_PKEY_free(*pkey);
-        if (ca) sk_X509_pop_free(*ca, X509_free);
+        if (cert && *cert)
+                X509_free(*cert);
+        if (x)
+                X509_free(*cert);
+        if (ocerts)
+                sk_X509_pop_free(ocerts, X509_free);
        return 0;
 }
@@ -142,15 +177,13 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 /* Parse the outer PKCS#12 structure */
 static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
-             EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+             EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
 {
        STACK_OF(PKCS7) *asafes;
        STACK_OF(PKCS12_SAFEBAG) *bags;
        int i, bagnid;
        PKCS7 *p7;
-        ASN1_OCTET_STRING *keyid = NULL;
-        char keymatch = 0;
        if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;
        for (i = 0; i < sk_PKCS7_num (asafes); i++) {
                p7 = sk_PKCS7_value (asafes, i);
@@ -164,8 +197,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
                        sk_PKCS7_pop_free(asafes, PKCS7_free);
                        return 0;
                }
-                if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
+                if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
-                                                         &keyid, &keymatch)) {
                        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
                        sk_PKCS7_pop_free(asafes, PKCS7_free);
                        return 0;
@@ -173,89 +205,65 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
                sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
        }
        sk_PKCS7_pop_free(asafes, PKCS7_free);
-        if (keyid) M_ASN1_OCTET_STRING_free(keyid);
        return 1;
 }
 static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-                      int passlen, EVP_PKEY **pkey, X509 **cert,
+                      int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
-                      STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
-                      char *keymatch)
 {
        int i;
        for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
                if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
-                         pass, passlen, pkey, cert, ca, keyid,
+                                 pass, passlen, pkey, ocerts))
-                                                         keymatch)) return 0;
+                        return 0;
        }
        return 1;
 }
-#define MATCH_KEY  0x1
-#define MATCH_CERT 0x2
-#define MATCH_ALL  0x3
 static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-                     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+                     EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
-                     ASN1_OCTET_STRING **keyid,
-                     char *keymatch)
 {
        PKCS8_PRIV_KEY_INFO *p8;
        X509 *x509;
-        ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
        ASN1_TYPE *attrib;
        ASN1_BMPSTRING *fname = NULL;
+        ASN1_OCTET_STRING *lkid = NULL;
        if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
                fname = attrib->value.bmpstring;
-        if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
+        if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
-                lkey = attrib->value.octet_string;
+                lkid = attrib->value.octet_string;
-                ckid = lkey;
-        }
-        /* Check for any local key id matching (if needed) */
-        if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
-                if (*keyid) {
-                        if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
-                } else {
-                        if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
-                                PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE);
-                                return 0;
-                    }
-                }
-        }
-        
        switch (M_PKCS12_bag_type(bag))
        {
        case NID_keyBag:
-                if (!lkey || !pkey) return 1;   
+                if (!pkey || *pkey)
-                if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;
+                        return 1;       
-                *keymatch |= MATCH_KEY;
+                if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
+                        return 0;
        break;
        case NID_pkcs8ShroudedKeyBag:
-                if (!lkey || !pkey) return 1;   
+                if (!pkey || *pkey)
+                        return 1;       
                if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
                                return 0;
                *pkey = EVP_PKCS82PKEY(p8);
                PKCS8_PRIV_KEY_INFO_free(p8);
                if (!(*pkey)) return 0;
-                *keymatch |= MATCH_KEY;
        break;
        case NID_certBag:
                if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
-                                                                 return 1;
+                        return 1;
-                if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
+                if (!(x509 = PKCS12_certbag2x509(bag)))
-                if(ckid)
+                        return 0;
+                if(lkid && !X509_keyid_set1(x509, lkid->data, lkid->length))
                        {
-                        if (!X509_keyid_set1(x509, ckid->data, ckid->length))
+                        X509_free(x509);
-                                {
+                        return 0;
-                                X509_free(x509);
-                                return 0;
-                                }
                        }
                if(fname) {
                        int len, r;
@@ -272,20 +280,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
                        }
                }
+                if(!sk_X509_push(ocerts, x509))
+                        {
+                        X509_free(x509);
+                        return 0;
+                        }
-                if (lkey) {
-                        *keymatch |= MATCH_CERT;
-                        if (cert) *cert = x509;
-                        else X509_free(x509);
-                } else {
-                        if(ca) sk_X509_push (*ca, x509);
-                        else X509_free(x509);
-                }
        break;
        case NID_safeContentsBag:
                return parse_bags(bag->value.safes, pass, passlen,
-                                        pkey, cert, ca, keyid, keymatch);
+                                        pkey, ocerts);
        break;
        default:
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c b/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c
index 70bfef6e5d..9ab740d51f 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c
@@ -71,6 +71,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
        HMAC_CTX hmac;
        unsigned char key[EVP_MAX_MD_SIZE], *salt;
        int saltlen, iter;
+        int md_size;
        if (!PKCS7_type_is_data(p12->authsafes))
                {
@@ -87,13 +88,16 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
                PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
                return 0;
        }
+        md_size = EVP_MD_size(md_type);
+        if (md_size < 0)
+            return 0;
        if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
-                                 EVP_MD_size(md_type), key, md_type)) {
+                                 md_size, key, md_type)) {
                PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
                return 0;
        }
        HMAC_CTX_init(&hmac);
-        HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);
+        HMAC_Init_ex(&hmac, key, md_size, md_type, NULL);
        HMAC_Update(&hmac, p12->authsafes->d.data->data,
                                         p12->authsafes->d.data->length);
        HMAC_Final(&hmac, mac, maclen);
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_npas.c b/src/lib/libssl/src/crypto/pkcs12/p12_npas.c
index 47e5e9c377..2f71355150 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_npas.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_npas.c
@@ -120,8 +120,13 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
                        bags = PKCS12_unpack_p7data(p7);
                } else if (bagnid == NID_pkcs7_encrypted) {
                        bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
-                        alg_get(p7->d.encrypted->enc_data->algorithm,
+                        if (!alg_get(p7->d.encrypted->enc_data->algorithm,
-                                &pbe_nid, &pbe_iter, &pbe_saltlen);
+                                &pbe_nid, &pbe_iter, &pbe_saltlen))
+                                {
+                                sk_PKCS12_SAFEBAG_pop_free(bags,
+                                                PKCS12_SAFEBAG_free);
+                                bags = NULL;
+                                }
                } else continue;
                if (!bags) {
                        sk_PKCS7_pop_free(asafes, PKCS7_free);
@@ -193,7 +198,9 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
        if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
        if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
-        alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
+        if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
+                                                        &p8_saltlen))
+                return 0;
        if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
                                                     p8_iter, p8))) return 0;
        X509_SIG_free(bag->value.shkeybag);
@@ -208,9 +215,11 @@ static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
        p = alg->parameter->value.sequence->data;
        pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+        if (!pbe)
+                return 0;
        *pnid = OBJ_obj2nid(alg->algorithm);
        *piter = ASN1_INTEGER_get(pbe->iter);
        *psaltlen = pbe->salt->length;
        PBEPARAM_free(pbe);
-        return 0;
+        return 1;
 }
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_utl.c b/src/lib/libssl/src/crypto/pkcs12/p12_utl.c
index ca30ac4f6d..59c6f453f6 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_utl.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_utl.c
@@ -62,7 +62,7 @@
 /* Cheap and nasty Unicode stuff */
-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
 {
        int ulen, i;
        unsigned char *unitmp;
@@ -81,7 +81,7 @@ unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *un
        return unitmp;
 }
-char *uni2asc(unsigned char *uni, int unilen)
+char *OPENSSL_uni2asc(unsigned char *uni, int unilen)
 {
        int asclen, i;
        char *asctmp;
diff --git a/src/lib/libssl/src/crypto/pkcs12/pk12err.c b/src/lib/libssl/src/crypto/pkcs12/pk12err.c
index 07a1fb6907..f6ddf2df12 100644
--- a/src/lib/libssl/src/crypto/pkcs12/pk12err.c
+++ b/src/lib/libssl/src/crypto/pkcs12/pk12err.c
@@ -1,6 +1,6 @@
 /* crypto/pkcs12/pk12err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
index 4bee605dc0..b17eb9f42b 100644
--- a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
+++ b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
@@ -108,8 +108,6 @@ PKCS12_MAC_DATA *mac;
 PKCS7 *authsafes;
 } PKCS12;
-PREDECLARE_STACK_OF(PKCS12_SAFEBAG)
 typedef struct {
 ASN1_OBJECT *type;
 union {
@@ -232,8 +230,8 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
                   const EVP_MD *md_type);
 int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
                                         int saltlen, const EVP_MD *md_type);
-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
-char *uni2asc(unsigned char *uni, int unilen);
+char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
 DECLARE_ASN1_FUNCTIONS(PKCS12)
 DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
diff --git a/src/lib/libssl/src/crypto/pkcs7/Makefile b/src/lib/libssl/src/crypto/pkcs7/Makefile
index 790d8edf36..56dc6823d1 100644
--- a/src/lib/libssl/src/crypto/pkcs7/Makefile
+++ b/src/lib/libssl/src/crypto/pkcs7/Makefile
@@ -21,9 +21,9 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \
-        pk7_mime.c
+        pk7_mime.c bio_pk7.c
 LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \
-        pk7_mime.o
+        pk7_mime.o bio_pk7.o
 SRC= $(LIBSRC)
@@ -54,7 +54,7 @@ verify: verify.o example.o lib
        $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -95,26 +95,31 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+bio_pk7.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_pk7.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bio_pk7.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_pk7.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+bio_pk7.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_pk7.o: ../../include/openssl/symhacks.h bio_pk7.c
 pk7_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 pk7_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 pk7_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk7_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk7_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pk7_asn1.o: ../../include/openssl/opensslconf.h
 pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 pk7_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 pk7_asn1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_asn1.c
-pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-pk7_attr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk7_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-pk7_attr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk7_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pk7_attr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 pk7_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 pk7_attr.o: ../../include/openssl/opensslconf.h
 pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -129,9 +134,8 @@ pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk7_doit.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_doit.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk7_doit.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pk7_doit.o: ../../include/openssl/opensslconf.h
 pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -143,22 +147,22 @@ pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pk7_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pk7_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pk7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-pk7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c
+pk7_lib.o: ../asn1/asn1_locl.h ../cryptlib.h pk7_lib.c
 pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h
 pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pk7_mime.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pk7_mime.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pk7_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pk7_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_mime.o: ../../include/openssl/opensslconf.h
 pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -171,8 +175,8 @@ pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk7_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_smime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk7_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_smime.o: ../../include/openssl/objects.h
 pk7_smime.o: ../../include/openssl/opensslconf.h
 pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c b/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c
index 1f70d31386..b7ec2883cb 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c
@@ -77,10 +77,39 @@ ASN1_ADB(PKCS7) = {
        ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
 } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
-ASN1_NDEF_SEQUENCE(PKCS7) = {
+/* PKCS#7 streaming support */
+static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
+{
+        ASN1_STREAM_ARG *sarg = exarg;
+        PKCS7 **pp7 = (PKCS7 **)pval;
+        switch(operation)
+                {
+                case ASN1_OP_STREAM_PRE:
+                if (PKCS7_stream(&sarg->boundary, *pp7) <= 0)
+                        return 0;
+                case ASN1_OP_DETACHED_PRE:
+                sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out);
+                if (!sarg->ndef_bio)
+                        return 0;
+                break;
+                case ASN1_OP_STREAM_POST:
+                case ASN1_OP_DETACHED_POST:
+                if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0)
+                        return 0;
+                break;
+                }
+        return 1;
+}
+ASN1_NDEF_SEQUENCE_cb(PKCS7, pk7_cb) = {
        ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
        ASN1_ADB_OBJECT(PKCS7)
-}ASN1_NDEF_SEQUENCE_END(PKCS7)
+}ASN1_NDEF_SEQUENCE_END_cb(PKCS7, PKCS7)
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
 IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7)
@@ -98,7 +127,8 @@ ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
 /* Minor tweak to operation: free up EVP_PKEY */
-static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
 {
        if(operation == ASN1_OP_FREE_POST) {
                PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
@@ -140,7 +170,8 @@ ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
 /* Minor tweak to operation: free up X509 */
-static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
 {
        if(operation == ASN1_OP_FREE_POST) {
                PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
@@ -161,7 +192,7 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
 ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = {
        ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
        ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
-        ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)
+        ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0)
 } ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT)
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
@@ -212,3 +243,5 @@ ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) =
        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
                                V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
 ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
+IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7)
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c b/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c
index d549717169..a97db51210 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c
@@ -60,6 +60,7 @@
 #include <stdlib.h>
 #include <openssl/bio.h>
 #include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs7.h>
 #include <openssl/x509.h>
@@ -68,27 +69,12 @@
 int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
 {
        ASN1_STRING *seq;
-        unsigned char *p, *pp;
-        int len;
-        len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR,
-                                       V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL,
-                                       IS_SEQUENCE);
-        if(!(pp=(unsigned char *)OPENSSL_malloc(len))) {
-                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        p=pp;
-        i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
-                                   V_ASN1_UNIVERSAL, IS_SEQUENCE);
        if(!(seq = ASN1_STRING_new())) {
                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
                return 0;
        }
-        if(!ASN1_STRING_set (seq, pp, len)) {
+        seq->length = ASN1_item_i2d((ASN1_VALUE *)cap,&seq->data,
-                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+                                ASN1_ITEM_rptr(X509_ALGORS));
-                return 0;
-        }
-        OPENSSL_free (pp);
        return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
                                                        V_ASN1_SEQUENCE, seq);
 }
@@ -102,10 +88,9 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
        if (!cap || (cap->type != V_ASN1_SEQUENCE))
                return NULL;
        p = cap->value.sequence->data;
-        return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p,
+        return (STACK_OF(X509_ALGOR) *)
-                                          cap->value.sequence->length,
+                ASN1_item_d2i(NULL, &p, cap->value.sequence->length,
-                                          d2i_X509_ALGOR, X509_ALGOR_free,
+                                ASN1_ITEM_rptr(X509_ALGORS));
-                                          V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
        }
 /* Basic smime-capabilities OID and optional integer arg */
@@ -139,3 +124,42 @@ int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
        sk_X509_ALGOR_push (sk, alg);
        return 1;
 }
+int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
+        {
+        if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType))
+                return 0;
+        if (!coid)
+                coid = OBJ_nid2obj(NID_pkcs7_data);
+        return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                                V_ASN1_OBJECT, coid);
+        }
+int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
+        {
+        if (!t && !(t=X509_gmtime_adj(NULL,0)))
+                {
+                PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME,
+                                ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
+                                                V_ASN1_UTCTIME, t);
+        }
+int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
+                                const unsigned char *md, int mdlen)
+        {
+        ASN1_OCTET_STRING *os;
+        os = ASN1_OCTET_STRING_new();
+        if (!os)
+                return 0;
+        if (!ASN1_STRING_set(os, md, mdlen)
+                || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest,
+                                                V_ASN1_OCTET_STRING, os))
+                {
+                ASN1_OCTET_STRING_free(os);
+                return 0;
+                }
+        return 1;
+        }
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
index a03d7ebedf..451de84489 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
@@ -138,6 +138,121 @@ static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
        }
+static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
+                                        unsigned char *key, int keylen)
+        {
+        EVP_PKEY_CTX *pctx = NULL;
+        EVP_PKEY *pkey = NULL;
+        unsigned char *ek = NULL;
+        int ret = 0;
+        size_t eklen;
+        pkey = X509_get_pubkey(ri->cert);
+        if (!pkey)
+                return 0;
+        pctx = EVP_PKEY_CTX_new(pkey, NULL);
+        if (!pctx)
+                return 0;
+        if (EVP_PKEY_encrypt_init(pctx) <= 0)
+                goto err;
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
+                                EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0)
+                {
+                PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
+                goto err;
+                }
+        if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
+                goto err;
+        ek = OPENSSL_malloc(eklen);
+        if (ek == NULL)
+                {
+                PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
+                goto err;
+        ASN1_STRING_set0(ri->enc_key, ek, eklen);
+        ek = NULL;
+        ret = 1;
+        err:
+        if (pkey)
+                EVP_PKEY_free(pkey);
+        if (pctx)
+                EVP_PKEY_CTX_free(pctx);
+        if (ek)
+                OPENSSL_free(ek);
+        return ret;
+        }
+static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
+                               PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
+        {
+        EVP_PKEY_CTX *pctx = NULL;
+        unsigned char *ek = NULL;
+        size_t eklen;
+        int ret = 0;
+        pctx = EVP_PKEY_CTX_new(pkey, NULL);
+        if (!pctx)
+                return 0;
+        if (EVP_PKEY_decrypt_init(pctx) <= 0)
+                goto err;
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
+                                EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0)
+                {
+                PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
+                goto err;
+                }
+        if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
+                                ri->enc_key->data, ri->enc_key->length) <= 0)
+                goto err;
+        ek = OPENSSL_malloc(eklen);
+        if (ek == NULL)
+                {
+                PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (EVP_PKEY_decrypt(pctx, ek, &eklen,
+                                ri->enc_key->data, ri->enc_key->length) <= 0)
+                {
+                PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
+                goto err;
+                }
+        ret = 1;
+        *pek = ek;
+        *peklen = eklen;
+        err:
+        if (pctx)
+                EVP_PKEY_CTX_free(pctx);
+        if (!ret && ek)
+                OPENSSL_free(ek);
+        return ret;
+        }
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
        {
        int i;
@@ -148,7 +263,6 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
        STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
        X509_ALGOR *xalg=NULL;
        PKCS7_RECIP_INFO *ri=NULL;
-        EVP_PKEY *pkey;
        ASN1_OCTET_STRING *os=NULL;
        i=OBJ_obj2nid(p7->type);
@@ -187,6 +301,8 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                xa = p7->d.digest->md;
                os = PKCS7_get_octet_string(p7->d.digest->contents);
                break;
+        case NID_pkcs7_data:
+                break;
        default:
                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
                goto err;
@@ -204,8 +320,6 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                unsigned char key[EVP_MAX_KEY_LENGTH];
                unsigned char iv[EVP_MAX_IV_LENGTH];
                int keylen,ivlen;
-                int jj,max;
-                unsigned char *tmp;
                EVP_CIPHER_CTX *ctx;
                if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
@@ -234,52 +348,16 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                                        goto err;
                        }
                        if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
-                               goto err;
+                                goto err;
                }
                /* Lets do the pub key stuff :-) */
-                max=0;
                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
                        {
                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-                        if (ri->cert == NULL)
+                        if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
-                                goto err;
-                                }
-                        if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
-                                goto err;
-                        jj=EVP_PKEY_size(pkey);
-                        EVP_PKEY_free(pkey);
-                        if (max < jj) max=jj;
-                        }
-                if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
-                        {
-                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-                        if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
-                                goto err;
-                        jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
-                        EVP_PKEY_free(pkey);
-                        if (jj <= 0)
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
-                                OPENSSL_free(tmp);
                                goto err;
-                                }
-                        if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-                                        ERR_R_MALLOC_FAILURE);
-                                OPENSSL_free(tmp);
-                                goto err;
-                                }
                        }
-                OPENSSL_free(tmp);
                OPENSSL_cleanse(key, keylen);
                if (out == NULL)
@@ -303,7 +381,10 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                        BIO_set_mem_eof_return(bio,0);
                        }
                }
-        BIO_push(out,bio);
+        if (out)
+                BIO_push(out,bio);
+        else
+                out = bio;
        bio=NULL;
        if (0)
                {
@@ -333,7 +414,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
        {
        int i,j;
        BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
-        unsigned char *tmp=NULL;
        X509_ALGOR *xa;
        ASN1_OCTET_STRING *data_body=NULL;
        const EVP_MD *evp_md;
@@ -423,7 +503,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                int max;
                X509_OBJECT ret;
 #endif
-                int jj;
+                unsigned char *ek = NULL;
+                int eklen;
                if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
                        {
@@ -438,26 +519,21 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                 * (if any)
                 */
-                if (pcert) {
+                if (pcert)
-                        for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                        {
+                        for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
+                                {
                                ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
                                if (!pkcs7_cmp_ri(ri, pcert))
                                        break;
                                ri=NULL;
-                        }
+                                }
-                        if (ri == NULL) {
+                        if (ri == NULL)
+                                {
                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
                                      PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
                                goto err;
-                        }
+                                }
-                }
-                jj=EVP_PKEY_size(pkey);
-                tmp=(unsigned char *)OPENSSL_malloc(jj+10);
-                if (tmp == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
-                        goto err;
                        }
                /* If we haven't got a certificate try each ri in turn */
@@ -467,11 +543,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                        for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
                                {
                                ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-                                jj=EVP_PKEY_decrypt(tmp,
+                                if (pkcs7_decrypt_rinfo(&ek, &eklen,
-                                        M_ASN1_STRING_data(ri->enc_key),
+                                                        ri, pkey) > 0)
-                                        M_ASN1_STRING_length(ri->enc_key),
-                                                pkey);
-                                if (jj > 0)
                                        break;
                                ERR_clear_error();
                                ri = NULL;
@@ -485,15 +558,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                        }
                else
                        {
-                        jj=EVP_PKEY_decrypt(tmp,
+                        if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) <= 0)
-                                M_ASN1_STRING_data(ri->enc_key),
-                                M_ASN1_STRING_length(ri->enc_key), pkey);
-                        if (jj <= 0)
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                                                ERR_R_EVP_LIB);
                                goto err;
-                                }
                        }
                evp_ctx=NULL;
@@ -503,22 +569,26 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
                        goto err;
-                if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
+                if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
                        /* Some S/MIME clients don't use the same key
                         * and effective key length. The key length is
                         * determined by the size of the decrypted RSA key.
                         */
-                        if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
+                        if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen))
                                {
                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
                                        PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
                                goto err;
                                }
                } 
-                if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0)
+                if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0)
                        goto err;
-                OPENSSL_cleanse(tmp,jj);
+                if (ek)
+                        {
+                        OPENSSL_cleanse(ek,eklen);
+                        OPENSSL_free(ek);
+                        }
                if (out == NULL)
                        out=etmp;
@@ -566,8 +636,6 @@ err:
                if (bio != NULL) BIO_free_all(bio);
                out=NULL;
                }
-        if (tmp != NULL)
-                OPENSSL_free(tmp);
        return(out);
        }
@@ -594,13 +662,43 @@ static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
        return NULL;
        }
+static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
+        {
+        unsigned char md_data[EVP_MAX_MD_SIZE];
+        unsigned int md_len;
+        /* Add signing time if not already present */
+        if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime))
+                {
+                if (!PKCS7_add0_attrib_signing_time(si, NULL))
+                        {
+                        PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB,
+                                        ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                }
+        /* Add digest */
+        EVP_DigestFinal_ex(mctx, md_data,&md_len);
+        if (!PKCS7_add1_attrib_digest(si, md_data, md_len))
+                {
+                PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        /* Now sign the attributes */
+        if (!PKCS7_SIGNER_INFO_sign(si))
+                        return 0;
+        return 1;
+        }
+        
+                                
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
        {
        int ret=0;
        int i,j;
        BIO *btmp;
-        BUF_MEM *buf_mem=NULL;
-        BUF_MEM *buf=NULL;
        PKCS7_SIGNER_INFO *si;
        EVP_MD_CTX *mdc,ctx_tmp;
        STACK_OF(X509_ATTRIBUTE) *sk;
@@ -613,24 +711,37 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
        switch (i)
                {
+        case NID_pkcs7_data:
+                os = p7->d.data;
+                break;
        case NID_pkcs7_signedAndEnveloped:
                /* XXXXXXXXXXXXXXXX */
                si_sk=p7->d.signed_and_enveloped->signer_info;
-                if (!(os=M_ASN1_OCTET_STRING_new()))
+                os = p7->d.signed_and_enveloped->enc_data->enc_data;
+                if (!os)
                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
+                        os=M_ASN1_OCTET_STRING_new();
-                        goto err;
+                        if (!os)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        p7->d.signed_and_enveloped->enc_data->enc_data=os;
                        }
-                p7->d.signed_and_enveloped->enc_data->enc_data=os;
                break;
        case NID_pkcs7_enveloped:
                /* XXXXXXXXXXXXXXXX */
-                if (!(os=M_ASN1_OCTET_STRING_new()))
+                os = p7->d.enveloped->enc_data->enc_data;
+                if (!os)
                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
+                        os=M_ASN1_OCTET_STRING_new();
-                        goto err;
+                        if (!os)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        p7->d.enveloped->enc_data->enc_data=os;
                        }
-                p7->d.enveloped->enc_data->enc_data=os;
                break;
        case NID_pkcs7_signed:
                si_sk=p7->d.sign->signer_info;
@@ -652,21 +763,20 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                        }
                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                goto err;
                }
        if (si_sk != NULL)
                {
-                if ((buf=BUF_MEM_new()) == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
-                        goto err;
-                        }
                for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
                        {
                        si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
-                        if (si->pkey == NULL) continue;
+                        if (si->pkey == NULL)
+                                continue;
-                        j=OBJ_obj2nid(si->digest_alg->algorithm);
+                        j = OBJ_obj2nid(si->digest_alg->algorithm);
                        btmp=bio;
@@ -678,97 +788,33 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                        /* We now have the EVP_MD_CTX, lets do the
                         * signing. */
                        EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
-                        if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
-                                goto err;
-                                }
                        sk=si->auth_attr;
                        /* If there are attributes, we add the digest
                         * attribute and only sign the attributes */
-                        if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
+                        if (sk_X509_ATTRIBUTE_num(sk) > 0)
                                {
-                                unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;
+                                if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
-                                unsigned int md_len, alen;
-                                ASN1_OCTET_STRING *digest;
-                                ASN1_UTCTIME *sign_time;
-                                const EVP_MD *md_tmp;
-                                /* Add signing time if not already present */
-                                if (!PKCS7_get_signed_attribute(si,
-                                                        NID_pkcs9_signingTime))
-                                        {
-                                        if (!(sign_time=X509_gmtime_adj(NULL,0)))
-                                                {
-                                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-                                                        ERR_R_MALLOC_FAILURE);
-                                                goto err;
-                                                }
-                                        if (!PKCS7_add_signed_attribute(si,
-                                                NID_pkcs9_signingTime,
-                                                V_ASN1_UTCTIME,sign_time))
-                                                {
-                                                M_ASN1_UTCTIME_free(sign_time);
-                                                goto err;
-                                                }
-                                        }
-                                /* Add digest */
-                                md_tmp=EVP_MD_CTX_md(&ctx_tmp);
-                                EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
-                                if (!(digest=M_ASN1_OCTET_STRING_new()))
-                                        {
-                                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-                                                ERR_R_MALLOC_FAILURE);
                                        goto err;
-                                        }
+                                }
-                                if (!M_ASN1_OCTET_STRING_set(digest,md_data,
+                        else
-                                                                md_len))
+                                {
-                                        {
+                                unsigned char *abuf = NULL;
-                                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
+                                unsigned int abuflen;
-                                                ERR_R_MALLOC_FAILURE);
+                                abuflen = EVP_PKEY_size(si->pkey);
-                                        M_ASN1_OCTET_STRING_free(digest);
+                                abuf = OPENSSL_malloc(abuflen);
+                                if (!abuf)
                                        goto err;
-                                        }
-                                if (!PKCS7_add_signed_attribute(si,
+                                if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
-                                        NID_pkcs9_messageDigest,
+                                                        si->pkey))
-                                        V_ASN1_OCTET_STRING,digest))
                                        {
-                                        M_ASN1_OCTET_STRING_free(digest);
+                                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
+                                                        ERR_R_EVP_LIB);
                                        goto err;
                                        }
+                                ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
-                                /* Now sign the attributes */
-                                EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
-                                alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
-                                                        ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
-                                if(!abuf) goto err;
-                                EVP_SignUpdate(&ctx_tmp,abuf,alen);
-                                OPENSSL_free(abuf);
-                                }
-#ifndef OPENSSL_NO_DSA
-                        if (si->pkey->type == EVP_PKEY_DSA)
-                                ctx_tmp.digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-                        if (si->pkey->type == EVP_PKEY_EC)
-                                ctx_tmp.digest=EVP_ecdsa();
-#endif
-                        if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
-                                (unsigned int *)&buf->length,si->pkey))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB);
-                                goto err;
-                                }
-                        if (!ASN1_STRING_set(si->enc_digest,
-                                (unsigned char *)buf->data,buf->length))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB);
-                                goto err;
                                }
                        }
                }
@@ -783,34 +829,90 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
                }
-        if (!PKCS7_is_detached(p7))
+        if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
                {
+                char *cont;
+                long contlen;
                btmp=BIO_find_type(bio,BIO_TYPE_MEM);
                if (btmp == NULL)
                        {
                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
                        goto err;
                        }
-                BIO_get_mem_ptr(btmp,&buf_mem);
+                contlen = BIO_get_mem_data(btmp, &cont);
                /* Mark the BIO read only then we can use its copy of the data
                 * instead of making an extra copy.
                 */
                BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
                BIO_set_mem_eof_return(btmp, 0);
-                os->data = (unsigned char *)buf_mem->data;
+                ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
-                os->length = buf_mem->length;
-#if 0
-                M_ASN1_OCTET_STRING_set(os,
-                        (unsigned char *)buf_mem->data,buf_mem->length);
-#endif
                }
        ret=1;
 err:
        EVP_MD_CTX_cleanup(&ctx_tmp);
-        if (buf != NULL) BUF_MEM_free(buf);
        return(ret);
        }
+int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
+        {
+        EVP_MD_CTX mctx;
+        EVP_PKEY_CTX *pctx;
+        unsigned char *abuf = NULL;
+        int alen;
+        size_t siglen;
+        const EVP_MD *md = NULL;
+        md = EVP_get_digestbyobj(si->digest_alg->algorithm);
+        if (md == NULL)
+                return 0;
+        EVP_MD_CTX_init(&mctx);
+        if (EVP_DigestSignInit(&mctx, &pctx, md,NULL, si->pkey) <= 0)
+                goto err;
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                                EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0)
+                {
+                PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
+                goto err;
+                }
+        alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr,&abuf,
+                                ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+        if(!abuf)
+                goto err;
+        if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0)
+                goto err;
+        OPENSSL_free(abuf);
+        if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
+                goto err;
+        abuf = OPENSSL_malloc(siglen);
+        if(!abuf)
+                goto err;
+        if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
+                goto err;
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                                EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0)
+                {
+                PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
+                goto err;
+                }
+        EVP_MD_CTX_cleanup(&mctx);
+        ASN1_STRING_set0(si->enc_digest, abuf, siglen);
+        return 1;
+        err:
+        if (abuf)
+                OPENSSL_free(abuf);
+        EVP_MD_CTX_cleanup(&mctx);
+        return 0;
+        }
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
             PKCS7 *p7, PKCS7_SIGNER_INFO *si)
        {
@@ -922,7 +1024,8 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
        if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
                {
                unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
-                unsigned int md_len, alen;
+                unsigned int md_len;
+                int alen;
                ASN1_OCTET_STRING *message_digest;
                EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
@@ -954,6 +1057,12 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
                alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
                                                ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+                if (alen <= 0) 
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,ERR_R_ASN1_LIB);
+                        ret = -1;
+                        goto err;
+                        }
                EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
                OPENSSL_free(abuf);
@@ -966,12 +1075,6 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
                ret = -1;
                goto err;
                }
-#ifndef OPENSSL_NO_DSA
-        if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();
-#endif
        i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
        EVP_PKEY_free(pkey);
@@ -1107,8 +1210,9 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
        if (*sk == NULL)
                {
-                if (!(*sk = sk_X509_ATTRIBUTE_new_null()))
+                *sk = sk_X509_ATTRIBUTE_new_null();
-                        return 0;
+                if (*sk == NULL)
+                        return 0;       
 new_attrib:
                if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value)))
                        return 0;
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c
index f2490941a3..3ca0952792 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "asn1_locl.h"
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
        {
@@ -314,7 +315,7 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
                *sk=sk_X509_new_null();
        if (*sk == NULL)
                {
-                PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
                return 0;
                }
        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
@@ -365,13 +366,8 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
             const EVP_MD *dgst)
        {
-        int nid;
+        int ret;
-        char is_dsa;
-        if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
-                is_dsa = 1;
-        else
-                is_dsa = 0;
        /* We now need to add another PKCS7_SIGNER_INFO entry */
        if (!ASN1_INTEGER_set(p7i->version,1))
                goto err;
@@ -391,65 +387,55 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
        p7i->pkey=pkey;
        /* Set the algorithms */
-        if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
-        else    
-                p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
-        if (p7i->digest_alg->parameter != NULL)
+        X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
-                ASN1_TYPE_free(p7i->digest_alg->parameter);
+                                V_ASN1_NULL, NULL);
-        if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
-                goto err;
-        p7i->digest_alg->parameter->type=V_ASN1_NULL;
-        if (p7i->digest_enc_alg->parameter != NULL)
+        if (pkey->ameth && pkey->ameth->pkey_ctrl)
-                ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
-        nid = EVP_PKEY_type(pkey->type);
-        if (nid == EVP_PKEY_RSA)
                {
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption);
+                ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,
-                if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
+                                                0, p7i);
-                        goto err;
+                if (ret > 0)
-                p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+                        return 1;
-                }
+                if (ret != -2)
-        else if (nid == EVP_PKEY_DSA)
+                        {
-                {
+                        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
-#if 1
+                                        PKCS7_R_SIGNING_CTRL_FAILURE);
-                /* use 'dsaEncryption' OID for compatibility with other software
+                        return 0;
-                 * (PKCS #7 v1.5 does specify how to handle DSA) ... */
+                        }
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa);
-#else
-                /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS)
-                 * would make more sense. */
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1);
-#endif
-                p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */
-                }
-        else if (nid == EVP_PKEY_EC)
-                {
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1);
-                if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
-                        goto err;
-                p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
                }
-        else
+        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
-                return(0);
+                        PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-        return(1);
 err:
-        return(0);
+        return 0;
        }
 PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
             const EVP_MD *dgst)
        {
-        PKCS7_SIGNER_INFO *si;
+        PKCS7_SIGNER_INFO *si = NULL;
+        if (dgst == NULL)
+                {
+                int def_nid;
+                if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
+                        goto err;
+                dgst = EVP_get_digestbynid(def_nid);
+                if (dgst == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE,
+                                                PKCS7_R_NO_DEFAULT_DIGEST);
+                        goto err;
+                        }
+                }
        if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
        if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
        if (!PKCS7_add_signer(p7,si)) goto err;
        return(si);
 err:
-        PKCS7_SIGNER_INFO_free(si);
+        if (si)
+                PKCS7_SIGNER_INFO_free(si);
        return(NULL);
        }
@@ -485,6 +471,23 @@ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
                return(NULL);
        }
+void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
+                                        X509_ALGOR **pdig, X509_ALGOR **psig)
+        {
+        if (pk)
+                *pk = si->pkey;
+        if (pdig)
+                *pdig = si->digest_alg;
+        if (psig)
+                *psig = si->digest_enc_alg;
+        }
+void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc)
+        {
+        if (penc)
+                *penc = ri->key_enc_algor;
+        }
 PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
        {
        PKCS7_RECIP_INFO *ri;
@@ -492,10 +495,11 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
        if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
        if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
        if (!PKCS7_add_recipient_info(p7,ri)) goto err;
-        return(ri);
+        return ri;
 err:
-        PKCS7_RECIP_INFO_free(ri);
+        if (ri)
-        return(NULL);
+                PKCS7_RECIP_INFO_free(ri);
+        return NULL;
        }
 int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
@@ -524,6 +528,8 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
 int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
        {
+        int ret;
+        EVP_PKEY *pkey = NULL;
        if (!ASN1_INTEGER_set(p7i->version,0))
                return 0;
        if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
@@ -535,14 +541,41 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
                M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
                return 0;
-        X509_ALGOR_free(p7i->key_enc_algor);
+        pkey = X509_get_pubkey(x509);
-        if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor)))
-                return 0;
+        if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl)
+                {
+                PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                        PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+                goto err;
+                }
+        ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
+                                                0, p7i);
+        if (ret == -2)
+                {
+                PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                        PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+                goto err;
+                }
+        if (ret <= 0)
+                {
+                PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                                PKCS7_R_ENCRYPTION_CTRL_FAILURE);
+                goto err;
+                }
+        EVP_PKEY_free(pkey);
        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
        p7i->cert=x509;
-        return(1);
+        return 1;
+        err:
+        if (pkey)
+                EVP_PKEY_free(pkey);
+        return 0;
        }
 X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
@@ -587,3 +620,48 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
        return 1;
        }
+int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
+        {
+        ASN1_OCTET_STRING *os = NULL;
+        switch (OBJ_obj2nid(p7->type))
+                {
+                case NID_pkcs7_data:
+                os = p7->d.data;
+                break;
+                case NID_pkcs7_signedAndEnveloped:
+                os = p7->d.signed_and_enveloped->enc_data->enc_data;
+                if (os == NULL)
+                        {
+                        os=M_ASN1_OCTET_STRING_new();
+                        p7->d.signed_and_enveloped->enc_data->enc_data=os;
+                        }
+                break;
+                case NID_pkcs7_enveloped:
+                os = p7->d.enveloped->enc_data->enc_data;
+                if (os == NULL)
+                        {
+                        os=M_ASN1_OCTET_STRING_new();
+                        p7->d.enveloped->enc_data->enc_data=os;
+                        }
+                break;
+                case NID_pkcs7_signed:
+                os=p7->d.sign->contents->d.data;
+                break;
+                default:
+                os = NULL;
+                break;
+                }
+        
+        if (os == NULL)
+                return 0;
+        os->flags |= ASN1_STRING_FLAG_NDEF;
+        *boundary = &os->data;
+        return 1;
+        }
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
index bf190360d7..938f79a646 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
@@ -50,10 +50,6 @@
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
 */
 #include <stdio.h>
@@ -61,662 +57,41 @@
 #include "cryptlib.h"
 #include <openssl/rand.h>
 #include <openssl/x509.h>
+#include <openssl/asn1.h>
-/* MIME and related routines */
+/* PKCS#7 wrappers round generalised stream and MIME routines */
-/* MIME format structures
- * Note that all are translated to lower case apart from
- * parameter values. Quotes are stripped off
- */
-typedef struct {
-char *param_name;                       /* Param name e.g. "micalg" */
-char *param_value;                      /* Param value e.g. "sha1" */
-} MIME_PARAM;
-DECLARE_STACK_OF(MIME_PARAM)
-IMPLEMENT_STACK_OF(MIME_PARAM)
-typedef struct {
-char *name;                             /* Name of line e.g. "content-type" */
-char *value;                            /* Value of line e.g. "text/plain" */
-STACK_OF(MIME_PARAM) *params;           /* Zero or more parameters */
-} MIME_HEADER;
-DECLARE_STACK_OF(MIME_HEADER)
+int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
-IMPLEMENT_STACK_OF(MIME_HEADER)
+        {
+        return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags,
-static int pkcs7_output_data(BIO *bio, BIO *data, PKCS7 *p7, int flags);
+                                        ASN1_ITEM_rptr(PKCS7));
-static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
-static PKCS7 *B64_read_PKCS7(BIO *bio);
-static char * strip_ends(char *name);
-static char * strip_start(char *name);
-static char * strip_end(char *name);
-static MIME_HEADER *mime_hdr_new(char *name, char *value);
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
-static int mime_hdr_cmp(const MIME_HEADER * const *a,
-                        const MIME_HEADER * const *b);
-static int mime_param_cmp(const MIME_PARAM * const *a,
-                        const MIME_PARAM * const *b);
-static void mime_param_free(MIME_PARAM *param);
-static int mime_bound_check(char *line, int linelen, char *bound, int blen);
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
-static int strip_eol(char *linebuf, int *plen);
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
-static void mime_hdr_free(MIME_HEADER *hdr);
-#define MAX_SMLEN 1024
-#define mime_debug(x) /* x */
-/* Base 64 read and write of PKCS#7 structure */
-static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
-{
-        BIO *b64;
-        if(!(b64 = BIO_new(BIO_f_base64()))) {
-                PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE);
-                return 0;
        }
-        bio = BIO_push(b64, bio);
-        i2d_PKCS7_bio(bio, p7);
-        (void)BIO_flush(bio);
-        bio = BIO_pop(bio);
-        BIO_free(b64);
-        return 1;
-}
-static PKCS7 *B64_read_PKCS7(BIO *bio)
+int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
-{
+        {
-        BIO *b64;
+        return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) p7, in, flags,
-        PKCS7 *p7;
+                                                "PKCS7",
-        if(!(b64 = BIO_new(BIO_f_base64()))) {
+                                                ASN1_ITEM_rptr(PKCS7));
-                PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE);
-                return 0;
        }
-        bio = BIO_push(b64, bio);
-        if(!(p7 = d2i_PKCS7_bio(bio, NULL))) 
-                PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);
-        (void)BIO_flush(bio);
-        bio = BIO_pop(bio);
-        BIO_free(b64);
-        return p7;
-}
-/* SMIME sender */
 int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
-{
-        char bound[33], c;
-        int i;
-        char *mime_prefix, *mime_eol, *msg_type=NULL;
-        if (flags & PKCS7_NOOLDMIMETYPE)
-                mime_prefix = "application/pkcs7-";
-        else
-                mime_prefix = "application/x-pkcs7-";
-        if (flags & PKCS7_CRLFEOL)
-                mime_eol = "\r\n";
-        else
-                mime_eol = "\n";
-        if((flags & PKCS7_DETACHED) && data) {
-        /* We want multipart/signed */
-                /* Generate a random boundary */
-                RAND_pseudo_bytes((unsigned char *)bound, 32);
-                for(i = 0; i < 32; i++) {
-                        c = bound[i] & 0xf;
-                        if(c < 10) c += '0';
-                        else c += 'A' - 10;
-                        bound[i] = c;
-                }
-                bound[32] = 0;
-                BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-                BIO_printf(bio, "Content-Type: multipart/signed;");
-                BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
-                BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
-                                                bound, mime_eol, mime_eol);
-                BIO_printf(bio, "This is an S/MIME signed message%s%s",
-                                                mime_eol, mime_eol);
-                /* Now write out the first part */
-                BIO_printf(bio, "------%s%s", bound, mime_eol);
-                pkcs7_output_data(bio, data, p7, flags);
-                BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
-                /* Headers for signature */
-                BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
-                BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
-                BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
-                                                                mime_eol);
-                BIO_printf(bio, "Content-Disposition: attachment;");
-                BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
-                                                        mime_eol, mime_eol);
-                B64_write_PKCS7(bio, p7);
-                BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
-                                                        mime_eol, mime_eol);
-                return 1;
-        }
-        /* Determine smime-type header */
-        if (PKCS7_type_is_enveloped(p7))
-                msg_type = "enveloped-data";
-        else if (PKCS7_type_is_signed(p7))
-                {
-                /* If we have any signers it is signed-data othewise 
-                 * certs-only.
-                 */
-                STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
-                sinfos = PKCS7_get_signer_info(p7);
-                if (sk_PKCS7_SIGNER_INFO_num(sinfos) > 0)
-                        msg_type = "signed-data";
-                else
-                        msg_type = "certs-only";
-                }
-        /* MIME headers */
-        BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-        BIO_printf(bio, "Content-Disposition: attachment;");
-        BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
-        BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
-        if (msg_type)
-                BIO_printf(bio, " smime-type=%s;", msg_type);
-        BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
-        BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
-                                                mime_eol, mime_eol);
-        B64_write_PKCS7(bio, p7);
-        BIO_printf(bio, "%s", mime_eol);
-        return 1;
-}
-/* Handle output of PKCS#7 data */
-static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags)
        {
-        BIO *tmpbio, *p7bio;
+        STACK_OF(X509_ALGOR) *mdalgs;
+        int ctype_nid = OBJ_obj2nid(p7->type);
-        if (!(flags & PKCS7_STREAM))
+        if (ctype_nid == NID_pkcs7_signed)
-                {
+                mdalgs = p7->d.sign->md_algs;
-                SMIME_crlf_copy(data, out, flags);
+        else
-                return 1;
+                mdalgs = NULL;
-                }
-        /* Partial sign operation */
-        /* Initialize sign operation */
-        p7bio = PKCS7_dataInit(p7, out);
-        /* Copy data across, computing digests etc */
-        SMIME_crlf_copy(data, p7bio, flags);
-        /* Must be detached */
-        PKCS7_set_detached(p7, 1);
-        /* Finalize signatures */
-        PKCS7_dataFinal(p7, p7bio);
-        /* Now remove any digests prepended to the BIO */
-        while (p7bio != out)
+        flags ^= SMIME_OLDMIME;
-                {
-                tmpbio = BIO_pop(p7bio);
-                BIO_free(p7bio);
-                p7bio = tmpbio;
-                }
-        return 1;
+        return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
+                                        ctype_nid, NID_undef, mdalgs,
+                                        ASN1_ITEM_rptr(PKCS7)); 
        }
-/* SMIME reader: handle multipart/signed and opaque signing.
- * in multipart case the content is placed in a memory BIO
- * pointed to by "bcont". In opaque this is set to NULL
- */
 PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
-{
-        BIO *p7in;
-        STACK_OF(MIME_HEADER) *headers = NULL;
-        STACK_OF(BIO) *parts = NULL;
-        MIME_HEADER *hdr;
-        MIME_PARAM *prm;
-        PKCS7 *p7;
-        int ret;
-        if(bcont) *bcont = NULL;
-        if (!(headers = mime_parse_hdr(bio))) {
-                PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR);
-                return NULL;
-        }
-        if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);
-                return NULL;
-        }
-        /* Handle multipart/signed */
-        if(!strcmp(hdr->value, "multipart/signed")) {
-                /* Split into two parts */
-                prm = mime_param_find(hdr, "boundary");
-                if(!prm || !prm->param_value) {
-                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);
-                        return NULL;
-                }
-                ret = multi_split(bio, prm->param_value, &parts);
-                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                if(!ret || (sk_BIO_num(parts) != 2) ) {
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);
-                        sk_BIO_pop_free(parts, BIO_vfree);
-                        return NULL;
-                }
-                /* Parse the signature piece */
-                p7in = sk_BIO_value(parts, 1);
-                if (!(headers = mime_parse_hdr(p7in))) {
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);
-                        sk_BIO_pop_free(parts, BIO_vfree);
-                        return NULL;
-                }
-                /* Get content type */
-                if(!(hdr = mime_hdr_find(headers, "content-type")) ||
-                                                                 !hdr->value) {
-                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);
-                        return NULL;
-                }
-                if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
-                        strcmp(hdr->value, "application/pkcs7-signature")) {
-                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
-                        ERR_add_error_data(2, "type: ", hdr->value);
-                        sk_BIO_pop_free(parts, BIO_vfree);
-                        return NULL;
-                }
-                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                /* Read in PKCS#7 */
-                if(!(p7 = B64_read_PKCS7(p7in))) {
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);
-                        sk_BIO_pop_free(parts, BIO_vfree);
-                        return NULL;
-                }
-                if(bcont) {
-                        *bcont = sk_BIO_value(parts, 0);
-                        BIO_free(p7in);
-                        sk_BIO_free(parts);
-                } else sk_BIO_pop_free(parts, BIO_vfree);
-                return p7;
-        }
-                
-        /* OK, if not multipart/signed try opaque signature */
-        if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
-            strcmp (hdr->value, "application/pkcs7-mime")) {
-                PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);
-                ERR_add_error_data(2, "type: ", hdr->value);
-                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                return NULL;
-        }
-        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-        
-        if(!(p7 = B64_read_PKCS7(bio))) {
-                PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);
-                return NULL;
-        }
-        return p7;
-}
-/* Split a multipart/XXX message body into component parts: result is
- * canonical parts in a STACK of bios
- */
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
-{
-        char linebuf[MAX_SMLEN];
-        int len, blen;
-        int eol = 0, next_eol = 0;
-        BIO *bpart = NULL;
-        STACK_OF(BIO) *parts;
-        char state, part, first;
-        blen = strlen(bound);
-        part = 0;
-        state = 0;
-        first = 1;
-        parts = sk_BIO_new_null();
-        *ret = parts;
-        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
-                state = mime_bound_check(linebuf, len, bound, blen);
-                if(state == 1) {
-                        first = 1;
-                        part++;
-                } else if(state == 2) {
-                        sk_BIO_push(parts, bpart);
-                        return 1;
-                } else if(part) {
-                        /* Strip CR+LF from linebuf */
-                        next_eol = strip_eol(linebuf, &len);
-                        if(first) {
-                                first = 0;
-                                if(bpart) sk_BIO_push(parts, bpart);
-                                bpart = BIO_new(BIO_s_mem());
-                                BIO_set_mem_eof_return(bpart, 0);
-                        } else if (eol)
-                                BIO_write(bpart, "\r\n", 2);
-                        eol = next_eol;
-                        if (len)
-                                BIO_write(bpart, linebuf, len);
-                }
-        }
-        return 0;
-}
-/* This is the big one: parse MIME header lines up to message body */
-#define MIME_INVALID    0
-#define MIME_START      1
-#define MIME_TYPE       2
-#define MIME_NAME       3
-#define MIME_VALUE      4
-#define MIME_QUOTE      5
-#define MIME_COMMENT    6
-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
-{
-        char *p, *q, c;
-        char *ntmp;
-        char linebuf[MAX_SMLEN];
-        MIME_HEADER *mhdr = NULL;
-        STACK_OF(MIME_HEADER) *headers;
-        int len, state, save_state = 0;
-        headers = sk_MIME_HEADER_new(mime_hdr_cmp);
-        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
-        /* If whitespace at line start then continuation line */
-        if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
-        else state = MIME_START;
-        ntmp = NULL;
-        /* Go through all characters */
-        for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
-        /* State machine to handle MIME headers
-         * if this looks horrible that's because it *is*
-         */
-                switch(state) {
-                        case MIME_START:
-                        if(c == ':') {
-                                state = MIME_TYPE;
-                                *p = 0;
-                                ntmp = strip_ends(q);
-                                q = p + 1;
-                        }
-                        break;
-                        case MIME_TYPE:
-                        if(c == ';') {
-                                mime_debug("Found End Value\n");
-                                *p = 0;
-                                mhdr = mime_hdr_new(ntmp, strip_ends(q));
-                                sk_MIME_HEADER_push(headers, mhdr);
-                                ntmp = NULL;
-                                q = p + 1;
-                                state = MIME_NAME;
-                        } else if(c == '(') {
-                                save_state = state;
-                                state = MIME_COMMENT;
-                        }
-                        break;
-                        case MIME_COMMENT:
-                        if(c == ')') {
-                                state = save_state;
-                        }
-                        break;
-                        case MIME_NAME:
-                        if(c == '=') {
-                                state = MIME_VALUE;
-                                *p = 0;
-                                ntmp = strip_ends(q);
-                                q = p + 1;
-                        }
-                        break ;
-                        case MIME_VALUE:
-                        if(c == ';') {
-                                state = MIME_NAME;
-                                *p = 0;
-                                mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
-                                ntmp = NULL;
-                                q = p + 1;
-                        } else if (c == '"') {
-                                mime_debug("Found Quote\n");
-                                state = MIME_QUOTE;
-                        } else if(c == '(') {
-                                save_state = state;
-                                state = MIME_COMMENT;
-                        }
-                        break;
-                        case MIME_QUOTE:
-                        if(c == '"') {
-                                mime_debug("Found Match Quote\n");
-                                state = MIME_VALUE;
-                        }
-                        break;
-                }
-        }
-        if(state == MIME_TYPE) {
-                mhdr = mime_hdr_new(ntmp, strip_ends(q));
-                sk_MIME_HEADER_push(headers, mhdr);
-        } else if(state == MIME_VALUE)
-                         mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
-        if(p == linebuf) break; /* Blank line means end of headers */
-}
-return headers;
-}
-static char *strip_ends(char *name)
-{
-        return strip_end(strip_start(name));
-}
-/* Strip a parameter of whitespace from start of param */
-static char *strip_start(char *name)
-{
-        char *p, c;
-        /* Look for first non white space or quote */
-        for(p = name; (c = *p) ;p++) {
-                if(c == '"') {
-                        /* Next char is start of string if non null */
-                        if(p[1]) return p + 1;
-                        /* Else null string */
-                        return NULL;
-                }
-                if(!isspace((unsigned char)c)) return p;
-        }
-        return NULL;
-}
-/* As above but strip from end of string : maybe should handle brackets? */
-static char *strip_end(char *name)
-{
-        char *p, c;
-        if(!name) return NULL;
-        /* Look for first non white space or quote */
-        for(p = name + strlen(name) - 1; p >= name ;p--) {
-                c = *p;
-                if(c == '"') {
-                        if(p - 1 == name) return NULL;
-                        *p = 0;
-                        return name;
-                }
-                if(isspace((unsigned char)c)) *p = 0;   
-                else return name;
-        }
-        return NULL;
-}
-static MIME_HEADER *mime_hdr_new(char *name, char *value)
-{
-        MIME_HEADER *mhdr;
-        char *tmpname, *tmpval, *p;
-        int c;
-        if(name) {
-                if(!(tmpname = BUF_strdup(name))) return NULL;
-                for(p = tmpname ; *p; p++) {
-                        c = *p;
-                        if(isupper(c)) {
-                                c = tolower(c);
-                                *p = c;
-                        }
-                }
-        } else tmpname = NULL;
-        if(value) {
-                if(!(tmpval = BUF_strdup(value))) return NULL;
-                for(p = tmpval ; *p; p++) {
-                        c = *p;
-                        if(isupper(c)) {
-                                c = tolower(c);
-                                *p = c;
-                        }
-                }
-        } else tmpval = NULL;
-        mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
-        if(!mhdr) return NULL;
-        mhdr->name = tmpname;
-        mhdr->value = tmpval;
-        if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
-        return mhdr;
-}
-                
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
-{
-        char *tmpname, *tmpval, *p;
-        int c;
-        MIME_PARAM *mparam;
-        if(name) {
-                tmpname = BUF_strdup(name);
-                if(!tmpname) return 0;
-                for(p = tmpname ; *p; p++) {
-                        c = *p;
-                        if(isupper(c)) {
-                                c = tolower(c);
-                                *p = c;
-                        }
-                }
-        } else tmpname = NULL;
-        if(value) {
-                tmpval = BUF_strdup(value);
-                if(!tmpval) return 0;
-        } else tmpval = NULL;
-        /* Parameter values are case sensitive so leave as is */
-        mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
-        if(!mparam) return 0;
-        mparam->param_name = tmpname;
-        mparam->param_value = tmpval;
-        sk_MIME_PARAM_push(mhdr->params, mparam);
-        return 1;
-}
-static int mime_hdr_cmp(const MIME_HEADER * const *a,
-                        const MIME_HEADER * const *b)
-{
-        return(strcmp((*a)->name, (*b)->name));
-}
-static int mime_param_cmp(const MIME_PARAM * const *a,
-                        const MIME_PARAM * const *b)
-{
-        return(strcmp((*a)->param_name, (*b)->param_name));
-}
-/* Find a header with a given name (if possible) */
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
-{
-        MIME_HEADER htmp;
-        int idx;
-        htmp.name = name;
-        idx = sk_MIME_HEADER_find(hdrs, &htmp);
-        if(idx < 0) return NULL;
-        return sk_MIME_HEADER_value(hdrs, idx);
-}
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
-{
-        MIME_PARAM param;
-        int idx;
-        param.param_name = name;
-        idx = sk_MIME_PARAM_find(hdr->params, &param);
-        if(idx < 0) return NULL;
-        return sk_MIME_PARAM_value(hdr->params, idx);
-}
-static void mime_hdr_free(MIME_HEADER *hdr)
-{
-        if(hdr->name) OPENSSL_free(hdr->name);
-        if(hdr->value) OPENSSL_free(hdr->value);
-        if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
-        OPENSSL_free(hdr);
-}
-static void mime_param_free(MIME_PARAM *param)
-{
-        if(param->param_name) OPENSSL_free(param->param_name);
-        if(param->param_value) OPENSSL_free(param->param_value);
-        OPENSSL_free(param);
-}
-/* Check for a multipart boundary. Returns:
- * 0 : no boundary
- * 1 : part boundary
- * 2 : final boundary
- */
-static int mime_bound_check(char *line, int linelen, char *bound, int blen)
-{
-        if(linelen == -1) linelen = strlen(line);
-        if(blen == -1) blen = strlen(bound);
-        /* Quickly eliminate if line length too short */
-        if(blen + 2 > linelen) return 0;
-        /* Check for part boundary */
-        if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
-                if(!strncmp(line + blen + 2, "--", 2)) return 2;
-                else return 1;
-        }
-        return 0;
-}
-static int strip_eol(char *linebuf, int *plen)
        {
-        int len = *plen;
+        return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
-        char *p, c;
-        int is_eol = 0;
-        p = linebuf + len - 1;
-        for (p = linebuf + len - 1; len > 0; len--, p--)
-                {
-                c = *p;
-                if (c == '\n')
-                        is_eol = 1;
-                else if (c != '\r')
-                        break;
-                }
-        *plen = len;
-        return is_eol;
        }
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
index fd18ec3d95..86742d0dcd 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
@@ -63,24 +63,19 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                  BIO *data, int flags)
 {
-        PKCS7 *p7 = NULL;
+        PKCS7 *p7;
-        PKCS7_SIGNER_INFO *si;
-        BIO *p7bio = NULL;
-        STACK_OF(X509_ALGOR) *smcap = NULL;
        int i;
-        if(!X509_check_private_key(signcert, pkey)) {
+        if(!(p7 = PKCS7_new()))
-                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                {
-                return NULL;
-        }
-        if(!(p7 = PKCS7_new())) {
                PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
                return NULL;
-        }
+                }
        if (!PKCS7_set_type(p7, NID_pkcs7_signed))
                goto err;
@@ -88,82 +83,185 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
        if (!PKCS7_content_new(p7, NID_pkcs7_data))
                goto err;
-        if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
+        if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags))
-                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+                {
+                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
                goto err;
-        }
+                }
-        if(!(flags & PKCS7_NOCERTS)) {
+        if(!(flags & PKCS7_NOCERTS))
-                if (!PKCS7_add_certificate(p7, signcert))
+                {
-                        goto err;
+                for(i = 0; i < sk_X509_num(certs); i++)
-                if(certs) for(i = 0; i < sk_X509_num(certs); i++)
+                        {
                        if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
                                goto err;
-        }
+                        }
+                }
-        if(!(flags & PKCS7_NOATTR)) {
+        if(flags & PKCS7_DETACHED)
-                if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                PKCS7_set_detached(p7, 1);
-                                V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)))
-                        goto err;
+        if (flags & (PKCS7_STREAM|PKCS7_PARTIAL))
-                /* Add SMIMECapabilities */
+                return p7;
-                if(!(flags & PKCS7_NOSMIMECAP))
+        if (PKCS7_final(p7, data, flags))
+                return p7;
+        err:
+        PKCS7_free(p7);
+        return NULL;
+}
+int PKCS7_final(PKCS7 *p7, BIO *data, int flags)
+        {
+        BIO *p7bio;
+        int ret = 0;
+        if (!(p7bio = PKCS7_dataInit(p7, NULL)))
                {
-                if(!(smcap = sk_X509_ALGOR_new_null())) {
+                PKCS7err(PKCS7_F_PKCS7_FINAL,ERR_R_MALLOC_FAILURE);
-                        PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+                return 0;
-                        goto err;
-                }
-#ifndef OPENSSL_NO_DES
-                if (!PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1))
-                        goto err;
-#endif
-#ifndef OPENSSL_NO_RC2
-                if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128))
-                        goto err;
-                if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64))
-                        goto err;
-#endif
-#ifndef OPENSSL_NO_DES
-                if (!PKCS7_simple_smimecap (smcap, NID_des_cbc, -1))
-                        goto err;
-#endif
-#ifndef OPENSSL_NO_RC2
-                if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40))
-                        goto err;
-#endif
-                if (!PKCS7_add_attrib_smimecap (si, smcap))
-                        goto err;
-                sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
-                smcap = NULL;
                }
-        }
-        if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
+        SMIME_crlf_copy(data, p7bio, flags);
-        if (flags & PKCS7_STREAM)
+        (void)BIO_flush(p7bio);
-                return p7;
-        if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
+        if (!PKCS7_dataFinal(p7,p7bio))
-                PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+                {
+                PKCS7err(PKCS7_F_PKCS7_FINAL,PKCS7_R_PKCS7_DATASIGN);
                goto err;
+                }
+        ret = 1;
+        err:
+        BIO_free_all(p7bio);
+        return ret;
        }
-        SMIME_crlf_copy(data, p7bio, flags);
+/* Check to see if a cipher exists and if so add S/MIME capabilities */
+static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+        {
+        if (EVP_get_cipherbynid(nid))
+                return PKCS7_simple_smimecap(sk, nid, arg);
+        return 1;
+        }
-        if (!PKCS7_dataFinal(p7,p7bio)) {
+static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
-                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
+        {
-                goto err;
+        if (EVP_get_digestbynid(nid))
+                return PKCS7_simple_smimecap(sk, nid, arg);
+        return 1;
        }
-        BIO_free_all(p7bio);
+PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
-        return p7;
+                                        EVP_PKEY *pkey, const EVP_MD *md,
-err:
+                                        int flags)
-        sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+        {
-        BIO_free_all(p7bio);
+        PKCS7_SIGNER_INFO *si = NULL;
-        PKCS7_free(p7);
+        STACK_OF(X509_ALGOR) *smcap = NULL;
+        if(!X509_check_private_key(signcert, pkey))
+                {
+                PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
+                        PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                return NULL;
+                }
+        if (!(si = PKCS7_add_signature(p7,signcert,pkey, md)))
+                {
+                PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
+                                PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+                return NULL;
+                }
+        if(!(flags & PKCS7_NOCERTS))
+                {
+                if (!PKCS7_add_certificate(p7, signcert))
+                        goto err;
+                }
+        if(!(flags & PKCS7_NOATTR))
+                {
+                if (!PKCS7_add_attrib_content_type(si, NULL))
+                        goto err;
+                /* Add SMIMECapabilities */
+                if(!(flags & PKCS7_NOSMIMECAP))
+                        {
+                        if(!(smcap = sk_X509_ALGOR_new_null()))
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
+                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+                        || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
+                        || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
+                                || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
+                                || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
+                        || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
+                                || !add_cipher_smcap(smcap, NID_rc2_cbc, 128)
+                                || !add_cipher_smcap(smcap, NID_rc2_cbc, 64)
+                                || !add_cipher_smcap(smcap, NID_des_cbc, -1)
+                                || !add_cipher_smcap(smcap, NID_rc2_cbc, 40)
+                                || !PKCS7_add_attrib_smimecap (si, smcap))
+                                goto err;
+                        sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+                        smcap = NULL;
+                        }
+                if (flags & PKCS7_REUSE_DIGEST)
+                        {
+                        if (!pkcs7_copy_existing_digest(p7, si))
+                                goto err;
+                        if (!(flags & PKCS7_PARTIAL) &&
+                                        !PKCS7_SIGNER_INFO_sign(si))
+                                goto err;
+                        }
+                }
+        return si;
+        err:
+        if (smcap)
+                sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
        return NULL;
-}
+        }
+/* Search for a digest matching SignerInfo digest type and if found
+ * copy across.
+ */
+static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+        {
+        int i;
+        STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+        PKCS7_SIGNER_INFO *sitmp;
+        ASN1_OCTET_STRING *osdig = NULL;
+        sinfos = PKCS7_get_signer_info(p7);
+        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
+                {
+                sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+                if (si == sitmp)
+                        break;
+                if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0)
+                        continue;
+                if (!OBJ_cmp(si->digest_alg->algorithm,
+                                sitmp->digest_alg->algorithm))
+                        {
+                        osdig = PKCS7_digest_from_attributes(sitmp->auth_attr);
+                        break;
+                        }
+                }
+        if (osdig)
+                return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);
+        PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST,
+                        PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
+        return 0;
+        }
 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
                                        BIO *indata, BIO *out, int flags)
@@ -354,7 +452,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
        if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
-                return NULL;
+                return 0;
        }
        if(!(signers = sk_X509_new_null())) {
@@ -377,12 +475,12 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
            if (!signer) {
                        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
                        sk_X509_free(signers);
-                        return NULL;
+                        return 0;
            }
            if (!sk_X509_push(signers, signer)) {
-                        sk_X509_free(signers);
+                sk_X509_free(signers);
-                        return NULL;
+                return NULL;
            }
        }
        return signers;
@@ -405,7 +503,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
        if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
                goto err;
-        if(!PKCS7_set_cipher(p7, cipher)) {
+        if (!PKCS7_set_cipher(p7, cipher)) {
                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
                goto err;
        }
@@ -419,22 +517,11 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
                }
        }
-        if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
+        if (flags & PKCS7_STREAM)
-                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
+                return p7;
-                goto err;
-        }
-        SMIME_crlf_copy(in, p7bio, flags);
-        (void)BIO_flush(p7bio);
-        if (!PKCS7_dataFinal(p7,p7bio)) {
-                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
-                goto err;
-        }
-        BIO_free_all(p7bio);
-        return p7;
+        if (PKCS7_final(p7, in, flags))
+                return p7;
        err:
diff --git a/src/lib/libssl/src/crypto/pkcs7/pkcs7.h b/src/lib/libssl/src/crypto/pkcs7/pkcs7.h
index cc092d262d..e4d443193c 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pkcs7.h
+++ b/src/lib/libssl/src/crypto/pkcs7/pkcs7.h
@@ -232,6 +232,9 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 #define PKCS7_type_is_signedAndEnveloped(a) \
                (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
 #define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
+#define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
+#define PKCS7_type_is_encrypted(a) \
+                (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
 #define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
@@ -242,14 +245,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 #define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
-#ifdef SSLEAY_MACROS
-#ifndef PKCS7_ISSUER_AND_SERIAL_digest
-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
-                        (char *)data,md,len)
-#endif
-#endif
 /* S/MIME related flags */
 #define PKCS7_TEXT              0x1
@@ -266,6 +261,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 #define PKCS7_CRLFEOL           0x800
 #define PKCS7_STREAM            0x1000
 #define PKCS7_NOCRL             0x2000
+#define PKCS7_PARTIAL           0x4000
+#define PKCS7_REUSE_DIGEST      0x8000
 /* Flags: for compatibility with older code */
@@ -281,7 +278,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
-#ifndef SSLEAY_MACROS
 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type,
        unsigned char *md,unsigned int *len);
 #ifndef OPENSSL_NO_FP_API
@@ -291,7 +287,8 @@ int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
 PKCS7 *PKCS7_dup(PKCS7 *p7);
 PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
 int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
-#endif
+int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
+int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
 DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
 DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
@@ -307,6 +304,7 @@ DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
 DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
 DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
+DECLARE_ASN1_PRINT_FUNCTION(PKCS7)
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
@@ -315,6 +313,7 @@ int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
 int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
        const EVP_MD *dgst);
+int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
 int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
 int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
@@ -336,9 +335,13 @@ int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);
 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
 PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
+void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
+                                        X509_ALGOR **pdig, X509_ALGOR **psig);
+void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc);
 int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
 int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
 int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
+int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7);
 PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
 ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
@@ -355,6 +358,12 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                                                        BIO *data, int flags);
+PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7,
+                        X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md,
+                        int flags);
+int PKCS7_final(PKCS7 *p7, BIO *data, int flags);
 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
                                        BIO *indata, BIO *out, int flags);
 STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
@@ -367,10 +376,16 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
 STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
 int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
+int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid);
+int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t);
+int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
+                                const unsigned char *md, int mdlen);
 int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
 PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
-int SMIME_text(BIO *in, BIO *out);
+BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -383,12 +398,17 @@ void ERR_load_PKCS7_strings(void);
 /* Function codes. */
 #define PKCS7_F_B64_READ_PKCS7                           120
 #define PKCS7_F_B64_WRITE_PKCS7                          121
+#define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB                   136
+#define PKCS7_F_I2D_PKCS7_BIO_STREAM                     140
+#define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME           135
 #define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP                118
 #define PKCS7_F_PKCS7_ADD_CERTIFICATE                    100
 #define PKCS7_F_PKCS7_ADD_CRL                            101
 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO                 102
+#define PKCS7_F_PKCS7_ADD_SIGNATURE                      131
 #define PKCS7_F_PKCS7_ADD_SIGNER                         103
 #define PKCS7_F_PKCS7_BIO_ADD_DIGEST                     125
+#define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST               138
 #define PKCS7_F_PKCS7_CTRL                               104
 #define PKCS7_F_PKCS7_DATADECODE                         112
 #define PKCS7_F_PKCS7_DATAFINAL                          128
@@ -396,15 +416,22 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_F_PKCS7_DATASIGN                           106
 #define PKCS7_F_PKCS7_DATAVERIFY                         107
 #define PKCS7_F_PKCS7_DECRYPT                            114
+#define PKCS7_F_PKCS7_DECRYPT_RINFO                      133
+#define PKCS7_F_PKCS7_ENCODE_RINFO                       132
 #define PKCS7_F_PKCS7_ENCRYPT                            115
+#define PKCS7_F_PKCS7_FINAL                              134
 #define PKCS7_F_PKCS7_FIND_DIGEST                        127
 #define PKCS7_F_PKCS7_GET0_SIGNERS                       124
+#define PKCS7_F_PKCS7_RECIP_INFO_SET                     130
 #define PKCS7_F_PKCS7_SET_CIPHER                         108
 #define PKCS7_F_PKCS7_SET_CONTENT                        109
 #define PKCS7_F_PKCS7_SET_DIGEST                         126
 #define PKCS7_F_PKCS7_SET_TYPE                           110
 #define PKCS7_F_PKCS7_SIGN                               116
 #define PKCS7_F_PKCS7_SIGNATUREVERIFY                    113
+#define PKCS7_F_PKCS7_SIGNER_INFO_SET                    129
+#define PKCS7_F_PKCS7_SIGNER_INFO_SIGN                   139
+#define PKCS7_F_PKCS7_SIGN_ADD_SIGNER                    137
 #define PKCS7_F_PKCS7_SIMPLE_SMIMECAP                    119
 #define PKCS7_F_PKCS7_VERIFY                             117
 #define PKCS7_F_SMIME_READ_PKCS7                         122
@@ -415,10 +442,13 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER          144
 #define PKCS7_R_CIPHER_NOT_INITIALIZED                   116
 #define PKCS7_R_CONTENT_AND_DATA_PRESENT                 118
+#define PKCS7_R_CTRL_ERROR                               152
 #define PKCS7_R_DECODE_ERROR                             130
 #define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH            100
 #define PKCS7_R_DECRYPT_ERROR                            119
 #define PKCS7_R_DIGEST_FAILURE                           101
+#define PKCS7_R_ENCRYPTION_CTRL_FAILURE                  149
+#define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150
 #define PKCS7_R_ERROR_ADDING_RECIPIENT                   120
 #define PKCS7_R_ERROR_SETTING_CIPHER                     121
 #define PKCS7_R_INVALID_MIME_TYPE                        131
@@ -429,6 +459,8 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_R_MISSING_CERIPEND_INFO                    103
 #define PKCS7_R_NO_CONTENT                               122
 #define PKCS7_R_NO_CONTENT_TYPE                          135
+#define PKCS7_R_NO_DEFAULT_DIGEST                        151
+#define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND            154
 #define PKCS7_R_NO_MULTIPART_BODY_FAILURE                136
 #define PKCS7_R_NO_MULTIPART_BOUNDARY                    137
 #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE         115
@@ -438,6 +470,7 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_R_NO_SIG_CONTENT_TYPE                      138
 #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE     104
 #define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR                124
+#define PKCS7_R_PKCS7_ADD_SIGNER_ERROR                   153
 #define PKCS7_R_PKCS7_DATAFINAL                          126
 #define PKCS7_R_PKCS7_DATAFINAL_ERROR                    125
 #define PKCS7_R_PKCS7_DATASIGN                           145
@@ -446,6 +479,8 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE   127
 #define PKCS7_R_SIGNATURE_FAILURE                        105
 #define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND             128
+#define PKCS7_R_SIGNING_CTRL_FAILURE                     147
+#define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE  148
 #define PKCS7_R_SIG_INVALID_MIME_TYPE                    141
 #define PKCS7_R_SMIME_TEXT_ERROR                         129
 #define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE               106
diff --git a/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c b/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c
index c0e3d4cd33..d0af32a265 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c
@@ -1,6 +1,6 @@
 /* crypto/pkcs7/pkcs7err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -72,12 +72,17 @@ static ERR_STRING_DATA PKCS7_str_functs[]=
        {
 {ERR_FUNC(PKCS7_F_B64_READ_PKCS7),      "B64_READ_PKCS7"},
 {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7),     "B64_WRITE_PKCS7"},
+{ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB),      "DO_PKCS7_SIGNED_ATTRIB"},
+{ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM),        "i2d_PKCS7_bio_stream"},
+{ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME),      "PKCS7_add0_attrib_signing_time"},
 {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),   "PKCS7_add_attrib_smimecap"},
 {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE),       "PKCS7_add_certificate"},
 {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL),       "PKCS7_add_crl"},
 {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO),    "PKCS7_add_recipient_info"},
+{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"},
 {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER),    "PKCS7_add_signer"},
 {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST),        "PKCS7_BIO_ADD_DIGEST"},
+{ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST),  "PKCS7_COPY_EXISTING_DIGEST"},
 {ERR_FUNC(PKCS7_F_PKCS7_CTRL),  "PKCS7_ctrl"},
 {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE),    "PKCS7_dataDecode"},
 {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL),     "PKCS7_dataFinal"},
@@ -85,15 +90,22 @@ static ERR_STRING_DATA PKCS7_str_functs[]=
 {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN),      "PKCS7_DATASIGN"},
 {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY),    "PKCS7_dataVerify"},
 {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT),       "PKCS7_decrypt"},
+{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"},
+{ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO),  "PKCS7_ENCODE_RINFO"},
 {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT),       "PKCS7_encrypt"},
+{ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"},
 {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST),   "PKCS7_FIND_DIGEST"},
 {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS),  "PKCS7_get0_signers"},
+{ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET),        "PKCS7_RECIP_INFO_set"},
 {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER),    "PKCS7_set_cipher"},
 {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT),   "PKCS7_set_content"},
 {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST),    "PKCS7_set_digest"},
 {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE),      "PKCS7_set_type"},
 {ERR_FUNC(PKCS7_F_PKCS7_SIGN),  "PKCS7_sign"},
 {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY),       "PKCS7_signatureVerify"},
+{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET),       "PKCS7_SIGNER_INFO_set"},
+{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN),      "PKCS7_SIGNER_INFO_sign"},
+{ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER),       "PKCS7_sign_add_signer"},
 {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP),       "PKCS7_simple_smimecap"},
 {ERR_FUNC(PKCS7_F_PKCS7_VERIFY),        "PKCS7_verify"},
 {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7),    "SMIME_read_PKCS7"},
@@ -107,10 +119,13 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
 {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"},
 {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"},
+{ERR_REASON(PKCS7_R_CTRL_ERROR)          ,"ctrl error"},
 {ERR_REASON(PKCS7_R_DECODE_ERROR)        ,"decode error"},
 {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"},
 {ERR_REASON(PKCS7_R_DECRYPT_ERROR)       ,"decrypt error"},
 {ERR_REASON(PKCS7_R_DIGEST_FAILURE)      ,"digest failure"},
+{ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE),"encryption ctrl failure"},
+{ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"encryption not supported for this key type"},
 {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"},
 {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},
 {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE)   ,"invalid mime type"},
@@ -121,6 +136,8 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"},
 {ERR_REASON(PKCS7_R_NO_CONTENT)          ,"no content"},
 {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE)     ,"no content type"},
+{ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST)   ,"no default digest"},
+{ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),"no matching digest type found"},
 {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
 {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
 {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},
@@ -130,6 +147,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
 {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"},
 {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
+{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR),"pkcs7 add signer error"},
 {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL)     ,"pkcs7 datafinal"},
 {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"},
 {ERR_REASON(PKCS7_R_PKCS7_DATASIGN)      ,"pkcs7 datasign"},
@@ -138,6 +156,8 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
 {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE)   ,"signature failure"},
 {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
+{ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE),"signing ctrl failure"},
+{ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"signing not supported for this key type"},
 {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
 {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR)    ,"smime text error"},
 {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"},
diff --git a/src/lib/libssl/src/crypto/rand/Makefile b/src/lib/libssl/src/crypto/rand/Makefile
index 30794305cb..27694aa664 100644
--- a/src/lib/libssl/src/crypto/rand/Makefile
+++ b/src/lib/libssl/src/crypto/rand/Makefile
@@ -17,9 +17,9 @@ TEST= randtest.c
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC=md_rand.c randfile.c rand_lib.c rand_eng.c rand_err.c rand_egd.c \
+LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
        rand_win.c rand_unix.c rand_os2.c rand_nw.c
-LIBOBJ=md_rand.o randfile.o rand_lib.o rand_eng.o rand_err.o rand_egd.o \
+LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \
        rand_win.o rand_unix.o rand_os2.o rand_nw.o
 SRC= $(LIBSRC)
@@ -35,7 +35,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -79,34 +79,17 @@ clean:
 md_rand.o: ../../e_os.h ../../include/openssl/asn1.h
 md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-md_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+md_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-md_rand.o: ../../include/openssl/symhacks.h md_rand.c rand_lcl.h
+md_rand.o: md_rand.c rand_lcl.h
 rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h
 rand_egd.o: ../../include/openssl/opensslconf.h
 rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
 rand_egd.o: rand_egd.c
-rand_eng.o: ../../e_os.h ../../include/openssl/asn1.h
-rand_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-rand_eng.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-rand_eng.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
-rand_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-rand_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-rand_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_eng.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-rand_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rand_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rand_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-rand_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-rand_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rand_eng.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-rand_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-rand_eng.o: ../cryptlib.h rand_eng.c rand_lcl.h
 rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
@@ -116,39 +99,34 @@ rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rand_err.o: rand_err.c
 rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h
 rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-rand_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 rand_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
 rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rand_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-rand_lib.o: ../cryptlib.h rand_lcl.h rand_lib.c
+rand_lib.o: ../cryptlib.h rand_lib.c
 rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h
 rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_nw.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_nw.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_nw.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rand_nw.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rand_nw.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-rand_nw.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rand_nw.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c
-rand_nw.o: ../cryptlib.h rand_lcl.h rand_nw.c
 rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h
 rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_os2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rand_os2.o: ../../include/openssl/opensslconf.h
 rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -158,8 +136,8 @@ rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h
 rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_unix.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_unix.o: ../../include/openssl/objects.h
 rand_unix.o: ../../include/openssl/opensslconf.h
 rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
@@ -170,9 +148,8 @@ rand_win.o: ../../e_os.h ../../include/openssl/asn1.h
 rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_win.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rand_win.o: ../../include/openssl/opensslconf.h
 rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/src/lib/libssl/src/crypto/rand/md_rand.c b/src/lib/libssl/src/crypto/rand/md_rand.c
index 0f8dd3e00f..88088ce73c 100644
--- a/src/lib/libssl/src/crypto/rand/md_rand.c
+++ b/src/lib/libssl/src/crypto/rand/md_rand.c
@@ -126,10 +126,6 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #ifdef BN_DEBUG
 # define PREDICT
@@ -149,7 +145,7 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
                                           * holds CRYPTO_LOCK_RAND
                                           * (to prevent double locking) */
 /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
-static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
+static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
 #ifdef PREDICT
@@ -217,8 +213,10 @@ static void ssleay_rand_add(const void *buf, int num, double add)
        /* check if we already have the lock */
        if (crypto_lock_rand)
                {
+                CRYPTO_THREADID cur;
+                CRYPTO_THREADID_current(&cur);
                CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-                do_not_lock = (locking_thread == CRYPTO_thread_id());
+                do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
                CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
                }
        else
@@ -274,8 +272,16 @@ static void ssleay_rand_add(const void *buf, int num, double add)
                        }
                else
                        MD_Update(&m,&(state[st_idx]),j);
-                        
+                /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
                MD_Update(&m,buf,j);
+                /* We know that line may cause programs such as
+                   purify and valgrind to complain about use of
+                   uninitialized data.  The problem is not, it's
+                   with the caller.  Removing that line will make
+                   sure you get really bad randomness and thereby
+                   other problems such as very insecure keys. */
                MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
                MD_Final(&m,local_md);
                md_c[1]++;
@@ -336,14 +342,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 #endif
        int do_stir_pool = 0;
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode())
-            {
-            FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
-            return 0;
-            }
-#endif
 #ifdef PREDICT
        if (rand_predictable)
                {
@@ -384,7 +382,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
        /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
        CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-        locking_thread = CRYPTO_thread_id();
+        CRYPTO_THREADID_current(&locking_threadid);
        CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
        crypto_lock_rand = 1;
@@ -476,9 +474,15 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 #endif
                MD_Update(&m,local_md,MD_DIGEST_LENGTH);
                MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-#ifndef PURIFY
-                MD_Update(&m,buf,j); /* purify complains */
+#ifndef PURIFY /* purify complains */
+                /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
+                MD_Update(&m,buf,j);
+                /* We know that line may cause programs such as
+                   purify and valgrind to complain about use of
+                   uninitialized data.  */
 #endif
                k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
                if (k > 0)
                        {
@@ -539,15 +543,17 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
 static int ssleay_rand_status(void)
        {
+        CRYPTO_THREADID cur;
        int ret;
        int do_not_lock;
+        CRYPTO_THREADID_current(&cur);
        /* check if we already have the lock
         * (could happen if a RAND_poll() implementation calls RAND_status()) */
        if (crypto_lock_rand)
                {
                CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-                do_not_lock = (locking_thread == CRYPTO_thread_id());
+                do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
                CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
                }
        else
@@ -559,7 +565,7 @@ static int ssleay_rand_status(void)
                
                /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
                CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-                locking_thread = CRYPTO_thread_id();
+                CRYPTO_THREADID_cpy(&locking_threadid, &cur);
                CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
                crypto_lock_rand = 1;
                }
diff --git a/src/lib/libssl/src/crypto/rand/rand.h b/src/lib/libssl/src/crypto/rand/rand.h
index ea89153cba..ac6c021763 100644
--- a/src/lib/libssl/src/crypto/rand/rand.h
+++ b/src/lib/libssl/src/crypto/rand/rand.h
@@ -72,7 +72,7 @@ extern "C" {
 #endif
 #if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T int
+#define FIPS_RAND_SIZE_T size_t
 #endif
 /* Already defined in ossl_typ.h */
@@ -111,15 +111,6 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
 int RAND_egd(const char *path);
 int RAND_egd_bytes(const char *path,int bytes);
 int RAND_poll(void);
-#ifndef OPENSSL_NO_ENGINE
-#ifdef OPENSSL_FIPS
-void int_RAND_init_engine_callbacks(void);
-void int_RAND_set_callbacks(
-        int (*set_rand_func)(const RAND_METHOD *meth,
-                                                const RAND_METHOD **pmeth),
-        const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth));
-#endif
-#endif
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
@@ -137,29 +128,11 @@ void ERR_load_RAND_strings(void);
 /* Error codes for the RAND functions. */
 /* Function codes. */
-#define RAND_F_ENG_RAND_GET_RAND_METHOD                  108
-#define RAND_F_FIPS_RAND                                 103
-#define RAND_F_FIPS_RAND_BYTES                           102
-#define RAND_F_FIPS_RAND_GET_RAND_METHOD                 109
-#define RAND_F_FIPS_RAND_SET_DT                          106
-#define RAND_F_FIPS_SET_DT                               104
-#define RAND_F_FIPS_SET_PRNG_SEED                        107
-#define RAND_F_FIPS_SET_TEST_MODE                        105
 #define RAND_F_RAND_GET_RAND_METHOD                      101
 #define RAND_F_SSLEAY_RAND_BYTES                         100
 /* Reason codes. */
-#define RAND_R_NON_FIPS_METHOD                           105
-#define RAND_R_NOT_IN_TEST_MODE                          106
-#define RAND_R_NO_KEY_SET                                107
-#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH                  101
-#define RAND_R_PRNG_ERROR                                108
-#define RAND_R_PRNG_KEYED                                109
-#define RAND_R_PRNG_NOT_REKEYED                          102
-#define RAND_R_PRNG_NOT_RESEEDED                         103
 #define RAND_R_PRNG_NOT_SEEDED                           100
-#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY              110
-#define RAND_R_PRNG_STUCK                                104
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/crypto/rand/rand_egd.c b/src/lib/libssl/src/crypto/rand/rand_egd.c
index 50bce6caba..d53b916ebe 100644
--- a/src/lib/libssl/src/crypto/rand/rand_egd.c
+++ b/src/lib/libssl/src/crypto/rand/rand_egd.c
@@ -95,7 +95,7 @@
 *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
 */
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS)
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
        {
        return(-1);
diff --git a/src/lib/libssl/src/crypto/rand/rand_err.c b/src/lib/libssl/src/crypto/rand/rand_err.c
index 829fb44d77..03cda4dd92 100644
--- a/src/lib/libssl/src/crypto/rand/rand_err.c
+++ b/src/lib/libssl/src/crypto/rand/rand_err.c
@@ -1,6 +1,6 @@
 /* crypto/rand/rand_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,14 +70,6 @@
 static ERR_STRING_DATA RAND_str_functs[]=
        {
-{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD),     "ENG_RAND_GET_RAND_METHOD"},
-{ERR_FUNC(RAND_F_FIPS_RAND),    "FIPS_RAND"},
-{ERR_FUNC(RAND_F_FIPS_RAND_BYTES),      "FIPS_RAND_BYTES"},
-{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD),    "FIPS_RAND_GET_RAND_METHOD"},
-{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT),     "FIPS_RAND_SET_DT"},
-{ERR_FUNC(RAND_F_FIPS_SET_DT),  "FIPS_SET_DT"},
-{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED),   "FIPS_SET_PRNG_SEED"},
-{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE),   "FIPS_SET_TEST_MODE"},
 {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
 {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),    "SSLEAY_RAND_BYTES"},
 {0,NULL}
@@ -85,17 +77,7 @@ static ERR_STRING_DATA RAND_str_functs[]=
 static ERR_STRING_DATA RAND_str_reasons[]=
        {
-{ERR_REASON(RAND_R_NON_FIPS_METHOD)      ,"non fips method"},
-{ERR_REASON(RAND_R_NOT_IN_TEST_MODE)     ,"not in test mode"},
-{ERR_REASON(RAND_R_NO_KEY_SET)           ,"no key set"},
-{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
-{ERR_REASON(RAND_R_PRNG_ERROR)           ,"prng error"},
-{ERR_REASON(RAND_R_PRNG_KEYED)           ,"prng keyed"},
-{ERR_REASON(RAND_R_PRNG_NOT_REKEYED)     ,"prng not rekeyed"},
-{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED)    ,"prng not reseeded"},
 {ERR_REASON(RAND_R_PRNG_NOT_SEEDED)      ,"PRNG not seeded"},
-{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"},
-{ERR_REASON(RAND_R_PRNG_STUCK)           ,"prng stuck"},
 {0,NULL}
        };
diff --git a/src/lib/libssl/src/crypto/rand/rand_lcl.h b/src/lib/libssl/src/crypto/rand/rand_lcl.h
index 18cc9b1e4a..618a8ec899 100644
--- a/src/lib/libssl/src/crypto/rand/rand_lcl.h
+++ b/src/lib/libssl/src/crypto/rand/rand_lcl.h
@@ -154,16 +154,5 @@
 #define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
 #endif
-#ifndef OPENSSL_NO_ENGINE
-void int_RAND_set_callbacks(
-        int (*set_rand_func)(const RAND_METHOD *meth,
-                                                const RAND_METHOD **pmeth),
-        const RAND_METHOD *(*get_rand_func)
-                                                (const RAND_METHOD **pmeth));
-int eng_RAND_set_rand_method(const RAND_METHOD *meth,
-                                const RAND_METHOD **pmeth);
-const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth);
-#endif
 #endif
diff --git a/src/lib/libssl/src/crypto/rand/rand_lib.c b/src/lib/libssl/src/crypto/rand/rand_lib.c
index da6b4e0e86..513e338985 100644
--- a/src/lib/libssl/src/crypto/rand/rand_lib.c
+++ b/src/lib/libssl/src/crypto/rand/rand_lib.c
@@ -60,82 +60,15 @@
 #include <time.h>
 #include "cryptlib.h"
 #include <openssl/rand.h>
-#include "rand_lcl.h"
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#endif
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-static const RAND_METHOD *default_RAND_meth = NULL;
-#ifdef OPENSSL_FIPS
-static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
-                                        const RAND_METHOD **pmeth)
-        {
-        *pmeth = meth;
-        return 1;
-        }
-static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
-        {
-        if (!*pmeth)
-                {
-                if(FIPS_mode())
-                        *pmeth=FIPS_rand_method();
-                else
-                        *pmeth = RAND_SSLeay();
-                }
-        if(FIPS_mode()
-                && *pmeth != FIPS_rand_check())
-            {
-            RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
-            return 0;
-            }
-        return *pmeth;
-        }
-static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth,
-                                                const RAND_METHOD **pmeth)
-        = fips_RAND_set_rand_method;
-static const RAND_METHOD *(*RAND_get_rand_method_func)
-                                                (const RAND_METHOD **pmeth)
-        = fips_RAND_get_rand_method;
-#ifndef OPENSSL_NO_ENGINE
-void int_RAND_set_callbacks(
-        int (*set_rand_func)(const RAND_METHOD *meth,
-                                                const RAND_METHOD **pmeth),
-        const RAND_METHOD *(*get_rand_func)
-                                                (const RAND_METHOD **pmeth))
-        {
-        RAND_set_rand_method_func = set_rand_func;
-        RAND_get_rand_method_func = get_rand_func;
-        }
-#endif
-int RAND_set_rand_method(const RAND_METHOD *meth)
-        {
-        return RAND_set_rand_method_func(meth, &default_RAND_meth);
-        }
-const RAND_METHOD *RAND_get_rand_method(void)
-        {
-        return RAND_get_rand_method_func(&default_RAND_meth);
-        }
-#else
 #ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
 static ENGINE *funct_ref =NULL;
 #endif
+static const RAND_METHOD *default_RAND_meth = NULL;
 int RAND_set_rand_method(const RAND_METHOD *meth)
        {
@@ -196,8 +129,6 @@ int RAND_set_rand_engine(ENGINE *engine)
        }
 #endif
-#endif
 void RAND_cleanup(void)
        {
        const RAND_METHOD *meth = RAND_get_rand_method();
diff --git a/src/lib/libssl/src/crypto/rand/rand_os2.c b/src/lib/libssl/src/crypto/rand/rand_os2.c
index c3e36d4e5e..fc1e78b179 100644
--- a/src/lib/libssl/src/crypto/rand/rand_os2.c
+++ b/src/lib/libssl/src/crypto/rand/rand_os2.c
@@ -78,8 +78,10 @@ typedef struct _CPUUTIL {
    ULONG ulIntrHigh;           /* High 32 bits of interrupt time */
 } CPUUTIL;
+#ifndef __KLIBC__
 APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL;
 APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL;
+#endif
 HMODULE hDoscalls = 0;
 int RAND_poll(void)
@@ -91,6 +93,7 @@ int RAND_poll(void)
    if (hDoscalls == 0) {
        ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls);
+#ifndef __KLIBC__
        if (rc == 0) {
            rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall);
@@ -102,6 +105,7 @@ int RAND_poll(void)
            if (rc)
                DosQuerySysState = NULL;
        }
+#endif
    }
    /* Sample the hi-res timer, runs at around 1.1 MHz */
@@ -122,7 +126,9 @@ int RAND_poll(void)
            RAND_add(&util, sizeof(util), 10);
        }
        else {
+#ifndef __KLIBC__
            DosPerfSysCall = NULL;
+#endif
        }
    }
diff --git a/src/lib/libssl/src/crypto/rand/rand_unix.c b/src/lib/libssl/src/crypto/rand/rand_unix.c
index 71b98ec212..e9ead3a529 100644
--- a/src/lib/libssl/src/crypto/rand/rand_unix.c
+++ b/src/lib/libssl/src/crypto/rand/rand_unix.c
@@ -133,7 +133,50 @@
 # define FD_SETSIZE (8*sizeof(fd_set))
 #endif
-#ifdef __OpenBSD__
+#ifdef __VOS__
+int RAND_poll(void)
+{
+        unsigned char buf[ENTROPY_NEEDED];
+        pid_t curr_pid;
+        uid_t curr_uid;
+        static int first=1;
+        int i;
+        long rnd = 0;
+        struct timespec ts;
+        unsigned seed;
+/* The VOS random() function starts from a static seed so its
+   initial value is predictable.  If random() returns the
+   initial value, reseed it with dynamic data.  The VOS
+   real-time clock has a granularity of 1 nsec so it should be
+   reasonably difficult to predict its exact value.  Do not
+   gratuitously reseed the PRNG because other code in this
+   process or thread may be using it.  */
+        if (first) {
+                first = 0;
+                rnd = random ();
+                if (rnd == 1804289383) {
+                        clock_gettime (CLOCK_REALTIME, &ts);
+                        curr_pid = getpid();
+                        curr_uid = getuid();
+                        seed = ts.tv_sec ^ ts.tv_nsec ^ curr_pid ^ curr_uid;
+                        srandom (seed);
+                }
+        }
+        for (i = 0; i < sizeof(buf); i++) {
+                if (i % 4 == 0)
+                        rnd = random();
+                buf[i] = rnd;
+                rnd >>= 8;
+        }
+        RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
+        memset(buf, 0, sizeof(buf));
+        return 1;
+}
+#elif defined __OpenBSD__
 int RAND_poll(void)
 {
        u_int32_t rnd = 0, i;
@@ -163,7 +206,7 @@ int RAND_poll(void)
        static const char *randomfiles[] = { DEVRANDOM };
        struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
        int fd;
-        size_t i;
+        unsigned int i;
 #endif
 #ifdef DEVRANDOM_EGD
        static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
@@ -176,7 +219,8 @@ int RAND_poll(void)
         * have this. Use /dev/urandom if you can as /dev/random may block
         * if it runs out of random entries.  */
-        for (i=0; i<sizeof(randomfiles)/sizeof(randomfiles[0]) && n < ENTROPY_NEEDED; i++)
+        for (i = 0; (i < sizeof(randomfiles)/sizeof(randomfiles[0])) &&
+                        (n < ENTROPY_NEEDED); i++)
                {
                if ((fd = open(randomfiles[i], O_RDONLY
 #ifdef O_NONBLOCK
@@ -193,7 +237,7 @@ int RAND_poll(void)
                        {
                        int usec = 10*1000; /* spend 10ms on each file */
                        int r;
-                        size_t j;
+                        unsigned int j;
                        struct stat *st=&randomstats[i];
                        /* Avoid using same input... Used to be O_NOFOLLOW
@@ -211,7 +255,12 @@ int RAND_poll(void)
                                {
                                int try_read = 0;
-#if defined(OPENSSL_SYS_LINUX)
+#if defined(OPENSSL_SYS_BEOS_R5)
+                                /* select() is broken in BeOS R5, so we simply
+                                 *  try to read something and snooze if we couldn't */
+                                try_read = 1;
+#elif defined(OPENSSL_SYS_LINUX)
                                /* use poll() */
                                struct pollfd pset;
                                
@@ -258,6 +307,10 @@ int RAND_poll(void)
                                        r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n);
                                        if (r > 0)
                                                n += r;
+#if defined(OPENSSL_SYS_BEOS_R5)
+                                        if (r == 0)
+                                                snooze(t.tv_usec);
+#endif
                                        }
                                else
                                        r = -1;
@@ -311,6 +364,14 @@ int RAND_poll(void)
        l=time(NULL);
        RAND_add(&l,sizeof(l),0.0);
+#if defined(OPENSSL_SYS_BEOS)
+        {
+        system_info sysInfo;
+        get_system_info(&sysInfo);
+        RAND_add(&sysInfo,sizeof(sysInfo),0);
+        }
+#endif
 #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
        return 1;
 #else
diff --git a/src/lib/libssl/src/crypto/rand/rand_win.c b/src/lib/libssl/src/crypto/rand/rand_win.c
index 00dbe4232c..5d134e186b 100644
--- a/src/lib/libssl/src/crypto/rand/rand_win.c
+++ b/src/lib/libssl/src/crypto/rand/rand_win.c
@@ -463,7 +463,7 @@ int RAND_poll(void)
                PROCESSENTRY32 p;
                THREADENTRY32 t;
                MODULEENTRY32 m;
-                DWORD stoptime = 0;
+                DWORD starttime = 0;
                snap = (CREATETOOLHELP32SNAPSHOT)
                        GetProcAddress(kernel, "CreateToolhelp32Snapshot");
@@ -494,12 +494,29 @@ int RAND_poll(void)
                         * each entry.  Consider each field a source of 1 byte
                         * of entropy.
                         */
+                        ZeroMemory(&hlist, sizeof(HEAPLIST32));
                        hlist.dwSize = sizeof(HEAPLIST32);              
-                        if (good) stoptime = GetTickCount() + MAXDELAY;
+                        if (good) starttime = GetTickCount();
+#ifdef _MSC_VER
                        if (heaplist_first(handle, &hlist))
+                                {
+                                /*
+                                   following discussion on dev ML, exception on WinCE (or other Win
+                                   platform) is theoretically of unknown origin; prevent infinite
+                                   loop here when this theoretical case occurs; otherwise cope with
+                                   the expected (MSDN documented) exception-throwing behaviour of
+                                   Heap32Next() on WinCE.
+                                   based on patch in original message by Tanguy Fautré (2009/03/02)
+                                   Subject: RAND_poll() and CreateToolhelp32Snapshot() stability
+                             */
+                                int ex_cnt_limit = 42; 
                                do
                                        {
                                        RAND_add(&hlist, hlist.dwSize, 3);
+                                        __try
+                                                {
+                                                ZeroMemory(&hentry, sizeof(HEAPENTRY32));
                                        hentry.dwSize = sizeof(HEAPENTRY32);
                                        if (heap_first(&hentry,
                                                hlist.th32ProcessID,
@@ -510,10 +527,42 @@ int RAND_poll(void)
                                                        RAND_add(&hentry,
                                                                hentry.dwSize, 5);
                                                while (heap_next(&hentry)
+                                                && (!good || (GetTickCount()-starttime)<MAXDELAY)
                                                        && --entrycnt > 0);
                                                }
-                                        } while (heaplist_next(handle,
+                                                }
-                                                &hlist) && GetTickCount() < stoptime);
+                                        __except (EXCEPTION_EXECUTE_HANDLER)
+                                                {
+                                                        /* ignore access violations when walking the heap list */
+                                                        ex_cnt_limit--;
+                                                }
+                                        } while (heaplist_next(handle, &hlist) 
+                                                && (!good || (GetTickCount()-starttime)<MAXDELAY)
+                                                && ex_cnt_limit > 0);
+                                }
+#else
+                        if (heaplist_first(handle, &hlist))
+                                {
+                                do
+                                        {
+                                        RAND_add(&hlist, hlist.dwSize, 3);
+                                        hentry.dwSize = sizeof(HEAPENTRY32);
+                                        if (heap_first(&hentry,
+                                                hlist.th32ProcessID,
+                                                hlist.th32HeapID))
+                                                {
+                                                int entrycnt = 80;
+                                                do
+                                                        RAND_add(&hentry,
+                                                                hentry.dwSize, 5);
+                                                while (heap_next(&hentry)
+                                                        && --entrycnt > 0);
+                                                }
+                                        } while (heaplist_next(handle, &hlist) 
+                                                && (!good || (GetTickCount()-starttime)<MAXDELAY));
+                                }
+#endif
                        /* process walking */
                        /* PROCESSENTRY32 contains 9 fields that will change
@@ -522,11 +571,11 @@ int RAND_poll(void)
                         */
                        p.dwSize = sizeof(PROCESSENTRY32);
                
-                        if (good) stoptime = GetTickCount() + MAXDELAY;
+                        if (good) starttime = GetTickCount();
                        if (process_first(handle, &p))
                                do
                                        RAND_add(&p, p.dwSize, 9);
-                                while (process_next(handle, &p) && GetTickCount() < stoptime);
+                                while (process_next(handle, &p) && (!good || (GetTickCount()-starttime)<MAXDELAY));
                        /* thread walking */
                        /* THREADENTRY32 contains 6 fields that will change
@@ -534,11 +583,11 @@ int RAND_poll(void)
                         * 1 byte of entropy.
                         */
                        t.dwSize = sizeof(THREADENTRY32);
-                        if (good) stoptime = GetTickCount() + MAXDELAY;
+                        if (good) starttime = GetTickCount();
                        if (thread_first(handle, &t))
                                do
                                        RAND_add(&t, t.dwSize, 6);
-                                while (thread_next(handle, &t) && GetTickCount() < stoptime);
+                                while (thread_next(handle, &t) && (!good || (GetTickCount()-starttime)<MAXDELAY));
                        /* module walking */
                        /* MODULEENTRY32 contains 9 fields that will change
@@ -546,12 +595,12 @@ int RAND_poll(void)
                         * 1 byte of entropy.
                         */
                        m.dwSize = sizeof(MODULEENTRY32);
-                        if (good) stoptime = GetTickCount() + MAXDELAY;
+                        if (good) starttime = GetTickCount();
                        if (module_first(handle, &m))
                                do
                                        RAND_add(&m, m.dwSize, 9);
                                while (module_next(handle, &m)
-                                                && (GetTickCount() < stoptime));
+                                                && (!good || (GetTickCount()-starttime)<MAXDELAY));
                        if (close_snap)
                                close_snap(handle);
                        else
@@ -701,7 +750,7 @@ static void readscreen(void)
  int           y;              /* y-coordinate of screen lines to grab */
  int           n = 16;         /* number of screen lines to grab at a time */
-  if (GetVersion() >= 0x80000000 || !OPENSSL_isservice())
+  if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0)
    return;
  /* Create a screen DC and a memory DC compatible to screen DC */
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c
index d108353bbc..4ed40b7b70 100644
--- a/src/lib/libssl/src/crypto/rand/randfile.c
+++ b/src/lib/libssl/src/crypto/rand/randfile.c
@@ -75,9 +75,7 @@
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
 #endif
-#ifdef MAC_OS_pre_X
+#ifndef OPENSSL_NO_POSIX_IO
-# include <stat.h>
-#else
 # include <sys/stat.h>
 #endif
@@ -111,14 +109,26 @@ int RAND_load_file(const char *file, long bytes)
         * if bytes == -1, read complete file. */
        MS_STATIC unsigned char buf[BUFSIZE];
+#ifndef OPENSSL_NO_POSIX_IO
        struct stat sb;
+#endif
        int i,ret=0,n;
        FILE *in;
        if (file == NULL) return(0);
+#ifndef OPENSSL_NO_POSIX_IO
+#ifdef PURIFY
+        /* struct stat can have padding and unused fields that may not be
+         * initialized in the call to stat(). We need to clear the entire
+         * structure before calling RAND_add() to avoid complaints from
+         * applications such as Valgrind.
+         */
+        memset(&sb, 0, sizeof(sb));
+#endif
        if (stat(file,&sb) < 0) return(0);
        RAND_add(&sb,sizeof(sb),0.0);
+#endif
        if (bytes == 0) return(ret);
 #ifdef OPENSSL_SYS_VMS
@@ -127,7 +137,7 @@ int RAND_load_file(const char *file, long bytes)
        in=fopen(file,"rb");
 #endif
        if (in == NULL) goto err;
-#if defined(S_IFBLK) && defined(S_IFCHR)
+#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPNESSL_NO_POSIX_IO)
        if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
          /* this file is a device. we don't want read an infinite number
           * of bytes from a random device, nor do we want to use buffered
@@ -170,12 +180,13 @@ int RAND_write_file(const char *file)
        int i,ret=0,rand_err=0;
        FILE *out = NULL;
        int n;
+#ifndef OPENSSL_NO_POSIX_IO
        struct stat sb;
        
        i=stat(file,&sb);
        if (i != -1) { 
-#if defined(S_IFBLK) && defined(S_IFCHR)
+#if defined(S_ISBLK) && defined(S_ISCHR)
-          if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+          if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
            /* this file is a device. we don't write back to it. 
             * we "succeed" on the assumption this is some sort 
             * of random device. Otherwise attempting to write to 
@@ -185,14 +196,16 @@ int RAND_write_file(const char *file)
          }
 #endif
        }
+#endif
-#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS)
+#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS)
        {
-        /* For some reason Win32 can't write to files created this way */
+#ifndef O_BINARY
-        
+#define O_BINARY 0
+#endif
        /* chmod(..., 0600) is too late to protect the file,
         * permissions should be restrictive from the start */
-        int fd = open(file, O_CREAT, 0600);
+        int fd = open(file, O_WRONLY|O_CREAT|O_BINARY, 0600);
        if (fd != -1)
                out = fdopen(fd, "wb");
        }
diff --git a/src/lib/libssl/src/crypto/rc2/Makefile b/src/lib/libssl/src/crypto/rc2/Makefile
index 4b6292b65f..73eac347e7 100644
--- a/src/lib/libssl/src/crypto/rc2/Makefile
+++ b/src/lib/libssl/src/crypto/rc2/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -78,11 +78,7 @@ rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
 rc2_cbc.o: rc2_cbc.c rc2_locl.h
 rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
-rc2_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
-rc2_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
-rc2_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rc2_skey.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h
-rc2_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rc2_skey.o: rc2_locl.h rc2_skey.c
 rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
 rc2cfb64.o: rc2_locl.h rc2cfb64.c
diff --git a/src/lib/libssl/src/crypto/rc2/rc2.h b/src/lib/libssl/src/crypto/rc2/rc2.h
index e542ec94ff..34c8362317 100644
--- a/src/lib/libssl/src/crypto/rc2/rc2.h
+++ b/src/lib/libssl/src/crypto/rc2/rc2.h
@@ -79,9 +79,7 @@ typedef struct rc2_key_st
        RC2_INT data[64];
        } RC2_KEY;
-#ifdef OPENSSL_FIPS 
+ 
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
-#endif
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
 void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
                     int enc);
diff --git a/src/lib/libssl/src/crypto/rc2/rc2_skey.c b/src/lib/libssl/src/crypto/rc2/rc2_skey.c
index 4e000e5b99..0150b0e035 100644
--- a/src/lib/libssl/src/crypto/rc2/rc2_skey.c
+++ b/src/lib/libssl/src/crypto/rc2/rc2_skey.c
@@ -57,14 +57,9 @@
 */
 #include <openssl/rc2.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "rc2_locl.h"
-static unsigned char key_table[256]={
+static const unsigned char key_table[256]={
        0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79,
        0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e,
        0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5,
@@ -99,20 +94,8 @@ static unsigned char key_table[256]={
 * BSAFE uses the 'retarded' version.  What I previously shipped is
 * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
 * a version where the bits parameter is the same as len*8 */
-#ifdef OPENSSL_FIPS
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
        {
-        if (FIPS_mode())
-                FIPS_BAD_ABORT(RC2)
-        private_RC2_set_key(key, len, data, bits);
-        }
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
-                                                                int bits)
-#else
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#endif
-        {
        int i,j;
        unsigned char *k;
        RC2_INT *ki;
diff --git a/src/lib/libssl/src/crypto/rc4/Makefile b/src/lib/libssl/src/crypto/rc4/Makefile
index f0bd7678fc..264451a213 100644
--- a/src/lib/libssl/src/crypto/rc4/Makefile
+++ b/src/lib/libssl/src/crypto/rc4/Makefile
@@ -21,8 +21,8 @@ TEST=rc4test.c
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC=rc4_skey.c rc4_enc.c rc4_fblk.c
+LIBSRC=rc4_skey.c rc4_enc.c
-LIBOBJ=$(RC4_ENC) rc4_fblk.o
+LIBOBJ=$(RC4_ENC)
 SRC= $(LIBSRC)
@@ -37,26 +37,26 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+rc4-586.s:      asm/rc4-586.pl ../perlasm/x86asm.pl
-rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/rc4-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
-        (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > ../$@)
-# COFF
-rx86-cof.s: asm/rc4-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) rc4-586.pl coff $(CFLAGS) > ../$@)
-# a.out
-rx86-out.s: asm/rc4-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) rc4-586.pl a.out $(CFLAGS) > ../$@)
-rc4-x86_64.s: asm/rc4-x86_64.pl;        $(PERL) asm/rc4-x86_64.pl $@
+rc4-x86_64.s: asm/rc4-x86_64.pl
+        $(PERL) asm/rc4-x86_64.pl $(PERLASM_SCHEME) > $@
-rc4-ia64.s: asm/rc4-ia64.S
+rc4-ia64.S: asm/rc4-ia64.pl
+        $(PERL) asm/rc4-ia64.pl $(CFLAGS) > $@
+rc4-s390x.s:    asm/rc4-s390x.pl
+        $(PERL) asm/rc4-s390x.pl > $@
+rc4-ia64.s: rc4-ia64.S
        @case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \
-        int)    set -x; $(CC) $(CFLAGS) -DSZ=4 -E asm/rc4-ia64.S > $@ ;; \
+        int)    set -x; $(CC) $(CFLAGS) -DSZ=4 -E rc4-ia64.S > $@ ;; \
-        char)   set -x; $(CC) $(CFLAGS) -DSZ=1 -E asm/rc4-ia64.S > $@ ;; \
+        char)   set -x; $(CC) $(CFLAGS) -DSZ=1 -E rc4-ia64.S > $@ ;; \
        *)      exit 1 ;; \
        esac
@@ -105,20 +105,10 @@ rc4_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rc4_enc.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
 rc4_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rc4_enc.o: ../cryptlib.h rc4_enc.c rc4_locl.h
-rc4_fblk.o: ../../e_os.h ../../include/openssl/bio.h
-rc4_fblk.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rc4_fblk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rc4_fblk.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-rc4_fblk.o: ../../include/openssl/opensslconf.h
-rc4_fblk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rc4_fblk.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
-rc4_fblk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rc4_fblk.o: ../cryptlib.h rc4_fblk.c rc4_locl.h
 rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h
 rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rc4_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-rc4_skey.o: ../../include/openssl/opensslconf.h
 rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
 rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl b/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl
index ef7eee766c..38a44a70ef 100644
--- a/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl
+++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl
@@ -1,14 +1,21 @@
-#!/usr/local/bin/perl
+#!/usr/bin/env perl
+# ====================================================================
+# [Re]written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
 # At some point it became apparent that the original SSLeay RC4
-# assembler implementation performs suboptimaly on latest IA-32
+# assembler implementation performs suboptimally on latest IA-32
 # microarchitectures. After re-tuning performance has changed as
 # following:
 #
-# Pentium       +0%
+# Pentium       -10%
-# Pentium III   +17%
+# Pentium III   +12%
-# AMD           +52%(*)
+# AMD           +50%(*)
-# P4            +180%(**)
+# P4            +250%(**)
 #
 # (*)   This number is actually a trade-off:-) It's possible to
 #       achieve +72%, but at the cost of -48% off PIII performance.
@@ -17,214 +24,247 @@
 #       For reference! This code delivers ~80% of rc4-amd64.pl
 #       performance on the same Opteron machine.
 # (**)  This number requires compressed key schedule set up by
-#       RC4_set_key and therefore doesn't apply to 0.9.7 [option for
+#       RC4_set_key [see commentary below for further details].
-#       compressed key schedule is implemented in 0.9.8 and later,
-#       see commentary section in rc4_skey.c for further details].
 #
 #                                       <appro@fy.chalmers.se>
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],"rc4-586.pl");
-$x="eax";
+$xx="eax";
-$y="ebx";
+$yy="ebx";
 $tx="ecx";
 $ty="edx";
-$in="esi";
+$inp="esi";
-$out="edi";
+$out="ebp";
-$d="ebp";
+$dat="edi";
-&RC4("RC4");
+sub RC4_loop {
+  my $i=shift;
-&asm_finish();
+  my $func = ($i==0)?*mov:*or;
-sub RC4_loop
+        &add    (&LB($yy),&LB($tx));
-        {
+        &mov    ($ty,&DWP(0,$dat,$yy,4));
-        local($n,$p,$char)=@_;
+        &mov    (&DWP(0,$dat,$yy,4),$tx);
+        &mov    (&DWP(0,$dat,$xx,4),$ty);
-        &comment("Round $n");
+        &add    ($ty,$tx);
+        &inc    (&LB($xx));
-        if ($char)
+        &and    ($ty,0xff);
-                {
+        &ror    ($out,8)        if ($i!=0);
-                if ($p >= 0)
+        if ($i<3) {
-                        {
+          &mov  ($tx,&DWP(0,$dat,$xx,4));
-                         &mov($ty,      &swtmp(2));
+        } else {
-                        &cmp($ty,       $in);
+          &mov  ($tx,&wparam(3));       # reload [re-biased] out
-                         &jbe(&label("finished"));
-                        &inc($in);
-                        }
-                else
-                        {
-                        &add($ty,       8);
-                         &inc($in);
-                        &cmp($ty,       $in);
-                         &jb(&label("finished"));
-                        &mov(&swtmp(2), $ty);
-                        }
-                }
-        # Moved out
-        # &mov( $tx,            &DWP(0,$d,$x,4)) if $p < 0;
-        &add(   &LB($y),        &LB($tx));
-        &mov(   $ty,            &DWP(0,$d,$y,4));
-         # XXX
-        &mov(   &DWP(0,$d,$x,4),$ty);
-         &add(  $ty,            $tx);
-        &mov(   &DWP(0,$d,$y,4),$tx);
-         &and(  $ty,            0xff);
-         &inc(  &LB($x));                       # NEXT ROUND
-        &mov(   $tx,            &DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND
-         &mov(  $ty,            &DWP(0,$d,$ty,4));
-        if (!$char)
-                {
-                #moved up into last round
-                if ($p >= 1)
-                        {
-                        &add(   $out,   8)
-                        }
-                &movb(  &BP($n,"esp","",0),     &LB($ty));
-                }
-        else
-                {
-                # Note in+=8 has occured
-                &movb(  &HB($ty),       &BP(-1,$in,"",0));
-                 # XXX
-                &xorb(&LB($ty),         &HB($ty));
-                 # XXX
-                &movb(&BP($n,$out,"",0),&LB($ty));
-                }
        }
+        &$func  ($out,&DWP(0,$dat,$ty,4));
+}
-sub RC4
-        {
+# void RC4(RC4_KEY *key,size_t len,const unsigned char *inp,unsigned char *out);
-        local($name)=@_;
+&function_begin("RC4");
+        &mov    ($dat,&wparam(0));      # load key schedule pointer
-        &function_begin_B($name,"");
+        &mov    ($ty, &wparam(1));      # load len
+        &mov    ($inp,&wparam(2));      # load inp
-        &mov($ty,&wparam(1));           # len
+        &mov    ($out,&wparam(3));      # load out
-        &cmp($ty,0);
-        &jne(&label("proceed"));
+        &xor    ($xx,$xx);              # avoid partial register stalls
-        &ret();
+        &xor    ($yy,$yy);
-        &set_label("proceed");
+        &cmp    ($ty,0);                # safety net
-        &comment("");
+        &je     (&label("abort"));
-        &push("ebp");
+        &mov    (&LB($xx),&BP(0,$dat)); # load key->x
-         &push("ebx");
+        &mov    (&LB($yy),&BP(4,$dat)); # load key->y
-        &push("esi");
+        &add    ($dat,8);
-         &xor(  $x,     $x);            # avoid partial register stalls
-        &push("edi");
+        &lea    ($tx,&DWP(0,$inp,$ty));
-         &xor(  $y,     $y);            # avoid partial register stalls
+        &sub    ($out,$inp);            # re-bias out
-        &mov(   $d,     &wparam(0));    # key
+        &mov    (&wparam(1),$tx);       # save input+len
-         &mov(  $in,    &wparam(2));
+        &inc    (&LB($xx));
-        &movb(  &LB($x),        &BP(0,$d,"",1));
-         &movb( &LB($y),        &BP(4,$d,"",1));
+        # detect compressed key schedule...
+        &cmp    (&DWP(256,$dat),-1);
-        &mov(   $out,   &wparam(3));
+        &je     (&label("RC4_CHAR"));
-         &inc(  &LB($x));
+        &mov    ($tx,&DWP(0,$dat,$xx,4));
-        &stack_push(3); # 3 temp variables
-         &add(  $d,     8);
+        &and    ($ty,-4);               # how many 4-byte chunks?
+        &jz     (&label("loop1"));
-        # detect compressed schedule, see commentary section in rc4_skey.c...
-        # in 0.9.7 context ~50 bytes below RC4_CHAR label remain redundant,
+        &lea    ($ty,&DWP(-4,$inp,$ty));
-        # as compressed key schedule is set up in 0.9.8 and later.
+        &mov    (&wparam(2),$ty);       # save input+(len/4)*4-4
-        &cmp(&DWP(256,$d),-1);
+        &mov    (&wparam(3),$out);      # $out as accumulator in this loop
-        &je(&label("RC4_CHAR"));
+        &set_label("loop4",16);
-         &lea(  $ty,    &DWP(-8,$ty,$in));
+                for ($i=0;$i<4;$i++) { RC4_loop($i); }
+                &ror    ($out,8);
-        # check for 0 length input
+                &xor    ($out,&DWP(0,$inp));
+                &cmp    ($inp,&wparam(2));      # compare to input+(len/4)*4-4
-         &mov(  &swtmp(2),      $ty);   # this is now address to exit at
+                &mov    (&DWP(0,$tx,$inp),$out);# $tx holds re-biased out here
-        &mov(   $tx,    &DWP(0,$d,$x,4));
+                &lea    ($inp,&DWP(4,$inp));
+                &mov    ($tx,&DWP(0,$dat,$xx,4));
-         &cmp(  $ty,    $in);
+        &jb     (&label("loop4"));
-        &jb(    &label("end")); # less than 8 bytes
+        &cmp    ($inp,&wparam(1));      # compare to input+len
-        &set_label("start");
+        &je     (&label("done"));
+        &mov    ($out,&wparam(3));      # restore $out
-        # filling DELAY SLOT
-        &add(   $in,    8);
+        &set_label("loop1",16);
+                &add    (&LB($yy),&LB($tx));
-        &RC4_loop(0,-1,0);
+                &mov    ($ty,&DWP(0,$dat,$yy,4));
-        &RC4_loop(1,0,0);
+                &mov    (&DWP(0,$dat,$yy,4),$tx);
-        &RC4_loop(2,0,0);
+                &mov    (&DWP(0,$dat,$xx,4),$ty);
-        &RC4_loop(3,0,0);
+                &add    ($ty,$tx);
-        &RC4_loop(4,0,0);
+                &inc    (&LB($xx));
-        &RC4_loop(5,0,0);
+                &and    ($ty,0xff);
-        &RC4_loop(6,0,0);
+                &mov    ($ty,&DWP(0,$dat,$ty,4));
-        &RC4_loop(7,1,0);
+                &xor    (&LB($ty),&BP(0,$inp));
-        
+                &lea    ($inp,&DWP(1,$inp));
-        &comment("apply the cipher text");
+                &mov    ($tx,&DWP(0,$dat,$xx,4));
-        # xor the cipher data with input
+                &cmp    ($inp,&wparam(1));      # compare to input+len
+                &mov    (&BP(-1,$out,$inp),&LB($ty));
-        #&add(  $out,   8); #moved up into last round
+        &jb     (&label("loop1"));
-        &mov(   $tx,    &swtmp(0));
+        &jmp    (&label("done"));
-         &mov(  $ty,    &DWP(-8,$in,"",0));
-        &xor(   $tx,    $ty);
+# this is essentially Intel P4 specific codepath...
-         &mov(  $ty,    &DWP(-4,$in,"",0)); 
+&set_label("RC4_CHAR",16);
-        &mov(   &DWP(-8,$out,"",0),     $tx);
+        &movz   ($tx,&BP(0,$dat,$xx));
-         &mov(  $tx,    &swtmp(1));
-        &xor(   $tx,    $ty);
-         &mov(  $ty,    &swtmp(2));     # load end ptr;
-        &mov(   &DWP(-4,$out,"",0),     $tx);
-         &mov(  $tx,            &DWP(0,$d,$x,4));
-        &cmp($in,       $ty);
-         &jbe(&label("start"));
-        &set_label("end");
-        # There is quite a bit of extra crap in RC4_loop() for this
-        # first round
-        &RC4_loop(0,-1,1);
-        &RC4_loop(1,0,1);
-        &RC4_loop(2,0,1);
-        &RC4_loop(3,0,1);
-        &RC4_loop(4,0,1);
-        &RC4_loop(5,0,1);
-        &RC4_loop(6,1,1);
-        &jmp(&label("finished"));
-        &align(16);
-        # this is essentially Intel P4 specific codepath, see rc4_skey.c,
-        # and is engaged in 0.9.8 and later context...
-        &set_label("RC4_CHAR");
-        &lea    ($ty,&DWP(0,$in,$ty));
-        &mov    (&swtmp(2),$ty);
-        &movz   ($tx,&BP(0,$d,$x));
        # strangely enough unrolled loop performs over 20% slower...
-        &set_label("RC4_CHAR_loop");
+        &set_label("cloop1");
-                &add    (&LB($y),&LB($tx));
+                &add    (&LB($yy),&LB($tx));
-                &movz   ($ty,&BP(0,$d,$y));
+                &movz   ($ty,&BP(0,$dat,$yy));
-                &movb   (&BP(0,$d,$y),&LB($tx));
+                &mov    (&BP(0,$dat,$yy),&LB($tx));
-                &movb   (&BP(0,$d,$x),&LB($ty));
+                &mov    (&BP(0,$dat,$xx),&LB($ty));
                &add    (&LB($ty),&LB($tx));
-                &movz   ($ty,&BP(0,$d,$ty));
+                &movz   ($ty,&BP(0,$dat,$ty));
-                &add    (&LB($x),1);
+                &add    (&LB($xx),1);
-                &xorb   (&LB($ty),&BP(0,$in));
+                &xor    (&LB($ty),&BP(0,$inp));
-                &lea    ($in,&DWP(1,$in));
+                &lea    ($inp,&DWP(1,$inp));
-                &movz   ($tx,&BP(0,$d,$x));
+                &movz   ($tx,&BP(0,$dat,$xx));
-                &cmp    ($in,&swtmp(2));
+                &cmp    ($inp,&wparam(1));
-                &movb   (&BP(0,$out),&LB($ty));
+                &mov    (&BP(-1,$out,$inp),&LB($ty));
-                &lea    ($out,&DWP(1,$out));
+        &jb     (&label("cloop1"));
-        &jb     (&label("RC4_CHAR_loop"));
+&set_label("done");
-        &set_label("finished");
+        &dec    (&LB($xx));
-        &dec(   $x);
+        &mov    (&BP(-4,$dat),&LB($yy));        # save key->y
-         &stack_pop(3);
+        &mov    (&BP(-8,$dat),&LB($xx));        # save key->x
-        &movb(  &BP(-4,$d,"",0),&LB($y));
+&set_label("abort");
-         &movb( &BP(-8,$d,"",0),&LB($x));
+&function_end("RC4");
-        &function_end($name);
+########################################################################
-        }
+$inp="esi";
+$out="edi";
+$idi="ebp";
+$ido="ecx";
+$idx="edx";
+&external_label("OPENSSL_ia32cap_P");
+# void RC4_set_key(RC4_KEY *key,int len,const unsigned char *data);
+&function_begin("RC4_set_key");
+        &mov    ($out,&wparam(0));              # load key
+        &mov    ($idi,&wparam(1));              # load len
+        &mov    ($inp,&wparam(2));              # load data
+        &picmeup($idx,"OPENSSL_ia32cap_P");
+        &lea    ($out,&DWP(2*4,$out));          # &key->data
+        &lea    ($inp,&DWP(0,$inp,$idi));       # $inp to point at the end
+        &neg    ($idi);
+        &xor    ("eax","eax");
+        &mov    (&DWP(-4,$out),$idi);           # borrow key->y
+        &bt     (&DWP(0,$idx),20);              # check for bit#20
+        &jc     (&label("c1stloop"));
+&set_label("w1stloop",16);
+        &mov    (&DWP(0,$out,"eax",4),"eax");   # key->data[i]=i;
+        &add    (&LB("eax"),1);                 # i++;
+        &jnc    (&label("w1stloop"));
+        &xor    ($ido,$ido);
+        &xor    ($idx,$idx);
+&set_label("w2ndloop",16);
+        &mov    ("eax",&DWP(0,$out,$ido,4));
+        &add    (&LB($idx),&BP(0,$inp,$idi));
+        &add    (&LB($idx),&LB("eax"));
+        &add    ($idi,1);
+        &mov    ("ebx",&DWP(0,$out,$idx,4));
+        &jnz    (&label("wnowrap"));
+          &mov  ($idi,&DWP(-4,$out));
+        &set_label("wnowrap");
+        &mov    (&DWP(0,$out,$idx,4),"eax");
+        &mov    (&DWP(0,$out,$ido,4),"ebx");
+        &add    (&LB($ido),1);
+        &jnc    (&label("w2ndloop"));
+&jmp    (&label("exit"));
+# Unlike all other x86 [and x86_64] implementations, Intel P4 core
+# [including EM64T] was found to perform poorly with above "32-bit" key
+# schedule, a.k.a. RC4_INT. Performance improvement for IA-32 hand-coded
+# assembler turned out to be 3.5x if re-coded for compressed 8-bit one,
+# a.k.a. RC4_CHAR! It's however inappropriate to just switch to 8-bit
+# schedule for x86[_64], because non-P4 implementations suffer from
+# significant performance losses then, e.g. PIII exhibits >2x
+# deterioration, and so does Opteron. In order to assure optimal
+# all-round performance, we detect P4 at run-time and set up compressed
+# key schedule, which is recognized by RC4 procedure.
+&set_label("c1stloop",16);
+        &mov    (&BP(0,$out,"eax"),&LB("eax")); # key->data[i]=i;
+        &add    (&LB("eax"),1);                 # i++;
+        &jnc    (&label("c1stloop"));
+        &xor    ($ido,$ido);
+        &xor    ($idx,$idx);
+        &xor    ("ebx","ebx");
+&set_label("c2ndloop",16);
+        &mov    (&LB("eax"),&BP(0,$out,$ido));
+        &add    (&LB($idx),&BP(0,$inp,$idi));
+        &add    (&LB($idx),&LB("eax"));
+        &add    ($idi,1);
+        &mov    (&LB("ebx"),&BP(0,$out,$idx));
+        &jnz    (&label("cnowrap"));
+          &mov  ($idi,&DWP(-4,$out));
+        &set_label("cnowrap");
+        &mov    (&BP(0,$out,$idx),&LB("eax"));
+        &mov    (&BP(0,$out,$ido),&LB("ebx"));
+        &add    (&LB($ido),1);
+        &jnc    (&label("c2ndloop"));
+        &mov    (&DWP(256,$out),-1);            # mark schedule as compressed
+&set_label("exit");
+        &xor    ("eax","eax");
+        &mov    (&DWP(-8,$out),"eax");          # key->x=0;
+        &mov    (&DWP(-4,$out),"eax");          # key->y=0;
+&function_end("RC4_set_key");
+# const char *RC4_options(void);
+&function_begin_B("RC4_options");
+        &call   (&label("pic_point"));
+&set_label("pic_point");
+        &blindpop("eax");
+        &lea    ("eax",&DWP(&label("opts")."-".&label("pic_point"),"eax"));
+        &picmeup("edx","OPENSSL_ia32cap_P");
+        &bt     (&DWP(0,"edx"),20);
+        &jnc    (&label("skip"));
+          &add  ("eax",12);
+        &set_label("skip");
+        &ret    ();
+&set_label("opts",64);
+&asciz  ("rc4(4x,int)");
+&asciz  ("rc4(1x,char)");
+&asciz  ("RC4 for x86, CRYPTOGAMS by <appro\@openssl.org>");
+&align  (64);
+&function_end_B("RC4_options");
+&asm_finish();
diff --git a/src/lib/libssl/src/crypto/rc4/rc4.h b/src/lib/libssl/src/crypto/rc4/rc4.h
index 2d8620d33b..29d1acccf5 100644
--- a/src/lib/libssl/src/crypto/rc4/rc4.h
+++ b/src/lib/libssl/src/crypto/rc4/rc4.h
@@ -64,6 +64,8 @@
 #error RC4 is disabled.
 #endif
+#include <stddef.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -76,11 +78,8 @@ typedef struct rc4_key_st
 
 const char *RC4_options(void);
-#ifdef OPENSSL_FIPS
-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-#endif
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
                unsigned char *outdata);
 #ifdef  __cplusplus
diff --git a/src/lib/libssl/src/crypto/rc4/rc4_enc.c b/src/lib/libssl/src/crypto/rc4/rc4_enc.c
index 0660ea60a2..8c4fc6c7a3 100644
--- a/src/lib/libssl/src/crypto/rc4/rc4_enc.c
+++ b/src/lib/libssl/src/crypto/rc4/rc4_enc.c
@@ -67,12 +67,12 @@
 * Date: Wed, 14 Sep 1994 06:35:31 GMT
 */
-void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
             unsigned char *outdata)
        {
        register RC4_INT *d;
        register RC4_INT x,y,tx,ty;
-        int i;
+        size_t i;
        
        x=key->x;     
        y=key->y;     
@@ -120,8 +120,8 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
                        (RC4_CHUNK)d[(tx+ty)&0xff]\
                        )
-        if ( ( ((unsigned long)indata  & (sizeof(RC4_CHUNK)-1)) | 
+        if ( ( ((size_t)indata  & (sizeof(RC4_CHUNK)-1)) | 
-               ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 )
+               ((size_t)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 )
                {
                RC4_CHUNK ichunk,otp;
                const union { long one; char little; } is_endian = {1};
@@ -157,7 +157,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
                if (!is_endian.little)
                        {       /* BIG-ENDIAN CASE */
 # define BESHFT(c)      (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
-                        for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))
+                        for (;len&(0-sizeof(RC4_CHUNK));len-=sizeof(RC4_CHUNK))
                                {
                                ichunk  = *(RC4_CHUNK *)indata;
                                otp  = RC4_STEP<<BESHFT(0);
@@ -210,7 +210,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
                else
                        {       /* LITTLE-ENDIAN CASE */
 # define LESHFT(c)      (((c)*8)&(sizeof(RC4_CHUNK)*8-1))
-                        for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))
+                        for (;len&(0-sizeof(RC4_CHUNK));len-=sizeof(RC4_CHUNK))
                                {
                                ichunk  = *(RC4_CHUNK *)indata;
                                otp  = RC4_STEP;
@@ -276,7 +276,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
 #define RC4_LOOP(a,b,i) LOOP(a[i],b[i])
 #endif
-        i=(int)(len>>3L);
+        i=len>>3;
        if (i)
                {
                for (;;)
@@ -296,7 +296,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
                        if (--i == 0) break;
                        }
                }
-        i=(int)len&0x07;
+        i=len&0x07;
        if (i)
                {
                for (;;)
diff --git a/src/lib/libssl/src/crypto/rc4/rc4_skey.c b/src/lib/libssl/src/crypto/rc4/rc4_skey.c
index 4478d1a4b3..b22c40b0bd 100644
--- a/src/lib/libssl/src/crypto/rc4/rc4_skey.c
+++ b/src/lib/libssl/src/crypto/rc4/rc4_skey.c
@@ -59,11 +59,6 @@
 #include <openssl/rc4.h>
 #include "rc4_locl.h"
 #include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT;
@@ -90,11 +85,7 @@ const char *RC4_options(void)
 * Date: Wed, 14 Sep 1994 06:35:31 GMT
 */
-#ifdef OPENSSL_FIPS
-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
-#else
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
-#endif
        {
        register RC4_INT tmp;
        register int id1,id2;
@@ -128,20 +119,14 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
                 * implementations suffer from significant performance
                 * losses then, e.g. PIII exhibits >2x deterioration,
                 * and so does Opteron. In order to assure optimal
-                 * all-round performance, we detect P4 at run-time by
+                 * all-round performance, let us [try to] detect P4 at
-                 * checking upon reserved bit 20 in CPU capability
+                 * run-time by checking upon HTT bit in CPU capability
                 * vector and set up compressed key schedule, which is
                 * recognized by correspondingly updated assembler
-                 * module... Bit 20 is set up by OPENSSL_ia32_cpuid.
+                 * module...
-                 *
                 *                              <appro@fy.chalmers.se>
                 */
-#ifdef OPENSSL_FIPS
-                unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc();
-                if (ia32cap_ptr && (*ia32cap_ptr & (1<<28))) {
-#else
                if (OPENSSL_ia32cap_P & (1<<28)) {
-#endif
                        unsigned char *cp=(unsigned char *)d;
                        for (i=0;i<256;i++) cp[i]=i;
diff --git a/src/lib/libssl/src/crypto/rc4/rc4test.c b/src/lib/libssl/src/crypto/rc4/rc4test.c
index 54b597fa26..633a79e758 100644
--- a/src/lib/libssl/src/crypto/rc4/rc4test.c
+++ b/src/lib/libssl/src/crypto/rc4/rc4test.c
@@ -114,8 +114,8 @@ static unsigned char output[7][30]={
 int main(int argc, char *argv[])
        {
-        int err=0;
+        int i,err=0;
-        unsigned int i, j;
+        int j;
        unsigned char *p;
        RC4_KEY key;
        unsigned char obuf[512];
@@ -129,12 +129,12 @@ int main(int argc, char *argv[])
                        {
                        printf("error calculating RC4\n");
                        printf("output:");
-                        for (j=0; j<data_len[i]+1U; j++)
+                        for (j=0; j<data_len[i]+1; j++)
                                printf(" %02x",obuf[j]);
                        printf("\n");
                        printf("expect:");
                        p= &(output[i][0]);
-                        for (j=0; j<data_len[i]+1U; j++)
+                        for (j=0; j<data_len[i]+1; j++)
                                printf(" %02x",*(p++));
                        printf("\n");
                        err++;
@@ -180,12 +180,12 @@ int main(int argc, char *argv[])
                        {
                        printf("error in RC4 multi-call processing\n");
                        printf("output:");
-                        for (j=0; j<data_len[3]+1U; j++)
+                        for (j=0; j<data_len[3]+1; j++)
                                printf(" %02x",obuf[j]);
                        printf("\n");
                        printf("expect:");
                        p= &(output[3][0]);
-                        for (j=0; j<data_len[3]+1U; j++)
+                        for (j=0; j<data_len[3]+1; j++)
                                printf(" %02x",*(p++));
                        err++;
                        }
@@ -216,11 +216,11 @@ int main(int argc, char *argv[])
                if (memcmp(md,expected,sizeof(md))) {
                        printf("error in RC4 bulk test\n");
                        printf("output:");
-                        for (j=0; j<sizeof(md); j++)
+                        for (j=0; j<(int)sizeof(md); j++)
                                printf(" %02x",md[j]);
                        printf("\n");
                        printf("expect:");
-                        for (j=0; j<sizeof(md); j++)
+                        for (j=0; j<(int)sizeof(md); j++)
                                printf(" %02x",expected[j]);
                        printf("\n");
                        err++;
diff --git a/src/lib/libssl/src/crypto/rc5/Makefile b/src/lib/libssl/src/crypto/rc5/Makefile
index b4e21c9bb2..8a8b00eb89 100644
--- a/src/lib/libssl/src/crypto/rc5/Makefile
+++ b/src/lib/libssl/src/crypto/rc5/Makefile
@@ -12,8 +12,6 @@ MAKEFILE=	Makefile
 AR=             ar r
 RC5_ENC=                rc5_enc.o
-# or use
-#DES_ENC=       r586-elf.o
 CFLAGS= $(INCLUDES) $(CFLAG)
 ASFLAGS= $(INCLUDES) $(ASFLAG)
@@ -40,19 +38,12 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+rc5-586.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/rc5-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
-        (cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > ../$@)
-# COFF
-r586-cof.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) rc5-586.pl coff $(CFLAGS) > ../$@)
-# a.out
-r586-out.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-        (cd asm; $(PERL) rc5-586.pl a.out $(CFLAGS) > ../$@)
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
diff --git a/src/lib/libssl/src/crypto/rc5/rc5.h b/src/lib/libssl/src/crypto/rc5/rc5.h
index f73a2a02a4..4b3c153b50 100644
--- a/src/lib/libssl/src/crypto/rc5/rc5.h
+++ b/src/lib/libssl/src/crypto/rc5/rc5.h
@@ -94,10 +94,7 @@ typedef struct rc5_key_st
        RC5_32_INT data[2*(RC5_16_ROUNDS+1)];
        } RC5_32_KEY;
-#ifdef OPENSSL_FIPS 
+ 
-void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
-        int rounds);
-#endif
 void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
        int rounds);
 void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key,
diff --git a/src/lib/libssl/src/crypto/ripemd/Makefile b/src/lib/libssl/src/crypto/ripemd/Makefile
index 6145f13699..d5b1067dbe 100644
--- a/src/lib/libssl/src/crypto/ripemd/Makefile
+++ b/src/lib/libssl/src/crypto/ripemd/Makefile
@@ -38,19 +38,12 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+rmd-586.s:      asm/rmd-586.pl ../perlasm/x86asm.pl
-rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/rmd-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
-        (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > ../$@)
-# COFF
-rm86-cof.s: asm/rmd-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) rmd-586.pl coff $(CFLAGS) > ../$@)
-# a.out
-rm86-out.s: asm/rmd-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) rmd-586.pl a.out $(CFLAGS) > ../$@)
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -89,13 +82,8 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
-rmd_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
-rmd_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-rmd_dgst.o: ../../include/openssl/opensslconf.h
-rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rmd_dgst.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
-rmd_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h
 rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
diff --git a/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl b/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl
index 4f3c4c967f..e8b2bc2db2 100644
--- a/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl
+++ b/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl
@@ -5,7 +5,8 @@
 $normal=0;
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],$0);
diff --git a/src/lib/libssl/src/crypto/ripemd/ripemd.h b/src/lib/libssl/src/crypto/ripemd/ripemd.h
index 3b6d04386d..5942eb6180 100644
--- a/src/lib/libssl/src/crypto/ripemd/ripemd.h
+++ b/src/lib/libssl/src/crypto/ripemd/ripemd.h
@@ -70,7 +70,7 @@ extern "C" {
 #error RIPEMD is disabled.
 #endif
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#if defined(__LP32__)
 #define RIPEMD160_LONG unsigned long
 #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define RIPEMD160_LONG unsigned long
@@ -90,9 +90,7 @@ typedef struct RIPEMD160state_st
        RIPEMD160_LONG data[RIPEMD160_LBLOCK];
        unsigned int   num;
        } RIPEMD160_CTX;
-#ifdef OPENSSL_FIPS
-int private_RIPEMD160_Init(RIPEMD160_CTX *c);
-#endif
 int RIPEMD160_Init(RIPEMD160_CTX *c);
 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
diff --git a/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c b/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c
index ead11d075a..59b017f8c0 100644
--- a/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c
+++ b/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c
@@ -59,11 +59,6 @@
 #include <stdio.h>
 #include "rmd_locl.h"
 #include <openssl/opensslv.h>
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
@@ -74,16 +69,14 @@ const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
     void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
 #  endif
-FIPS_NON_FIPS_MD_Init(RIPEMD160)
+int RIPEMD160_Init(RIPEMD160_CTX *c)
        {
+        memset (c,0,sizeof(*c));
        c->A=RIPEMD160_A;
        c->B=RIPEMD160_B;
        c->C=RIPEMD160_C;
        c->D=RIPEMD160_D;
        c->E=RIPEMD160_E;
-        c->Nl=0;
-        c->Nh=0;
-        c->num=0;
        return 1;
        }
diff --git a/src/lib/libssl/src/crypto/ripemd/rmd_locl.h b/src/lib/libssl/src/crypto/ripemd/rmd_locl.h
index ce12a8000e..f14b346e66 100644
--- a/src/lib/libssl/src/crypto/ripemd/rmd_locl.h
+++ b/src/lib/libssl/src/crypto/ripemd/rmd_locl.h
@@ -72,7 +72,7 @@
 */
 #ifdef RMD160_ASM
 # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-#  define ripemd160_block_host_order ripemd160_block_asm_data_order
+#  define ripemd160_block_data_order ripemd160_block_asm_data_order
 # endif
 #endif
diff --git a/src/lib/libssl/src/crypto/rsa/Makefile b/src/lib/libssl/src/crypto/rsa/Makefile
index 7b1fd6428c..bb64223e05 100644
--- a/src/lib/libssl/src/crypto/rsa/Makefile
+++ b/src/lib/libssl/src/crypto/rsa/Makefile
@@ -19,10 +19,12 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
-        rsa_pss.c rsa_x931.c rsa_x931g.c rsa_asn1.c rsa_depr.c rsa_eng.c
+        rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \
+        rsa_pmeth.c
 LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
        rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
-        rsa_pss.o rsa_x931.o rsa_x931g.o rsa_asn1.o rsa_depr.o rsa_eng.o
+        rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o rsa_ameth.o rsa_prn.o \
+        rsa_pmeth.o
 SRC= $(LIBSRC)
@@ -37,7 +39,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -78,6 +80,22 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+rsa_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_ameth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_ameth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_ameth.o: ../../include/openssl/cms.h ../../include/openssl/crypto.h
+rsa_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_ameth.o: ../../include/openssl/objects.h
+rsa_ameth.o: ../../include/openssl/opensslconf.h
+rsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+rsa_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_ameth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_ameth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_ameth.o: ../asn1/asn1_locl.h ../cryptlib.h rsa_ameth.c
 rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -114,21 +132,6 @@ rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
-rsa_eng.o: ../../e_os.h ../../include/openssl/asn1.h
-rsa_eng.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-rsa_eng.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rsa_eng.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-rsa_eng.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-rsa_eng.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-rsa_eng.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-rsa_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rsa_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rsa_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rsa_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-rsa_eng.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_eng.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rsa_eng.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-rsa_eng.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_eng.c
 rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@@ -151,15 +154,15 @@ rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-rsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-rsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-rsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-rsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_lib.c
+rsa_lib.o: ../cryptlib.h rsa_lib.c
 rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -182,9 +185,9 @@ rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-rsa_oaep.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-rsa_oaep.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_oaep.o: ../../include/openssl/opensslconf.h
 rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -199,27 +202,50 @@ rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+rsa_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+rsa_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_pmeth.o: ../../include/openssl/opensslconf.h
+rsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+rsa_pmeth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_pmeth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_pmeth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_pmeth.o: ../cryptlib.h ../evp/evp_locl.h rsa_locl.h rsa_pmeth.c
+rsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_prn.o: ../cryptlib.h rsa_prn.c
 rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_pss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-rsa_pss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-rsa_pss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-rsa_pss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-rsa_pss.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_pss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rsa_pss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pss.c
-rsa_pss.o: ../cryptlib.h rsa_pss.c
 rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_saos.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 rsa_saos.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rsa_saos.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rsa_saos.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rsa_saos.o: ../../include/openssl/opensslconf.h
 rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -232,15 +258,14 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rsa_sign.o: ../../include/openssl/opensslconf.h
 rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-rsa_sign.o: ../cryptlib.h rsa_sign.c
+rsa_sign.o: ../cryptlib.h rsa_locl.h rsa_sign.c
 rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -260,11 +285,3 @@ rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c
-rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rsa_x931g.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-rsa_x931g.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rsa_x931g.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_x931g.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_x931g.o: rsa_x931g.c
diff --git a/src/lib/libssl/src/crypto/rsa/rsa.h b/src/lib/libssl/src/crypto/rsa/rsa.h
index 5bb932ae15..cf74343657 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa.h
+++ b/src/lib/libssl/src/crypto/rsa/rsa.h
@@ -74,25 +74,6 @@
 #error RSA is disabled.
 #endif
-/* If this flag is set the RSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
- */
-#define RSA_FLAG_FIPS_METHOD                    0x0400
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-#define RSA_FLAG_NON_FIPS_ALLOW                 0x0400
-#ifdef OPENSSL_FIPS
-#define FIPS_RSA_SIZE_T int
-#endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -136,7 +117,8 @@ struct rsa_meth_st
                unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
        int (*rsa_verify)(int dtype,
                const unsigned char *m, unsigned int m_length,
-                unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+                const unsigned char *sigbuf, unsigned int siglen,
+                                                                const RSA *rsa);
 /* If this callback is NULL, the builtin software RSA key-gen will be used. This
 * is for behavioural compatibility whilst the code gets rewired, but one day
 * it would be nice to assume there are no such things as "builtin software"
@@ -182,8 +164,6 @@ struct rsa_st
 # define OPENSSL_RSA_MAX_MODULUS_BITS   16384
 #endif
-#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
 #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
 # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
 #endif
@@ -238,11 +218,37 @@ struct rsa_st
 #endif
+#define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
+                                pad, NULL)
+#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
+                                (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
+                                EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
+                                len, NULL)
+#define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
+                                EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
+#define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
+                                EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
+#define EVP_PKEY_CTRL_RSA_PADDING       (EVP_PKEY_ALG_CTRL + 1)
+#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN   (EVP_PKEY_ALG_CTRL + 2)
+#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS   (EVP_PKEY_ALG_CTRL + 3)
+#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
 #define RSA_PKCS1_PADDING       1
 #define RSA_SSLV23_PADDING      2
 #define RSA_NO_PADDING          3
 #define RSA_PKCS1_OAEP_PADDING  4
 #define RSA_X931_PADDING        5
+/* EVP_PKEY_ only */
+#define RSA_PKCS1_PSS_PADDING   6
 #define RSA_PKCS1_PADDING_SIZE  11
@@ -261,11 +267,6 @@ RSA *	RSA_generate_key(int bits, unsigned long e,void
 /* New version */
 int     RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
-                        const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
-                        const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
-                        const BIGNUM *e, BN_GENCB *cb);
-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
 int     RSA_check_key(const RSA *);
        /* next 4 return -1 on error */
@@ -283,11 +284,6 @@ int	RSA_up_ref(RSA *r);
 int     RSA_flags(const RSA *r);
-#ifdef OPENSSL_FIPS
-RSA *FIPS_rsa_new(void);
-void FIPS_rsa_free(RSA *r);
-#endif
 void RSA_set_default_method(const RSA_METHOD *meth);
 const RSA_METHOD *RSA_get_default_method(void);
 const RSA_METHOD *RSA_get_method(const RSA *rsa);
@@ -333,7 +329,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
 int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
        unsigned char *sigret, unsigned int *siglen, RSA *rsa);
 int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
-        unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+        const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 /* The following 2 function sign and verify a ASN1_OCTET_STRING
 * object inside PKCS#1 padded RSA encryption */
@@ -401,9 +397,15 @@ void ERR_load_RSA_strings(void);
 /* Error codes for the RSA functions. */
 /* Function codes. */
-#define RSA_F_FIPS_RSA_SIGN                              140
+#define RSA_F_CHECK_PADDING_MD                           140
-#define RSA_F_FIPS_RSA_VERIFY                            141
+#define RSA_F_DO_RSA_PRINT                               146
+#define RSA_F_INT_RSA_VERIFY                             145
 #define RSA_F_MEMORY_LOCK                                100
+#define RSA_F_OLD_RSA_PRIV_DECODE                        147
+#define RSA_F_PKEY_RSA_CTRL                              143
+#define RSA_F_PKEY_RSA_CTRL_STR                          144
+#define RSA_F_PKEY_RSA_SIGN                              142
+#define RSA_F_PKEY_RSA_VERIFYRECOVER                     141
 #define RSA_F_RSA_BUILTIN_KEYGEN                         129
 #define RSA_F_RSA_CHECK_KEY                              123
 #define RSA_F_RSA_EAY_PRIVATE_DECRYPT                    101
@@ -434,11 +436,10 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_PADDING_CHECK_X931                     128
 #define RSA_F_RSA_PRINT                                  115
 #define RSA_F_RSA_PRINT_FP                               116
-#define RSA_F_RSA_PRIVATE_ENCRYPT                        137
+#define RSA_F_RSA_PRIV_DECODE                            137
-#define RSA_F_RSA_PUBLIC_DECRYPT                         138
+#define RSA_F_RSA_PRIV_ENCODE                            138
+#define RSA_F_RSA_PUB_DECODE                             139
 #define RSA_F_RSA_SETUP_BLINDING                         136
-#define RSA_F_RSA_SET_DEFAULT_METHOD                     139
-#define RSA_F_RSA_SET_METHOD                             142
 #define RSA_F_RSA_SIGN                                   117
 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                 118
 #define RSA_F_RSA_VERIFY                                 119
@@ -464,20 +465,25 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D                    125
 #define RSA_R_D_E_NOT_CONGRUENT_TO_1                     123
 #define RSA_R_FIRST_OCTET_INVALID                        133
+#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE        144
+#define RSA_R_INVALID_DIGEST_LENGTH                      143
 #define RSA_R_INVALID_HEADER                             137
+#define RSA_R_INVALID_KEYBITS                            145
 #define RSA_R_INVALID_MESSAGE_LENGTH                     131
 #define RSA_R_INVALID_PADDING                            138
+#define RSA_R_INVALID_PADDING_MODE                       141
+#define RSA_R_INVALID_PSS_SALTLEN                        146
 #define RSA_R_INVALID_TRAILER                            139
+#define RSA_R_INVALID_X931_DIGEST                        142
 #define RSA_R_IQMP_NOT_INVERSE_OF_Q                      126
 #define RSA_R_KEY_SIZE_TOO_SMALL                         120
 #define RSA_R_LAST_OCTET_INVALID                         134
 #define RSA_R_MODULUS_TOO_LARGE                          105
-#define RSA_R_NON_FIPS_METHOD                            141
 #define RSA_R_NO_PUBLIC_EXPONENT                         140
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING                  113
 #define RSA_R_N_DOES_NOT_EQUAL_P_Q                       127
 #define RSA_R_OAEP_DECODING_ERROR                        121
-#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE         142
+#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   148
 #define RSA_R_PADDING_CHECK_FAILED                       114
 #define RSA_R_P_NOT_PRIME                                128
 #define RSA_R_Q_NOT_PRIME                                129
@@ -488,6 +494,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE                     117
 #define RSA_R_UNKNOWN_PADDING_TYPE                       118
+#define RSA_R_VALUE_MISSING                              147
 #define RSA_R_WRONG_SIGNATURE_LENGTH                     119
 #ifdef  __cplusplus
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_asn1.c b/src/lib/libssl/src/crypto/rsa/rsa_asn1.c
index 6e8a803e81..4efca8cdc8 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_asn1.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_asn1.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -62,19 +62,9 @@
 #include <openssl/rsa.h>
 #include <openssl/asn1t.h>
-static ASN1_METHOD method={
-        (I2D_OF(void))     i2d_RSAPrivateKey,
-        (D2I_OF(void))     d2i_RSAPrivateKey,
-        (void *(*)(void))  RSA_new,
-        (void (*)(void *)) RSA_free};
-ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
-        {
-        return(&method);
-        }
 /* Override the default free and new methods */
-static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
 {
        if(operation == ASN1_OP_NEW_PRE) {
                *pval = (ASN1_VALUE *)RSA_new();
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
index 0ac6418449..c5eaeeae6b 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -115,7 +115,7 @@
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
-#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
+#ifndef RSA_NULL
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
                unsigned char *to, RSA *rsa,int padding);
@@ -256,6 +256,7 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
 {
        BN_BLINDING *ret;
        int got_write_lock = 0;
+        CRYPTO_THREADID cur;
        CRYPTO_r_lock(CRYPTO_LOCK_RSA);
@@ -273,7 +274,8 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
        if (ret == NULL)
                goto err;
-        if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())
+        CRYPTO_THREADID_current(&cur);
+        if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret)))
                {
                /* rsa->blinding is ours! */
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_err.c b/src/lib/libssl/src/crypto/rsa/rsa_err.c
index 501f5ea389..cf9f1106b0 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_err.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
 /* crypto/rsa/rsa_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,9 +70,15 @@
 static ERR_STRING_DATA RSA_str_functs[]=
        {
-{ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"},
+{ERR_FUNC(RSA_F_CHECK_PADDING_MD),      "CHECK_PADDING_MD"},
-{ERR_FUNC(RSA_F_FIPS_RSA_VERIFY),       "FIPS_RSA_VERIFY"},
+{ERR_FUNC(RSA_F_DO_RSA_PRINT),  "DO_RSA_PRINT"},
+{ERR_FUNC(RSA_F_INT_RSA_VERIFY),        "INT_RSA_VERIFY"},
 {ERR_FUNC(RSA_F_MEMORY_LOCK),   "MEMORY_LOCK"},
+{ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE),   "OLD_RSA_PRIV_DECODE"},
+{ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
+{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR),     "PKEY_RSA_CTRL_STR"},
+{ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
+{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER),        "PKEY_RSA_VERIFYRECOVER"},
 {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),    "RSA_BUILTIN_KEYGEN"},
 {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
 {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT),       "RSA_EAY_PRIVATE_DECRYPT"},
@@ -103,11 +109,10 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),        "RSA_padding_check_X931"},
 {ERR_FUNC(RSA_F_RSA_PRINT),     "RSA_print"},
 {ERR_FUNC(RSA_F_RSA_PRINT_FP),  "RSA_print_fp"},
-{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT),   "RSA_private_encrypt"},
+{ERR_FUNC(RSA_F_RSA_PRIV_DECODE),       "RSA_PRIV_DECODE"},
-{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT),    "RSA_public_decrypt"},
+{ERR_FUNC(RSA_F_RSA_PRIV_ENCODE),       "RSA_PRIV_ENCODE"},
+{ERR_FUNC(RSA_F_RSA_PUB_DECODE),        "RSA_PUB_DECODE"},
 {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING),    "RSA_setup_blinding"},
-{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD),        "RSA_set_default_method"},
-{ERR_FUNC(RSA_F_RSA_SET_METHOD),        "RSA_set_method"},
 {ERR_FUNC(RSA_F_RSA_SIGN),      "RSA_sign"},
 {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),    "RSA_sign_ASN1_OCTET_STRING"},
 {ERR_FUNC(RSA_F_RSA_VERIFY),    "RSA_verify"},
@@ -136,20 +141,25 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
 {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
 {ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   ,"first octet invalid"},
+{ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),"illegal or unsupported padding mode"},
+{ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) ,"invalid digest length"},
 {ERR_REASON(RSA_R_INVALID_HEADER)        ,"invalid header"},
+{ERR_REASON(RSA_R_INVALID_KEYBITS)       ,"invalid keybits"},
 {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
 {ERR_REASON(RSA_R_INVALID_PADDING)       ,"invalid padding"},
+{ERR_REASON(RSA_R_INVALID_PADDING_MODE)  ,"invalid padding mode"},
+{ERR_REASON(RSA_R_INVALID_PSS_SALTLEN)   ,"invalid pss saltlen"},
 {ERR_REASON(RSA_R_INVALID_TRAILER)       ,"invalid trailer"},
+{ERR_REASON(RSA_R_INVALID_X931_DIGEST)   ,"invalid x931 digest"},
 {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
 {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
 {ERR_REASON(RSA_R_LAST_OCTET_INVALID)    ,"last octet invalid"},
 {ERR_REASON(RSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
-{ERR_REASON(RSA_R_NON_FIPS_METHOD)       ,"non fips method"},
 {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT)    ,"no public exponent"},
 {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
 {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
 {ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
-{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
+{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
 {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
 {ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
 {ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
@@ -160,6 +170,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
 {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
 {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},
+{ERR_REASON(RSA_R_VALUE_MISSING)         ,"value missing"},
 {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
 {0,NULL}
        };
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_gen.c b/src/lib/libssl/src/crypto/rsa/rsa_gen.c
index 41278f83c6..767f7ab682 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_gen.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_gen.c
@@ -68,8 +68,6 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#ifndef OPENSSL_FIPS
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
 /* NB: this wrapper would normally be placed in rsa_lib.c and the static
@@ -219,4 +217,3 @@ err:
        return ok;
        }
-#endif
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_lib.c b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
index 5714841f4c..de45088d76 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_lib.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -67,6 +67,224 @@
 #include <openssl/engine.h>
 #endif
+const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
+static const RSA_METHOD *default_RSA_meth=NULL;
+RSA *RSA_new(void)
+        {
+        RSA *r=RSA_new_method(NULL);
+        return r;
+        }
+void RSA_set_default_method(const RSA_METHOD *meth)
+        {
+        default_RSA_meth = meth;
+        }
+const RSA_METHOD *RSA_get_default_method(void)
+        {
+        if (default_RSA_meth == NULL)
+                {
+#ifdef RSA_NULL
+                default_RSA_meth=RSA_null_method();
+#else
+#if 0 /* was: #ifdef RSAref */
+                default_RSA_meth=RSA_PKCS1_RSAref();
+#else
+                default_RSA_meth=RSA_PKCS1_SSLeay();
+#endif
+#endif
+                }
+        return default_RSA_meth;
+        }
+const RSA_METHOD *RSA_get_method(const RSA *rsa)
+        {
+        return rsa->meth;
+        }
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+        {
+        /* NB: The caller is specifically setting a method, so it's not up to us
+         * to deal with which ENGINE it comes from. */
+        const RSA_METHOD *mtmp;
+        mtmp = rsa->meth;
+        if (mtmp->finish) mtmp->finish(rsa);
+#ifndef OPENSSL_NO_ENGINE
+        if (rsa->engine)
+                {
+                ENGINE_finish(rsa->engine);
+                rsa->engine = NULL;
+                }
+#endif
+        rsa->meth = meth;
+        if (meth->init) meth->init(rsa);
+        return 1;
+        }
+RSA *RSA_new_method(ENGINE *engine)
+        {
+        RSA *ret;
+        ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
+        if (ret == NULL)
+                {
+                RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        ret->meth = RSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+        if (engine)
+                {
+                if (!ENGINE_init(engine))
+                        {
+                        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                ret->engine = engine;
+                }
+        else
+                ret->engine = ENGINE_get_default_RSA();
+        if(ret->engine)
+                {
+                ret->meth = ENGINE_get_RSA(ret->engine);
+                if(!ret->meth)
+                        {
+                        RSAerr(RSA_F_RSA_NEW_METHOD,
+                                ERR_R_ENGINE_LIB);
+                        ENGINE_finish(ret->engine);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                }
+#endif
+        ret->pad=0;
+        ret->version=0;
+        ret->n=NULL;
+        ret->e=NULL;
+        ret->d=NULL;
+        ret->p=NULL;
+        ret->q=NULL;
+        ret->dmp1=NULL;
+        ret->dmq1=NULL;
+        ret->iqmp=NULL;
+        ret->references=1;
+        ret->_method_mod_n=NULL;
+        ret->_method_mod_p=NULL;
+        ret->_method_mod_q=NULL;
+        ret->blinding=NULL;
+        ret->mt_blinding=NULL;
+        ret->bignum_data=NULL;
+        ret->flags=ret->meth->flags;
+        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
+                {
+#ifndef OPENSSL_NO_ENGINE
+        if (ret->engine)
+                ENGINE_finish(ret->engine);
+#endif
+                OPENSSL_free(ret);
+                return(NULL);
+                }
+        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+                {
+#ifndef OPENSSL_NO_ENGINE
+                if (ret->engine)
+                        ENGINE_finish(ret->engine);
+#endif
+                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+                OPENSSL_free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
+void RSA_free(RSA *r)
+        {
+        int i;
+        if (r == NULL) return;
+        i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+        REF_PRINT("RSA",r);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"RSA_free, bad reference count\n");
+                abort();
+                }
+#endif
+        if (r->meth->finish)
+                r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+        if (r->engine)
+                ENGINE_finish(r->engine);
+#endif
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+        if (r->n != NULL) BN_clear_free(r->n);
+        if (r->e != NULL) BN_clear_free(r->e);
+        if (r->d != NULL) BN_clear_free(r->d);
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->q != NULL) BN_clear_free(r->q);
+        if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
+        if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
+        if (r->iqmp != NULL) BN_clear_free(r->iqmp);
+        if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
+        if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
+        if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
+        OPENSSL_free(r);
+        }
+int RSA_up_ref(RSA *r)
+        {
+        int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+        REF_PRINT("RSA",r);
+#endif
+#ifdef REF_CHECK
+        if (i < 2)
+                {
+                fprintf(stderr, "RSA_up_ref, bad reference count\n");
+                abort();
+                }
+#endif
+        return ((i > 1) ? 1 : 0);
+        }
+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+int RSA_set_ex_data(RSA *r, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        }
+void *RSA_get_ex_data(const RSA *r, int idx)
+        {
+        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        }
+int RSA_size(const RSA *r)
+        {
+        return(BN_num_bytes(r->n));
+        }
 int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
@@ -76,13 +294,6 @@ int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
 int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return 0;
-                }
-#endif
        return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
        }
@@ -95,19 +306,12 @@ int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
 int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return 0;
-                }
-#endif
        return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
        }
-int RSA_size(const RSA *r)
+int RSA_flags(const RSA *r)
        {
-        return(BN_num_bytes(r->n));
+        return((r == NULL)?0:r->meth->flags);
        }
 void RSA_blinding_off(RSA *rsa)
@@ -222,7 +426,7 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
                RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
                goto err;
                }
-        BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id());
+        CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
 err:
        BN_CTX_end(ctx);
        if (in_ctx == NULL)
@@ -232,3 +436,48 @@ err:
        return ret;
 }
+int RSA_memory_lock(RSA *r)
+        {
+        int i,j,k,off;
+        char *p;
+        BIGNUM *bn,**t[6],*b;
+        BN_ULONG *ul;
+        if (r->d == NULL) return(1);
+        t[0]= &r->d;
+        t[1]= &r->p;
+        t[2]= &r->q;
+        t[3]= &r->dmp1;
+        t[4]= &r->dmq1;
+        t[5]= &r->iqmp;
+        k=sizeof(BIGNUM)*6;
+        off=k/sizeof(BN_ULONG)+1;
+        j=1;
+        for (i=0; i<6; i++)
+                j+= (*t[i])->top;
+        if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
+                {
+                RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        bn=(BIGNUM *)p;
+        ul=(BN_ULONG *)&(p[off]);
+        for (i=0; i<6; i++)
+                {
+                b= *(t[i]);
+                *(t[i])= &(bn[i]);
+                memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
+                bn[i].flags=BN_FLG_STATIC_DATA;
+                bn[i].d=ul;
+                memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
+                ul+=b->top;
+                BN_clear_free(b);
+                }
+        
+        /* I should fix this so it can still be done */
+        r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
+        r->bignum_data=p;
+        return(1);
+        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
index 4d30c9d2d3..e238d10e5c 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
@@ -28,7 +28,7 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
-int MGF1(unsigned char *mask, long len,
+static int MGF1(unsigned char *mask, long len,
        const unsigned char *seed, long seedlen);
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -52,13 +52,6 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
                return 0;
                }
-        dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
-        if (dbmask == NULL)
-                {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
        to[0] = 0;
        seed = to + 1;
        db = to + SHA_DIGEST_LENGTH + 1;
@@ -76,11 +69,20 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
           20);
 #endif
-        MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+        dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
+        if (dbmask == NULL)
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        if (MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH) < 0)
+                return 0;
        for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
                db[i] ^= dbmask[i];
-        MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+        if (MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH) < 0)
+                return 0;
        for (i = 0; i < SHA_DIGEST_LENGTH; i++)
                seed[i] ^= seedmask[i];
@@ -133,11 +135,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
        maskeddb = padded_from + SHA_DIGEST_LENGTH;
-        MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+        if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen))
+                return -1;
        for (i = 0; i < SHA_DIGEST_LENGTH; i++)
                seed[i] ^= padded_from[i];
  
-        MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+        if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH))
+                return -1;
        for (i = 0; i < dblen; i++)
                db[i] ^= maskeddb[i];
@@ -187,7 +191,9 @@ int PKCS1_MGF1(unsigned char *mask, long len,
        int mdlen;
        EVP_MD_CTX_init(&c);
-        mdlen = M_EVP_MD_size(dgst);
+        mdlen = EVP_MD_size(dgst);
+        if (mdlen < 0)
+                return -1;
        for (i = 0; outlen < len; i++)
                {
                cnt[0] = (unsigned char)((i >> 24) & 255);
@@ -213,7 +219,8 @@ int PKCS1_MGF1(unsigned char *mask, long len,
        return 0;
        }
-int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
+static int MGF1(unsigned char *mask, long len, const unsigned char *seed,
+                 long seedlen)
        {
        return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_sign.c b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
index 5488c06f6d..0be4ec7fb0 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_sign.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
@@ -62,6 +62,7 @@
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "rsa_locl.h"
 /* Size of an SSL signature: MD5+SHA1 */
 #define SSL_SIG_LENGTH  36
@@ -90,14 +91,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
                i = SSL_SIG_LENGTH;
                s = m;
        } else {
-        /* NB: in FIPS mode block anything that isn't a TLS signature */
-#ifdef OPENSSL_FIPS
-                if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                        {
-                        RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                        return 0;
-                        }
-#endif
                sig.algor= &algor;
                sig.algor->algorithm=OBJ_nid2obj(type);
                if (sig.algor->algorithm == NULL)
@@ -150,8 +143,11 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
        return(ret);
        }
-int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
+int int_rsa_verify(int dtype, const unsigned char *m,
-             unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
+                          unsigned int m_len,
+                          unsigned char *rm, size_t *prm_len,
+                          const unsigned char *sigbuf, size_t siglen,
+                          RSA *rsa)
        {
        int i,ret=0,sigtype;
        unsigned char *s;
@@ -159,38 +155,30 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
        if (siglen != (unsigned int)RSA_size(rsa))
                {
-                RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
+                RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
                return(0);
                }
-        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
+        if((dtype == NID_md5_sha1) && rm)
                {
-                return rsa->meth->rsa_verify(dtype, m, m_len,
+                i = RSA_public_decrypt((int)siglen,
-                        sigbuf, siglen, rsa);
+                                        sigbuf,rm,rsa,RSA_PKCS1_PADDING);
+                if (i <= 0)
+                        return 0;
+                *prm_len = i;
+                return 1;
                }
        s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
        if (s == NULL)
                {
-                RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
+                RSAerr(RSA_F_INT_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
                goto err;
                }
-        if(dtype == NID_md5_sha1)
+        if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
-                {
+                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
-                if (m_len != SSL_SIG_LENGTH)
-                        {
-                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
                        goto err;
-                        }
+        }
-                }
-        /* NB: in FIPS mode block anything that isn't a TLS signature */
-#ifdef OPENSSL_FIPS
-        else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return 0;
-                }
-#endif
        i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
        if (i <= 0) goto err;
@@ -198,7 +186,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
        /* Special case: SSL signature */
        if(dtype == NID_md5_sha1) {
                if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
-                                RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                                RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
                else ret = 1;
        } else {
                const unsigned char *p=s;
@@ -209,7 +197,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                /* Excess data can be used to create forgeries */
                if(p != s+i)
                        {
-                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
                        goto err;
                        }
@@ -218,7 +206,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                if(sig->algor->parameter
                   && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
                        {
-                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
                        goto err;
                        }
@@ -244,15 +232,30 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                                }
                        else
                                {
-                                RSAerr(RSA_F_RSA_VERIFY,
+                                RSAerr(RSA_F_INT_RSA_VERIFY,
                                                RSA_R_ALGORITHM_MISMATCH);
                                goto err;
                                }
                        }
-                if (    ((unsigned int)sig->digest->length != m_len) ||
+                if (rm)
+                        {
+                        const EVP_MD *md;
+                        md = EVP_get_digestbynid(dtype);
+                        if (md && (EVP_MD_size(md) != sig->digest->length))
+                                RSAerr(RSA_F_INT_RSA_VERIFY,
+                                                RSA_R_INVALID_DIGEST_LENGTH);
+                        else
+                                {
+                                memcpy(rm, sig->digest->data,
+                                                        sig->digest->length);
+                                *prm_len = sig->digest->length;
+                                ret = 1;
+                                }
+                        }
+                else if (((unsigned int)sig->digest->length != m_len) ||
                        (memcmp(m,sig->digest->data,m_len) != 0))
                        {
-                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
                        }
                else
                        ret=1;
@@ -267,3 +270,16 @@ err:
        return(ret);
        }
+int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
+                const unsigned char *sigbuf, unsigned int siglen,
+                RSA *rsa)
+        {
+        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
+                {
+                return rsa->meth->rsa_verify(dtype, m, m_len,
+                        sigbuf, siglen, rsa);
+                }
+        return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
+        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_test.c b/src/lib/libssl/src/crypto/rsa/rsa_test.c
index 4080de8bcf..c8705a0f6e 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_test.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_test.c
@@ -328,7 +328,7 @@ int main(int argc, char *argv[])
        }
    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_state(0);
+    ERR_remove_thread_state(NULL);
    CRYPTO_mem_leaks_fp(stderr);
diff --git a/src/lib/libssl/src/crypto/sha/Makefile b/src/lib/libssl/src/crypto/sha/Makefile
index f4741b9ee6..e6eccb05f9 100644
--- a/src/lib/libssl/src/crypto/sha/Makefile
+++ b/src/lib/libssl/src/crypto/sha/Makefile
@@ -38,25 +38,16 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
-# ELF
+sha1-586.s:     asm/sha1-586.pl ../perlasm/x86asm.pl
-sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/sha1-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-        (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
+sha256-586.s:   asm/sha256-586.pl ../perlasm/x86asm.pl
-s512sse2-elf.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl
+        $(PERL) asm/sha256-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-        (cd asm; $(PERL) sha512-sse2.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
+sha512-586.s:   asm/sha512-586.pl ../perlasm/x86asm.pl
-# COFF
+        $(PERL) asm/sha512-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-sx86-cof.s: asm/sha1-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) sha1-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
-s512sse2-cof.s:     asm/sha512-sse2.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) sha512-sse2.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
-# a.out
-sx86-out.s: asm/sha1-586.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) sha1-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
-s512sse2-out.s:     asm/sha512-sse2.pl ../perlasm/x86asm.pl
-        (cd asm; $(PERL) sha512-sse2.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
 sha1-ia64.s:   asm/sha1-ia64.pl
        (cd asm; $(PERL) sha1-ia64.pl ../$@ $(CFLAGS))
@@ -65,10 +56,25 @@ sha256-ia64.s: asm/sha512-ia64.pl
 sha512-ia64.s: asm/sha512-ia64.pl
        (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))
+sha256-armv4.s: asm/sha256-armv4.pl
+        $(PERL) $< $@
 # Solaris make has to be explicitly told
-sha1-x86_64.s:  asm/sha1-x86_64.pl;     $(PERL) asm/sha1-x86_64.pl $@
+sha1-x86_64.s:  asm/sha1-x86_64.pl;     $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@
-sha256-x86_64.s:asm/sha512-x86_64.pl;   $(PERL) asm/sha512-x86_64.pl $@
+sha256-x86_64.s:asm/sha512-x86_64.pl;   $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@
-sha512-x86_64.s:asm/sha512-x86_64.pl;   $(PERL) asm/sha512-x86_64.pl $@
+sha512-x86_64.s:asm/sha512-x86_64.pl;   $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@
+sha1-sparcv9.s: asm/sha1-sparcv9.pl;    $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS)
+sha256-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
+sha512-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
+sha1-ppc.s:     asm/sha1-ppc.pl;        $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@
+sha256-ppc.s:   asm/sha512-ppc.pl;      $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@
+sha512-ppc.s:   asm/sha512-ppc.pl;      $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@
+# GNU make "catch all"
+sha1-%.s:       asm/sha1-%.pl;          $(PERL) $< $@
+sha256-%.s:     asm/sha512-%.pl;        $(PERL) $< $@
+sha512-%.s:     asm/sha512-%.pl;        $(PERL) $< $@
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -113,31 +119,24 @@ sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 sha1_one.o: sha1_one.c
-sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-sha1dgst.o: ../../include/openssl/opensslconf.h
 sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
 sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
 sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-sha256.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-sha256.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-sha256.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-sha256.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c
-sha256.o: ../md32_common.h sha256.c
 sha512.o: ../../e_os.h ../../include/openssl/bio.h
 sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-sha512.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-sha512.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-sha512.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-sha512.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-sha512.o: ../../include/openssl/symhacks.h ../cryptlib.h sha512.c
+sha512.o: ../cryptlib.h sha512.c
-sha_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
-sha_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-sha_dgst.o: ../../include/openssl/opensslconf.h
-sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
 sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl
index a787dd37da..a1f876281a 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl
@@ -215,5 +215,6 @@ sub BODY_40_59
        &stack_pop(16);
 &function_end("sha1_block_data_order");
+&asciz("SHA1 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
 &asm_finish();
diff --git a/src/lib/libssl/src/crypto/sha/sha.h b/src/lib/libssl/src/crypto/sha/sha.h
index 47a2c29f66..16cacf9fc0 100644
--- a/src/lib/libssl/src/crypto/sha/sha.h
+++ b/src/lib/libssl/src/crypto/sha/sha.h
@@ -81,7 +81,7 @@ extern "C" {
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#if defined(__LP32__)
 #define SHA_LONG unsigned long
 #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define SHA_LONG unsigned long
@@ -106,9 +106,6 @@ typedef struct SHAstate_st
        } SHA_CTX;
 #ifndef OPENSSL_NO_SHA0
-#ifdef OPENSSL_FIPS
-int private_SHA_Init(SHA_CTX *c);
-#endif
 int SHA_Init(SHA_CTX *c);
 int SHA_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA_Final(unsigned char *md, SHA_CTX *c);
diff --git a/src/lib/libssl/src/crypto/sha/sha1_one.c b/src/lib/libssl/src/crypto/sha/sha1_one.c
index 4831174198..7c65b60276 100644
--- a/src/lib/libssl/src/crypto/sha/sha1_one.c
+++ b/src/lib/libssl/src/crypto/sha/sha1_one.c
@@ -61,7 +61,7 @@
 #include <openssl/sha.h>
 #include <openssl/crypto.h>
-#if !defined(OPENSSL_NO_SHA1)
+#ifndef OPENSSL_NO_SHA1
 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
        {
        SHA_CTX c;
diff --git a/src/lib/libssl/src/crypto/sha/sha1dgst.c b/src/lib/libssl/src/crypto/sha/sha1dgst.c
index d31f0781a0..50d1925cde 100644
--- a/src/lib/libssl/src/crypto/sha/sha1dgst.c
+++ b/src/lib/libssl/src/crypto/sha/sha1dgst.c
@@ -63,10 +63,6 @@
 #define SHA_1
 #include <openssl/opensslv.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
diff --git a/src/lib/libssl/src/crypto/sha/sha_dgst.c b/src/lib/libssl/src/crypto/sha/sha_dgst.c
index 598f4d721a..70eb56032c 100644
--- a/src/lib/libssl/src/crypto/sha/sha_dgst.c
+++ b/src/lib/libssl/src/crypto/sha/sha_dgst.c
@@ -57,12 +57,6 @@
 */
 #include <openssl/opensslconf.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-#include <openssl/err.h>
 #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
 #undef  SHA_1
diff --git a/src/lib/libssl/src/crypto/sha/sha_locl.h b/src/lib/libssl/src/crypto/sha/sha_locl.h
index da46ddfe79..672c26eee1 100644
--- a/src/lib/libssl/src/crypto/sha/sha_locl.h
+++ b/src/lib/libssl/src/crypto/sha/sha_locl.h
@@ -122,23 +122,14 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
 #define INIT_DATA_h3 0x10325476UL
 #define INIT_DATA_h4 0xc3d2e1f0UL
-#if defined(SHA_0) && defined(OPENSSL_FIPS)
-FIPS_NON_FIPS_MD_Init(SHA)
-#else
 int HASH_INIT (SHA_CTX *c)
-#endif
        {
-#if defined(SHA_1) && defined(OPENSSL_FIPS)
+        memset (c,0,sizeof(*c));
-        FIPS_selftest_check();
-#endif
        c->h0=INIT_DATA_h0;
        c->h1=INIT_DATA_h1;
        c->h2=INIT_DATA_h2;
        c->h3=INIT_DATA_h3;
        c->h4=INIT_DATA_h4;
-        c->Nl=0;
-        c->Nh=0;
-        c->num=0;
        return 1;
        }
diff --git a/src/lib/libssl/src/crypto/sha/shatest.c b/src/lib/libssl/src/crypto/sha/shatest.c
index ed0fe06a7b..27614646d1 100644
--- a/src/lib/libssl/src/crypto/sha/shatest.c
+++ b/src/lib/libssl/src/crypto/sha/shatest.c
@@ -123,9 +123,9 @@ int main(int argc, char *argv[])
        i=1;
        while (*P != NULL)
                {
-                EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha(), NULL);
+                EVP_Digest(*P,strlen(*P),md,NULL,EVP_sha(), NULL);
                p=pt(md);
-                if (strcmp(p,(char *)*R) != 0)
+                if (strcmp(p,*R) != 0)
                        {
                        printf("error calculating SHA on '%s'\n",*P);
                        printf("got %s instead of %s\n",p,*R);
diff --git a/src/lib/libssl/src/crypto/stack/Makefile b/src/lib/libssl/src/crypto/stack/Makefile
index 489a77b93c..5327692ac8 100644
--- a/src/lib/libssl/src/crypto/stack/Makefile
+++ b/src/lib/libssl/src/crypto/stack/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
diff --git a/src/lib/libssl/src/crypto/stack/safestack.h b/src/lib/libssl/src/crypto/stack/safestack.h
index 40b17902e0..891cb84a51 100644
--- a/src/lib/libssl/src/crypto/stack/safestack.h
+++ b/src/lib/libssl/src/crypto/stack/safestack.h
@@ -57,18 +57,27 @@
 #include <openssl/stack.h>
-#ifdef DEBUG_SAFESTACK
 #ifndef CHECKED_PTR_OF
 #define CHECKED_PTR_OF(type, p) \
    ((void*) (1 ? p : (type*)0))
 #endif
+/* In C++ we get problems because an explicit cast is needed from (void *)
+ * we use CHECKED_STACK_OF to ensure the correct type is passed in the macros
+ * below. 
+ */
+#define CHECKED_STACK_OF(type, p) \
+    ((_STACK*) (1 ? p : (STACK_OF(type)*)0))
 #define CHECKED_SK_FREE_FUNC(type, p) \
    ((void (*)(void *)) ((1 ? p : (void (*)(type *))0)))
+#define CHECKED_SK_FREE_FUNC2(type, p) \
+    ((void (*)(void *)) ((1 ? p : (void (*)(type))0)))
 #define CHECKED_SK_CMP_FUNC(type, p) \
-    ((int (*)(const char * const *, const char * const *)) \
+    ((int (*)(const void *, const void *)) \
        ((1 ? p : (int (*)(const type * const *, const type * const *))0)))
 #define STACK_OF(type) struct stack_st_##type
@@ -77,11 +86,51 @@
 #define DECLARE_STACK_OF(type) \
 STACK_OF(type) \
    { \
-    STACK stack; \
+    _STACK stack; \
+    };
+#define DECLARE_SPECIAL_STACK_OF(type, type2) \
+STACK_OF(type) \
+    { \
+    _STACK stack; \
    };
 #define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/
+/* Strings are special: normally an lhash entry will point to a single
+ * (somewhat) mutable object. In the case of strings:
+ *
+ * a) Instead of a single char, there is an array of chars, NUL-terminated.
+ * b) The string may have be immutable.
+ *
+ * So, they need their own declarations. Especially important for
+ * type-checking tools, such as Deputy.
+ *
+o * In practice, however, it appears to be hard to have a const
+ * string. For now, I'm settling for dealing with the fact it is a
+ * string at all.
+ */
+typedef char *OPENSSL_STRING;
+typedef const char *OPENSSL_CSTRING;
+/* Confusingly, LHASH_OF(STRING) deals with char ** throughout, but
+ * STACK_OF(STRING) is really more like STACK_OF(char), only, as
+ * mentioned above, instead of a single char each entry is a
+ * NUL-terminated array of chars. So, we have to implement STRING
+ * specially for STACK_OF. This is dealt with in the autogenerated
+ * macros below.
+ */
+DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
+/* Similarly, we sometimes use a block of characters, NOT
+ * nul-terminated. These should also be distinguished from "normal"
+ * stacks. */
+typedef void *OPENSSL_BLOCK;
+DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 /* SKM_sk_... stack macros are internal to safestack.h:
 * never use them directly, use sk_<type>_... instead */
 #define SKM_sk_new(type, cmp) \
@@ -89,52 +138,55 @@ STACK_OF(type) \
 #define SKM_sk_new_null(type) \
        ((STACK_OF(type) *)sk_new_null())
 #define SKM_sk_free(type, st) \
-        sk_free(CHECKED_PTR_OF(STACK_OF(type), st))
+        sk_free(CHECKED_STACK_OF(type, st))
 #define SKM_sk_num(type, st) \
-        sk_num(CHECKED_PTR_OF(STACK_OF(type), st))
+        sk_num(CHECKED_STACK_OF(type, st))
 #define SKM_sk_value(type, st,i) \
-        ((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i))
+        ((type *)sk_value(CHECKED_STACK_OF(type, st), i))
 #define SKM_sk_set(type, st,i,val) \
-        sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val))
+        sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val))
 #define SKM_sk_zero(type, st) \
-        sk_zero(CHECKED_PTR_OF(STACK_OF(type), st))
+        sk_zero(CHECKED_STACK_OF(type, st))
-#define SKM_sk_push(type, st,val) \
+#define SKM_sk_push(type, st, val) \
-        sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
+        sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_unshift(type, st,val) \
+#define SKM_sk_unshift(type, st, val) \
-        sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
+        sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_find(type, st,val) \
+#define SKM_sk_find(type, st, val) \
-        sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
+        sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_delete(type, st,i) \
+#define SKM_sk_find_ex(type, st, val) \
-        (type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i)
+        sk_find_ex(CHECKED_STACK_OF(type, st), \
-#define SKM_sk_delete_ptr(type, st,ptr) \
+                   CHECKED_PTR_OF(type, val))
-        (type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr))
+#define SKM_sk_delete(type, st, i) \
-#define SKM_sk_insert(type, st,val,i) \
+        (type *)sk_delete(CHECKED_STACK_OF(type, st), i)
-        sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i)
+#define SKM_sk_delete_ptr(type, st, ptr) \
-#define SKM_sk_set_cmp_func(type, st,cmp) \
+        (type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr))
+#define SKM_sk_insert(type, st,val, i) \
+        sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i)
+#define SKM_sk_set_cmp_func(type, st, cmp) \
        ((int (*)(const type * const *,const type * const *)) \
-        sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp)))
+        sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp)))
 #define SKM_sk_dup(type, st) \
-        (STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st))
+        (STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st))
-#define SKM_sk_pop_free(type, st,free_func) \
+#define SKM_sk_pop_free(type, st, free_func) \
-        sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func))
+        sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func))
 #define SKM_sk_shift(type, st) \
-        (type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st))
+        (type *)sk_shift(CHECKED_STACK_OF(type, st))
 #define SKM_sk_pop(type, st) \
-        (type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st))
+        (type *)sk_pop(CHECKED_STACK_OF(type, st))
 #define SKM_sk_sort(type, st) \
-        sk_sort(CHECKED_PTR_OF(STACK_OF(type), st))
+        sk_sort(CHECKED_STACK_OF(type, st))
 #define SKM_sk_is_sorted(type, st) \
-        sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st))
+        sk_is_sorted(CHECKED_STACK_OF(type, st))
 #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), \
+  (STACK_OF(type) *)d2i_ASN1_SET((STACK_OF(OPENSSL_BLOCK) **)CHECKED_STACK_OF(type, st), \
                                pp, length, \
                                CHECKED_D2I_OF(type, d2i_func), \
                                CHECKED_SK_FREE_FUNC(type, free_func), \
                                ex_tag, ex_class)
 #define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \
+  i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \
                                CHECKED_I2D_OF(type, i2d_func), \
                                ex_tag, ex_class, is_set)
@@ -151,72 +203,8 @@ STACK_OF(type) \
                                CHECKED_SK_FREE_FUNC(type, free_func), \
                                pass, passlen, oct, seq)
-#else
-#define STACK_OF(type) STACK
-#define PREDECLARE_STACK_OF(type) /* nada */
-#define DECLARE_STACK_OF(type)    /* nada */
-#define IMPLEMENT_STACK_OF(type)  /* nada */
-#define SKM_sk_new(type, cmp) \
-        sk_new((int (*)(const char * const *, const char * const *))(cmp))
-#define SKM_sk_new_null(type) \
-        sk_new_null()
-#define SKM_sk_free(type, st) \
-        sk_free(st)
-#define SKM_sk_num(type, st) \
-        sk_num(st)
-#define SKM_sk_value(type, st,i) \
-        ((type *)sk_value(st, i))
-#define SKM_sk_set(type, st,i,val) \
-        ((type *)sk_set(st, i,(char *)val))
-#define SKM_sk_zero(type, st) \
-        sk_zero(st)
-#define SKM_sk_push(type, st,val) \
-        sk_push(st, (char *)val)
-#define SKM_sk_unshift(type, st,val) \
-        sk_unshift(st, (char *)val)
-#define SKM_sk_find(type, st,val) \
-        sk_find(st, (char *)val)
-#define SKM_sk_delete(type, st,i) \
-        ((type *)sk_delete(st, i))
-#define SKM_sk_delete_ptr(type, st,ptr) \
-        ((type *)sk_delete_ptr(st,(char *)ptr))
-#define SKM_sk_insert(type, st,val,i) \
-        sk_insert(st, (char *)val, i)
-#define SKM_sk_set_cmp_func(type, st,cmp) \
-        ((int (*)(const type * const *,const type * const *)) \
-        sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp)))
-#define SKM_sk_dup(type, st) \
-        sk_dup(st)
-#define SKM_sk_pop_free(type, st,free_func) \
-        sk_pop_free(st, (void (*)(void *))free_func)
-#define SKM_sk_shift(type, st) \
-        ((type *)sk_shift(st))
-#define SKM_sk_pop(type, st) \
-        ((type *)sk_pop(st))
-#define SKM_sk_sort(type, st) \
-        sk_sort(st)
-#define SKM_sk_is_sorted(type, st) \
-        sk_is_sorted(st)
-#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class)
-#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set)
-#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
-        ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len)
-#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
-        ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func)
-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
-        ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq))
-#endif
 /* This block of defines is updated by util/mkstack.pl, please do not touch! */
-#define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp))
 #define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)
 #define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
 #define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))
@@ -238,7 +226,7 @@ STACK_OF(type) \
 #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
 #define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st))
-#define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st))
+#define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp))
 #define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange)
 #define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st))
 #define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st))
@@ -260,7 +248,7 @@ STACK_OF(type) \
 #define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st))
 #define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st))
-#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp))
 #define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
 #define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))
 #define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st))
@@ -282,7 +270,7 @@ STACK_OF(type) \
 #define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))
 #define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp))
 #define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)
 #define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))
 #define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st))
@@ -304,7 +292,7 @@ STACK_OF(type) \
 #define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))
 #define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st))
-#define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp))
 #define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT)
 #define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st))
 #define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st))
@@ -326,7 +314,7 @@ STACK_OF(type) \
 #define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))
 #define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st))
-#define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp))
 #define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE)
 #define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st))
 #define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st))
@@ -348,7 +336,7 @@ STACK_OF(type) \
 #define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))
 #define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp))
 #define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE)
 #define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st))
 #define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st))
@@ -370,7 +358,29 @@ STACK_OF(type) \
 #define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))
 #define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st))
-#define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st))
+#define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp))
+#define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING)
+#define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st))
+#define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st))
+#define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i))
+#define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val))
+#define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st))
+#define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val))
+#define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val))
+#define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val))
+#define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val))
+#define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i))
+#define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr))
+#define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i))
+#define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp))
+#define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st)
+#define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func))
+#define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st))
+#define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st))
+#define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st))
+#define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st))
+#define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp))
 #define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE)
 #define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st))
 #define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st))
@@ -392,7 +402,7 @@ STACK_OF(type) \
 #define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))
 #define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st))
-#define sk_BIO_new(st) SKM_sk_new(BIO, (st))
+#define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp))
 #define sk_BIO_new_null() SKM_sk_new_null(BIO)
 #define sk_BIO_free(st) SKM_sk_free(BIO, (st))
 #define sk_BIO_num(st) SKM_sk_num(BIO, (st))
@@ -414,7 +424,51 @@ STACK_OF(type) \
 #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
 #define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))
-#define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st))
+#define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp))
+#define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY)
+#define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st))
+#define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st))
+#define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i))
+#define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val))
+#define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st))
+#define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val))
+#define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val))
+#define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val))
+#define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val))
+#define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i))
+#define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr))
+#define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i))
+#define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp))
+#define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st)
+#define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func))
+#define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st))
+#define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st))
+#define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st))
+#define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st))
+#define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp))
+#define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH)
+#define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st))
+#define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st))
+#define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i))
+#define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val))
+#define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st))
+#define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val))
+#define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val))
+#define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val))
+#define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val))
+#define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i))
+#define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr))
+#define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i))
+#define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp))
+#define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st)
+#define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func))
+#define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st))
+#define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st))
+#define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st))
+#define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st))
+#define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp))
 #define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices)
 #define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st))
 #define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st))
@@ -436,7 +490,7 @@ STACK_OF(type) \
 #define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st))
 #define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st))
-#define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp))
 #define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo)
 #define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st))
 #define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st))
@@ -458,7 +512,7 @@ STACK_OF(type) \
 #define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st))
 #define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st))
-#define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp))
 #define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice)
 #define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st))
 #define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st))
@@ -480,7 +534,7 @@ STACK_OF(type) \
 #define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st))
 #define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp))
 #define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo)
 #define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st))
 #define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st))
@@ -502,7 +556,7 @@ STACK_OF(type) \
 #define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st))
 #define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st))
-#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp))
 #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
 #define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
 #define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st))
@@ -524,7 +578,7 @@ STACK_OF(type) \
 #define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))
 #define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st))
-#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st))
+#define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp))
 #define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)
 #define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))
 #define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st))
@@ -546,7 +600,7 @@ STACK_OF(type) \
 #define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))
 #define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st))
-#define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st))
+#define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp))
 #define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)
 #define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))
 #define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st))
@@ -568,7 +622,7 @@ STACK_OF(type) \
 #define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))
 #define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp))
 #define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)
 #define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))
 #define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))
@@ -590,7 +644,7 @@ STACK_OF(type) \
 #define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))
 #define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp))
 #define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)
 #define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st))
@@ -612,7 +666,7 @@ STACK_OF(type) \
 #define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))
-#define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st))
+#define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp))
 #define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)
 #define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))
 #define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st))
@@ -634,7 +688,7 @@ STACK_OF(type) \
 #define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))
 #define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st))
-#define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st))
+#define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp))
 #define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE)
 #define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st))
 #define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st))
@@ -656,7 +710,7 @@ STACK_OF(type) \
 #define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))
 #define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st))
-#define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp))
 #define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM)
 #define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st))
 #define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st))
@@ -678,7 +732,117 @@ STACK_OF(type) \
 #define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))
 #define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st))
-#define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st))
+#define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp))
+#define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID)
+#define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st))
+#define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st))
+#define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i))
+#define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val))
+#define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st))
+#define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val))
+#define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val))
+#define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val))
+#define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val))
+#define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i))
+#define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr))
+#define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i))
+#define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp))
+#define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st)
+#define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func))
+#define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st))
+#define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st))
+#define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st))
+#define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st))
+#define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp))
+#define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD)
+#define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st))
+#define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st))
+#define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i))
+#define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val))
+#define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st))
+#define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val))
+#define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val))
+#define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val))
+#define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val))
+#define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i))
+#define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr))
+#define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i))
+#define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp))
+#define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st)
+#define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func))
+#define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st))
+#define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st))
+#define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st))
+#define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st))
+#define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp))
+#define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL)
+#define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st))
+#define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st))
+#define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i))
+#define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val))
+#define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st))
+#define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val))
+#define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val))
+#define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val))
+#define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val))
+#define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i))
+#define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr))
+#define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i))
+#define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp))
+#define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st)
+#define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func))
+#define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st))
+#define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st))
+#define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st))
+#define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st))
+#define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp))
+#define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD)
+#define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st))
+#define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st))
+#define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i))
+#define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val))
+#define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st))
+#define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val))
+#define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val))
+#define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val))
+#define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val))
+#define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i))
+#define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr))
+#define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i))
+#define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp))
+#define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st)
+#define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func))
+#define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st))
+#define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st))
+#define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st))
+#define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st))
+#define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp))
+#define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD)
+#define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st))
+#define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st))
+#define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i))
+#define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val))
+#define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st))
+#define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val))
+#define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val))
+#define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val))
+#define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val))
+#define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i))
+#define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr))
+#define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i))
+#define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp))
+#define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st)
+#define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func))
+#define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st))
+#define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st))
+#define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st))
+#define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st))
+#define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp))
 #define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)
 #define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))
 #define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st))
@@ -700,7 +864,7 @@ STACK_OF(type) \
 #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
 #define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))
-#define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp))
 #define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES)
 #define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st))
 #define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st))
@@ -722,7 +886,7 @@ STACK_OF(type) \
 #define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st))
 #define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st))
-#define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st))
+#define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp))
 #define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE)
 #define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st))
 #define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st))
@@ -744,7 +908,7 @@ STACK_OF(type) \
 #define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st))
 #define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st))
-#define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st))
+#define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp))
 #define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily)
 #define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st))
 #define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st))
@@ -766,7 +930,7 @@ STACK_OF(type) \
 #define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st))
 #define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st))
-#define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st))
+#define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp))
 #define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange)
 #define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st))
 #define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st))
@@ -788,7 +952,7 @@ STACK_OF(type) \
 #define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st))
 #define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st))
-#define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp))
 #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
 #define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
 #define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st))
@@ -810,7 +974,7 @@ STACK_OF(type) \
 #define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))
 #define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st))
-#define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp))
 #define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)
 #define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))
 #define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st))
@@ -832,7 +996,7 @@ STACK_OF(type) \
 #define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))
 #define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp))
 #define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)
 #define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))
 #define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st))
@@ -854,7 +1018,7 @@ STACK_OF(type) \
 #define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))
 #define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp))
 #define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)
 #define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))
 #define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st))
@@ -876,7 +1040,7 @@ STACK_OF(type) \
 #define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))
 #define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st))
-#define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp))
 #define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)
 #define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))
 #define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st))
@@ -898,7 +1062,7 @@ STACK_OF(type) \
 #define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))
 #define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp))
 #define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)
 #define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))
 #define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st))
@@ -920,7 +1084,7 @@ STACK_OF(type) \
 #define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))
 #define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st))
-#define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp))
 #define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)
 #define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))
 #define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st))
@@ -942,7 +1106,7 @@ STACK_OF(type) \
 #define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))
 #define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st))
-#define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp))
 #define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)
 #define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))
 #define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st))
@@ -964,7 +1128,29 @@ STACK_OF(type) \
 #define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))
 #define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st))
-#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))
+#define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp))
+#define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA)
+#define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st))
+#define sk_MEM_OBJECT_DATA_num(st) SKM_sk_num(MEM_OBJECT_DATA, (st))
+#define sk_MEM_OBJECT_DATA_value(st, i) SKM_sk_value(MEM_OBJECT_DATA, (st), (i))
+#define sk_MEM_OBJECT_DATA_set(st, i, val) SKM_sk_set(MEM_OBJECT_DATA, (st), (i), (val))
+#define sk_MEM_OBJECT_DATA_zero(st) SKM_sk_zero(MEM_OBJECT_DATA, (st))
+#define sk_MEM_OBJECT_DATA_push(st, val) SKM_sk_push(MEM_OBJECT_DATA, (st), (val))
+#define sk_MEM_OBJECT_DATA_unshift(st, val) SKM_sk_unshift(MEM_OBJECT_DATA, (st), (val))
+#define sk_MEM_OBJECT_DATA_find(st, val) SKM_sk_find(MEM_OBJECT_DATA, (st), (val))
+#define sk_MEM_OBJECT_DATA_find_ex(st, val) SKM_sk_find_ex(MEM_OBJECT_DATA, (st), (val))
+#define sk_MEM_OBJECT_DATA_delete(st, i) SKM_sk_delete(MEM_OBJECT_DATA, (st), (i))
+#define sk_MEM_OBJECT_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(MEM_OBJECT_DATA, (st), (ptr))
+#define sk_MEM_OBJECT_DATA_insert(st, val, i) SKM_sk_insert(MEM_OBJECT_DATA, (st), (val), (i))
+#define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp))
+#define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st)
+#define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func))
+#define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st))
+#define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st))
+#define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st))
+#define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st))
+#define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp))
 #define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
 #define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
 #define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
@@ -986,51 +1172,7 @@ STACK_OF(type) \
 #define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
 #define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
-#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))
+#define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp))
-#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
-#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
-#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
-#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))
-#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))
-#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))
-#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))
-#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))
-#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))
-#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))
-#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)
-#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))
-#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
-#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
-#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
-#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
-#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
-#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
-#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
-#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
-#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))
-#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))
-#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))
-#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))
-#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))
-#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))
-#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))
-#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)
-#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))
-#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
-#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
-#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
-#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))
-#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
 #define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
 #define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
 #define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
@@ -1052,7 +1194,7 @@ STACK_OF(type) \
 #define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
 #define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))
-#define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp))
 #define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS)
 #define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st))
 #define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st))
@@ -1074,7 +1216,7 @@ STACK_OF(type) \
 #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
 #define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st))
-#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp))
 #define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)
 #define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))
 #define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st))
@@ -1096,7 +1238,7 @@ STACK_OF(type) \
 #define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))
 #define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st))
-#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp))
 #define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
 #define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
 #define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
@@ -1118,7 +1260,7 @@ STACK_OF(type) \
 #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
 #define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st))
-#define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st))
+#define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp))
 #define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID)
 #define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st))
 #define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st))
@@ -1140,7 +1282,7 @@ STACK_OF(type) \
 #define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st))
 #define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st))
-#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp))
 #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
 #define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
 #define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
@@ -1162,7 +1304,7 @@ STACK_OF(type) \
 #define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
 #define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st))
-#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp))
 #define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
 #define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
 #define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st))
@@ -1184,7 +1326,7 @@ STACK_OF(type) \
 #define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))
 #define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st))
-#define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st))
+#define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp))
 #define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7)
 #define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st))
 #define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st))
@@ -1206,7 +1348,7 @@ STACK_OF(type) \
 #define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))
 #define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st))
-#define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp))
 #define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO)
 #define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st))
 #define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st))
@@ -1228,7 +1370,7 @@ STACK_OF(type) \
 #define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))
 #define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp))
 #define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO)
 #define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st))
 #define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st))
@@ -1250,7 +1392,7 @@ STACK_OF(type) \
 #define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))
 #define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st))
-#define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st))
+#define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp))
 #define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO)
 #define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st))
 #define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st))
@@ -1272,7 +1414,7 @@ STACK_OF(type) \
 #define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))
 #define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st))
-#define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp))
 #define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO)
 #define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st))
 #define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st))
@@ -1294,7 +1436,7 @@ STACK_OF(type) \
 #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))
 #define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st))
-#define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st))
+#define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp))
 #define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING)
 #define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st))
 #define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st))
@@ -1316,7 +1458,7 @@ STACK_OF(type) \
 #define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))
 #define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))
-#define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp))
 #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
 #define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
 #define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st))
@@ -1338,7 +1480,7 @@ STACK_OF(type) \
 #define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))
 #define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st))
-#define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st))
+#define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp))
 #define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP)
 #define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st))
 #define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st))
@@ -1360,7 +1502,51 @@ STACK_OF(type) \
 #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))
 #define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st))
-#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st))
+#define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp))
+#define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY)
+#define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st))
+#define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st))
+#define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i))
+#define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val))
+#define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st))
+#define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val))
+#define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val))
+#define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val))
+#define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val))
+#define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i))
+#define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr))
+#define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i))
+#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp))
+#define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st)
+#define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func))
+#define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st))
+#define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st))
+#define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st))
+#define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st))
+#define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp))
+#define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO)
+#define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st))
+#define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st))
+#define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i))
+#define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val))
+#define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st))
+#define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val))
+#define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val))
+#define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val))
+#define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val))
+#define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i))
+#define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr))
+#define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i))
+#define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp))
+#define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st)
+#define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func))
+#define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st))
+#define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st))
+#define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st))
+#define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st))
+#define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp))
 #define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT)
 #define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st))
 #define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st))
@@ -1382,7 +1568,7 @@ STACK_OF(type) \
 #define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st))
 #define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st))
-#define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st))
+#define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp))
 #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)
 #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))
 #define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st))
@@ -1404,7 +1590,7 @@ STACK_OF(type) \
 #define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
 #define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st))
-#define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st))
+#define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp))
 #define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)
 #define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))
 #define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st))
@@ -1426,7 +1612,7 @@ STACK_OF(type) \
 #define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))
 #define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st))
-#define sk_X509_new(st) SKM_sk_new(X509, (st))
+#define sk_X509_new(cmp) SKM_sk_new(X509, (cmp))
 #define sk_X509_new_null() SKM_sk_new_null(X509)
 #define sk_X509_free(st) SKM_sk_free(X509, (st))
 #define sk_X509_num(st) SKM_sk_num(X509, (st))
@@ -1448,7 +1634,7 @@ STACK_OF(type) \
 #define sk_X509_sort(st) SKM_sk_sort(X509, (st))
 #define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st))
-#define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp))
 #define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD)
 #define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st))
 #define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st))
@@ -1470,7 +1656,7 @@ STACK_OF(type) \
 #define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))
 #define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st))
-#define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st))
+#define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp))
 #define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR)
 #define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st))
 #define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st))
@@ -1492,7 +1678,7 @@ STACK_OF(type) \
 #define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))
 #define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st))
-#define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp))
 #define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE)
 #define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st))
 #define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st))
@@ -1514,7 +1700,7 @@ STACK_OF(type) \
 #define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))
 #define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st))
-#define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st))
+#define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp))
 #define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL)
 #define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st))
 #define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st))
@@ -1536,7 +1722,7 @@ STACK_OF(type) \
 #define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))
 #define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st))
-#define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp))
 #define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION)
 #define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st))
 #define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st))
@@ -1558,7 +1744,7 @@ STACK_OF(type) \
 #define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))
 #define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st))
-#define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st))
+#define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp))
 #define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO)
 #define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st))
 #define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st))
@@ -1580,7 +1766,7 @@ STACK_OF(type) \
 #define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))
 #define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st))
-#define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp))
 #define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP)
 #define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st))
 #define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st))
@@ -1602,7 +1788,7 @@ STACK_OF(type) \
 #define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))
 #define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st))
-#define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st))
+#define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp))
 #define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)
 #define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))
 #define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st))
@@ -1624,7 +1810,7 @@ STACK_OF(type) \
 #define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))
 #define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st))
-#define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp))
 #define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY)
 #define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st))
 #define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st))
@@ -1646,7 +1832,7 @@ STACK_OF(type) \
 #define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))
 #define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st))
-#define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st))
+#define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp))
 #define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT)
 #define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st))
 #define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st))
@@ -1668,7 +1854,7 @@ STACK_OF(type) \
 #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))
 #define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st))
-#define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st))
+#define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp))
 #define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA)
 #define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st))
 #define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st))
@@ -1690,7 +1876,7 @@ STACK_OF(type) \
 #define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st))
 #define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st))
+#define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp))
 #define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE)
 #define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st))
 #define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st))
@@ -1712,29 +1898,7 @@ STACK_OF(type) \
 #define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
 #define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st))
+#define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp))
-#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF)
-#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i))
-#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val))
-#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i))
-#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr))
-#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i))
-#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp))
-#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st)
-#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func))
-#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st))
-#define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st))
 #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
 #define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
 #define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st))
@@ -1756,7 +1920,7 @@ STACK_OF(type) \
 #define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))
 #define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st))
-#define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st))
+#define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp))
 #define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED)
 #define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st))
 #define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st))
@@ -1778,7 +1942,7 @@ STACK_OF(type) \
 #define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))
 #define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st))
-#define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st))
+#define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp))
 #define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST)
 #define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st))
 #define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st))
@@ -1800,7 +1964,7 @@ STACK_OF(type) \
 #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))
 #define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st))
-#define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st))
+#define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp))
 #define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM)
 #define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st))
 #define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st))
@@ -1822,6 +1986,125 @@ STACK_OF(type) \
 #define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st))
 #define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st))
+#define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp))
+#define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple)
+#define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st))
+#define sk_nid_triple_num(st) SKM_sk_num(nid_triple, (st))
+#define sk_nid_triple_value(st, i) SKM_sk_value(nid_triple, (st), (i))
+#define sk_nid_triple_set(st, i, val) SKM_sk_set(nid_triple, (st), (i), (val))
+#define sk_nid_triple_zero(st) SKM_sk_zero(nid_triple, (st))
+#define sk_nid_triple_push(st, val) SKM_sk_push(nid_triple, (st), (val))
+#define sk_nid_triple_unshift(st, val) SKM_sk_unshift(nid_triple, (st), (val))
+#define sk_nid_triple_find(st, val) SKM_sk_find(nid_triple, (st), (val))
+#define sk_nid_triple_find_ex(st, val) SKM_sk_find_ex(nid_triple, (st), (val))
+#define sk_nid_triple_delete(st, i) SKM_sk_delete(nid_triple, (st), (i))
+#define sk_nid_triple_delete_ptr(st, ptr) SKM_sk_delete_ptr(nid_triple, (st), (ptr))
+#define sk_nid_triple_insert(st, val, i) SKM_sk_insert(nid_triple, (st), (val), (i))
+#define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp))
+#define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st)
+#define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func))
+#define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st))
+#define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st))
+#define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st))
+#define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st))
+#define sk_void_new(cmp) SKM_sk_new(void, (cmp))
+#define sk_void_new_null() SKM_sk_new_null(void)
+#define sk_void_free(st) SKM_sk_free(void, (st))
+#define sk_void_num(st) SKM_sk_num(void, (st))
+#define sk_void_value(st, i) SKM_sk_value(void, (st), (i))
+#define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val))
+#define sk_void_zero(st) SKM_sk_zero(void, (st))
+#define sk_void_push(st, val) SKM_sk_push(void, (st), (val))
+#define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val))
+#define sk_void_find(st, val) SKM_sk_find(void, (st), (val))
+#define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val))
+#define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i))
+#define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr))
+#define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i))
+#define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp))
+#define sk_void_dup(st) SKM_sk_dup(void, st)
+#define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func))
+#define sk_void_shift(st) SKM_sk_shift(void, (st))
+#define sk_void_pop(st) SKM_sk_pop(void, (st))
+#define sk_void_sort(st) SKM_sk_sort(void, (st))
+#define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st))
+#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
+#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i))
+#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
+#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i)
+#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
+#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr))
+#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
+        ((int (*)(const void * const *,const void * const *)) \
+        sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st))
+#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
+#define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
+#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i))
+#define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st)
+#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func))
+#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val), i)
+#define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st)
+#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i, CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st))
+#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i))
+#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, ptr))
+#define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp)  \
+        ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \
+        sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
+#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st)
+#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st))
+#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st))
+#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st))
+#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
+#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp)))
+#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null())
+#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i))
+#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func))
+#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i)
+#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i))
+#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr))
+#define sk_OPENSSL_STRING_set_cmp_func(st, cmp)  \
+        ((int (*)(const char * const *,const char * const *)) \
+        sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp)))
+#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st))
+#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
 #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
        SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
@@ -1858,6 +2141,15 @@ STACK_OF(type) \
 #define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \
        SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func))
+#define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func))
 #define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
        SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
@@ -1867,6 +2159,24 @@ STACK_OF(type) \
 #define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \
        SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func))
+#define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func))
+#define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func))
 #define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
        SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \
@@ -2025,6 +2335,240 @@ STACK_OF(type) \
 #define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
        SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
+#define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj)
+#define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst)
+#define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst)
+#define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst)
+#define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn)
+#define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg)
+#define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh)
+#define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh)
+#define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh)
+#define lh_ADDED_OBJ_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(ADDED_OBJ,lh,out)
+#define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out)
+#define lh_ADDED_OBJ_stats_bio(lh,out) \
+  LHM_lh_stats_bio(ADDED_OBJ,lh,out)
+#define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh)
+#define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info)
+#define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst)
+#define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst)
+#define lh_APP_INFO_delete(lh,inst) LHM_lh_delete(APP_INFO,lh,inst)
+#define lh_APP_INFO_doall(lh,fn) LHM_lh_doall(APP_INFO,lh,fn)
+#define lh_APP_INFO_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(APP_INFO,lh,fn,arg_type,arg)
+#define lh_APP_INFO_error(lh) LHM_lh_error(APP_INFO,lh)
+#define lh_APP_INFO_num_items(lh) LHM_lh_num_items(APP_INFO,lh)
+#define lh_APP_INFO_down_load(lh) LHM_lh_down_load(APP_INFO,lh)
+#define lh_APP_INFO_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(APP_INFO,lh,out)
+#define lh_APP_INFO_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(APP_INFO,lh,out)
+#define lh_APP_INFO_stats_bio(lh,out) \
+  LHM_lh_stats_bio(APP_INFO,lh,out)
+#define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh)
+#define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value)
+#define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst)
+#define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst)
+#define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst)
+#define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn)
+#define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg)
+#define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh)
+#define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh)
+#define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh)
+#define lh_CONF_VALUE_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(CONF_VALUE,lh,out)
+#define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out)
+#define lh_CONF_VALUE_stats_bio(lh,out) \
+  LHM_lh_stats_bio(CONF_VALUE,lh,out)
+#define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh)
+#define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile)
+#define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst)
+#define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst)
+#define lh_ENGINE_PILE_delete(lh,inst) LHM_lh_delete(ENGINE_PILE,lh,inst)
+#define lh_ENGINE_PILE_doall(lh,fn) LHM_lh_doall(ENGINE_PILE,lh,fn)
+#define lh_ENGINE_PILE_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(ENGINE_PILE,lh,fn,arg_type,arg)
+#define lh_ENGINE_PILE_error(lh) LHM_lh_error(ENGINE_PILE,lh)
+#define lh_ENGINE_PILE_num_items(lh) LHM_lh_num_items(ENGINE_PILE,lh)
+#define lh_ENGINE_PILE_down_load(lh) LHM_lh_down_load(ENGINE_PILE,lh)
+#define lh_ENGINE_PILE_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(ENGINE_PILE,lh,out)
+#define lh_ENGINE_PILE_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(ENGINE_PILE,lh,out)
+#define lh_ENGINE_PILE_stats_bio(lh,out) \
+  LHM_lh_stats_bio(ENGINE_PILE,lh,out)
+#define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh)
+#define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state)
+#define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst)
+#define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst)
+#define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst)
+#define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn)
+#define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg)
+#define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh)
+#define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh)
+#define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh)
+#define lh_ERR_STATE_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(ERR_STATE,lh,out)
+#define lh_ERR_STATE_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out)
+#define lh_ERR_STATE_stats_bio(lh,out) \
+  LHM_lh_stats_bio(ERR_STATE,lh,out)
+#define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh)
+#define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data)
+#define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst)
+#define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst)
+#define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst)
+#define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn)
+#define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg)
+#define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh)
+#define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh)
+#define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh)
+#define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out)
+#define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out)
+#define lh_ERR_STRING_DATA_stats_bio(lh,out) \
+  LHM_lh_stats_bio(ERR_STRING_DATA,lh,out)
+#define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh)
+#define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item)
+#define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst)
+#define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst)
+#define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst)
+#define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn)
+#define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg)
+#define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh)
+#define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh)
+#define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh)
+#define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out)
+#define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out)
+#define lh_EX_CLASS_ITEM_stats_bio(lh,out) \
+  LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out)
+#define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh)
+#define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function)
+#define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst)
+#define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst)
+#define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst)
+#define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn)
+#define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg)
+#define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh)
+#define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh)
+#define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh)
+#define lh_FUNCTION_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(FUNCTION,lh,out)
+#define lh_FUNCTION_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(FUNCTION,lh,out)
+#define lh_FUNCTION_stats_bio(lh,out) \
+  LHM_lh_stats_bio(FUNCTION,lh,out)
+#define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh)
+#define lh_MEM_new() LHM_lh_new(MEM,mem)
+#define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst)
+#define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst)
+#define lh_MEM_delete(lh,inst) LHM_lh_delete(MEM,lh,inst)
+#define lh_MEM_doall(lh,fn) LHM_lh_doall(MEM,lh,fn)
+#define lh_MEM_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(MEM,lh,fn,arg_type,arg)
+#define lh_MEM_error(lh) LHM_lh_error(MEM,lh)
+#define lh_MEM_num_items(lh) LHM_lh_num_items(MEM,lh)
+#define lh_MEM_down_load(lh) LHM_lh_down_load(MEM,lh)
+#define lh_MEM_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(MEM,lh,out)
+#define lh_MEM_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(MEM,lh,out)
+#define lh_MEM_stats_bio(lh,out) \
+  LHM_lh_stats_bio(MEM,lh,out)
+#define lh_MEM_free(lh) LHM_lh_free(MEM,lh)
+#define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name)
+#define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst)
+#define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst)
+#define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst)
+#define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn)
+#define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg)
+#define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh)
+#define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh)
+#define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh)
+#define lh_OBJ_NAME_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(OBJ_NAME,lh,out)
+#define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out)
+#define lh_OBJ_NAME_stats_bio(lh,out) \
+  LHM_lh_stats_bio(OBJ_NAME,lh,out)
+#define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh)
+#define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring)
+#define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst)
+#define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst)
+#define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst)
+#define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn)
+#define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg)
+#define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh)
+#define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh)
+#define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh)
+#define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out)
+#define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out)
+#define lh_OPENSSL_CSTRING_stats_bio(lh,out) \
+  LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out)
+#define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh)
+#define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string)
+#define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst)
+#define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst)
+#define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst)
+#define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn)
+#define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg)
+#define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh)
+#define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh)
+#define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh)
+#define lh_OPENSSL_STRING_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out)
+#define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out)
+#define lh_OPENSSL_STRING_stats_bio(lh,out) \
+  LHM_lh_stats_bio(OPENSSL_STRING,lh,out)
+#define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh)
+#define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session)
+#define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst)
+#define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst)
+#define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst)
+#define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn)
+#define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg)
+#define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh)
+#define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh)
+#define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh)
+#define lh_SSL_SESSION_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(SSL_SESSION,lh,out)
+#define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out)
+#define lh_SSL_SESSION_stats_bio(lh,out) \
+  LHM_lh_stats_bio(SSL_SESSION,lh,out)
+#define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh)
 /* End of util/mkstack.pl block, you may now edit :-) */
 #endif /* !defined HEADER_SAFESTACK_H */
diff --git a/src/lib/libssl/src/crypto/stack/stack.c b/src/lib/libssl/src/crypto/stack/stack.c
index 378bd7c796..76cf1a1168 100644
--- a/src/lib/libssl/src/crypto/stack/stack.c
+++ b/src/lib/libssl/src/crypto/stack/stack.c
@@ -77,10 +77,10 @@ const char STACK_version[]="Stack" OPENSSL_VERSION_PTEXT;
 #include <errno.h>
-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * const *)))
+int (*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *)))
-                (const char * const *, const char * const *)
+                (const void *, const void *)
        {
-        int (*old)(const char * const *,const char * const *)=sk->comp;
+        int (*old)(const void *,const void *)=sk->comp;
        if (sk->comp != c)
                sk->sorted=0;
@@ -89,9 +89,9 @@ int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * cons
        return old;
        }
-STACK *sk_dup(STACK *sk)
+_STACK *sk_dup(_STACK *sk)
        {
-        STACK *ret;
+        _STACK *ret;
        char **s;
        if ((ret=sk_new(sk->comp)) == NULL) goto err;
@@ -112,19 +112,19 @@ err:
        return(NULL);
        }
-STACK *sk_new_null(void)
+_STACK *sk_new_null(void)
        {
-        return sk_new((int (*)(const char * const *, const char * const *))0);
+        return sk_new((int (*)(const void *, const void *))0);
        }
-STACK *sk_new(int (*c)(const char * const *, const char * const *))
+_STACK *sk_new(int (*c)(const void *, const void *))
        {
-        STACK *ret;
+        _STACK *ret;
        int i;
-        if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL)
+        if ((ret=OPENSSL_malloc(sizeof(_STACK))) == NULL)
                goto err;
-        if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL)
+        if ((ret->data=OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL)
                goto err;
        for (i=0; i<MIN_NODES; i++)
                ret->data[i]=NULL;
@@ -139,14 +139,14 @@ err:
        return(NULL);
        }
-int sk_insert(STACK *st, char *data, int loc)
+int sk_insert(_STACK *st, void *data, int loc)
        {
        char **s;
        if(st == NULL) return 0;
        if (st->num_alloc <= st->num+1)
                {
-                s=(char **)OPENSSL_realloc((char *)st->data,
+                s=OPENSSL_realloc((char *)st->data,
                        (unsigned int)sizeof(char *)*st->num_alloc*2);
                if (s == NULL)
                        return(0);
@@ -160,14 +160,14 @@ int sk_insert(STACK *st, char *data, int loc)
                int i;
                char **f,**t;
-                f=(char **)st->data;
+                f=st->data;
-                t=(char **)&(st->data[1]);
+                t=&(st->data[1]);
                for (i=st->num; i>=loc; i--)
                        t[i]=f[i];
                        
 #ifdef undef /* no memmove on sunos :-( */
-                memmove( (char *)&(st->data[loc+1]),
+                memmove(&(st->data[loc+1]),
-                        (char *)&(st->data[loc]),
+                        &(st->data[loc]),
                        sizeof(char *)*(st->num-loc));
 #endif
                st->data[loc]=data;
@@ -177,7 +177,7 @@ int sk_insert(STACK *st, char *data, int loc)
        return(st->num);
        }
-char *sk_delete_ptr(STACK *st, char *p)
+void *sk_delete_ptr(_STACK *st, void *p)
        {
        int i;
@@ -187,7 +187,7 @@ char *sk_delete_ptr(STACK *st, char *p)
        return(NULL);
        }
-char *sk_delete(STACK *st, int loc)
+void *sk_delete(_STACK *st, int loc)
        {
        char *ret;
        int i,j;
@@ -210,11 +210,11 @@ char *sk_delete(STACK *st, int loc)
        return(ret);
        }
-static int internal_find(STACK *st, char *data, int ret_val_options)
+static int internal_find(_STACK *st, void *data, int ret_val_options)
        {
-        char **r;
+        const void * const *r;
        int i;
-        int (*comp_func)(const void *,const void *);
        if(st == NULL) return -1;
        if (st->comp == NULL)
@@ -226,53 +226,46 @@ static int internal_find(STACK *st, char *data, int ret_val_options)
                }
        sk_sort(st);
        if (data == NULL) return(-1);
-        /* This (and the "qsort" below) are the two places in OpenSSL
+        r=OBJ_bsearch_ex_(&data,st->data,st->num,sizeof(void *),st->comp,
-         * where we need to convert from our standard (type **,type **)
+                          ret_val_options);
-         * compare callback type to the (void *,void *) type required by
-         * bsearch. However, the "data" it is being called(back) with are
-         * not (type *) pointers, but the *pointers* to (type *) pointers,
-         * so we get our extra level of pointer dereferencing that way. */
-        comp_func=(int (*)(const void *,const void *))(st->comp);
-        r=(char **)OBJ_bsearch_ex((char *)&data,(char *)st->data,
-                st->num,sizeof(char *),comp_func,ret_val_options);
        if (r == NULL) return(-1);
-        return((int)(r-st->data));
+        return (int)((char **)r-st->data);
        }
-int sk_find(STACK *st, char *data)
+int sk_find(_STACK *st, void *data)
        {
        return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
        }
-int sk_find_ex(STACK *st, char *data)
+int sk_find_ex(_STACK *st, void *data)
        {
        return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);
        }
-int sk_push(STACK *st, char *data)
+int sk_push(_STACK *st, void *data)
        {
        return(sk_insert(st,data,st->num));
        }
-int sk_unshift(STACK *st, char *data)
+int sk_unshift(_STACK *st, void *data)
        {
        return(sk_insert(st,data,0));
        }
-char *sk_shift(STACK *st)
+void *sk_shift(_STACK *st)
        {
        if (st == NULL) return(NULL);
        if (st->num <= 0) return(NULL);
        return(sk_delete(st,0));
        }
-char *sk_pop(STACK *st)
+void *sk_pop(_STACK *st)
        {
        if (st == NULL) return(NULL);
        if (st->num <= 0) return(NULL);
        return(sk_delete(st,st->num-1));
        }
-void sk_zero(STACK *st)
+void sk_zero(_STACK *st)
        {
        if (st == NULL) return;
        if (st->num <= 0) return;
@@ -280,7 +273,7 @@ void sk_zero(STACK *st)
        st->num=0;
        }
-void sk_pop_free(STACK *st, void (*func)(void *))
+void sk_pop_free(_STACK *st, void (*func)(void *))
        {
        int i;
@@ -291,32 +284,32 @@ void sk_pop_free(STACK *st, void (*func)(void *))
        sk_free(st);
        }
-void sk_free(STACK *st)
+void sk_free(_STACK *st)
        {
        if (st == NULL) return;
        if (st->data != NULL) OPENSSL_free(st->data);
        OPENSSL_free(st);
        }
-int sk_num(const STACK *st)
+int sk_num(const _STACK *st)
 {
        if(st == NULL) return -1;
        return st->num;
 }
-char *sk_value(const STACK *st, int i)
+void *sk_value(const _STACK *st, int i)
 {
        if(!st || (i < 0) || (i >= st->num)) return NULL;
        return st->data[i];
 }
-char *sk_set(STACK *st, int i, char *value)
+void *sk_set(_STACK *st, int i, void *value)
 {
        if(!st || (i < 0) || (i >= st->num)) return NULL;
        return (st->data[i] = value);
 }
-void sk_sort(STACK *st)
+void sk_sort(_STACK *st)
        {
        if (st && !st->sorted)
                {
@@ -333,7 +326,7 @@ void sk_sort(STACK *st)
                }
        }
-int sk_is_sorted(const STACK *st)
+int sk_is_sorted(const _STACK *st)
        {
        if (!st)
                return 1;
diff --git a/src/lib/libssl/src/crypto/stack/stack.h b/src/lib/libssl/src/crypto/stack/stack.h
index 5cbb116a8b..ce35e554eb 100644
--- a/src/lib/libssl/src/crypto/stack/stack.h
+++ b/src/lib/libssl/src/crypto/stack/stack.h
@@ -70,37 +70,36 @@ typedef struct stack_st
        int sorted;
        int num_alloc;
-        int (*comp)(const char * const *, const char * const *);
+        int (*comp)(const void *, const void *);
-        } STACK;
+        } _STACK;  /* Use STACK_OF(...) instead */
 #define M_sk_num(sk)            ((sk) ? (sk)->num:-1)
 #define M_sk_value(sk,n)        ((sk) ? (sk)->data[n] : NULL)
-int sk_num(const STACK *);
+int sk_num(const _STACK *);
-char *sk_value(const STACK *, int);
+void *sk_value(const _STACK *, int);
-char *sk_set(STACK *, int, char *);
+void *sk_set(_STACK *, int, void *);
-STACK *sk_new(int (*cmp)(const char * const *, const char * const *));
+_STACK *sk_new(int (*cmp)(const void *, const void *));
-STACK *sk_new_null(void);
+_STACK *sk_new_null(void);
-void sk_free(STACK *);
+void sk_free(_STACK *);
-void sk_pop_free(STACK *st, void (*func)(void *));
+void sk_pop_free(_STACK *st, void (*func)(void *));
-int sk_insert(STACK *sk,char *data,int where);
+int sk_insert(_STACK *sk, void *data, int where);
-char *sk_delete(STACK *st,int loc);
+void *sk_delete(_STACK *st, int loc);
-char *sk_delete_ptr(STACK *st, char *p);
+void *sk_delete_ptr(_STACK *st, void *p);
-int sk_find(STACK *st,char *data);
+int sk_find(_STACK *st, void *data);
-int sk_find_ex(STACK *st,char *data);
+int sk_find_ex(_STACK *st, void *data);
-int sk_push(STACK *st,char *data);
+int sk_push(_STACK *st, void *data);
-int sk_unshift(STACK *st,char *data);
+int sk_unshift(_STACK *st, void *data);
-char *sk_shift(STACK *st);
+void *sk_shift(_STACK *st);
-char *sk_pop(STACK *st);
+void *sk_pop(_STACK *st);
-void sk_zero(STACK *st);
+void sk_zero(_STACK *st);
-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,
+int (*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *)))
-                        const char * const *)))
+        (const void *, const void *);
-                        (const char * const *, const char * const *);
+_STACK *sk_dup(_STACK *st);
-STACK *sk_dup(STACK *st);
+void sk_sort(_STACK *st);
-void sk_sort(STACK *st);
+int sk_is_sorted(const _STACK *st);
-int sk_is_sorted(const STACK *st);
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/crypto/symhacks.h b/src/lib/libssl/src/crypto/symhacks.h
index 8728e6124d..3fd4a81692 100644
--- a/src/lib/libssl/src/crypto/symhacks.h
+++ b/src/lib/libssl/src/crypto/symhacks.h
@@ -60,12 +60,13 @@
 /* Hacks to solve the problem with linkers incapable of handling very long
   symbol names.  In the case of VMS, the limit is 31 characters on VMS for
   VAX. */
+/* Note that this affects util/libeay.num and util/ssleay.num...  you may
+   change those manually, but that's not recommended, as those files are
+   controlled centrally and updated on Unix, and the central definition
+   may disagree with yours, which in turn may come with shareable library
+   incompatibilities. */
 #ifdef OPENSSL_SYS_VMS
-/* Hack a long name in crypto/cryptlib.c */
-#undef int_CRYPTO_set_do_dynlock_callback
-#define int_CRYPTO_set_do_dynlock_callback      int_CRYPTO_set_do_dynlock_cb
 /* Hack a long name in crypto/ex_data.c */
 #undef CRYPTO_get_ex_data_implementation
 #define CRYPTO_get_ex_data_implementation       CRYPTO_get_ex_data_impl
@@ -137,6 +138,8 @@
 #define X509_policy_node_get0_qualifiers        X509_pcy_node_get0_qualifiers
 #undef X509_STORE_CTX_get_explicit_policy
 #define X509_STORE_CTX_get_explicit_policy      X509_STORE_CTX_get_expl_policy
+#undef X509_STORE_CTX_get0_current_issuer
+#define X509_STORE_CTX_get0_current_issuer      X509_STORE_CTX_get0_cur_issuer
 /* Hack some long CRYPTO names */
 #undef CRYPTO_set_dynlock_destroy_callback
@@ -144,9 +147,9 @@
 #undef CRYPTO_set_dynlock_create_callback
 #define CRYPTO_set_dynlock_create_callback      CRYPTO_set_dynlock_create_cb
 #undef CRYPTO_set_dynlock_lock_callback
-#define CRYPTO_set_dynlock_lock_callback        CRYPTO_set_dynlock_lock_cb
+#define CRYPTO_set_dynlock_lock_callback        CRYPTO_set_dynlock_lock_cb
 #undef CRYPTO_get_dynlock_lock_callback
-#define CRYPTO_get_dynlock_lock_callback        CRYPTO_get_dynlock_lock_cb
+#define CRYPTO_get_dynlock_lock_callback        CRYPTO_get_dynlock_lock_cb
 #undef CRYPTO_get_dynlock_destroy_callback
 #define CRYPTO_get_dynlock_destroy_callback     CRYPTO_get_dynlock_destroy_cb
 #undef CRYPTO_get_dynlock_create_callback
@@ -158,7 +161,7 @@
 /* Hack some long SSL names */
 #undef SSL_CTX_set_default_verify_paths
-#define SSL_CTX_set_default_verify_paths        SSL_CTX_set_def_verify_paths
+#define SSL_CTX_set_default_verify_paths        SSL_CTX_set_def_verify_paths
 #undef SSL_get_ex_data_X509_STORE_CTX_idx
 #define SSL_get_ex_data_X509_STORE_CTX_idx      SSL_get_ex_d_X509_STORE_CTX_idx
 #undef SSL_add_file_cert_subjects_to_stack
@@ -168,21 +171,38 @@
 #undef SSL_CTX_use_certificate_chain_file
 #define SSL_CTX_use_certificate_chain_file      SSL_CTX_use_cert_chain_file
 #undef SSL_CTX_set_cert_verify_callback
-#define SSL_CTX_set_cert_verify_callback        SSL_CTX_set_cert_verify_cb
+#define SSL_CTX_set_cert_verify_callback        SSL_CTX_set_cert_verify_cb
 #undef SSL_CTX_set_default_passwd_cb_userdata
 #define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud
 #undef SSL_COMP_get_compression_methods
 #define SSL_COMP_get_compression_methods        SSL_COMP_get_compress_methods
+#undef ssl_add_clienthello_renegotiate_ext
+#define ssl_add_clienthello_renegotiate_ext     ssl_add_clienthello_reneg_ext
+#undef ssl_add_serverhello_renegotiate_ext
+#define ssl_add_serverhello_renegotiate_ext     ssl_add_serverhello_reneg_ext
+#undef ssl_parse_clienthello_renegotiate_ext
+#define ssl_parse_clienthello_renegotiate_ext   ssl_parse_clienthello_reneg_ext
+#undef ssl_parse_serverhello_renegotiate_ext
+#define ssl_parse_serverhello_renegotiate_ext   ssl_parse_serverhello_reneg_ext
 /* Hack some long ENGINE names */
 #undef ENGINE_get_default_BN_mod_exp_crt
 #define ENGINE_get_default_BN_mod_exp_crt       ENGINE_get_def_BN_mod_exp_crt
 #undef ENGINE_set_default_BN_mod_exp_crt
 #define ENGINE_set_default_BN_mod_exp_crt       ENGINE_set_def_BN_mod_exp_crt
 #undef ENGINE_set_load_privkey_function
-#define ENGINE_set_load_privkey_function        ENGINE_set_load_privkey_fn
+#define ENGINE_set_load_privkey_function        ENGINE_set_load_privkey_fn
 #undef ENGINE_get_load_privkey_function
-#define ENGINE_get_load_privkey_function        ENGINE_get_load_privkey_fn
+#define ENGINE_get_load_privkey_function        ENGINE_get_load_privkey_fn
+#undef ENGINE_unregister_pkey_asn1_meths
+#define ENGINE_unregister_pkey_asn1_meths       ENGINE_unreg_pkey_asn1_meths
+#undef ENGINE_register_all_pkey_asn1_meths
+#define ENGINE_register_all_pkey_asn1_meths     ENGINE_reg_all_pkey_asn1_meths
+#undef ENGINE_set_default_pkey_asn1_meths
+#define ENGINE_set_default_pkey_asn1_meths      ENGINE_set_def_pkey_asn1_meths
+#undef ENGINE_get_pkey_asn1_meth_engine
+#define ENGINE_get_pkey_asn1_meth_engine        ENGINE_get_pkey_asn1_meth_eng
 #undef ENGINE_set_load_ssl_client_cert_function
 #define ENGINE_set_load_ssl_client_cert_function \
                                                ENGINE_set_ld_ssl_clnt_cert_fn
@@ -191,7 +211,7 @@
 /* Hack some long OCSP names */
 #undef OCSP_REQUEST_get_ext_by_critical
-#define OCSP_REQUEST_get_ext_by_critical        OCSP_REQUEST_get_ext_by_crit
+#define OCSP_REQUEST_get_ext_by_critical        OCSP_REQUEST_get_ext_by_crit
 #undef OCSP_BASICRESP_get_ext_by_critical
 #define OCSP_BASICRESP_get_ext_by_critical      OCSP_BASICRESP_get_ext_by_crit
 #undef OCSP_SINGLERESP_get_ext_by_critical
@@ -208,6 +228,8 @@
 #define OPENSSL_add_all_algorithms_noconf       OPENSSL_add_all_algo_noconf
 #undef OPENSSL_add_all_algorithms_conf
 #define OPENSSL_add_all_algorithms_conf         OPENSSL_add_all_algo_conf
+#undef EVP_PKEY_meth_set_verify_recover
+#define EVP_PKEY_meth_set_verify_recover        EVP_PKEY_meth_set_vrfy_recover
 /* Hack some long EC names */
 #undef EC_GROUP_set_point_conversion_form
@@ -236,15 +258,15 @@
 #define EC_POINT_set_compressed_coordinates_GF2m \
                                                EC_POINT_set_compr_coords_GF2m
 #undef ec_GF2m_simple_group_clear_finish
-#define ec_GF2m_simple_group_clear_finish        ec_GF2m_simple_grp_clr_finish
+#define ec_GF2m_simple_group_clear_finish       ec_GF2m_simple_grp_clr_finish
 #undef ec_GF2m_simple_group_check_discriminant
 #define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim
 #undef ec_GF2m_simple_point_clear_finish
-#define ec_GF2m_simple_point_clear_finish        ec_GF2m_simple_pt_clr_finish
+#define ec_GF2m_simple_point_clear_finish       ec_GF2m_simple_pt_clr_finish
 #undef ec_GF2m_simple_point_set_to_infinity
-#define ec_GF2m_simple_point_set_to_infinity     ec_GF2m_simple_pt_set_to_inf
+#define ec_GF2m_simple_point_set_to_infinity    ec_GF2m_simple_pt_set_to_inf
 #undef ec_GF2m_simple_points_make_affine
-#define ec_GF2m_simple_points_make_affine        ec_GF2m_simple_pts_make_affine
+#define ec_GF2m_simple_points_make_affine       ec_GF2m_simple_pts_make_affine
 #undef ec_GF2m_simple_point_set_affine_coordinates
 #define ec_GF2m_simple_point_set_affine_coordinates \
                                                ec_GF2m_smp_pt_set_af_coords
@@ -259,19 +281,19 @@
 #undef ec_GFp_simple_group_get_curve_GFp
 #define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
 #undef ec_GFp_simple_group_clear_finish
-#define ec_GFp_simple_group_clear_finish        ec_GFp_simple_grp_clear_finish
+#define ec_GFp_simple_group_clear_finish        ec_GFp_simple_grp_clear_finish
 #undef ec_GFp_simple_group_set_generator
 #define ec_GFp_simple_group_set_generator       ec_GFp_simple_grp_set_generator
 #undef ec_GFp_simple_group_get0_generator
 #define ec_GFp_simple_group_get0_generator      ec_GFp_simple_grp_gt0_generator
 #undef ec_GFp_simple_group_get_cofactor
-#define ec_GFp_simple_group_get_cofactor        ec_GFp_simple_grp_get_cofactor
+#define ec_GFp_simple_group_get_cofactor        ec_GFp_simple_grp_get_cofactor
 #undef ec_GFp_simple_point_clear_finish
-#define ec_GFp_simple_point_clear_finish        ec_GFp_simple_pt_clear_finish
+#define ec_GFp_simple_point_clear_finish        ec_GFp_simple_pt_clear_finish
 #undef ec_GFp_simple_point_set_to_infinity
 #define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
 #undef ec_GFp_simple_points_make_affine
-#define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
+#define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
 #undef ec_GFp_simple_group_get_curve_GFp
 #define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
 #undef ec_GFp_simple_set_Jprojective_coordinates_GFp
@@ -351,6 +373,14 @@
 #undef STORE_method_get_unlock_store_function
 #define STORE_method_get_unlock_store_function  STORE_meth_get_unlock_store_fn
+/* Hack some long TS names */
+#undef TS_RESP_CTX_set_status_info_cond
+#define TS_RESP_CTX_set_status_info_cond        TS_RESP_CTX_set_stat_info_cond
+#undef TS_RESP_CTX_set_clock_precision_digits
+#define TS_RESP_CTX_set_clock_precision_digits  TS_RESP_CTX_set_clk_prec_digits
+#undef TS_CONF_set_clock_precision_digits
+#define TS_CONF_set_clock_precision_digits      TS_CONF_set_clk_prec_digits
 /* Hack some long CMS names */
 #undef CMS_RecipientInfo_ktri_get0_algs
 #define CMS_RecipientInfo_ktri_get0_algs        CMS_RecipInfo_ktri_get0_algs
@@ -365,24 +395,34 @@
 #undef cms_SignerIdentifier_get0_signer_id
 #define cms_SignerIdentifier_get0_signer_id     cms_SignerId_get0_signer_id
+/* Hack some long DTLS1 names */
+#undef dtls1_retransmit_buffered_messages
+#define dtls1_retransmit_buffered_messages      dtls1_retransmit_buffered_msgs
+/* Hack some long UI names */
+#undef UI_method_get_prompt_constructor
+#define UI_method_get_prompt_constructor        UI_method_get_prompt_constructr
+#undef UI_method_set_prompt_constructor
+#define UI_method_set_prompt_constructor        UI_method_set_prompt_constructr
 #endif /* defined OPENSSL_SYS_VMS */
-/* Case insensiteve linking causes problems.... */
+/* Case insensitive linking causes problems.... */
-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
+#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
 #undef ERR_load_CRYPTO_strings
 #define ERR_load_CRYPTO_strings                 ERR_load_CRYPTOlib_strings
 #undef OCSP_crlID_new
-#define OCSP_crlID_new                          OCSP_crlID2_new
+#define OCSP_crlID_new                          OCSP_crlID2_new
 #undef d2i_ECPARAMETERS
-#define d2i_ECPARAMETERS                        d2i_UC_ECPARAMETERS
+#define d2i_ECPARAMETERS                        d2i_UC_ECPARAMETERS
 #undef i2d_ECPARAMETERS
-#define i2d_ECPARAMETERS                        i2d_UC_ECPARAMETERS
+#define i2d_ECPARAMETERS                        i2d_UC_ECPARAMETERS
 #undef d2i_ECPKPARAMETERS
-#define d2i_ECPKPARAMETERS                      d2i_UC_ECPKPARAMETERS
+#define d2i_ECPKPARAMETERS                      d2i_UC_ECPKPARAMETERS
 #undef i2d_ECPKPARAMETERS
-#define i2d_ECPKPARAMETERS                      i2d_UC_ECPKPARAMETERS
+#define i2d_ECPKPARAMETERS                      i2d_UC_ECPKPARAMETERS
 /* These functions do not seem to exist!  However, I'm paranoid...
   Original command in x509v3.h:
@@ -391,19 +431,19 @@
   hide them a little, by giving them an extra 'o' at the
   beginning of the name... */
 #undef X509v3_cleanup_extensions
-#define X509v3_cleanup_extensions               oX509v3_cleanup_extensions
+#define X509v3_cleanup_extensions               oX509v3_cleanup_extensions
 #undef X509v3_add_extension
-#define X509v3_add_extension                    oX509v3_add_extension
+#define X509v3_add_extension                    oX509v3_add_extension
 #undef X509v3_add_netscape_extensions
-#define X509v3_add_netscape_extensions          oX509v3_add_netscape_extensions
+#define X509v3_add_netscape_extensions          oX509v3_add_netscape_extensions
 #undef X509v3_add_standard_extensions
-#define X509v3_add_standard_extensions          oX509v3_add_standard_extensions
+#define X509v3_add_standard_extensions          oX509v3_add_standard_extensions
+/* This one clashes with CMS_data_create */
+#undef cms_Data_create
+#define cms_Data_create                         priv_cms_Data_create
 #endif
 #endif /* ! defined HEADER_VMS_IDHACKS_H */
-/* This one clashes with CMS_data_create */
-#undef cms_Data_create
-#define cms_Data_create                         priv_cms_Data_create
diff --git a/src/lib/libssl/src/crypto/threads/mttest.c b/src/lib/libssl/src/crypto/threads/mttest.c
index f6f3df4b6a..eba7aa8a6e 100644
--- a/src/lib/libssl/src/crypto/threads/mttest.c
+++ b/src/lib/libssl/src/crypto/threads/mttest.c
@@ -117,11 +117,13 @@ void solaris_locking_callback(int mode,int type,char *file,int line);
 void win32_locking_callback(int mode,int type,char *file,int line);
 void pthreads_locking_callback(int mode,int type,char *file,int line);
 void netware_locking_callback(int mode,int type,char *file,int line);
+void beos_locking_callback(int mode,int type,const char *file,int line);
 unsigned long irix_thread_id(void );
 unsigned long solaris_thread_id(void );
 unsigned long pthreads_thread_id(void );
 unsigned long netware_thread_id(void );
+unsigned long beos_thread_id(void );
 #if defined(OPENSSL_SYS_NETWARE)
 static MPKMutex *lock_cs;
@@ -1209,3 +1211,100 @@ unsigned long netware_thread_id(void)
   return(ret);
 }
 #endif /* NETWARE */
+#ifdef BEOS_THREADS
+#include <Locker.h>
+static BLocker** lock_cs;
+static long* lock_count;
+void thread_setup(void)
+        {
+        int i;
+        lock_cs=(BLocker**)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(BLocker*));
+        lock_count=(long*)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_count[i]=0;
+                lock_cs[i] = new BLocker(CRYPTO_get_lock_name(i));
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())beos_thread_id);
+        CRYPTO_set_locking_callback(beos_locking_callback);
+        }
+void thread_cleanup(void)
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        fprintf(stderr,"cleanup\n");
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                delete lock_cs[i];
+                fprintf(stderr,"%8ld:%s\n",lock_count[i],
+                        CRYPTO_get_lock_name(i));
+                }
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
+        fprintf(stderr,"done cleanup\n");
+        }
+void beos_locking_callback(int mode, int type, const char *file, int line)
+    {
+#if 0
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+        if (mode & CRYPTO_LOCK)
+                {
+                lock_cs[type]->Lock();
+                lock_count[type]++;
+                }
+        else
+                {
+                lock_cs[type]->Unlock();
+                }
+        }
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+        {
+        SSL_CTX *ssl_ctx[2];
+        thread_id thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+        for (i=0; i<thread_number; i++)
+                {
+                thread_ctx[i] = spawn_thread((thread_func)ndoit,
+                        NULL, B_NORMAL_PRIORITY, (void *)ssl_ctx);
+                resume_thread(thread_ctx[i]);
+                }
+        printf("waiting...\n");
+        for (i=0; i<thread_number; i++)
+                {
+                status_t result;
+                wait_for_thread(thread_ctx[i], &result);
+                }
+        printf("beos threads done (%d,%d)\n",
+                s_ctx->references,c_ctx->references);
+        }
+unsigned long beos_thread_id(void)
+        {
+        unsigned long ret;
+        ret=(unsigned long)find_thread(NULL);
+        return(ret);
+        }
+#endif /* BEOS_THREADS */
diff --git a/src/lib/libssl/src/crypto/threads/pthreads-vms.com b/src/lib/libssl/src/crypto/threads/pthreads-vms.com
index 63f5b8cc2e..1cf92bdf57 100644
--- a/src/lib/libssl/src/crypto/threads/pthreads-vms.com
+++ b/src/lib/libssl/src/crypto/threads/pthreads-vms.com
@@ -2,8 +2,13 @@ $! To compile mttest on VMS.
 $!
 $! WARNING: only tested with DEC C so far.
 $
-$ arch := vax
+$ if (f$getsyi("cpu").lt.128)
-$ if f$getsyi("CPU") .ge. 128 then arch := axp
+$ then
+$     arch := VAX
+$ else
+$     arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$     if (arch .eqs. "") then arch = "UNK"
+$ endif
 $ define/user openssl [--.include.openssl]
 $ cc/def=PTHREADS mttest.c
 $ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib
diff --git a/src/lib/libssl/src/crypto/txt_db/Makefile b/src/lib/libssl/src/crypto/txt_db/Makefile
index 87e57b49f6..e6f30331d8 100644
--- a/src/lib/libssl/src/crypto/txt_db/Makefile
+++ b/src/lib/libssl/src/crypto/txt_db/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
diff --git a/src/lib/libssl/src/crypto/txt_db/txt_db.c b/src/lib/libssl/src/crypto/txt_db/txt_db.c
index 3ed5f72ee9..6f2ce3b5a4 100644
--- a/src/lib/libssl/src/crypto/txt_db/txt_db.c
+++ b/src/lib/libssl/src/crypto/txt_db/txt_db.c
@@ -77,22 +77,23 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
        int i,add,n;
        int size=BUFSIZE;
        int offset=0;
-        char *p,**pp,*f;
+        char *p,*f;
+        OPENSSL_STRING *pp;
        BUF_MEM *buf=NULL;
        if ((buf=BUF_MEM_new()) == NULL) goto err;
        if (!BUF_MEM_grow(buf,size)) goto err;
-        if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
+        if ((ret=OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
                goto err;
        ret->num_fields=num;
        ret->index=NULL;
        ret->qual=NULL;
-        if ((ret->data=sk_new_null()) == NULL)
+        if ((ret->data=sk_OPENSSL_PSTRING_new_null()) == NULL)
                goto err;
-        if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL)
+        if ((ret->index=OPENSSL_malloc(sizeof(*ret->index)*num)) == NULL)
                goto err;
-        if ((ret->qual=(int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **))*num)) == NULL)
+        if ((ret->qual=OPENSSL_malloc(sizeof(*(ret->qual))*num)) == NULL)
                goto err;
        for (i=0; i<num; i++)
                {
@@ -122,7 +123,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
                else
                        {
                        buf->data[offset-1]='\0'; /* blat the '\n' */
-                        if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;
+                        if (!(p=OPENSSL_malloc(add+offset))) goto err;
                        offset=0;
                        }
                pp=(char **)p;
@@ -155,16 +156,16 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
                *(p++)='\0';
                if ((n != num) || (*f != '\0'))
                        {
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)   /* temporaty fix :-( */
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)   /* temporary fix :-( */
                        fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f);
 #endif
                        er=2;
                        goto err;
                        }
                pp[n]=p;
-                if (!sk_push(ret->data,(char *)pp))
+                if (!sk_OPENSSL_PSTRING_push(ret->data,pp))
                        {
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)   /* temporaty fix :-( */
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)   /* temporary fix :-( */
                        fprintf(stderr,"failure in sk_push\n");
 #endif
                        er=2;
@@ -181,7 +182,7 @@ err:
 #endif
                if (ret != NULL)
                        {
-                        if (ret->data != NULL) sk_free(ret->data);
+                        if (ret->data != NULL) sk_OPENSSL_PSTRING_free(ret->data);
                        if (ret->index != NULL) OPENSSL_free(ret->index);
                        if (ret->qual != NULL) OPENSSL_free(ret->qual);
                        if (ret != NULL) OPENSSL_free(ret);
@@ -192,10 +193,10 @@ err:
                return(ret);
        }
-char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)
+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value)
        {
-        char **ret;
+        OPENSSL_STRING *ret;
-        LHASH *lh;
+        LHASH_OF(OPENSSL_STRING) *lh;
        if (idx >= db->num_fields)
                {
@@ -208,16 +209,16 @@ char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)
                db->error=DB_ERROR_NO_INDEX;
                return(NULL);
                }
-        ret=(char **)lh_retrieve(lh,value);
+        ret=lh_OPENSSL_STRING_retrieve(lh,value);
        db->error=DB_ERROR_OK;
        return(ret);
        }
-int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **),
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(OPENSSL_STRING *),
-                LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
+                        LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
        {
-        LHASH *idx;
+        LHASH_OF(OPENSSL_STRING) *idx;
-        char **r;
+        OPENSSL_STRING *r;
        int i,n;
        if (field >= db->num_fields)
@@ -225,26 +226,27 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **),
                db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
                return(0);
                }
-        if ((idx=lh_new(hash,cmp)) == NULL)
+        /* FIXME: we lose type checking at this point */
+        if ((idx=(LHASH_OF(OPENSSL_STRING) *)lh_new(hash,cmp)) == NULL)
                {
                db->error=DB_ERROR_MALLOC;
                return(0);
                }
-        n=sk_num(db->data);
+        n=sk_OPENSSL_PSTRING_num(db->data);
        for (i=0; i<n; i++)
                {
-                r=(char **)sk_value(db->data,i);
+                r=sk_OPENSSL_PSTRING_value(db->data,i);
                if ((qual != NULL) && (qual(r) == 0)) continue;
-                if ((r=lh_insert(idx,r)) != NULL)
+                if ((r=lh_OPENSSL_STRING_insert(idx,r)) != NULL)
                        {
                        db->error=DB_ERROR_INDEX_CLASH;
-                        db->arg1=sk_find(db->data,(char *)r);
+                        db->arg1=sk_OPENSSL_PSTRING_find(db->data,r);
                        db->arg2=i;
-                        lh_free(idx);
+                        lh_OPENSSL_STRING_free(idx);
                        return(0);
                        }
                }
-        if (db->index[field] != NULL) lh_free(db->index[field]);
+        if (db->index[field] != NULL) lh_OPENSSL_STRING_free(db->index[field]);
        db->index[field]=idx;
        db->qual[field]=qual;
        return(1);
@@ -259,11 +261,11 @@ long TXT_DB_write(BIO *out, TXT_DB *db)
        if ((buf=BUF_MEM_new()) == NULL)
                goto err;
-        n=sk_num(db->data);
+        n=sk_OPENSSL_PSTRING_num(db->data);
        nn=db->num_fields;
        for (i=0; i<n; i++)
                {
-                pp=(char **)sk_value(db->data,i);
+                pp=sk_OPENSSL_PSTRING_value(db->data,i);
                l=0;
                for (j=0; j<nn; j++)
@@ -298,10 +300,10 @@ err:
        return(ret);
        }
-int TXT_DB_insert(TXT_DB *db, char **row)
+int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row)
        {
        int i;
-        char **r;
+        OPENSSL_STRING *r;
        for (i=0; i<db->num_fields; i++)
                {
@@ -309,7 +311,7 @@ int TXT_DB_insert(TXT_DB *db, char **row)
                        {
                        if ((db->qual[i] != NULL) &&
                                (db->qual[i](row) == 0)) continue;
-                        r=(char **)lh_retrieve(db->index[i],row);
+                        r=lh_OPENSSL_STRING_retrieve(db->index[i],row);
                        if (r != NULL)
                                {
                                db->error=DB_ERROR_INDEX_CLASH;
@@ -320,7 +322,7 @@ int TXT_DB_insert(TXT_DB *db, char **row)
                        }
                }
        /* We have passed the index checks, now just append and insert */
-        if (!sk_push(db->data,(char *)row))
+        if (!sk_OPENSSL_PSTRING_push(db->data,row))
                {
                db->error=DB_ERROR_MALLOC;
                goto err;
@@ -332,7 +334,7 @@ int TXT_DB_insert(TXT_DB *db, char **row)
                        {
                        if ((db->qual[i] != NULL) &&
                                (db->qual[i](row) == 0)) continue;
-                        lh_insert(db->index[i],row);
+                        (void)lh_OPENSSL_STRING_insert(db->index[i],row);
                        }
                }
        return(1);
@@ -351,18 +353,18 @@ void TXT_DB_free(TXT_DB *db)
        if (db->index != NULL)
                {
                for (i=db->num_fields-1; i>=0; i--)
-                        if (db->index[i] != NULL) lh_free(db->index[i]);
+                        if (db->index[i] != NULL) lh_OPENSSL_STRING_free(db->index[i]);
                OPENSSL_free(db->index);
                }
        if (db->qual != NULL)
                OPENSSL_free(db->qual);
        if (db->data != NULL)
                {
-                for (i=sk_num(db->data)-1; i>=0; i--)
+                for (i=sk_OPENSSL_PSTRING_num(db->data)-1; i>=0; i--)
                        {
                        /* check if any 'fields' have been allocated
                         * from outside of the initial block */
-                        p=(char **)sk_value(db->data,i);
+                        p=sk_OPENSSL_PSTRING_value(db->data,i);
                        max=p[db->num_fields]; /* last address */
                        if (max == NULL) /* new row */
                                {
@@ -378,9 +380,9 @@ void TXT_DB_free(TXT_DB *db)
                                                OPENSSL_free(p[n]);
                                        }
                                }
-                        OPENSSL_free(sk_value(db->data,i));
+                        OPENSSL_free(sk_OPENSSL_PSTRING_value(db->data,i));
                        }
-                sk_free(db->data);
+                sk_OPENSSL_PSTRING_free(db->data);
                }
        OPENSSL_free(db);
        }
diff --git a/src/lib/libssl/src/crypto/txt_db/txt_db.h b/src/lib/libssl/src/crypto/txt_db/txt_db.h
index 307e1ba23f..6abe435bc8 100644
--- a/src/lib/libssl/src/crypto/txt_db/txt_db.h
+++ b/src/lib/libssl/src/crypto/txt_db/txt_db.h
@@ -77,16 +77,19 @@
 extern "C" {
 #endif
+typedef OPENSSL_STRING *OPENSSL_PSTRING;
+DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING)
 typedef struct txt_db_st
        {
        int num_fields;
-        STACK /* char ** */ *data;
+        STACK_OF(OPENSSL_PSTRING) *data;
-        LHASH **index;
+        LHASH_OF(OPENSSL_STRING) **index;
-        int (**qual)(char **);
+        int (**qual)(OPENSSL_STRING *);
        long error;
        long arg1;
        long arg2;
-        char **arg_row;
+        OPENSSL_STRING *arg_row;
        } TXT_DB;
 #ifndef OPENSSL_NO_BIO
@@ -96,11 +99,11 @@ long TXT_DB_write(BIO *out, TXT_DB *db);
 TXT_DB *TXT_DB_read(char *in, int num);
 long TXT_DB_write(char *out, TXT_DB *db);
 #endif
-int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(char **),
+int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(OPENSSL_STRING *),
-                LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
+                        LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
 void TXT_DB_free(TXT_DB *db);
-char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);
+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value);
-int TXT_DB_insert(TXT_DB *db,char **value);
+int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value);
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/crypto/ui/Makefile b/src/lib/libssl/src/crypto/ui/Makefile
index 4755e206f6..a685659fb4 100644
--- a/src/lib/libssl/src/crypto/ui/Makefile
+++ b/src/lib/libssl/src/crypto/ui/Makefile
@@ -37,7 +37,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
diff --git a/src/lib/libssl/src/crypto/ui/ui.h b/src/lib/libssl/src/crypto/ui/ui.h
index 018296412b..2b1cfa2289 100644
--- a/src/lib/libssl/src/crypto/ui/ui.h
+++ b/src/lib/libssl/src/crypto/ui/ui.h
@@ -287,8 +287,8 @@ UI_METHOD *UI_OpenSSL(void);
 /* The UI_STRING type is the data structure that contains all the needed info
   about a string or a prompt, including test data for a verification prompt.
 */
-DECLARE_STACK_OF(UI_STRING)
 typedef struct ui_string_st UI_STRING;
+DECLARE_STACK_OF(UI_STRING)
 /* The different types of strings that are currently supported.
   This is only needed by method authors. */
@@ -310,11 +310,13 @@ int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis
 int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui));
 int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis));
 int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui));
+int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor)(UI* ui, const char* object_desc, const char* object_name));
 int (*UI_method_get_opener(UI_METHOD *method))(UI*);
 int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);
 int (*UI_method_get_flusher(UI_METHOD *method))(UI*);
 int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);
 int (*UI_method_get_closer(UI_METHOD *method))(UI*);
+char* (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*);
 /* The following functions are helpers for method writers to access relevant
   data from a UI_STRING. */
diff --git a/src/lib/libssl/src/crypto/ui/ui_err.c b/src/lib/libssl/src/crypto/ui/ui_err.c
index 786bd0dbc3..a6b96299a0 100644
--- a/src/lib/libssl/src/crypto/ui/ui_err.c
+++ b/src/lib/libssl/src/crypto/ui/ui_err.c
@@ -1,6 +1,6 @@
 /* crypto/ui/ui_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/src/crypto/ui/ui_lib.c b/src/lib/libssl/src/crypto/ui/ui_lib.c
index ac0100808f..a8abc27064 100644
--- a/src/lib/libssl/src/crypto/ui/ui_lib.c
+++ b/src/lib/libssl/src/crypto/ui/ui_lib.c
@@ -693,6 +693,17 @@ int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui))
                return -1;
        }
+int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor)(UI* ui, const char* object_desc, const char* object_name))
+        {
+        if (method)
+                {
+                method->ui_construct_prompt = prompt_constructor;
+                return 0;
+                }
+        else
+                return -1;
+        }
 int (*UI_method_get_opener(UI_METHOD *method))(UI*)
        {
        if (method)
@@ -733,6 +744,14 @@ int (*UI_method_get_closer(UI_METHOD *method))(UI*)
                return NULL;
        }
+char* (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*)
+        {
+        if (method)
+                return method->ui_construct_prompt;
+        else
+                return NULL;
+        }
 enum UI_string_types UI_get_string_type(UI_STRING *uis)
        {
        if (!uis)
diff --git a/src/lib/libssl/src/crypto/ui/ui_openssl.c b/src/lib/libssl/src/crypto/ui/ui_openssl.c
index ef930bf247..1bc25f48d5 100644
--- a/src/lib/libssl/src/crypto/ui/ui_openssl.c
+++ b/src/lib/libssl/src/crypto/ui/ui_openssl.c
@@ -122,7 +122,9 @@
 * sigaction and fileno included. -pedantic would be more appropriate for
 * the intended purposes, but we can't prevent users from adding -ansi.
 */
-#define _POSIX_C_SOURCE 1
+#ifndef _POSIX_C_SOURCE
+#define _POSIX_C_SOURCE 2
+#endif
 #include <signal.h>
 #include <stdio.h>
 #include <string.h>
@@ -297,7 +299,7 @@ static int is_a_tty;
 /* Declare static functions */
 #if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-static void read_till_nl(FILE *);
+static int read_till_nl(FILE *);
 static void recsig(int);
 static void pushsig(void);
 static void popsig(void);
@@ -390,14 +392,16 @@ static int read_string(UI *ui, UI_STRING *uis)
 #if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
 /* Internal functions to read a string without echoing */
-static void read_till_nl(FILE *in)
+static int read_till_nl(FILE *in)
        {
 #define SIZE 4
        char buf[SIZE+1];
        do      {
-                fgets(buf,SIZE,in);
+                if (!fgets(buf,SIZE,in))
+                        return 0;
                } while (strchr(buf,'\n') == NULL);
+        return 1;
        }
 static volatile sig_atomic_t intr_signal;
@@ -445,7 +449,8 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
                        *p='\0';
                }
        else
-                read_till_nl(tty_in);
+                if (!read_till_nl(tty_in))
+                        goto error;
        if (UI_set_result(ui, uis, result) >= 0)
                ok=1;
@@ -473,7 +478,7 @@ static int open_console(UI *ui)
        CRYPTO_w_lock(CRYPTO_LOCK_UI);
        is_a_tty = 1;
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS)
        tty_in=stdin;
        tty_out=stderr;
 #else
diff --git a/src/lib/libssl/src/crypto/x509/Makefile b/src/lib/libssl/src/crypto/x509/Makefile
index 464752b159..72c82278f4 100644
--- a/src/lib/libssl/src/crypto/x509/Makefile
+++ b/src/lib/libssl/src/crypto/x509/Makefile
@@ -43,12 +43,12 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
 files:
-        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
 links:
        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@@ -89,37 +89,35 @@ by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 by_dir.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-by_dir.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-by_dir.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_dir.c
-by_dir.o: ../cryptlib.h by_dir.c
 by_file.o: ../../e_os.h ../../include/openssl/asn1.h
 by_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 by_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 by_file.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 by_file.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-by_file.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+by_file.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-by_file.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-by_file.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-by_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c
+by_file.o: ../cryptlib.h by_file.c
 x509_att.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_att.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_att.o: ../../include/openssl/opensslconf.h
 x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -132,9 +130,8 @@ x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_cmp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_cmp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_cmp.o: ../../include/openssl/opensslconf.h
 x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -146,22 +143,22 @@ x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_d2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_d2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_d2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c
+x509_d2.o: ../cryptlib.h x509_d2.c
 x509_def.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_def.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_def.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_def.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_def.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_def.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_def.o: ../../include/openssl/opensslconf.h
 x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -172,9 +169,8 @@ x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_err.o: ../../include/openssl/opensslconf.h
 x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -186,9 +182,8 @@ x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_ext.o: ../../include/openssl/opensslconf.h
 x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -201,22 +196,22 @@ x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_lu.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_lu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_lu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c
+x509_lu.o: ../cryptlib.h x509_lu.c
 x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_obj.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_obj.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_obj.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_obj.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_obj.o: ../../include/openssl/opensslconf.h
 x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -228,21 +223,20 @@ x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x509_r2x.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_r2x.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_r2x.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_r2x.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_r2x.o: ../../include/openssl/opensslconf.h
 x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_r2x.c
 x509_req.o: ../../e_os.h ../../include/openssl/asn1.h
-x509_req.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+x509_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x509_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-x509_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-x509_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 x509_req.o: ../../include/openssl/opensslconf.h
 x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -256,9 +250,9 @@ x509_set.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_set.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_set.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_set.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_set.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_set.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_set.o: ../../include/openssl/opensslconf.h
 x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -270,9 +264,8 @@ x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_trs.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_trs.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_trs.o: ../../include/openssl/opensslconf.h
 x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -284,9 +277,9 @@ x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_txt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_txt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_txt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_txt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_txt.o: ../../include/openssl/opensslconf.h
 x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -298,23 +291,22 @@ x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_v3.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_v3.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_v3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c
+x509_v3.o: ../cryptlib.h x509_v3.c
 x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_vfy.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_vfy.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_vfy.o: ../../include/openssl/opensslconf.h
 x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -327,9 +319,8 @@ x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_vpm.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_vpm.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_vpm.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_vpm.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_vpm.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_vpm.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_vpm.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_vpm.o: ../../include/openssl/opensslconf.h
 x509_vpm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_vpm.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_vpm.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -341,9 +332,9 @@ x509cset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509cset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509cset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509cset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509cset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509cset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509cset.o: ../../include/openssl/opensslconf.h
 x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -354,9 +345,9 @@ x509name.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509name.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509name.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509name.o: ../../include/openssl/opensslconf.h
 x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -367,9 +358,9 @@ x509rset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509rset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509rset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509rset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509rset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509rset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509rset.o: ../../include/openssl/opensslconf.h
 x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -380,9 +371,9 @@ x509spki.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509spki.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509spki.o: ../../include/openssl/opensslconf.h
 x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -393,9 +384,9 @@ x509type.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509type.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509type.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509type.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509type.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509type.o: ../../include/openssl/opensslconf.h
 x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -406,12 +397,11 @@ x_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.c
-x_all.o: ../cryptlib.h x_all.c
diff --git a/src/lib/libssl/src/crypto/x509/by_dir.c b/src/lib/libssl/src/crypto/x509/by_dir.c
index 341e0ba6a4..27ca5150c1 100644
--- a/src/lib/libssl/src/crypto/x509/by_dir.c
+++ b/src/lib/libssl/src/crypto/x509/by_dir.c
@@ -65,28 +65,36 @@
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
 #endif
-#ifdef MAC_OS_pre_X
+#ifndef OPENSSL_NO_POSIX_IO
-# include <stat.h>
-#else
 # include <sys/stat.h>
 #endif
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
-#ifdef _WIN32
-#define stat    _stat
+typedef struct lookup_dir_hashes_st
-#endif
+        {
+        unsigned long hash;
+        int suffix;
+        } BY_DIR_HASH;
+typedef struct lookup_dir_entry_st
+        {
+        char *dir;
+        int dir_type;
+        STACK_OF(BY_DIR_HASH) *hashes;
+        } BY_DIR_ENTRY;
 typedef struct lookup_dir_st
        {
        BUF_MEM *buffer;
-        int num_dirs;
+        STACK_OF(BY_DIR_ENTRY) *dirs;
-        char **dirs;
-        int *dirs_type;
-        int num_dirs_alloced;
        } BY_DIR;
+DECLARE_STACK_OF(BY_DIR_HASH)
+DECLARE_STACK_OF(BY_DIR_ENTRY)
 static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
        char **ret);
 static int new_dir(X509_LOOKUP *lu);
@@ -127,7 +135,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
        case X509_L_ADD_DIR:
                if (argl == X509_FILETYPE_DEFAULT)
                        {
-                        dir=(char *)Getenv(X509_get_default_cert_dir_env());
+                        dir=(char *)getenv(X509_get_default_cert_dir_env());
                        if (dir)
                                ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
                        else
@@ -156,34 +164,51 @@ static int new_dir(X509_LOOKUP *lu)
                OPENSSL_free(a);
                return(0);
                }
-        a->num_dirs=0;
        a->dirs=NULL;
-        a->dirs_type=NULL;
-        a->num_dirs_alloced=0;
        lu->method_data=(char *)a;
        return(1);
        }
+static void by_dir_hash_free(BY_DIR_HASH *hash)
+        {
+        OPENSSL_free(hash);
+        }
+static int by_dir_hash_cmp(const BY_DIR_HASH * const *a,
+                        const BY_DIR_HASH * const *b)
+        {
+        if ((*a)->hash > (*b)->hash)
+                return 1;
+        if ((*a)->hash < (*b)->hash)
+                return -1;
+        return 0;
+        }
+static void by_dir_entry_free(BY_DIR_ENTRY *ent)
+        {
+        if (ent->dir)
+                OPENSSL_free(ent->dir);
+        if (ent->hashes)
+                sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free);
+        OPENSSL_free(ent);
+        }
 static void free_dir(X509_LOOKUP *lu)
        {
        BY_DIR *a;
-        int i;
        a=(BY_DIR *)lu->method_data;
-        for (i=0; i<a->num_dirs; i++)
+        if (a->dirs != NULL)
-                if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
+                sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
-        if (a->dirs != NULL) OPENSSL_free(a->dirs);
+        if (a->buffer != NULL)
-        if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
+                BUF_MEM_free(a->buffer);
-        if (a->buffer != NULL) BUF_MEM_free(a->buffer);
        OPENSSL_free(a);
        }
 static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
        {
        int j,len;
-        int *ip;
        const char *s,*ss,*p;
-        char **pp;
        if (dir == NULL || !*dir)
            {
@@ -197,49 +222,52 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                {
                if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
                        {
+                        BY_DIR_ENTRY *ent;
                        ss=s;
                        s=p+1;
                        len=(int)(p-ss);
                        if (len == 0) continue;
-                        for (j=0; j<ctx->num_dirs; j++)
+                        for (j=0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++)
-                                if (strlen(ctx->dirs[j]) == (size_t)len &&
+                                {
-                                    strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
+                                ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
+                                if (strlen(ent->dir) == (size_t)len &&
+                                    strncmp(ent->dir,ss,(unsigned int)len) == 0)
                                        break;
-                        if (j<ctx->num_dirs)
+                                }
+                        if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
                                continue;
-                        if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
+                        if (ctx->dirs == NULL)
                                {
-                                ctx->num_dirs_alloced+=10;
+                                ctx->dirs = sk_BY_DIR_ENTRY_new_null();
-                                pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
+                                if (!ctx->dirs)
-                                        sizeof(char *));
-                                ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
-                                        sizeof(int));
-                                if ((pp == NULL) || (ip == NULL))
                                        {
                                        X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
-                                        return(0);
+                                        return 0;
                                        }
-                                memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
-                                        sizeof(char *));
-                                memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
-                                        sizeof(int));
-                                if (ctx->dirs != NULL)
-                                        OPENSSL_free(ctx->dirs);
-                                if (ctx->dirs_type != NULL)
-                                        OPENSSL_free(ctx->dirs_type);
-                                ctx->dirs=pp;
-                                ctx->dirs_type=ip;
                                }
-                        ctx->dirs_type[ctx->num_dirs]=type;
+                        ent = OPENSSL_malloc(sizeof(BY_DIR_ENTRY));
-                        ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
+                        if (!ent)
-                        if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
+                                return 0;
-                        strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
+                        ent->dir_type = type;
-                        ctx->dirs[ctx->num_dirs][len]='\0';
+                        ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
-                        ctx->num_dirs++;
+                        ent->dir = OPENSSL_malloc((unsigned int)len+1);
+                        if (!ent->dir || !ent->hashes)
+                                {
+                                by_dir_entry_free(ent);
+                                return 0;
+                                }
+                        strncpy(ent->dir,ss,(unsigned int)len);
+                        ent->dir[len] = '\0';
+                        if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent))
+                                {
+                                by_dir_entry_free(ent);
+                                return 0;
+                                }
                        }
-                if (*p == '\0') break;
+                if (*p == '\0')
+                        break;
                }
-        return(1);
+        return 1;
        }
 static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
@@ -260,7 +288,6 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
        int i,j,k;
        unsigned long h;
        BUF_MEM *b=NULL;
-        struct stat st;
        X509_OBJECT stmp,*tmp;
        const char *postfix="";
@@ -296,20 +323,45 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
        ctx=(BY_DIR *)xl->method_data;
        h=X509_NAME_hash(name);
-        for (i=0; i<ctx->num_dirs; i++)
+        for (i=0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++)
                {
-                j=strlen(ctx->dirs[i])+1+8+6+1+1;
+                BY_DIR_ENTRY *ent;
+                int idx;
+                BY_DIR_HASH htmp, *hent;
+                ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
+                j=strlen(ent->dir)+1+8+6+1+1;
                if (!BUF_MEM_grow(b,j))
                        {
                        X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
                        goto finish;
                        }
-                k=0;
+                if (type == X509_LU_CRL && ent->hashes)
+                        {
+                        htmp.hash = h;
+                        CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
+                        idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
+                        if (idx >= 0)
+                                {
+                                hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
+                                k = hent->suffix;
+                                }
+                        else
+                                {
+                                hent = NULL;
+                                k=0;
+                                }
+                        CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
+                        }
+                else
+                        {
+                        k = 0;
+                        hent = NULL;
+                        }
                for (;;)
                        {
                        char c = '/';
 #ifdef OPENSSL_SYS_VMS
-                        c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
+                        c = ent->dir[strlen(ent->dir)-1];
                        if (c != ':' && c != '>' && c != ']')
                                {
                                /* If no separator is present, we assume the
@@ -330,41 +382,86 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
                                /* This is special.  When c == '\0', no
                                   directory separator should be added. */
                                BIO_snprintf(b->data,b->max,
-                                        "%s%08lx.%s%d",ctx->dirs[i],h,
+                                        "%s%08lx.%s%d",ent->dir,h,
                                        postfix,k);
                                }
                        else
                                {
                                BIO_snprintf(b->data,b->max,
-                                        "%s%c%08lx.%s%d",ctx->dirs[i],c,h,
+                                        "%s%c%08lx.%s%d",ent->dir,c,h,
                                        postfix,k);
                                }
-                        k++;
+#ifndef OPENSSL_NO_POSIX_IO
+#ifdef _WIN32
+#define stat _stat
+#endif
+                        {
+                        struct stat st;
                        if (stat(b->data,&st) < 0)
                                break;
+                        }
+#endif
                        /* found one. */
                        if (type == X509_LU_X509)
                                {
                                if ((X509_load_cert_file(xl,b->data,
-                                        ctx->dirs_type[i])) == 0)
+                                        ent->dir_type)) == 0)
                                        break;
                                }
                        else if (type == X509_LU_CRL)
                                {
                                if ((X509_load_crl_file(xl,b->data,
-                                        ctx->dirs_type[i])) == 0)
+                                        ent->dir_type)) == 0)
                                        break;
                                }
                        /* else case will caught higher up */
+                        k++;
                        }
                /* we have added it to the cache so now pull
                 * it out again */
-                CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
+                CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
                j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
                if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
                else tmp = NULL;
-                CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
+                CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                /* If a CRL, update the last file suffix added for this */
+                if (type == X509_LU_CRL)
+                        {
+                        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+                        /* Look for entry again in case another thread added
+                         * an entry first.
+                         */
+                        if (!hent)
+                                {
+                                htmp.hash = h;
+                                idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
+                                if (idx >= 0)
+                                        hent =
+                                         sk_BY_DIR_HASH_value(ent->hashes, idx);
+                                }
+                        if (!hent)
+                                {
+                                hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
+                                hent->hash = h;
+                                hent->suffix = k;
+                                if (!sk_BY_DIR_HASH_push(ent->hashes, hent))
+                                        {
+                                        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                                        OPENSSL_free(hent);
+                                        ok = 0;
+                                        goto finish;
+                                        }
+                                }
+                        else if (hent->suffix < k)
+                                hent->suffix = k;
+                        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                        }
                if (tmp != NULL)
                        {
@@ -383,4 +480,3 @@ finish:
        if (b != NULL) BUF_MEM_free(b);
        return(ok);
        }
diff --git a/src/lib/libssl/src/crypto/x509/by_file.c b/src/lib/libssl/src/crypto/x509/by_file.c
index a5e0d4aefa..57b08ee094 100644
--- a/src/lib/libssl/src/crypto/x509/by_file.c
+++ b/src/lib/libssl/src/crypto/x509/by_file.c
@@ -100,7 +100,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
        case X509_L_FILE_LOAD:
                if (argl == X509_FILETYPE_DEFAULT)
                        {
-                        file = (char *)Getenv(X509_get_default_cert_file_env());
+                        file = (char *)getenv(X509_get_default_cert_file_env());
                        if (file)
                                ok = (X509_load_cert_crl_file(ctx,file,
                                              X509_FILETYPE_PEM) != 0);
diff --git a/src/lib/libssl/src/crypto/x509/x509.h b/src/lib/libssl/src/crypto/x509/x509.h
index e71b5257e5..604f4fb27f 100644
--- a/src/lib/libssl/src/crypto/x509/x509.h
+++ b/src/lib/libssl/src/crypto/x509/x509.h
@@ -116,6 +116,7 @@ extern "C" {
 /* Under Win32 these are defined in wincrypt.h */
 #undef X509_NAME
 #undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
 #endif
 #define X509_FILETYPE_PEM       1
@@ -156,12 +157,12 @@ typedef struct X509_val_st
        ASN1_TIME *notAfter;
        } X509_VAL;
-typedef struct X509_pubkey_st
+struct X509_pubkey_st
        {
        X509_ALGOR *algor;
        ASN1_BIT_STRING *public_key;
        EVP_PKEY *pkey;
-        } X509_PUBKEY;
+        };
 typedef struct X509_sig_st
        {
@@ -190,7 +191,9 @@ struct X509_name_st
 #else
        char *bytes;
 #endif
-        unsigned long hash; /* Keep the hash around for lookups */
+/*      unsigned long hash; Keep the hash around for lookups */
+        unsigned char *canon_enc;
+        int canon_enclen;
        } /* X509_NAME */;
 DECLARE_STACK_OF(X509_NAME)
@@ -289,8 +292,11 @@ struct x509_st
        unsigned long ex_xkusage;
        unsigned long ex_nscert;
        ASN1_OCTET_STRING *skid;
-        struct AUTHORITY_KEYID_st *akid;
+        AUTHORITY_KEYID *akid;
        X509_POLICY_CACHE *policy_cache;
+        STACK_OF(DIST_POINT) *crldp;
+        STACK_OF(GENERAL_NAME) *altname;
+        NAME_CONSTRAINTS *nc;
 #ifndef OPENSSL_NO_RFC3779
        STACK_OF(IPAddressFamily) *rfc3779_addr;
        struct ASIdentifiers_st *rfc3779_asid;
@@ -333,10 +339,11 @@ typedef struct x509_cert_pair_st {
 #define X509_TRUST_OBJECT_SIGN  5
 #define X509_TRUST_OCSP_SIGN    6
 #define X509_TRUST_OCSP_REQUEST 7
+#define X509_TRUST_TSA          8
 /* Keep these up to date! */
 #define X509_TRUST_MIN          1
-#define X509_TRUST_MAX          7
+#define X509_TRUST_MAX          8
 /* trust_flags values */
@@ -423,13 +430,17 @@ typedef struct x509_cert_pair_st {
                        XN_FLAG_FN_LN | \
                        XN_FLAG_FN_ALIGN)
-typedef struct X509_revoked_st
+struct x509_revoked_st
        {
        ASN1_INTEGER *serialNumber;
        ASN1_TIME *revocationDate;
        STACK_OF(X509_EXTENSION) /* optional */ *extensions;
+        /* Set up if indirect CRL */
+        STACK_OF(GENERAL_NAME) *issuer;
+        /* Revocation reason */
+        int reason;
        int sequence; /* load sequence */
-        } X509_REVOKED;
+        };
 DECLARE_STACK_OF(X509_REVOKED)
 DECLARE_ASN1_SET_OF(X509_REVOKED)
@@ -453,6 +464,22 @@ struct X509_crl_st
        X509_ALGOR *sig_alg;
        ASN1_BIT_STRING *signature;
        int references;
+        int flags;
+        /* Copies of various extensions */
+        AUTHORITY_KEYID *akid;
+        ISSUING_DIST_POINT *idp;
+        /* Convenient breakdown of IDP */
+        int idp_flags;
+        int idp_reasons;
+        /* CRL and base CRL numbers for delta processing */
+        ASN1_INTEGER *crl_number;
+        ASN1_INTEGER *base_crl_number;
+#ifndef OPENSSL_NO_SHA
+        unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+#endif
+        STACK_OF(GENERAL_NAMES) *issuers;
+        const X509_CRL_METHOD *meth;
+        void *meth_data;
        } /* X509_CRL */;
 DECLARE_STACK_OF(X509_CRL)
@@ -551,18 +578,19 @@ X509_ALGOR *prf;
 /* PKCS#8 private key info structure */
-typedef struct pkcs8_priv_key_info_st
+struct pkcs8_priv_key_info_st
        {
        int broken;     /* Flag for various broken formats */
 #define PKCS8_OK                0
 #define PKCS8_NO_OCTET          1
 #define PKCS8_EMBEDDED_PARAM    2
 #define PKCS8_NS_DB             3
+#define PKCS8_NEG_PRIVKEY       4
        ASN1_INTEGER *version;
        X509_ALGOR *pkeyalg;
        ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
        STACK_OF(X509_ATTRIBUTE) *attributes;
-        } PKCS8_PRIV_KEY_INFO;
+        };
 #ifdef  __cplusplus
 }
@@ -575,151 +603,6 @@ typedef struct pkcs8_priv_key_info_st
 extern "C" {
 #endif
-#ifdef SSLEAY_MACROS
-#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
-        a->signature,(char *)a->cert_info,r)
-#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
-        a->sig_alg,a->signature,(char *)a->req_info,r)
-#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
-        a->sig_alg, a->signature,(char *)a->crl,r)
-#define X509_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
-                x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
-#define X509_REQ_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
-                x->signature, (char *)x->req_info,pkey,md)
-#define X509_CRL_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
-                x->signature, (char *)x->crl,pkey,md)
-#define NETSCAPE_SPKI_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
-                x->signature, (char *)x->spkac,pkey,md)
-#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
-                (char *(*)())d2i_X509,(char *)x509)
-#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
-                (int (*)())i2d_X509_ATTRIBUTE, \
-                (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
-#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
-                (int (*)())i2d_X509_EXTENSION, \
-                (char *(*)())d2i_X509_EXTENSION,(char *)ex)
-#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
-                (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
-#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
-#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
-                (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
-#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
-#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
-                (char *(*)())d2i_X509_CRL,(char *)crl)
-#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
-                X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
-                (unsigned char **)(crl))
-#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
-                (unsigned char *)crl)
-#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
-                X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
-                (unsigned char **)(crl))
-#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
-                (unsigned char *)crl)
-#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
-                (char *(*)())d2i_PKCS7,(char *)p7)
-#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
-                PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
-                (unsigned char **)(p7))
-#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
-                (unsigned char *)p7)
-#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
-                PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
-                (unsigned char **)(p7))
-#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
-                (unsigned char *)p7)
-#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
-                (char *(*)())d2i_X509_REQ,(char *)req)
-#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
-                X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
-                (unsigned char **)(req))
-#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
-                (unsigned char *)req)
-#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
-                X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
-                (unsigned char **)(req))
-#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
-                (unsigned char *)req)
-#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
-                (char *(*)())d2i_RSAPublicKey,(char *)rsa)
-#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
-                (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
-#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
-                (unsigned char *)rsa)
-#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
-                (unsigned char *)rsa)
-#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
-                (unsigned char *)rsa)
-#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
-                (unsigned char *)rsa)
-#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
-                DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
-                (unsigned char **)(dsa))
-#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
-                (unsigned char *)dsa)
-#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
-                DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
-                (unsigned char **)(dsa))
-#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
-                (unsigned char *)dsa)
-#define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\
-                EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \
-                (unsigned char **)(ecdsa))
-#define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \
-                (unsigned char *)ecdsa)
-#define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\
-                EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \
-                (unsigned char **)(ecdsa))
-#define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \
-                (unsigned char *)ecdsa)
-#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
-                (char *(*)())d2i_X509_ALGOR,(char *)xn)
-#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
-                (char *(*)())d2i_X509_NAME,(char *)xn)
-#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
-                (int (*)())i2d_X509_NAME_ENTRY, \
-                (char *(*)())d2i_X509_NAME_ENTRY,\
-                (char *)ne)
-#define X509_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
-#define X509_NAME_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
-#ifndef PKCS7_ISSUER_AND_SERIAL_digest
-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
-                (char *)data,md,len)
-#endif
-#endif
 #define X509_EXT_PACK_UNKNOWN   1
 #define X509_EXT_PACK_STRING    2
@@ -740,6 +623,18 @@ extern "C" {
 #define         X509_CRL_get_issuer(x) ((x)->crl->issuer)
 #define         X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
+void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
+X509_CRL_METHOD *X509_CRL_METHOD_new(
+        int (*crl_init)(X509_CRL *crl),
+        int (*crl_free)(X509_CRL *crl),
+        int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
+                                ASN1_INTEGER *ser, X509_NAME *issuer),
+        int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk));
+void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
+void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
+void *X509_CRL_get_meth_data(X509_CRL *crl);
 /* This one is only used so that a binary form can output, as in
 * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
 #define         X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
@@ -747,7 +642,6 @@ extern "C" {
 const char *X509_verify_cert_error_string(long n);
-#ifndef SSLEAY_MACROS
 #ifndef OPENSSL_NO_EVP
 int X509_verify(X509 *a, EVP_PKEY *r);
@@ -872,11 +766,11 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
 X509_NAME *X509_NAME_dup(X509_NAME *xn);
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
-#endif /* !SSLEAY_MACROS */
+int             X509_cmp_time(const ASN1_TIME *s, time_t *t);
+int             X509_cmp_current_time(const ASN1_TIME *s);
-int             X509_cmp_time(ASN1_TIME *s, time_t *t);
-int             X509_cmp_current_time(ASN1_TIME *s);
 ASN1_TIME *     X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
+ASN1_TIME *     X509_time_adj_ex(ASN1_TIME *s,
+                                int offset_day, long offset_sec, time_t *t);
 ASN1_TIME *     X509_gmtime_adj(ASN1_TIME *s, long adj);
 const char *    X509_get_default_cert_area(void );
@@ -964,6 +858,9 @@ DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
 DECLARE_ASN1_FUNCTIONS(X509_CRL)
 int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                X509_REVOKED **ret, ASN1_INTEGER *serial);
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
 X509_PKEY *     X509_PKEY_new(void );
 void            X509_PKEY_free(X509_PKEY *a);
@@ -1007,8 +904,8 @@ int 		X509_set_issuer_name(X509 *x, X509_NAME *name);
 X509_NAME *     X509_get_issuer_name(X509 *a);
 int             X509_set_subject_name(X509 *x, X509_NAME *name);
 X509_NAME *     X509_get_subject_name(X509 *a);
-int             X509_set_notBefore(X509 *x, ASN1_TIME *tm);
+int             X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
-int             X509_set_notAfter(X509 *x, ASN1_TIME *tm);
+int             X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
 int             X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
 EVP_PKEY *      X509_get_pubkey(X509 *x);
 ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
@@ -1045,8 +942,8 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
 int X509_CRL_set_version(X509_CRL *x, long version);
 int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
-int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
 int X509_CRL_sort(X509_CRL *crl);
 int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
@@ -1065,11 +962,18 @@ unsigned long	X509_issuer_name_hash(X509 *a);
 int             X509_subject_name_cmp(const X509 *a, const X509 *b);
 unsigned long   X509_subject_name_hash(X509 *x);
+#ifndef OPENSSL_NO_MD5
+unsigned long   X509_issuer_name_hash_old(X509 *a);
+unsigned long   X509_subject_name_hash_old(X509 *x);
+#endif
 int             X509_cmp(const X509 *a, const X509 *b);
 int             X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
 unsigned long   X509_NAME_hash(X509_NAME *x);
+unsigned long   X509_NAME_hash_old(X509_NAME *x);
 int             X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+int             X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
 #ifndef OPENSSL_NO_FP_API
 int             X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int             X509_print_fp(FILE *bp,X509 *x);
@@ -1245,9 +1149,16 @@ DECLARE_ASN1_FUNCTIONS(PBEPARAM)
 DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
 DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                                const unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                                const unsigned char *salt, int saltlen);
 X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
                                         unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+                                 unsigned char *salt, int saltlen,
+                                 unsigned char *aiv, int prf_nid);
 /* PKCS#8 utilities */
@@ -1258,6 +1169,22 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
 PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
+int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+                        int version, int ptype, void *pval,
+                                unsigned char *penc, int penclen);
+int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
+                const unsigned char **pk, int *ppklen,
+                X509_ALGOR **pa,
+                PKCS8_PRIV_KEY_INFO *p8);
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                                        int ptype, void *pval,
+                                        unsigned char *penc, int penclen);
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                const unsigned char **pk, int *ppklen,
+                X509_ALGOR **pa,
+                X509_PUBKEY *pub);
 int X509_check_trust(X509 *x, int id, int flags);
 int X509_TRUST_get_count(void);
 X509_TRUST * X509_TRUST_get0(int idx);
@@ -1337,7 +1264,10 @@ void ERR_load_X509_strings(void);
 #define X509_R_KEY_VALUES_MISMATCH                       116
 #define X509_R_LOADING_CERT_DIR                          103
 #define X509_R_LOADING_DEFAULTS                          104
+#define X509_R_METHOD_NOT_SUPPORTED                      124
 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
+#define X509_R_PUBLIC_KEY_DECODE_ERROR                   125
+#define X509_R_PUBLIC_KEY_ENCODE_ERROR                   126
 #define X509_R_SHOULD_RETRY                              106
 #define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN        107
 #define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY            108
diff --git a/src/lib/libssl/src/crypto/x509/x509_cmp.c b/src/lib/libssl/src/crypto/x509/x509_cmp.c
index 2faf92514a..4bc9da07e0 100644
--- a/src/lib/libssl/src/crypto/x509/x509_cmp.c
+++ b/src/lib/libssl/src/crypto/x509/x509_cmp.c
@@ -116,6 +116,13 @@ int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
        return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
        }
+#ifndef OPENSSL_NO_SHA
+int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
+        {
+        return memcmp(a->sha1_hash, b->sha1_hash, 20);
+        }
+#endif
 X509_NAME *X509_get_issuer_name(X509 *a)
        {
        return(a->cert_info->issuer);
@@ -126,6 +133,13 @@ unsigned long X509_issuer_name_hash(X509 *x)
        return(X509_NAME_hash(x->cert_info->issuer));
        }
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_name_hash_old(X509 *x)
+        {
+        return(X509_NAME_hash_old(x->cert_info->issuer));
+        }
+#endif
 X509_NAME *X509_get_subject_name(X509 *a)
        {
        return(a->cert_info->subject);
@@ -141,6 +155,13 @@ unsigned long X509_subject_name_hash(X509 *x)
        return(X509_NAME_hash(x->cert_info->subject));
        }
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_subject_name_hash_old(X509 *x)
+        {
+        return(X509_NAME_hash_old(x->cert_info->subject));
+        }
+#endif
 #ifndef OPENSSL_NO_SHA
 /* Compare two certificates: they must be identical for
 * this to work. NB: Although "cmp" operations are generally
@@ -162,177 +183,63 @@ int X509_cmp(const X509 *a, const X509 *b)
 #endif
-/* Case insensitive string comparision */
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
-static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
-{
-        int i;
-        if (a->length != b->length)
-                return (a->length - b->length);
-        for (i=0; i<a->length; i++)
-        {
-                int ca, cb;
-                ca = tolower(a->data[i]);
-                cb = tolower(b->data[i]);
-                if (ca != cb)
-                        return(ca-cb);
-        }
-        return 0;
-}
-/* Case insensitive string comparision with space normalization 
- * Space normalization - ignore leading, trailing spaces, 
- *       multiple spaces between characters are replaced by single space  
- */
-static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
-{
-        unsigned char *pa = NULL, *pb = NULL;
-        int la, lb;
-        
-        la = a->length;
-        lb = b->length;
-        pa = a->data;
-        pb = b->data;
-        /* skip leading spaces */
-        while (la > 0 && isspace(*pa))
-        {
-                la--;
-                pa++;
-        }
-        while (lb > 0 && isspace(*pb))
-        {
-                lb--;
-                pb++;
-        }
-        /* skip trailing spaces */
-        while (la > 0 && isspace(pa[la-1]))
-                la--;
-        while (lb > 0 && isspace(pb[lb-1]))
-                lb--;
-        /* compare strings with space normalization */
-        while (la > 0 && lb > 0)
        {
-                int ca, cb;
+        int ret;
-                /* compare character */
-                ca = tolower(*pa);
-                cb = tolower(*pb);
-                if (ca != cb)
-                        return (ca - cb);
-                pa++; pb++;
+        /* Ensure canonical encoding is present and up to date */
-                la--; lb--;
-                if (la <= 0 || lb <= 0)
+        if (!a->canon_enc || a->modified)
-                        break;
+                {
+                ret = i2d_X509_NAME((X509_NAME *)a, NULL);
+                if (ret < 0)
+                        return -2;
+                }
-                /* is white space next character ? */
+        if (!b->canon_enc || b->modified)
-                if (isspace(*pa) && isspace(*pb))
                {
-                        /* skip remaining white spaces */
+                ret = i2d_X509_NAME((X509_NAME *)b, NULL);
-                        while (la > 0 && isspace(*pa))
+                if (ret < 0)
-                        {
+                        return -2;
-                                la--;
-                                pa++;
-                        }
-                        while (lb > 0 && isspace(*pb))
-                        {
-                                lb--;
-                                pb++;
-                        }
                }
-        }
-        if (la > 0 || lb > 0)
-                return la - lb;
-        return 0;
+        ret = a->canon_enclen - b->canon_enclen;
-}
-static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b)
+        if (ret)
-        {
+                return ret;
-        int j;
-        j = a->length - b->length;
-        if (j)
-                return j;
-        return memcmp(a->data, b->data, a->length);
-        }
-#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING)
+        return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
-int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
+        }
-        {
-        int i,j;
-        X509_NAME_ENTRY *na,*nb;
-        unsigned long nabit, nbbit;
+unsigned long X509_NAME_hash(X509_NAME *x)
+        {
+        unsigned long ret=0;
+        unsigned char md[SHA_DIGEST_LENGTH];
-        j = sk_X509_NAME_ENTRY_num(a->entries)
+        /* Make sure X509_NAME structure contains valid cached encoding */
-                  - sk_X509_NAME_ENTRY_num(b->entries);
+        i2d_X509_NAME(x,NULL);
-        if (j)
+        EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), NULL);
-                return j;
-        for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
-                {
-                na=sk_X509_NAME_ENTRY_value(a->entries,i);
-                nb=sk_X509_NAME_ENTRY_value(b->entries,i);
-                j=na->value->type-nb->value->type;
-                if (j)
-                        {
-                        nabit = ASN1_tag2bit(na->value->type);
-                        nbbit = ASN1_tag2bit(nb->value->type);
-                        if (!(nabit & STR_TYPE_CMP) ||
-                                !(nbbit & STR_TYPE_CMP))
-                                return j;
-                        if (!asn1_string_memcmp(na->value, nb->value))
-                                j = 0;
-                        }
-                else if (na->value->type == V_ASN1_PRINTABLESTRING)
-                        j=nocase_spacenorm_cmp(na->value, nb->value);
-                else if (na->value->type == V_ASN1_IA5STRING
-                        && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
-                        j=nocase_cmp(na->value, nb->value);
-                else
-                        j = asn1_string_memcmp(na->value, nb->value);
-                if (j) return(j);
-                j=na->set-nb->set;
-                if (j) return(j);
-                }
-        /* We will check the object types after checking the values
+        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-         * since the values will more often be different than the object
+                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-         * types. */
+                )&0xffffffffL;
-        for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
+        return(ret);
-                {
-                na=sk_X509_NAME_ENTRY_value(a->entries,i);
-                nb=sk_X509_NAME_ENTRY_value(b->entries,i);
-                j=OBJ_cmp(na->object,nb->object);
-                if (j) return(j);
-                }
-        return(0);
        }
 #ifndef OPENSSL_NO_MD5
 /* I now DER encode the name and hash it.  Since I cache the DER encoding,
 * this is reasonably efficient. */
-unsigned long X509_NAME_hash(X509_NAME *x)
+unsigned long X509_NAME_hash_old(X509_NAME *x)
        {
        unsigned long ret=0;
        unsigned char md[16];
-        EVP_MD_CTX md_ctx;
        /* Make sure X509_NAME structure contains valid cached encoding */
        i2d_X509_NAME(x,NULL);
-        EVP_MD_CTX_init(&md_ctx);
+        EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
-        EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
-        EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
-        EVP_DigestFinal_ex(&md_ctx,md,NULL);
-        EVP_MD_CTX_cleanup(&md_ctx);
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
@@ -393,14 +300,19 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
 int X509_check_private_key(X509 *x, EVP_PKEY *k)
        {
-        EVP_PKEY *xk=NULL;
+        EVP_PKEY *xk;
-        int ok=0;
+        int ret;
        xk=X509_get_pubkey(x);
-        switch (EVP_PKEY_cmp(xk, k))
+        if (xk)
+                ret = EVP_PKEY_cmp(xk, k);
+        else
+                ret = -2;
+        switch (ret)
                {
        case 1:
-                ok=1;
                break;
        case 0:
                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
@@ -409,24 +321,11 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
                break;
        case -2:
-#ifndef OPENSSL_NO_EC
-                if (k->type == EVP_PKEY_EC)
-                        {
-                        X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
-                        break;
-                        }
-#endif
-#ifndef OPENSSL_NO_DH
-                if (k->type == EVP_PKEY_DH)
-                        {
-                        /* No idea */
-                        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
-                        break;
-                        }
-#endif
                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
                }
+        if (xk)
-        EVP_PKEY_free(xk);
+                EVP_PKEY_free(xk);
-        return(ok);
+        if (ret > 0)
+                return 1;
+        return 0;
        }
diff --git a/src/lib/libssl/src/crypto/x509/x509_err.c b/src/lib/libssl/src/crypto/x509/x509_err.c
index fb377292da..a01402f416 100644
--- a/src/lib/libssl/src/crypto/x509/x509_err.c
+++ b/src/lib/libssl/src/crypto/x509/x509_err.c
@@ -1,6 +1,6 @@
 /* crypto/x509/x509_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -132,7 +132,10 @@ static ERR_STRING_DATA X509_str_reasons[]=
 {ERR_REASON(X509_R_KEY_VALUES_MISMATCH)  ,"key values mismatch"},
 {ERR_REASON(X509_R_LOADING_CERT_DIR)     ,"loading cert dir"},
 {ERR_REASON(X509_R_LOADING_DEFAULTS)     ,"loading defaults"},
+{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) ,"method not supported"},
 {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},
+{ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR),"public key decode error"},
+{ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR),"public key encode error"},
 {ERR_REASON(X509_R_SHOULD_RETRY)         ,"should retry"},
 {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},
 {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},
diff --git a/src/lib/libssl/src/crypto/x509/x509_lu.c b/src/lib/libssl/src/crypto/x509/x509_lu.c
index cd2cfb6d85..3a6e04a1de 100644
--- a/src/lib/libssl/src/crypto/x509/x509_lu.c
+++ b/src/lib/libssl/src/crypto/x509/x509_lu.c
@@ -196,9 +196,17 @@ X509_STORE *X509_STORE_new(void)
        ret->get_crl = 0;
        ret->check_crl = 0;
        ret->cert_crl = 0;
+        ret->lookup_certs = 0;
+        ret->lookup_crls = 0;
        ret->cleanup = 0;
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
+        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
+                {
+                sk_X509_OBJECT_free(ret->objs);
+                OPENSSL_free(ret);
+                return NULL;
+                }
        ret->references=1;
        return ret;
        }
@@ -286,9 +294,11 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
        X509_OBJECT stmp,*tmp;
        int i,j;
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
        tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-        if (tmp == NULL)
+        if (tmp == NULL || type == X509_LU_CRL)
                {
                for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
                        {
@@ -340,7 +350,6 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
        X509_OBJECT_up_ref_count(obj);
        if (X509_OBJECT_retrieve_match(ctx->objs, obj))
                {
                X509_OBJECT_free_contents(obj);
@@ -414,14 +423,15 @@ void X509_OBJECT_free_contents(X509_OBJECT *a)
                }
        }
-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
-             X509_NAME *name)
+             X509_NAME *name, int *pnmatch)
        {
        X509_OBJECT stmp;
        X509 x509_s;
        X509_CINF cinf_s;
        X509_CRL crl_s;
        X509_CRL_INFO crl_info_s;
+        int idx;
        stmp.type=type;
        switch (type)
@@ -441,41 +451,169 @@ int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
                return -1;
                }
-        return sk_X509_OBJECT_find(h,&stmp);
+        idx = sk_X509_OBJECT_find(h,&stmp);
+        if (idx >= 0 && pnmatch)
+                {
+                int tidx;
+                const X509_OBJECT *tobj, *pstmp;
+                *pnmatch = 1;
+                pstmp = &stmp;
+                for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++)
+                        {
+                        tobj = sk_X509_OBJECT_value(h, tidx);
+                        if (x509_object_cmp(&tobj, &pstmp))
+                                break;
+                        (*pnmatch)++;
+                        }
+                }
+        return idx;
+        }
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+             X509_NAME *name)
+        {
+        return x509_object_idx_cnt(h, type, name, NULL);
        }
 X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
             X509_NAME *name)
-{
+        {
        int idx;
        idx = X509_OBJECT_idx_by_subject(h, type, name);
        if (idx==-1) return NULL;
        return sk_X509_OBJECT_value(h, idx);
-}
+        }
+STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
+        {
+        int i, idx, cnt;
+        STACK_OF(X509) *sk;
+        X509 *x;
+        X509_OBJECT *obj;
+        sk = sk_X509_new_null();
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+        idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
+        if (idx < 0)
+                {
+                /* Nothing found in cache: do lookup to possibly add new
+                 * objects to cache
+                 */
+                X509_OBJECT xobj;
+                CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj))
+                        {
+                        sk_X509_free(sk);
+                        return NULL;
+                        }
+                X509_OBJECT_free_contents(&xobj);
+                CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+                idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_X509,nm, &cnt);
+                if (idx < 0)
+                        {
+                        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                        sk_X509_free(sk);
+                        return NULL;
+                        }
+                }
+        for (i = 0; i < cnt; i++, idx++)
+                {
+                obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
+                x = obj->data.x509;
+                CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+                if (!sk_X509_push(sk, x))
+                        {
+                        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                        X509_free(x);
+                        sk_X509_pop_free(sk, X509_free);
+                        return NULL;
+                        }
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        return sk;
+        }
+STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
+        {
+        int i, idx, cnt;
+        STACK_OF(X509_CRL) *sk;
+        X509_CRL *x;
+        X509_OBJECT *obj, xobj;
+        sk = sk_X509_CRL_new_null();
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+        /* Check cache first */
+        idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
+        /* Always do lookup to possibly add new CRLs to cache
+         */
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj))
+                {
+                sk_X509_CRL_free(sk);
+                return NULL;
+                }
+        X509_OBJECT_free_contents(&xobj);
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+        idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_CRL, nm, &cnt);
+        if (idx < 0)
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                sk_X509_CRL_free(sk);
+                return NULL;
+                }
+        for (i = 0; i < cnt; i++, idx++)
+                {
+                obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
+                x = obj->data.crl;
+                CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
+                if (!sk_X509_CRL_push(sk, x))
+                        {
+                        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                        X509_CRL_free(x);
+                        sk_X509_CRL_pop_free(sk, X509_CRL_free);
+                        return NULL;
+                        }
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        return sk;
+        }
 X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
-{
+        {
        int idx, i;
        X509_OBJECT *obj;
        idx = sk_X509_OBJECT_find(h, x);
        if (idx == -1) return NULL;
-        if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
+        if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
+                return sk_X509_OBJECT_value(h, idx);
        for (i = idx; i < sk_X509_OBJECT_num(h); i++)
                {
                obj = sk_X509_OBJECT_value(h, i);
                if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
                        return NULL;
-                if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
+                if (x->type == X509_LU_X509)
+                        {
+                        if (!X509_cmp(obj->data.x509, x->data.x509))
+                                return obj;
+                        }
+                else if (x->type == X509_LU_CRL)
+                        {
+                        if (!X509_CRL_match(obj->data.crl, x->data.crl))
+                                return obj;
+                        }
+                else
                        return obj;
                }
        return NULL;
-}
+        }
 /* Try to get issuer certificate from store. Due to limitations
 * of the API this can only retrieve a single certificate matching
 * a given subject name. However it will fill the cache with all
- * matching certificates, so we can examine the cache for all 
+ * matching certificates, so we can examine the cache for all
 * matches.
 *
 * Return values are:
@@ -483,13 +621,11 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x
 *  0 certificate not found.
 * -1 some other error.
 */
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
-{
+        {
        X509_NAME *xn;
        X509_OBJECT obj, *pobj;
-        int i, ok, idx;
+        int i, ok, idx, ret;
        xn=X509_get_issuer_name(x);
        ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
        if (ok != X509_LU_X509)
@@ -515,27 +651,34 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
                return 1;
                }
        X509_OBJECT_free_contents(&obj);
-        /* Else find index of first matching cert */
-        idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
-        /* This shouldn't normally happen since we already have one match */
-        if (idx == -1) return 0;
-        /* Look through all matching certificates for a suitable issuer */
+        /* Else find index of first cert accepted by 'check_issued' */
-        for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
+        ret = 0;
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+        idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
+        if (idx != -1) /* should be true as we've had at least one match */
                {
-                pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
+                /* Look through all matching certs for suitable issuer */
-                /* See if we've ran out of matches */
+                for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
-                if (pobj->type != X509_LU_X509) return 0;
-                if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
-                if (ctx->check_issued(ctx, x, pobj->data.x509))
                        {
-                        *issuer = pobj->data.x509;
+                        pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
-                        X509_OBJECT_up_ref_count(pobj);
+                        /* See if we've run past the matches */
-                        return 1;
+                        if (pobj->type != X509_LU_X509)
+                                break;
+                        if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
+                                break;
+                        if (ctx->check_issued(ctx, x, pobj->data.x509))
+                                {
+                                *issuer = pobj->data.x509;
+                                X509_OBJECT_up_ref_count(pobj);
+                                ret = 1;
+                                break;
+                                }
                        }
                }
-        return 0;
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-}
+        return ret;
+        }
 int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
        {
@@ -563,5 +706,11 @@ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
        return X509_VERIFY_PARAM_set1(ctx->param, param);
        }
+void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                                  int (*verify_cb)(int, X509_STORE_CTX *))
+        {
+        ctx->verify_cb = verify_cb;
+        }
 IMPLEMENT_STACK_OF(X509_LOOKUP)
 IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/src/lib/libssl/src/crypto/x509/x509_obj.c b/src/lib/libssl/src/crypto/x509/x509_obj.c
index 1e718f76eb..21fed9f838 100644
--- a/src/lib/libssl/src/crypto/x509/x509_obj.c
+++ b/src/lib/libssl/src/crypto/x509/x509_obj.c
@@ -72,7 +72,7 @@ int i;
        char *p;
        unsigned char *q;
        BUF_MEM *b=NULL;
-        static char hex[17]="0123456789ABCDEF";
+        static const char hex[17]="0123456789ABCDEF";
        int gs_doit[4];
        char tmp_buf[80];
 #ifdef CHARSET_EBCDIC
diff --git a/src/lib/libssl/src/crypto/x509/x509_req.c b/src/lib/libssl/src/crypto/x509/x509_req.c
index 3872e1fb64..48183dc00c 100644
--- a/src/lib/libssl/src/crypto/x509/x509_req.c
+++ b/src/lib/libssl/src/crypto/x509/x509_req.c
@@ -61,6 +61,7 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
@@ -205,10 +206,9 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
        if(!ext || (ext->type != V_ASN1_SEQUENCE))
                return NULL;
        p = ext->value.sequence->data;
-        return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
+        return (STACK_OF(X509_EXTENSION) *)
-                        ext->value.sequence->length,
+                ASN1_item_d2i(NULL, &p, ext->value.sequence->length,
-                        d2i_X509_EXTENSION, X509_EXTENSION_free,
+                                ASN1_ITEM_rptr(X509_EXTENSIONS));
-                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
 }
 /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
@@ -218,8 +218,6 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
 int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
                                int nid)
 {
-        unsigned char *p = NULL, *q;
-        long len;
        ASN1_TYPE *at = NULL;
        X509_ATTRIBUTE *attr = NULL;
        if(!(at = ASN1_TYPE_new()) ||
@@ -227,15 +225,10 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
        at->type = V_ASN1_SEQUENCE;
        /* Generate encoding of extensions */
-        len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
+        at->value.sequence->length = 
-                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
+                        ASN1_item_i2d((ASN1_VALUE *)exts,
-        if(!(p = OPENSSL_malloc(len))) goto err;
+                                &at->value.sequence->data,
-        q = p;
+                                ASN1_ITEM_rptr(X509_EXTENSIONS));
-        i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
-                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
-        at->value.sequence->data = p;
-        p = NULL;
-        at->value.sequence->length = len;
        if(!(attr = X509_ATTRIBUTE_new())) goto err;
        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
        if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
@@ -250,7 +243,6 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
        if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
        return 1;
        err:
-        if(p) OPENSSL_free(p);
        X509_ATTRIBUTE_free(attr);
        ASN1_TYPE_free(at);
        return 0;
diff --git a/src/lib/libssl/src/crypto/x509/x509_set.c b/src/lib/libssl/src/crypto/x509/x509_set.c
index aaf61ca062..4b94fc5847 100644
--- a/src/lib/libssl/src/crypto/x509/x509_set.c
+++ b/src/lib/libssl/src/crypto/x509/x509_set.c
@@ -104,7 +104,7 @@ int X509_set_subject_name(X509 *x, X509_NAME *name)
        return(X509_NAME_set(&x->cert_info->subject,name));
        }
-int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
+int X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
        {
        ASN1_TIME *in;
@@ -122,7 +122,7 @@ int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
        return(in != NULL);
        }
-int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
+int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
        {
        ASN1_TIME *in;
diff --git a/src/lib/libssl/src/crypto/x509/x509_trs.c b/src/lib/libssl/src/crypto/x509/x509_trs.c
index ed18700585..a6cb9c8b1b 100644
--- a/src/lib/libssl/src/crypto/x509/x509_trs.c
+++ b/src/lib/libssl/src/crypto/x509/x509_trs.c
@@ -84,7 +84,8 @@ static X509_TRUST trstandard[] = {
 {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
 {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
 {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
-{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
+{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL},
+{X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
 };
 #define X509_TRUST_COUNT        (sizeof(trstandard)/sizeof(X509_TRUST))
diff --git a/src/lib/libssl/src/crypto/x509/x509_txt.c b/src/lib/libssl/src/crypto/x509/x509_txt.c
index 73a8ec726f..c44f753c46 100644
--- a/src/lib/libssl/src/crypto/x509/x509_txt.c
+++ b/src/lib/libssl/src/crypto/x509/x509_txt.c
@@ -162,8 +162,28 @@ const char *X509_verify_cert_error_string(long n)
                return("invalid or inconsistent certificate policy extension");
        case X509_V_ERR_NO_EXPLICIT_POLICY:
                return("no explicit policy");
-        case X509_V_ERR_UNNESTED_RESOURCE:
+        case X509_V_ERR_DIFFERENT_CRL_SCOPE:
-                return("RFC 3779 resource not subset of parent's resources");
+        return("Different CRL scope");
+        case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE:
+        return("Unsupported extension feature");
+        case X509_V_ERR_UNNESTED_RESOURCE:
+                return("RFC 3779 resource not subset of parent's resources");
+        case X509_V_ERR_PERMITTED_VIOLATION:
+                return("permitted subtree violation");
+        case X509_V_ERR_EXCLUDED_VIOLATION:
+                return("excluded subtree violation");
+        case X509_V_ERR_SUBTREE_MINMAX:
+                return("name constraints minimum and maximum not supported");
+        case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
+                return("unsupported name constraint type");
+        case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX:
+                return("unsupported or invalid name constraint syntax");
+        case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
+                return("unsupported or invalid name syntax");
+        case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
+                return("CRL path validation error");
        default:
                BIO_snprintf(buf,sizeof buf,"error number %ld",n);
                return(buf);
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c
index 336c40ddd7..87ebf62525 100644
--- a/src/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -70,14 +70,70 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
+/* CRL score values */
+/* No unhandled critical extensions */
+#define CRL_SCORE_NOCRITICAL    0x100
+/* certificate is within CRL scope */
+#define CRL_SCORE_SCOPE         0x080
+/* CRL times valid */
+#define CRL_SCORE_TIME          0x040
+/* Issuer name matches certificate */
+#define CRL_SCORE_ISSUER_NAME   0x020
+/* If this score or above CRL is probably valid */
+#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
+/* CRL issuer is certificate issuer */
+#define CRL_SCORE_ISSUER_CERT   0x018
+/* CRL issuer is on certificate path */
+#define CRL_SCORE_SAME_PATH     0x008
+/* CRL issuer matches CRL AKID */
+#define CRL_SCORE_AKID          0x004
+/* Have a delta CRL with valid times */
+#define CRL_SCORE_TIME_DELTA    0x002
 static int null_callback(int ok,X509_STORE_CTX *e);
 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
 static int check_chain_extensions(X509_STORE_CTX *ctx);
+static int check_name_constraints(X509_STORE_CTX *ctx);
 static int check_trust(X509_STORE_CTX *ctx);
 static int check_revocation(X509_STORE_CTX *ctx);
 static int check_cert(X509_STORE_CTX *ctx);
 static int check_policy(X509_STORE_CTX *ctx);
+static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                        unsigned int *preasons,
+                        X509_CRL *crl, X509 *x);
+static int get_crl_delta(X509_STORE_CTX *ctx,
+                                X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
+static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score,
+                        X509_CRL *base, STACK_OF(X509_CRL) *crls);
+static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
+                                X509 **pissuer, int *pcrl_score);
+static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
+                                unsigned int *preasons);
+static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
+static int check_crl_chain(X509_STORE_CTX *ctx,
+                        STACK_OF(X509) *cert_path,
+                        STACK_OF(X509) *crl_path);
 static int internal_verify(X509_STORE_CTX *ctx);
 const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT;
@@ -289,6 +345,12 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
        if (!ok) goto end;
+        /* Check name constraints */
+        ok = check_name_constraints(ctx);
+        
+        if (!ok) goto end;
        /* The chain extensions are OK: check trust */
        if (param->trust > 0) ok = check_trust(ctx);
@@ -398,8 +460,8 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
        X509 *x;
        int (*cb)(int xok,X509_STORE_CTX *xctx);
        int proxy_path_length = 0;
-        int allow_proxy_certs =
+        int purpose;
-                !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+        int allow_proxy_certs;
        cb=ctx->verify_cb;
        /* must_be_ca can have 1 of 3 values:
@@ -412,10 +474,22 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
        */
        must_be_ca = -1;
-        /* A hack to keep people who don't want to modify their software
+        /* CRL path validation */
-           happy */
+        if (ctx->parent)
-        if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+                {
-                allow_proxy_certs = 1;
+                allow_proxy_certs = 0;
+                purpose = X509_PURPOSE_CRL_SIGN;
+                }
+        else
+                {
+                allow_proxy_certs =
+                        !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+                /* A hack to keep people who don't want to modify their
+                   software happy */
+                if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+                        allow_proxy_certs = 1;
+                purpose = ctx->param->purpose;
+                }
        /* Check all untrusted certificates */
        for (i = 0; i < ctx->last_untrusted; i++)
@@ -482,8 +556,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                        }
                if (ctx->param->purpose > 0)
                        {
-                        ret = X509_check_purpose(x, ctx->param->purpose,
+                        ret = X509_check_purpose(x, purpose, must_be_ca > 0);
-                                must_be_ca > 0);
                        if ((ret == 0)
                                || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
                                        && (ret != 1)))
@@ -536,6 +609,42 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 #endif
 }
+static int check_name_constraints(X509_STORE_CTX *ctx)
+        {
+        X509 *x;
+        int i, j, rv;
+        /* Check name constraints for all certificates */
+        for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+                {
+                x = sk_X509_value(ctx->chain, i);
+                /* Ignore self issued certs unless last in chain */
+                if (i && (x->ex_flags & EXFLAG_SI))
+                        continue;
+                /* Check against constraints for all certificates higher in
+                 * chain including trust anchor. Trust anchor not strictly
+                 * speaking needed but if it includes constraints it is to be
+                 * assumed it expects them to be obeyed.
+                 */
+                for (j = sk_X509_num(ctx->chain) - 1; j > i; j--)
+                        {
+                        NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
+                        if (nc)
+                                {
+                                rv = NAME_CONSTRAINTS_check(x, nc);
+                                if (rv != X509_V_OK)
+                                        {
+                                        ctx->error = rv;
+                                        ctx->error_depth = i;
+                                        ctx->current_cert = x;
+                                        if (!ctx->verify_cb(0,ctx))
+                                                return 0;
+                                        }
+                                }
+                        }
+                }
+        return 1;
+        }
 static int check_trust(X509_STORE_CTX *ctx)
 {
 #ifdef OPENSSL_NO_CHAIN_VERIFY
@@ -570,7 +679,12 @@ static int check_revocation(X509_STORE_CTX *ctx)
        if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
                last = sk_X509_num(ctx->chain) - 1;
        else
+                {
+                /* If checking CRL paths this isn't the EE certificate */
+                if (ctx->parent)
+                        return 1;
                last = 0;
+                }
        for(i = 0; i <= last; i++)
                {
                ctx->error_depth = i;
@@ -582,30 +696,65 @@ static int check_revocation(X509_STORE_CTX *ctx)
 static int check_cert(X509_STORE_CTX *ctx)
        {
-        X509_CRL *crl = NULL;
+        X509_CRL *crl = NULL, *dcrl = NULL;
        X509 *x;
        int ok, cnum;
        cnum = ctx->error_depth;
        x = sk_X509_value(ctx->chain, cnum);
        ctx->current_cert = x;
-        /* Try to retrieve relevant CRL */
+        ctx->current_issuer = NULL;
-        ok = ctx->get_crl(ctx, &crl, x);
+        ctx->current_reasons = 0;
-        /* If error looking up CRL, nothing we can do except
+        while (ctx->current_reasons != CRLDP_ALL_REASONS)
-         * notify callback
-         */
-        if(!ok)
                {
-                ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+                /* Try to retrieve relevant CRL */
-                ok = ctx->verify_cb(0, ctx);
+                if (ctx->get_crl)
-                goto err;
+                        ok = ctx->get_crl(ctx, &crl, x);
+                else
+                        ok = get_crl_delta(ctx, &crl, &dcrl, x);
+                /* If error looking up CRL, nothing we can do except
+                 * notify callback
+                 */
+                if(!ok)
+                        {
+                        ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+                        ok = ctx->verify_cb(0, ctx);
+                        goto err;
+                        }
+                ctx->current_crl = crl;
+                ok = ctx->check_crl(ctx, crl);
+                if (!ok)
+                        goto err;
+                if (dcrl)
+                        {
+                        ok = ctx->check_crl(ctx, dcrl);
+                        if (!ok)
+                                goto err;
+                        ok = ctx->cert_crl(ctx, dcrl, x);
+                        if (!ok)
+                                goto err;
+                        }
+                else
+                        ok = 1;
+                /* Don't look in full CRL if delta reason is removefromCRL */
+                if (ok != 2)
+                        {
+                        ok = ctx->cert_crl(ctx, crl, x);
+                        if (!ok)
+                                goto err;
+                        }
+                X509_CRL_free(crl);
+                X509_CRL_free(dcrl);
+                crl = NULL;
+                dcrl = NULL;
                }
-        ctx->current_crl = crl;
-        ok = ctx->check_crl(ctx, crl);
-        if (!ok) goto err;
-        ok = ctx->cert_crl(ctx, crl, x);
        err:
-        ctx->current_crl = NULL;
        X509_CRL_free(crl);
+        X509_CRL_free(dcrl);
+        ctx->current_crl = NULL;
        return ok;
        }
@@ -616,7 +765,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
        {
        time_t *ptime;
        int i;
-        ctx->current_crl = crl;
+        if (notify)
+                ctx->current_crl = crl;
        if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
                ptime = &ctx->param->check_time;
        else
@@ -625,15 +775,19 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
        i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
        if (i == 0)
                {
+                if (!notify)
+                        return 0;
                ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
-                if (!notify || !ctx->verify_cb(0, ctx))
+                if (!ctx->verify_cb(0, ctx))
                        return 0;
                }
        if (i > 0)
                {
+                if (!notify)
+                        return 0;
                ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
-                if (!notify || !ctx->verify_cb(0, ctx))
+                if (!ctx->verify_cb(0, ctx))
                        return 0;
                }
@@ -643,92 +797,545 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
                if (i == 0)
                        {
+                        if (!notify)
+                                return 0;
                        ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
-                        if (!notify || !ctx->verify_cb(0, ctx))
+                        if (!ctx->verify_cb(0, ctx))
                                return 0;
                        }
+                /* Ignore expiry of base CRL is delta is valid */
-                if (i < 0)
+                if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA))
                        {
+                        if (!notify)
+                                return 0;
                        ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
-                        if (!notify || !ctx->verify_cb(0, ctx))
+                        if (!ctx->verify_cb(0, ctx))
                                return 0;
                        }
                }
-        ctx->current_crl = NULL;
+        if (notify)
+                ctx->current_crl = NULL;
        return 1;
        }
-/* Lookup CRLs from the supplied list. Look for matching isser name
+static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
- * and validity. If we can't find a valid CRL return the last one
+                        X509 **pissuer, int *pscore, unsigned int *preasons,
- * with matching name. This gives more meaningful error codes. Otherwise
+                        STACK_OF(X509_CRL) *crls)
- * we'd get a CRL not found error if a CRL existed with matching name but
- * was invalid.
- */
-static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl,
-                        X509_NAME *nm, STACK_OF(X509_CRL) *crls)
        {
-        int i;
+        int i, crl_score, best_score = *pscore;
+        unsigned int reasons, best_reasons = 0;
+        X509 *x = ctx->current_cert;
        X509_CRL *crl, *best_crl = NULL;
+        X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
        for (i = 0; i < sk_X509_CRL_num(crls); i++)
                {
                crl = sk_X509_CRL_value(crls, i);
-                if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
+                reasons = *preasons;
-                        continue;
+                crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
-                if (check_crl_time(ctx, crl, 0))
+                if (crl_score > best_score)
                        {
-                        *pcrl = crl;
+                        best_crl = crl;
-                        CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509);
+                        best_crl_issuer = crl_issuer;
-                        return 1;
+                        best_score = crl_score;
+                        best_reasons = reasons;
                        }
-                best_crl = crl;
                }
        if (best_crl)
                {
+                if (*pcrl)
+                        X509_CRL_free(*pcrl);
                *pcrl = best_crl;
-                CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509);
+                *pissuer = best_crl_issuer;
+                *pscore = best_score;
+                *preasons = best_reasons;
+                CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL);
+                if (*pdcrl)
+                        {
+                        X509_CRL_free(*pdcrl);
+                        *pdcrl = NULL;
+                        }
+                get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
                }
-                
+        if (best_score >= CRL_SCORE_VALID)
+                return 1;
        return 0;
        }
-/* Retrieve CRL corresponding to certificate: currently just a
+/* Compare two CRL extensions for delta checking purposes. They should be
- * subject lookup: maybe use AKID later...
+ * both present or both absent. If both present all fields must be identical.
 */
-static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x)
+static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
        {
-        int ok;
+        ASN1_OCTET_STRING *exta, *extb;
-        X509_CRL *crl = NULL;
+        int i;
-        X509_OBJECT xobj;
+        i = X509_CRL_get_ext_by_NID(a, nid, 0);
-        X509_NAME *nm;
+        if (i >= 0)
-        nm = X509_get_issuer_name(x);
-        ok = get_crl_sk(ctx, &crl, nm, ctx->crls);
-        if (ok)
                {
-                *pcrl = crl;
+                /* Can't have multiple occurrences */
+                if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
+                        return 0;
+                exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
+                }
+        else
+                exta = NULL;
+        i = X509_CRL_get_ext_by_NID(b, nid, 0);
+        if (i >= 0)
+                {
+                if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
+                        return 0;
+                extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
+                }
+        else
+                extb = NULL;
+        if (!exta && !extb)
                return 1;
+        if (!exta || !extb)
+                return 0;
+        if (ASN1_OCTET_STRING_cmp(exta, extb))
+                return 0;
+        return 1;
+        }
+/* See if a base and delta are compatible */
+static int check_delta_base(X509_CRL *delta, X509_CRL *base)
+        {
+        /* Delta CRL must be a delta */
+        if (!delta->base_crl_number)
+                        return 0;
+        /* Base must have a CRL number */
+        if (!base->crl_number)
+                        return 0;
+        /* Issuer names must match */
+        if (X509_NAME_cmp(X509_CRL_get_issuer(base),
+                                X509_CRL_get_issuer(delta)))
+                return 0;
+        /* AKID and IDP must match */
+        if (!crl_extension_match(delta, base, NID_authority_key_identifier))
+                        return 0;
+        if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
+                        return 0;
+        /* Delta CRL base number must not exceed Full CRL number. */
+        if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
+                        return 0;
+        /* Delta CRL number must exceed full CRL number */
+        if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
+                        return 1;
+        return 0;
+        }
+/* For a given base CRL find a delta... maybe extend to delta scoring
+ * or retrieve a chain of deltas...
+ */
+static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
+                        X509_CRL *base, STACK_OF(X509_CRL) *crls)
+        {
+        X509_CRL *delta;
+        int i;
+        if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
+                return;
+        if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
+                return;
+        for (i = 0; i < sk_X509_CRL_num(crls); i++)
+                {
+                delta = sk_X509_CRL_value(crls, i);
+                if (check_delta_base(delta, base))
+                        {
+                        if (check_crl_time(ctx, delta, 0))
+                                *pscore |= CRL_SCORE_TIME_DELTA;
+                        CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL);
+                        *dcrl = delta;
+                        return;
+                        }
+                }
+        *dcrl = NULL;
+        }
+/* For a given CRL return how suitable it is for the supplied certificate 'x'.
+ * The return value is a mask of several criteria.
+ * If the issuer is not the certificate issuer this is returned in *pissuer.
+ * The reasons mask is also used to determine if the CRL is suitable: if
+ * no new reasons the CRL is rejected, otherwise reasons is updated.
+ */
+static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                        unsigned int *preasons,
+                        X509_CRL *crl, X509 *x)
+        {
+        int crl_score = 0;
+        unsigned int tmp_reasons = *preasons, crl_reasons;
+        /* First see if we can reject CRL straight away */
+        /* Invalid IDP cannot be processed */
+        if (crl->idp_flags & IDP_INVALID)
+                return 0;
+        /* Reason codes or indirect CRLs need extended CRL support */
+        if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
+                {
+                if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
+                        return 0;
+                }
+        else if (crl->idp_flags & IDP_REASONS)
+                {
+                /* If no new reasons reject */
+                if (!(crl->idp_reasons & ~tmp_reasons))
+                        return 0;
+                }
+        /* Don't process deltas at this stage */
+        else if (crl->base_crl_number)
+                return 0;
+        /* If issuer name doesn't match certificate need indirect CRL */
+        if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl)))
+                {
+                if (!(crl->idp_flags & IDP_INDIRECT))
+                        return 0;
+                }
+        else
+                crl_score |= CRL_SCORE_ISSUER_NAME;
+        if (!(crl->flags & EXFLAG_CRITICAL))
+                crl_score |= CRL_SCORE_NOCRITICAL;
+        /* Check expiry */
+        if (check_crl_time(ctx, crl, 0))
+                crl_score |= CRL_SCORE_TIME;
+        /* Check authority key ID and locate certificate issuer */
+        crl_akid_check(ctx, crl, pissuer, &crl_score);
+        /* If we can't locate certificate issuer at this point forget it */
+        if (!(crl_score & CRL_SCORE_AKID))
+                return 0;
+        /* Check cert for matching CRL distribution points */
+        if (crl_crldp_check(x, crl, crl_score, &crl_reasons))
+                {
+                /* If no new reasons reject */
+                if (!(crl_reasons & ~tmp_reasons))
+                        return 0;
+                tmp_reasons |= crl_reasons;
+                crl_score |= CRL_SCORE_SCOPE;
                }
-        ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj);
+        *preasons = tmp_reasons;
+        return crl_score;
+        }
+static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
+                                X509 **pissuer, int *pcrl_score)
+        {
+        X509 *crl_issuer = NULL;
+        X509_NAME *cnm = X509_CRL_get_issuer(crl);
+        int cidx = ctx->error_depth;
+        int i;
-        if (!ok)
+        if (cidx != sk_X509_num(ctx->chain) - 1)
+                cidx++;
+        crl_issuer = sk_X509_value(ctx->chain, cidx);
+        if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
                {
-                /* If we got a near match from get_crl_sk use that */
+                if (*pcrl_score & CRL_SCORE_ISSUER_NAME)
-                if (crl)
                        {
-                        *pcrl = crl;
+                        *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_ISSUER_CERT;
-                        return 1;
+                        *pissuer = crl_issuer;
+                        return;
+                        }
+                }
+        for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++)
+                {
+                crl_issuer = sk_X509_value(ctx->chain, cidx);
+                if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+                        continue;
+                if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
+                        {
+                        *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_SAME_PATH;
+                        *pissuer = crl_issuer;
+                        return;
+                        }
+                }
+        /* Anything else needs extended CRL support */
+        if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
+                return;
+        /* Otherwise the CRL issuer is not on the path. Look for it in the
+         * set of untrusted certificates.
+         */
+        for (i = 0; i < sk_X509_num(ctx->untrusted); i++)
+                {
+                crl_issuer = sk_X509_value(ctx->untrusted, i);
+                if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+                        continue;
+                if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
+                        {
+                        *pissuer = crl_issuer;
+                        *pcrl_score |= CRL_SCORE_AKID;
+                        return;
                        }
+                }
+        }
+/* Check the path of a CRL issuer certificate. This creates a new
+ * X509_STORE_CTX and populates it with most of the parameters from the
+ * parent. This could be optimised somewhat since a lot of path checking
+ * will be duplicated by the parent, but this will rarely be used in 
+ * practice.
+ */
+static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
+        {
+        X509_STORE_CTX crl_ctx;
+        int ret;
+        /* Don't allow recursive CRL path validation */
+        if (ctx->parent)
                return 0;
+        if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
+                return -1;
+        crl_ctx.crls = ctx->crls;
+        /* Copy verify params across */
+        X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
+        crl_ctx.parent = ctx;
+        crl_ctx.verify_cb = ctx->verify_cb;
+        /* Verify CRL issuer */
+        ret = X509_verify_cert(&crl_ctx);
+        if (ret <= 0)
+                goto err;
+        /* Check chain is acceptable */
+        ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
+        err:
+        X509_STORE_CTX_cleanup(&crl_ctx);
+        return ret;
+        }
+/* RFC3280 says nothing about the relationship between CRL path
+ * and certificate path, which could lead to situations where a
+ * certificate could be revoked or validated by a CA not authorised
+ * to do so. RFC5280 is more strict and states that the two paths must
+ * end in the same trust anchor, though some discussions remain...
+ * until this is resolved we use the RFC5280 version
+ */
+static int check_crl_chain(X509_STORE_CTX *ctx,
+                        STACK_OF(X509) *cert_path,
+                        STACK_OF(X509) *crl_path)
+        {
+        X509 *cert_ta, *crl_ta;
+        cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
+        crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
+        if (!X509_cmp(cert_ta, crl_ta))
+                return 1;
+        return 0;
+        }
+/* Check for match between two dist point names: three separate cases.
+ * 1. Both are relative names and compare X509_NAME types.
+ * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES.
+ * 3. Both are full names and compare two GENERAL_NAMES.
+ * 4. One is NULL: automatic match.
+ */
+static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
+        {
+        X509_NAME *nm = NULL;
+        GENERAL_NAMES *gens = NULL;
+        GENERAL_NAME *gena, *genb;
+        int i, j;
+        if (!a || !b)
+                return 1;
+        if (a->type == 1)
+                {
+                if (!a->dpname)
+                        return 0;
+                /* Case 1: two X509_NAME */
+                if (b->type == 1)
+                        {
+                        if (!b->dpname)
+                                return 0;
+                        if (!X509_NAME_cmp(a->dpname, b->dpname))
+                                return 1;
+                        else
+                                return 0;
+                        }
+                /* Case 2: set name and GENERAL_NAMES appropriately */
+                nm = a->dpname;
+                gens = b->name.fullname;
+                }
+        else if (b->type == 1)
+                {
+                if (!b->dpname)
+                        return 0;
+                /* Case 2: set name and GENERAL_NAMES appropriately */
+                gens = a->name.fullname;
+                nm = b->dpname;
                }
-        *pcrl = xobj.data.crl;
+        /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
+        if (nm)
+                {
+                for (i = 0; i < sk_GENERAL_NAME_num(gens); i++)
+                        {
+                        gena = sk_GENERAL_NAME_value(gens, i);  
+                        if (gena->type != GEN_DIRNAME)
+                                continue;
+                        if (!X509_NAME_cmp(nm, gena->d.directoryName))
+                                return 1;
+                        }
+                return 0;
+                }
+        /* Else case 3: two GENERAL_NAMES */
+        for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++)
+                {
+                gena = sk_GENERAL_NAME_value(a->name.fullname, i);
+                for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++)
+                        {
+                        genb = sk_GENERAL_NAME_value(b->name.fullname, j);
+                        if (!GENERAL_NAME_cmp(gena, genb))
+                                return 1;
+                        }
+                }
+        return 0;
+        }
+static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
+        {
+        int i;
+        X509_NAME *nm = X509_CRL_get_issuer(crl);
+        /* If no CRLissuer return is successful iff don't need a match */
+        if (!dp->CRLissuer)
+                return !!(crl_score & CRL_SCORE_ISSUER_NAME);
+        for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++)
+                {
+                GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
+                if (gen->type != GEN_DIRNAME)
+                        continue;
+                if (!X509_NAME_cmp(gen->d.directoryName, nm))
+                        return 1;
+                }
+        return 0;
+        }
+/* Check CRLDP and IDP */
+static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
+                                unsigned int *preasons)
+        {
+        int i;
+        if (crl->idp_flags & IDP_ONLYATTR)
+                return 0;
+        if (x->ex_flags & EXFLAG_CA)
+                {
+                if (crl->idp_flags & IDP_ONLYUSER)
+                        return 0;
+                }
+        else
+                {
+                if (crl->idp_flags & IDP_ONLYCA)
+                        return 0;
+                }
+        *preasons = crl->idp_reasons;
+        for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
+                {
+                DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
+                if (crldp_check_crlissuer(dp, crl, crl_score))
+                        {
+                        if (!crl->idp ||
+                             idp_check_dp(dp->distpoint, crl->idp->distpoint))
+                                {
+                                *preasons &= dp->dp_reasons;
+                                return 1;
+                                }
+                        }
+                }
+        if ((!crl->idp || !crl->idp->distpoint) && (crl_score & CRL_SCORE_ISSUER_NAME))
+                return 1;
+        return 0;
+        }
+/* Retrieve CRL corresponding to current certificate.
+ * If deltas enabled try to find a delta CRL too
+ */
+        
+static int get_crl_delta(X509_STORE_CTX *ctx,
+                                X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
+        {
+        int ok;
+        X509 *issuer = NULL;
+        int crl_score = 0;
+        unsigned int reasons;
+        X509_CRL *crl = NULL, *dcrl = NULL;
+        STACK_OF(X509_CRL) *skcrl;
+        X509_NAME *nm = X509_get_issuer_name(x);
+        reasons = ctx->current_reasons;
+        ok = get_crl_sk(ctx, &crl, &dcrl, 
+                                &issuer, &crl_score, &reasons, ctx->crls);
+        if (ok)
+                goto done;
+        /* Lookup CRLs from store */
+        skcrl = ctx->lookup_crls(ctx, nm);
+        /* If no CRLs found and a near match from get_crl_sk use that */
+        if (!skcrl && crl)
+                goto done;
+        get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
+        sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
+        done:
+        /* If we got any kind of CRL use it and return success */
        if (crl)
-                X509_CRL_free(crl);
+                {
-        return 1;
+                ctx->current_issuer = issuer;
+                ctx->current_crl_score = crl_score;
+                ctx->current_reasons = reasons;
+                *pcrl = crl;
+                *pdcrl = dcrl;
+                return 1;
+                }
+        return 0;
        }
 /* Check CRL validity */
@@ -739,10 +1346,14 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
        int ok = 0, chnum, cnum;
        cnum = ctx->error_depth;
        chnum = sk_X509_num(ctx->chain) - 1;
-        /* Find CRL issuer: if not last certificate then issuer
+        /* if we have an alternative CRL issuer cert use that */
+        if (ctx->current_issuer)
+                issuer = ctx->current_issuer;
+        /* Else find CRL issuer: if not last certificate then issuer
         * is next certificate in chain.
         */
-        if(cnum < chnum)
+        else if (cnum < chnum)
                issuer = sk_X509_value(ctx->chain, cnum + 1);
        else
                {
@@ -758,13 +1369,52 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
        if(issuer)
                {
-                /* Check for cRLSign bit if keyUsage present */
+                /* Skip most tests for deltas because they have already
-                if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
+                 * been done
-                        !(issuer->ex_kusage & KU_CRL_SIGN))
+                 */
+                if (!crl->base_crl_number)
                        {
-                        ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
+                        /* Check for cRLSign bit if keyUsage present */
-                        ok = ctx->verify_cb(0, ctx);
+                        if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
-                        if(!ok) goto err;
+                                !(issuer->ex_kusage & KU_CRL_SIGN))
+                                {
+                                ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
+                                ok = ctx->verify_cb(0, ctx);
+                                if(!ok) goto err;
+                                }
+                        if (!(ctx->current_crl_score & CRL_SCORE_SCOPE))
+                                {
+                                ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
+                                ok = ctx->verify_cb(0, ctx);
+                                if(!ok) goto err;
+                                }
+                        if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH))
+                                {
+                                if (check_crl_path(ctx, ctx->current_issuer) <= 0)
+                                        {
+                                        ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
+                                        ok = ctx->verify_cb(0, ctx);
+                                        if(!ok) goto err;
+                                        }
+                                }
+                        if (crl->idp_flags & IDP_INVALID)
+                                {
+                                ctx->error = X509_V_ERR_INVALID_EXTENSION;
+                                ok = ctx->verify_cb(0, ctx);
+                                if(!ok) goto err;
+                                }
+                        }
+                if (!(ctx->current_crl_score & CRL_SCORE_TIME))
+                        {
+                        ok = check_crl_time(ctx, crl, 1);
+                        if (!ok)
+                                goto err;
                        }
                /* Attempt to get issuer certificate public key */
@@ -788,10 +1438,6 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
                        }
                }
-        ok = check_crl_time(ctx, crl, 1);
-        if (!ok)
-                goto err;
        ok = 1;
        err:
@@ -802,62 +1448,43 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
 /* Check certificate against CRL */
 static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
        {
-        int idx, ok;
+        int ok;
-        X509_REVOKED rtmp;
+        X509_REVOKED *rev;
-        STACK_OF(X509_EXTENSION) *exts;
+        /* The rules changed for this... previously if a CRL contained
-        X509_EXTENSION *ext;
+         * unhandled critical extensions it could still be used to indicate
-        /* Look for serial number of certificate in CRL */
+         * a certificate was revoked. This has since been changed since 
-        rtmp.serialNumber = X509_get_serialNumber(x);
+         * critical extension can change the meaning of CRL entries.
-        /* Sort revoked into serial number order if not already sorted.
+         */
-         * Do this under a lock to avoid race condition.
+        if (crl->flags & EXFLAG_CRITICAL)
-         */
-        if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
                {
-                CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
+                if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-                sk_X509_REVOKED_sort(crl->crl->revoked);
+                        return 1;
-                CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
+                ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
+                ok = ctx->verify_cb(0, ctx);
+                if(!ok)
+                        return 0;
                }
-        idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
+        /* Look for serial number of certificate in CRL
-        /* If found assume revoked: want something cleverer than
+         * If found make sure reason is not removeFromCRL.
-         * this to handle entry extensions in V2 CRLs.
         */
-        if(idx >= 0)
+        if (X509_CRL_get0_by_cert(crl, &rev, x))
                {
+                if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
+                        return 2;
                ctx->error = X509_V_ERR_CERT_REVOKED;
                ok = ctx->verify_cb(0, ctx);
-                if (!ok) return 0;
+                if (!ok)
+                        return 0;
                }
-        if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-                return 1;
-        /* See if we have any critical CRL extensions: since we
-         * currently don't handle any CRL extensions the CRL must be
-         * rejected. 
-         * This code accesses the X509_CRL structure directly: applications
-         * shouldn't do this.
-         */
-        exts = crl->crl->extensions;
-        for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
-                {
-                ext = sk_X509_EXTENSION_value(exts, idx);
-                if (ext->critical > 0)
-                        {
-                        ctx->error =
-                                X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
-                        ok = ctx->verify_cb(0, ctx);
-                        if(!ok) return 0;
-                        break;
-                        }
-                }
        return 1;
        }
 static int check_policy(X509_STORE_CTX *ctx)
        {
        int ret;
+        if (ctx->parent)
+                return 1;
        ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
                                ctx->param->policies, ctx->param->flags);
        if (ret == 0)
@@ -880,7 +1507,8 @@ static int check_policy(X509_STORE_CTX *ctx)
                                continue;
                        ctx->current_cert = x;
                        ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
-                        ret = ctx->verify_cb(0, ctx);
+                        if(!ctx->verify_cb(0, ctx))
+                                return 0;
                        }
                return 1;
                }
@@ -986,7 +1614,12 @@ static int internal_verify(X509_STORE_CTX *ctx)
        while (n >= 0)
                {
                ctx->error_depth=n;
-                if (!xs->valid)
+                /* Skip signature check for self signed certificates unless
+                 * explicitly asked for. It doesn't add any security and
+                 * just wastes time.
+                 */
+                if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)))
                        {
                        if ((pkey=X509_get_pubkey(xi)) == NULL)
                                {
@@ -996,13 +1629,6 @@ static int internal_verify(X509_STORE_CTX *ctx)
                                if (!ok) goto end;
                                }
                        else if (X509_verify(xs,pkey) <= 0)
-                                /* XXX  For the final trusted self-signed cert,
-                                 * this is a waste of time.  That check should
-                                 * optional so that e.g. 'openssl x509' can be
-                                 * used to detect invalid self-signatures, but
-                                 * we don't verify again and again in SSL
-                                 * handshakes and the like once the cert has
-                                 * been declared trusted. */
                                {
                                ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
                                ctx->current_cert=xs;
@@ -1041,12 +1667,12 @@ end:
        return ok;
        }
-int X509_cmp_current_time(ASN1_TIME *ctm)
+int X509_cmp_current_time(const ASN1_TIME *ctm)
 {
        return X509_cmp_time(ctm, NULL);
 }
-int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
+int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
        {
        char *str;
        ASN1_TIME atm;
@@ -1101,6 +1727,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
                        offset= -offset;
                }
        atm.type=ctm->type;
+        atm.flags = 0;
        atm.length=sizeof(buff2);
        atm.data=(unsigned char *)buff2;
@@ -1129,19 +1756,28 @@ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
        return X509_time_adj(s, adj, NULL);
 }
-ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
+        {
+        return X509_time_adj_ex(s, 0, offset_sec, in_tm);
+        }
+ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
+                                int offset_day, long offset_sec, time_t *in_tm)
        {
        time_t t;
-        int type = -1;
        if (in_tm) t = *in_tm;
        else time(&t);
-        t+=adj;
+        if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING))
-        if (s) type = s->type;
+                {
-        if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
+                if (s->type == V_ASN1_UTCTIME)
-        if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
+                        return ASN1_UTCTIME_adj(s,t, offset_day, offset_sec);
-        return ASN1_TIME_set(s, t);
+                if (s->type == V_ASN1_GENERALIZEDTIME)
+                        return ASN1_GENERALIZEDTIME_adj(s, t, offset_day,
+                                                                offset_sec);
+                }
+        return ASN1_TIME_adj(s, t, offset_day, offset_sec);
        }
 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
@@ -1244,6 +1880,21 @@ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
        return chain;
        }
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
+        {
+        return ctx->current_issuer;
+        }
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
+        {
+        return ctx->current_crl;
+        }
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
+        {
+        return ctx->parent;
+        }
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
        {
        ctx->cert=x;
@@ -1365,6 +2016,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        ctx->current_cert=NULL;
        ctx->current_issuer=NULL;
        ctx->tree = NULL;
+        ctx->parent = NULL;
        ctx->param = X509_VERIFY_PARAM_new();
@@ -1430,7 +2082,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        if (store && store->get_crl)
                ctx->get_crl = store->get_crl;
        else
-                ctx->get_crl = get_crl;
+                ctx->get_crl = NULL;
        if (store && store->check_crl)
                ctx->check_crl = store->check_crl;
@@ -1442,6 +2094,16 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        else
                ctx->cert_crl = cert_crl;
+        if (store && store->lookup_certs)
+                ctx->lookup_certs = store->lookup_certs;
+        else
+                ctx->lookup_certs = X509_STORE_get1_certs;
+        if (store && store->lookup_crls)
+                ctx->lookup_crls = store->lookup_crls;
+        else
+                ctx->lookup_crls = X509_STORE_get1_crls;
        ctx->check_policy = check_policy;
@@ -1474,7 +2136,8 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
        if (ctx->cleanup) ctx->cleanup(ctx);
        if (ctx->param != NULL)
                {
-                X509_VERIFY_PARAM_free(ctx->param);
+                if (ctx->parent == NULL)
+                        X509_VERIFY_PARAM_free(ctx->param);
                ctx->param=NULL;
                }
        if (ctx->tree != NULL)
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.h b/src/lib/libssl/src/crypto/x509/x509_vfy.h
index 76c76e1719..fe09b30aaa 100644
--- a/src/lib/libssl/src/crypto/x509/x509_vfy.h
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.h
@@ -77,6 +77,7 @@
 extern "C" {
 #endif
+#if 0
 /* Outer object */
 typedef struct x509_hash_dir_st
        {
@@ -85,6 +86,7 @@ typedef struct x509_hash_dir_st
        int *dirs_type;
        int num_dirs_alloced;
        } X509_HASH_DIR_CTX;
+#endif
 typedef struct x509_file_st
        {
@@ -198,6 +200,8 @@ struct x509_store_st
        int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
+        STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
+        STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
        int (*cleanup)(X509_STORE_CTX *ctx);
        CRYPTO_EX_DATA ex_data;
@@ -246,6 +250,8 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
        int (*check_policy)(X509_STORE_CTX *ctx);
+        STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
+        STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
        int (*cleanup)(X509_STORE_CTX *ctx);
        /* The following is built up */
@@ -263,6 +269,11 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
        X509 *current_issuer;   /* cert currently being tested as valid issuer */
        X509_CRL *current_crl;  /* current CRL */
+        int current_crl_score;  /* score of current CRL */
+        unsigned int current_reasons;  /* Reason mask */
+        X509_STORE_CTX *parent; /* For CRL path validation: parent context */
        CRYPTO_EX_DATA ex_data;
        } /* X509_STORE_CTX */;
@@ -330,8 +341,18 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define         X509_V_ERR_INVALID_EXTENSION                    41
 #define         X509_V_ERR_INVALID_POLICY_EXTENSION             42
 #define         X509_V_ERR_NO_EXPLICIT_POLICY                   43
+#define         X509_V_ERR_DIFFERENT_CRL_SCOPE                  44
+#define         X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE        45
+#define         X509_V_ERR_UNNESTED_RESOURCE                    46
-#define         X509_V_ERR_UNNESTED_RESOURCE                    44
+#define         X509_V_ERR_PERMITTED_VIOLATION                  47
+#define         X509_V_ERR_EXCLUDED_VIOLATION                   48
+#define         X509_V_ERR_SUBTREE_MINMAX                       49
+#define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE          51
+#define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX        52
+#define         X509_V_ERR_UNSUPPORTED_NAME_SYNTAX              53
+#define         X509_V_ERR_CRL_PATH_VALIDATION_ERROR            54
 /* The application is not happy */
 #define         X509_V_ERR_APPLICATION_VERIFICATION             50
@@ -362,6 +383,13 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define X509_V_FLAG_INHIBIT_MAP                 0x400
 /* Notify callback that policy is OK */
 #define X509_V_FLAG_NOTIFY_POLICY               0x800
+/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
+#define X509_V_FLAG_EXTENDED_CRL_SUPPORT        0x1000
+/* Delta CRL support */
+#define X509_V_FLAG_USE_DELTAS                  0x2000
+/* Check selfsigned CA signature */
+#define X509_V_FLAG_CHECK_SS_SIGNATURE          0x4000
 #define X509_VP_FLAG_DEFAULT                    0x1
 #define X509_VP_FLAG_OVERWRITE                  0x2
@@ -384,11 +412,16 @@ void X509_OBJECT_free_contents(X509_OBJECT *a);
 X509_STORE *X509_STORE_new(void );
 void X509_STORE_free(X509_STORE *v);
+STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
+STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
 int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
 int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
 int X509_STORE_set_trust(X509_STORE *ctx, int trust);
 int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
+void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                                  int (*verify_cb)(int, X509_STORE_CTX *));
 X509_STORE_CTX *X509_STORE_CTX_new(void);
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
@@ -447,6 +480,9 @@ int	X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
 void    X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
 int     X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
 X509 *  X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
 void    X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
diff --git a/src/lib/libssl/src/crypto/x509/x509cset.c b/src/lib/libssl/src/crypto/x509/x509cset.c
index 7f4004b291..3109defb0b 100644
--- a/src/lib/libssl/src/crypto/x509/x509cset.c
+++ b/src/lib/libssl/src/crypto/x509/x509cset.c
@@ -81,7 +81,7 @@ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
        }
-int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
+int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
        {
        ASN1_TIME *in;
@@ -99,7 +99,7 @@ int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
        return(in != NULL);
        }
-int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)
+int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
        {
        ASN1_TIME *in;
diff --git a/src/lib/libssl/src/crypto/x509/x509name.c b/src/lib/libssl/src/crypto/x509/x509name.c
index 068abfe5f0..27bc4dc9a3 100644
--- a/src/lib/libssl/src/crypto/x509/x509name.c
+++ b/src/lib/libssl/src/crypto/x509/x509name.c
@@ -356,7 +356,7 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
                return ASN1_STRING_set_by_NID(&ne->value, bytes,
                                                len, type,
                                        OBJ_obj2nid(ne->object)) ? 1 : 0;
-        if (len < 0) len=strlen((char *)bytes);
+        if (len < 0) len=strlen((const char *)bytes);
        i=ASN1_STRING_set(ne->value,bytes,len);
        if (!i) return(0);
        if (type != V_ASN1_UNDEF)
diff --git a/src/lib/libssl/src/crypto/x509/x509type.c b/src/lib/libssl/src/crypto/x509/x509type.c
index 2cd994c5b0..3385ad3f67 100644
--- a/src/lib/libssl/src/crypto/x509/x509type.c
+++ b/src/lib/libssl/src/crypto/x509/x509type.c
@@ -91,6 +91,10 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
                break;
        case EVP_PKEY_DH:
                ret=EVP_PK_DH|EVP_PKT_EXCH;
+                break;  
+        case NID_id_GostR3410_94:
+        case NID_id_GostR3410_2001:
+                ret=EVP_PKT_EXCH|EVP_PKT_SIGN;
                break;
        default:
                break;
diff --git a/src/lib/libssl/src/crypto/x509/x_all.c b/src/lib/libssl/src/crypto/x509/x_all.c
index 9039caad60..ebae30b701 100644
--- a/src/lib/libssl/src/crypto/x509/x_all.c
+++ b/src/lib/libssl/src/crypto/x509/x_all.c
@@ -57,7 +57,6 @@
 */
 #include <stdio.h>
-#undef SSLEAY_MACROS
 #include <openssl/stack.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
@@ -83,12 +82,6 @@ int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
                a->sig_alg,a->signature,a->req_info,r));
        }
-int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
-        {
-        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
-                a->sig_alg, a->signature,a->crl,r));
-        }
 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
        {
        return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
diff --git a/src/lib/libssl/src/crypto/x509v3/Makefile b/src/lib/libssl/src/crypto/x509v3/Makefile
index e71dc42f9f..556ef351bf 100644
--- a/src/lib/libssl/src/crypto/x509v3/Makefile
+++ b/src/lib/libssl/src/crypto/x509v3/Makefile
@@ -43,7 +43,7 @@ top:
 all:    lib
 lib:    $(LIBOBJ)
-        $(ARX) $(LIB) $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
@@ -90,8 +90,8 @@ pcy_cache.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_cache.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_cache.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_cache.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_cache.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_cache.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_cache.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_cache.o: ../../include/openssl/objects.h
 pcy_cache.o: ../../include/openssl/opensslconf.h
 pcy_cache.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_cache.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -105,9 +105,8 @@ pcy_data.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_data.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_data.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_data.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_data.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_data.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_data.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_data.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pcy_data.o: ../../include/openssl/opensslconf.h
 pcy_data.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_data.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pcy_data.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -120,36 +119,35 @@ pcy_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pcy_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pcy_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pcy_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+pcy_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-pcy_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pcy_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pcy_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcy_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pcy_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pcy_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-pcy_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_lib.c
+pcy_lib.o: ../cryptlib.h pcy_int.h pcy_lib.c
 pcy_map.o: ../../e_os.h ../../include/openssl/asn1.h
 pcy_map.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pcy_map.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_map.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_map.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_map.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_map.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_map.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_map.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_map.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pcy_map.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pcy_map.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pcy_map.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+pcy_map.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-pcy_map.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pcy_map.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pcy_map.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcy_map.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pcy_map.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pcy_map.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-pcy_map.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_map.c
+pcy_map.o: ../cryptlib.h pcy_int.h pcy_map.c
 pcy_node.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pcy_node.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 pcy_node.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pcy_node.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pcy_node.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-pcy_node.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_node.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_node.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_node.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pcy_node.o: ../../include/openssl/opensslconf.h
 pcy_node.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_node.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pcy_node.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -162,9 +160,8 @@ pcy_tree.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_tree.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_tree.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_tree.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_tree.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_tree.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_tree.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_tree.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pcy_tree.o: ../../include/openssl/opensslconf.h
 pcy_tree.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_tree.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pcy_tree.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -177,39 +174,37 @@ v3_addr.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_addr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_addr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_addr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_addr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_addr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_addr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_addr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_addr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_addr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_addr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_addr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_addr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_addr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_addr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_addr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_addr.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_addr.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_addr.c
-v3_addr.o: ../cryptlib.h v3_addr.c
 v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_akey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_akey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_akey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_akey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_akey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c
-v3_akey.o: ../cryptlib.h v3_akey.c
 v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_akeya.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_akeya.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_akeya.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_akeya.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_akeya.o: ../../include/openssl/opensslconf.h
 v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -221,15 +216,14 @@ v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_alt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_alt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_alt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c
-v3_alt.o: ../cryptlib.h v3_alt.c
 v3_asid.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_asid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_asid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -237,23 +231,23 @@ v3_asid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_asid.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_asid.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_asid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_asid.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_asid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_asid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_asid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_asid.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_asid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_asid.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_asid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_asid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_asid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_asid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_asid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_asid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_asid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_asid.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_asid.c
+v3_asid.o: ../cryptlib.h v3_asid.c
 v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_bcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_bcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_bcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_bcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_bcons.o: ../../include/openssl/opensslconf.h
 v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -266,9 +260,8 @@ v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_bitst.o: ../../include/openssl/opensslconf.h
 v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -281,23 +274,23 @@ v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_conf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_conf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c
+v3_conf.o: ../cryptlib.h v3_conf.c
 v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_cpols.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_cpols.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_cpols.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_cpols.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_cpols.o: ../../include/openssl/opensslconf.h
 v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -310,38 +303,37 @@ v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_crld.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_crld.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_crld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_crld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_crld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c
-v3_crld.o: ../cryptlib.h v3_crld.c
 v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_enum.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_enum.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_enum.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c
+v3_enum.o: ../cryptlib.h v3_enum.c
 v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_extku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_extku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_extku.o: ../../include/openssl/opensslconf.h
 v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -354,81 +346,76 @@ v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_genn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_genn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_genn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_genn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_genn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c
-v3_genn.o: ../cryptlib.h v3_genn.c
 v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_ia5.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_ia5.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_ia5.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c
-v3_ia5.o: ../cryptlib.h v3_ia5.c
 v3_info.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_info.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c
-v3_info.o: ../cryptlib.h v3_info.c
 v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_int.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_int.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_int.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_int.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c
-v3_int.o: ../cryptlib.h v3_int.c
 v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c
-v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c
 v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_ncons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_ncons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_ncons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_ncons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_ncons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_ncons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_ncons.o: ../../include/openssl/opensslconf.h
 v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -441,52 +428,49 @@ v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_ocsp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_ocsp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-v3_ocsp.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_ocsp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_ocsp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c
-v3_ocsp.o: ../cryptlib.h v3_ocsp.c
 v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pci.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pci.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pci.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pci.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pci.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pci.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_pci.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_pci.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_pci.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_pci.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_pci.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c
-v3_pci.o: ../cryptlib.h v3_pci.c
 v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_pcia.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_pcia.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pcia.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pcia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pcia.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pcia.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_pcia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_pcia.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_pcia.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_pcia.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_pcia.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c
-v3_pcia.o: v3_pcia.c
 v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pcons.o: ../../include/openssl/opensslconf.h
 v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -499,24 +483,23 @@ v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_pku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c
-v3_pku.o: ../cryptlib.h v3_pku.c
 v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pmaps.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pmaps.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pmaps.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pmaps.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pmaps.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pmaps.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pmaps.o: ../../include/openssl/opensslconf.h
 v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -528,52 +511,51 @@ v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c
-v3_prn.o: ../cryptlib.h v3_prn.c
 v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_purp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_purp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_purp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_purp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_purp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c
+v3_purp.o: ../cryptlib.h v3_purp.c
 v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_skey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_skey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c
+v3_skey.o: ../cryptlib.h v3_skey.c
 v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_sxnet.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_sxnet.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_sxnet.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_sxnet.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_sxnet.o: ../../include/openssl/opensslconf.h
 v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -586,25 +568,24 @@ v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_utl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_utl.c
+v3_utl.o: ../cryptlib.h v3_utl.c
 v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3err.o: ../../include/openssl/x509v3.h v3err.c
-v3err.o: v3err.c
diff --git a/src/lib/libssl/src/crypto/x509v3/ext_dat.h b/src/lib/libssl/src/crypto/x509v3/ext_dat.h
index 3eaec46f8a..76daee6fcd 100644
--- a/src/lib/libssl/src/crypto/x509v3/ext_dat.h
+++ b/src/lib/libssl/src/crypto/x509v3/ext_dat.h
@@ -61,21 +61,19 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
 extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
-extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
+extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
 extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
 extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
 extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
-extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp;
+extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
-#ifndef OPENSSL_NO_RFC3779
 extern X509V3_EXT_METHOD v3_addr, v3_asid;
-#endif
 /* This table will be searched using OBJ_bsearch so it *must* kept in
 * order of the ext_nid values.
 */
-static X509V3_EXT_METHOD *standard_exts[] = {
+static const X509V3_EXT_METHOD *standard_exts[] = {
 &v3_nscert,
 &v3_ns_ia5_list[0],
 &v3_ns_ia5_list[1],
@@ -122,7 +120,10 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 &v3_pci,
 &v3_name_constraints,
 &v3_policy_mappings,
-&v3_inhibit_anyp
+&v3_inhibit_anyp,
+&v3_idp,
+&v3_alt[2],
+&v3_freshest_crl,
 };
 /* Number of standard extensions */
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_alt.c b/src/lib/libssl/src/crypto/x509v3/v3_alt.c
index 58b2952478..d29d94338e 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_alt.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_alt.c
@@ -82,6 +82,12 @@ NULL, NULL, NULL},
 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
 (X509V3_EXT_V2I)v2i_issuer_alt,
 NULL, NULL, NULL},
+{ NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+NULL, NULL, NULL, NULL},
 };
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
@@ -360,6 +366,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
                if (move_p)
                        {
                        X509_NAME_delete_entry(nm, i);
+                        X509_NAME_ENTRY_free(ne);
                        i--;
                        }
                if(!email || !(gen = GENERAL_NAME_new())) {
@@ -386,8 +393,8 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
        
 }
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
        GENERAL_NAME *gen;
        GENERAL_NAMES *gens = NULL;
@@ -408,28 +415,22 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
        return NULL;
 }
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                         CONF_VALUE *cnf)
+                               CONF_VALUE *cnf)
        {
        return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
        }
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
-                                X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                               const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                 CONF_VALUE *cnf, int is_nc)
+                               int gen_type, char *value, int is_nc)
        {
        char is_string = 0;
-        int type;
        GENERAL_NAME *gen = NULL;
-        char *name, *value;
-        name = cnf->name;
-        value = cnf->value;
        if(!value)
                {
-                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
+                X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
                return NULL;
                }
@@ -440,74 +441,62 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
                gen = GENERAL_NAME_new();
                if(gen == NULL)
                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
+                        X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
                        return NULL;
                        }
                }
-        if(!name_cmp(name, "email"))
+        switch (gen_type)
-                {
-                is_string = 1;
-                type = GEN_EMAIL;
-                }
-        else if(!name_cmp(name, "URI"))
-                {
-                is_string = 1;
-                type = GEN_URI;
-                }
-        else if(!name_cmp(name, "DNS"))
                {
+                case GEN_URI:
+                case GEN_EMAIL:
+                case GEN_DNS:
                is_string = 1;
-                type = GEN_DNS;
+                break;
-                }
+                
-        else if(!name_cmp(name, "RID"))
+                case GEN_RID:
                {
                ASN1_OBJECT *obj;
                if(!(obj = OBJ_txt2obj(value,0)))
                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT);
+                        X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
                        ERR_add_error_data(2, "value=", value);
                        goto err;
                        }
                gen->d.rid = obj;
-                type = GEN_RID;
                }
-        else if(!name_cmp(name, "IP"))
+                break;
-                {
+                case GEN_IPADD:
                if (is_nc)
                        gen->d.ip = a2i_IPADDRESS_NC(value);
                else
                        gen->d.ip = a2i_IPADDRESS(value);
                if(gen->d.ip == NULL)
                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS);
+                        X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
                        ERR_add_error_data(2, "value=", value);
                        goto err;
                        }
-                type = GEN_IPADD;
+                break;
-                }
-        else if(!name_cmp(name, "dirName"))
+                case GEN_DIRNAME:
-                {
-                type = GEN_DIRNAME;
                if (!do_dirname(gen, value, ctx))
                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR);
+                        X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR);
                        goto err;
                        }
-                }
+                break;
-        else if(!name_cmp(name, "otherName"))
-                {
+                case GEN_OTHERNAME:
                if (!do_othername(gen, value, ctx))
                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR);
+                        X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR);
                        goto err;
                        }
-                type = GEN_OTHERNAME;
+                break;
-                }
+                default:
-        else
+                X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_TYPE);
-                {
-                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
-                ERR_add_error_data(2, "name=", name);
                goto err;
                }
@@ -517,12 +506,12 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
                              !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
                                               strlen(value)))
                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
+                        X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
                }
-        gen->type = type;
+        gen->type = gen_type;
        return gen;
@@ -532,6 +521,48 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
        return NULL;
        }
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+                                  const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
+        {
+        int type;
+        char *name, *value;
+        name = cnf->name;
+        value = cnf->value;
+        if(!value)
+                {
+                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
+                return NULL;
+                }
+        if(!name_cmp(name, "email"))
+                type = GEN_EMAIL;
+        else if(!name_cmp(name, "URI"))
+                type = GEN_URI;
+        else if(!name_cmp(name, "DNS"))
+                type = GEN_DNS;
+        else if(!name_cmp(name, "RID"))
+                type = GEN_RID;
+        else if(!name_cmp(name, "IP"))
+                type = GEN_IPADD;
+        else if(!name_cmp(name, "dirName"))
+                type = GEN_DIRNAME;
+        else if(!name_cmp(name, "otherName"))
+                type = GEN_OTHERNAME;
+        else
+                {
+                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
+                ERR_add_error_data(2, "name=", name);
+                return NULL;
+                }
+        return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
+        }
 static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
        {
        char *objtmp = NULL, *p;
@@ -577,6 +608,7 @@ static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
        if (!ret)
                X509_NAME_free(nm);
        gen->d.dirn = nm;
+        X509V3_section_free(ctx, sk);
                
        return ret;
        }
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_conf.c b/src/lib/libssl/src/crypto/x509v3/v3_conf.c
index 11eb6b7fd5..6730f9a6ee 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_conf.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_conf.c
@@ -72,14 +72,14 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, in
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx);
 static char *conf_lhash_get_string(void *db, char *section, char *value);
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
-                                                 int crit, void *ext_struc);
+                                  int crit, void *ext_struc);
 static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
 /* CONF *conf:  Config file    */
 /* char *name:  Name    */
 /* char *value:  Value    */
 X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
-             char *value)
+                                 char *value)
        {
        int crit;
        int ext_type;
@@ -99,7 +99,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
 /* CONF *conf:  Config file    */
 /* char *value:  Value    */
 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-             char *value)
+                                     char *value)
        {
        int crit;
        int ext_type;
@@ -113,9 +113,9 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 /* CONF *conf:  Config file    */
 /* char *value:  Value    */
 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-             int crit, char *value)
+                                    int crit, char *value)
        {
-        X509V3_EXT_METHOD *method;
+        const X509V3_EXT_METHOD *method;
        X509_EXTENSION *ext;
        STACK_OF(CONF_VALUE) *nval;
        void *ext_struc;
@@ -172,8 +172,8 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
        }
-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
-                                                 int crit, void *ext_struc)
+                                  int crit, void *ext_struc)
        {
        unsigned char *ext_der;
        int ext_len;
@@ -214,7 +214,7 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
        {
-        X509V3_EXT_METHOD *method;
+        const X509V3_EXT_METHOD *method;
        if (!(method = X509V3_EXT_get_nid(ext_nid))) {
                X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
                return NULL;
@@ -258,7 +258,8 @@ static int v3_check_generic(char **value)
 /* Create a generic extension: for now just handle DER type */
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
-             int crit, int gen_type, X509V3_CTX *ctx)
+                                            int crit, int gen_type,
+                                            X509V3_CTX *ctx)
        {
        unsigned char *ext_der=NULL;
        long ext_len;
@@ -322,7 +323,7 @@ static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
 int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
-             STACK_OF(X509_EXTENSION) **sk)
+                            STACK_OF(X509_EXTENSION) **sk)
        {
        X509_EXTENSION *ext;
        STACK_OF(CONF_VALUE) *nval;
@@ -343,7 +344,7 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
 /* Convenience functions to add extensions to a certificate, CRL and request */
 int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-             X509 *cert)
+                         X509 *cert)
        {
        STACK_OF(X509_EXTENSION) **sk = NULL;
        if (cert)
@@ -354,7 +355,7 @@ int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
 /* Same as above but for a CRL */
 int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-             X509_CRL *crl)
+                             X509_CRL *crl)
        {
        STACK_OF(X509_EXTENSION) **sk = NULL;
        if (crl)
@@ -443,7 +444,7 @@ void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
        }
 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
-             X509_CRL *crl, int flags)
+                    X509_CRL *crl, int flags)
        {
        ctx->issuer_cert = issuer;
        ctx->subject_cert = subj;
@@ -454,8 +455,8 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
 /* Old conf compatibility functions */
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-             char *value)
+                                char *name, char *value)
        {
        CONF ctmp;
        CONF_set_nconf(&ctmp, conf);
@@ -464,8 +465,8 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
 /* LHASH *conf:  Config file    */
 /* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-             char *value)
+                                    int ext_nid, char *value)
        {
        CONF ctmp;
        CONF_set_nconf(&ctmp, conf);
@@ -489,14 +490,14 @@ NULL,
 NULL
 };
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
        {
        ctx->db_meth = &conf_lhash_method;
        ctx->db = lhash;
        }
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-             X509 *cert)
+                        char *section, X509 *cert)
        {
        CONF ctmp;
        CONF_set_nconf(&ctmp, conf);
@@ -505,8 +506,8 @@ int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
 /* Same as above but for a CRL */
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-             X509_CRL *crl)
+                            char *section, X509_CRL *crl)
        {
        CONF ctmp;
        CONF_set_nconf(&ctmp, conf);
@@ -515,8 +516,8 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
 /* Add extensions to certificate request */
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-             X509_REQ *req)
+                            char *section, X509_REQ *req)
        {
        CONF ctmp;
        CONF_set_nconf(&ctmp, conf);
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
index ad0506d75c..1f0798b946 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
@@ -450,5 +450,8 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
        else
                BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
        }
-        
 IMPLEMENT_STACK_OF(X509_POLICY_NODE)
+IMPLEMENT_STACK_OF(X509_POLICY_DATA)
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_crld.c b/src/lib/libssl/src/crypto/x509v3/v3_crld.c
index 181a8977b1..790a6dd032 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_crld.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_crld.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -63,45 +63,254 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
-static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
-                STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
+                      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+                     int indent);
-const X509V3_EXT_METHOD v3_crld = {
+const X509V3_EXT_METHOD v3_crld =
-NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
+        {
-0,0,0,0,
+        NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
-0,0,
+        0,0,0,0,
-(X509V3_EXT_I2V)i2v_crld,
+        0,0,
-(X509V3_EXT_V2I)v2i_crld,
+        0,
-0,0,
+        v2i_crld,
-NULL
+        i2r_crldp,0,
+        NULL
+        };
+const X509V3_EXT_METHOD v3_freshest_crl =
+        {
+        NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+        0,0,0,0,
+        0,0,
+        0,
+        v2i_crld,
+        i2r_crldp,0,
+        NULL
+        };
+static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
+        {
+        STACK_OF(CONF_VALUE) *gnsect;
+        STACK_OF(GENERAL_NAME) *gens;
+        if (*sect == '@')
+                gnsect = X509V3_get_section(ctx, sect + 1);
+        else
+                gnsect = X509V3_parse_list(sect);
+        if (!gnsect)
+                {
+                X509V3err(X509V3_F_GNAMES_FROM_SECTNAME,
+                                                X509V3_R_SECTION_NOT_FOUND);
+                return NULL;
+                }
+        gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
+        if (*sect == '@')
+                X509V3_section_free(ctx, gnsect);
+        else
+                sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
+        return gens;
+        }
+static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
+                                                        CONF_VALUE *cnf)
+        {
+        STACK_OF(GENERAL_NAME) *fnm = NULL;
+        STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
+        if (!strncmp(cnf->name, "fullname", 9))
+                {
+                fnm = gnames_from_sectname(ctx, cnf->value);
+                if (!fnm)
+                        goto err;
+                }
+        else if (!strcmp(cnf->name, "relativename"))
+                {
+                int ret;
+                STACK_OF(CONF_VALUE) *dnsect;
+                X509_NAME *nm;
+                nm = X509_NAME_new();
+                if (!nm)
+                        return -1;
+                dnsect = X509V3_get_section(ctx, cnf->value);
+                if (!dnsect)
+                        {
+                        X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                                                X509V3_R_SECTION_NOT_FOUND);
+                        return -1;
+                        }
+                ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
+                X509V3_section_free(ctx, dnsect);
+                rnm = nm->entries;
+                nm->entries = NULL;
+                X509_NAME_free(nm);
+                if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0)
+                        goto err;
+                /* Since its a name fragment can't have more than one
+                 * RDNSequence
+                 */
+                if (sk_X509_NAME_ENTRY_value(rnm,
+                                sk_X509_NAME_ENTRY_num(rnm) - 1)->set)
+                        {
+                        X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                                                X509V3_R_INVALID_MULTIPLE_RDNS);
+                        goto err;
+                        }
+                }
+        else
+                return 0;
+        if (*pdp)
+                {
+                X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                                                X509V3_R_DISTPOINT_ALREADY_SET);
+                goto err;
+                }
+        *pdp = DIST_POINT_NAME_new();
+        if (!*pdp)
+                goto err;
+        if (fnm)
+                {
+                (*pdp)->type = 0;
+                (*pdp)->name.fullname = fnm;
+                }
+        else
+                {
+                (*pdp)->type = 1;
+                (*pdp)->name.relativename = rnm;
+                }
+        return 1;
+                
+        err:
+        if (fnm)
+                sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
+        if (rnm)
+                sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
+        return -1;
+        }
+static const BIT_STRING_BITNAME reason_flags[] = {
+{0, "Unused", "unused"},
+{1, "Key Compromise", "keyCompromise"},
+{2, "CA Compromise", "CACompromise"},
+{3, "Affiliation Changed", "affiliationChanged"},
+{4, "Superseded", "superseded"},
+{5, "Cessation Of Operation", "cessationOfOperation"},
+{6, "Certificate Hold", "certificateHold"},
+{7, "Privilege Withdrawn", "privilegeWithdrawn"},
+{8, "AA Compromise", "AACompromise"},
+{-1, NULL, NULL}
 };
-static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
+static int set_reasons(ASN1_BIT_STRING **preas, char *value)
-                        STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
+        {
-{
+        STACK_OF(CONF_VALUE) *rsk = NULL;
-        DIST_POINT *point;
+        const BIT_STRING_BITNAME *pbn;
+        const char *bnam;
+        int i, ret = 0;
+        rsk = X509V3_parse_list(value);
+        if (!rsk)
+                return 0;
+        if (*preas)
+                return 0;
+        for (i = 0; i < sk_CONF_VALUE_num(rsk); i++)
+                {
+                bnam = sk_CONF_VALUE_value(rsk, i)->name;
+                if (!*preas)
+                        {
+                        *preas = ASN1_BIT_STRING_new();
+                        if (!*preas)
+                                goto err;
+                        }
+                for (pbn = reason_flags; pbn->lname; pbn++)
+                        {
+                        if (!strcmp(pbn->sname, bnam))
+                                {
+                                if (!ASN1_BIT_STRING_set_bit(*preas,
+                                                        pbn->bitnum, 1))
+                                        goto err;
+                                break;
+                                }
+                        }
+                if (!pbn->lname)
+                        goto err;
+                }
+        ret = 1;
+        err:
+        sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free);
+        return ret;
+        }
+static int print_reasons(BIO *out, const char *rname,
+                        ASN1_BIT_STRING *rflags, int indent)
+        {
+        int first = 1;
+        const BIT_STRING_BITNAME *pbn;
+        BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
+        for (pbn = reason_flags; pbn->lname; pbn++)
+                {
+                if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum))
+                        {
+                        if (first)
+                                first = 0;
+                        else
+                                BIO_puts(out, ", ");
+                        BIO_puts(out, pbn->lname);
+                        }
+                }
+        if (first)
+                BIO_puts(out, "<EMPTY>\n");
+        else
+                BIO_puts(out, "\n");
+        return 1;
+        }
+static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
+                                                STACK_OF(CONF_VALUE) *nval)
+        {
        int i;
-        for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
+        CONF_VALUE *cnf;
-                point = sk_DIST_POINT_value(crld, i);
+        DIST_POINT *point = NULL;
-                if(point->distpoint) {
+        point = DIST_POINT_new();
-                        if(point->distpoint->type == 0)
+        if (!point)
-                                exts = i2v_GENERAL_NAMES(NULL,
+                goto err;
-                                         point->distpoint->name.fullname, exts);
+        for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
-                        else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
+                {
+                int ret;
+                cnf = sk_CONF_VALUE_value(nval, i);
+                ret = set_dist_point_name(&point->distpoint, ctx, cnf);
+                if (ret > 0)
+                        continue;
+                if (ret < 0)
+                        goto err;
+                if (!strcmp(cnf->name, "reasons"))
+                        {
+                        if (!set_reasons(&point->reasons, cnf->value))
+                                goto err;
+                        }
+                else if (!strcmp(cnf->name, "CRLissuer"))
+                        {
+                        point->CRLissuer =
+                                gnames_from_sectname(ctx, cnf->value);
+                        if (!point->CRLissuer)
+                                goto err;
+                        }
                }
-                if(point->reasons) 
-                        X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
+        return point;
-                if(point->CRLissuer)
+                        
-                        X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
+        err:
+        if (point)
+                DIST_POINT_free(point);
+        return NULL;
        }
-        return exts;
-}
-static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
+        {
        STACK_OF(DIST_POINT) *crld = NULL;
        GENERAL_NAMES *gens = NULL;
        GENERAL_NAME *gen = NULL;
@@ -111,19 +320,44 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
                DIST_POINT *point;
                cnf = sk_CONF_VALUE_value(nval, i);
-                if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
+                if (!cnf->value)
-                if(!(gens = GENERAL_NAMES_new())) goto merr;
+                        {
-                if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
+                        STACK_OF(CONF_VALUE) *dpsect;
-                gen = NULL;
+                        dpsect = X509V3_get_section(ctx, cnf->name);
-                if(!(point = DIST_POINT_new())) goto merr;
+                        if (!dpsect)
-                if(!sk_DIST_POINT_push(crld, point)) {
+                                goto err;
-                        DIST_POINT_free(point);
+                        point = crldp_from_section(ctx, dpsect);
-                        goto merr;
+                        X509V3_section_free(ctx, dpsect);
-                }
+                        if (!point)
-                if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
+                                goto err;
-                point->distpoint->name.fullname = gens;
+                        if(!sk_DIST_POINT_push(crld, point))
-                point->distpoint->type = 0;
+                                {
-                gens = NULL;
+                                DIST_POINT_free(point);
+                                goto merr;
+                                }
+                        }
+                else
+                        {
+                        if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+                                goto err; 
+                        if(!(gens = GENERAL_NAMES_new()))
+                                goto merr;
+                        if(!sk_GENERAL_NAME_push(gens, gen))
+                                goto merr;
+                        gen = NULL;
+                        if(!(point = DIST_POINT_new()))
+                                goto merr;
+                        if(!sk_DIST_POINT_push(crld, point))
+                                {
+                                DIST_POINT_free(point);
+                                goto merr;
+                                }
+                        if(!(point->distpoint = DIST_POINT_NAME_new()))
+                                goto merr;
+                        point->distpoint->name.fullname = gens;
+                        point->distpoint->type = 0;
+                        gens = NULL;
+                        }
        }
        return crld;
@@ -139,11 +373,31 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
 IMPLEMENT_STACK_OF(DIST_POINT)
 IMPLEMENT_ASN1_SET_OF(DIST_POINT)
+static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
+        {
+        DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval;
+        switch(operation)
+                {
+                case ASN1_OP_NEW_POST:
+                dpn->dpname = NULL;
+                break;
+                case ASN1_OP_FREE_POST:
+                if (dpn->dpname)
+                        X509_NAME_free(dpn->dpname);
+                break;
+                }
+        return 1;
+        }
-ASN1_CHOICE(DIST_POINT_NAME) = {
+ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = {
        ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
        ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
-} ASN1_CHOICE_END(DIST_POINT_NAME)
+} ASN1_CHOICE_END_cb(DIST_POINT_NAME, DIST_POINT_NAME, type)
 IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
@@ -160,3 +414,203 @@ ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
 ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
 IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
+ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
+        ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5)
+} ASN1_SEQUENCE_END(ISSUING_DIST_POINT)
+IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+                   int indent);
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                     STACK_OF(CONF_VALUE) *nval);
+const X509V3_EXT_METHOD v3_idp =
+        {
+        NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
+        ASN1_ITEM_ref(ISSUING_DIST_POINT),
+        0,0,0,0,
+        0,0,
+        0,
+        v2i_idp,
+        i2r_idp,0,
+        NULL
+        };
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                     STACK_OF(CONF_VALUE) *nval)
+        {
+        ISSUING_DIST_POINT *idp = NULL;
+        CONF_VALUE *cnf;
+        char *name, *val;
+        int i, ret;
+        idp = ISSUING_DIST_POINT_new();
+        if (!idp)
+                goto merr;
+        for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
+                {
+                cnf = sk_CONF_VALUE_value(nval, i);
+                name = cnf->name;
+                val = cnf->value;
+                ret = set_dist_point_name(&idp->distpoint, ctx, cnf);
+                if (ret > 0)
+                        continue;
+                if (ret < 0)
+                        goto err;
+                if (!strcmp(name, "onlyuser"))
+                        {
+                        if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
+                                goto err;
+                        }
+                else if (!strcmp(name, "onlyCA"))
+                        {
+                        if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
+                                goto err;
+                        }
+                else if (!strcmp(name, "onlyAA"))
+                        {
+                        if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
+                                goto err;
+                        }
+                else if (!strcmp(name, "indirectCRL"))
+                        {
+                        if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
+                                goto err;
+                        }
+                else if (!strcmp(name, "onlysomereasons"))
+                        {
+                        if (!set_reasons(&idp->onlysomereasons, val))
+                                goto err;
+                        }
+                else
+                        {
+                        X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
+                        X509V3_conf_err(cnf);
+                        goto err;
+                        }
+                }
+        return idp;
+        merr:
+        X509V3err(X509V3_F_V2I_IDP,ERR_R_MALLOC_FAILURE);
+        err:
+        ISSUING_DIST_POINT_free(idp);
+        return NULL;
+        }
+static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
+        {
+        int i;
+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++)
+                {
+                BIO_printf(out, "%*s", indent + 2, "");
+                GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
+                BIO_puts(out, "\n");
+                }
+        return 1;
+        }
+static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
+        {
+        if (dpn->type == 0)
+                {
+                BIO_printf(out, "%*sFull Name:\n", indent, "");
+                print_gens(out, dpn->name.fullname, indent);
+                }
+        else
+                {
+                X509_NAME ntmp;
+                ntmp.entries = dpn->name.relativename;
+                BIO_printf(out, "%*sRelative Name:\n%*s",
+                                                indent, "", indent + 2, "");
+                X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
+                BIO_puts(out, "\n");
+                }
+        return 1;
+        }
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+                   int indent)
+        {
+        ISSUING_DIST_POINT *idp = pidp;
+        if (idp->distpoint)
+                print_distpoint(out, idp->distpoint, indent);
+        if (idp->onlyuser > 0)
+                BIO_printf(out, "%*sOnly User Certificates\n", indent, "");
+        if (idp->onlyCA > 0)
+                BIO_printf(out, "%*sOnly CA Certificates\n", indent, "");
+        if (idp->indirectCRL > 0)
+                BIO_printf(out, "%*sIndirect CRL\n", indent, "");
+        if (idp->onlysomereasons)
+                print_reasons(out, "Only Some Reasons", 
+                                idp->onlysomereasons, indent);
+        if (idp->onlyattr > 0)
+                BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
+        if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0)
+                && (idp->indirectCRL <= 0) && !idp->onlysomereasons
+                && (idp->onlyattr <= 0))
+                BIO_printf(out, "%*s<EMPTY>\n", indent, "");
+                
+        return 1;
+        }
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
+                     int indent)
+        {
+        STACK_OF(DIST_POINT) *crld = pcrldp;
+        DIST_POINT *point;
+        int i;
+        for(i = 0; i < sk_DIST_POINT_num(crld); i++)
+                {
+                BIO_puts(out, "\n");
+                point = sk_DIST_POINT_value(crld, i);
+                if(point->distpoint)
+                        print_distpoint(out, point->distpoint, indent);
+                if(point->reasons) 
+                        print_reasons(out, "Reasons", point->reasons,
+                                                                indent);
+                if(point->CRLissuer)
+                        {
+                        BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
+                        print_gens(out, point->CRLissuer, indent);
+                        }
+                }
+        return 1;
+        }
+int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname)
+        {
+        int i;
+        STACK_OF(X509_NAME_ENTRY) *frag;
+        X509_NAME_ENTRY *ne;
+        if (!dpn || (dpn->type != 1))
+                return 1;
+        frag = dpn->name.relativename;
+        dpn->dpname = X509_NAME_dup(iname);
+        if (!dpn->dpname)
+                return 0;
+        for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++)
+                {
+                ne = sk_X509_NAME_ENTRY_value(frag, i);
+                if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1))
+                        {
+                        X509_NAME_free(dpn->dpname);
+                        dpn->dpname = NULL;
+                        return 0;
+                        }
+                }
+        /* generate cached encoding of name */
+        if (i2d_X509_NAME(dpn->dpname, NULL) < 0)
+                {
+                X509_NAME_free(dpn->dpname);
+                dpn->dpname = NULL;
+                return 0;
+                }
+        return 1;
+        }
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_enum.c b/src/lib/libssl/src/crypto/x509v3/v3_enum.c
index 36576eaa4d..c0575e368d 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_enum.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_enum.c
@@ -61,14 +61,17 @@
 #include <openssl/x509v3.h>
 static ENUMERATED_NAMES crl_reasons[] = {
-{0, "Unspecified", "unspecified"},
+{CRL_REASON_UNSPECIFIED,         "Unspecified", "unspecified"},
-{1, "Key Compromise", "keyCompromise"},
+{CRL_REASON_KEY_COMPROMISE,      "Key Compromise", "keyCompromise"},
-{2, "CA Compromise", "CACompromise"},
+{CRL_REASON_CA_COMPROMISE,       "CA Compromise", "CACompromise"},
-{3, "Affiliation Changed", "affiliationChanged"},
+{CRL_REASON_AFFILIATION_CHANGED, "Affiliation Changed", "affiliationChanged"},
-{4, "Superseded", "superseded"},
+{CRL_REASON_SUPERSEDED,          "Superseded", "superseded"},
-{5, "Cessation Of Operation", "cessationOfOperation"},
+{CRL_REASON_CESSATION_OF_OPERATION,
-{6, "Certificate Hold", "certificateHold"},
+                        "Cessation Of Operation", "cessationOfOperation"},
-{8, "Remove From CRL", "removeFromCRL"},
+{CRL_REASON_CERTIFICATE_HOLD,    "Certificate Hold", "certificateHold"},
+{CRL_REASON_REMOVE_FROM_CRL,     "Remove From CRL", "removeFromCRL"},
+{CRL_REASON_PRIVILEGE_WITHDRAWN, "Privilege Withdrawn", "privilegeWithdrawn"},
+{CRL_REASON_AA_COMPROMISE,       "AA Compromise", "AACompromise"},
 {-1, NULL, NULL}
 };
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_extku.c b/src/lib/libssl/src/crypto/x509v3/v3_extku.c
index c0d14500ed..1c66532757 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_extku.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_extku.c
@@ -63,9 +63,10 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+                                    X509V3_CTX *ctx,
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+                                    STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
                void *eku, STACK_OF(CONF_VALUE) *extlist);
 const X509V3_EXT_METHOD v3_ext_ku = {
@@ -97,8 +98,9 @@ ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
 IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+static STACK_OF(CONF_VALUE) *
-                void *a, STACK_OF(CONF_VALUE) *ext_list)
+  i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, void *a,
+                         STACK_OF(CONF_VALUE) *ext_list)
 {
        EXTENDED_KEY_USAGE *eku = a;
        int i;
@@ -112,8 +114,8 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
        return ext_list;
 }
-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                                    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
        EXTENDED_KEY_USAGE *extku;
        char *extval;
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_genn.c b/src/lib/libssl/src/crypto/x509v3/v3_genn.c
index 84b4b1c881..b628357301 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_genn.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_genn.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -99,3 +99,154 @@ ASN1_ITEM_TEMPLATE(GENERAL_NAMES) =
 ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
 IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
+GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a)
+        {
+        return (GENERAL_NAME *) ASN1_dup((i2d_of_void *) i2d_GENERAL_NAME,
+                                         (d2i_of_void *) d2i_GENERAL_NAME,
+                                         (char *) a);
+        }
+/* Returns 0 if they are equal, != 0 otherwise. */
+int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+        {
+        int result = -1;
+        if (!a || !b || a->type != b->type) return -1;
+        switch(a->type)
+                {
+        case GEN_X400:
+        case GEN_EDIPARTY:
+                result = ASN1_TYPE_cmp(a->d.other, b->d.other);
+                break;
+        case GEN_OTHERNAME:
+                result = OTHERNAME_cmp(a->d.otherName, b->d.otherName);
+                break;
+        case GEN_EMAIL:
+        case GEN_DNS:
+        case GEN_URI:
+                result = ASN1_STRING_cmp(a->d.ia5, b->d.ia5);
+                break;
+        case GEN_DIRNAME:
+                result = X509_NAME_cmp(a->d.dirn, b->d.dirn);
+                break;
+        case GEN_IPADD:
+                result = ASN1_OCTET_STRING_cmp(a->d.ip, b->d.ip);
+                break;
+        
+        case GEN_RID:
+                result = OBJ_cmp(a->d.rid, b->d.rid);
+                break;
+                }
+        return result;
+        }
+/* Returns 0 if they are equal, != 0 otherwise. */
+int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b)
+        {
+        int result = -1;
+        if (!a || !b) return -1;
+        /* Check their type first. */
+        if ((result = OBJ_cmp(a->type_id, b->type_id)) != 0)
+                return result;
+        /* Check the value. */
+        result = ASN1_TYPE_cmp(a->value, b->value);
+        return result;
+        }
+void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
+        {
+        switch(type)
+                {
+        case GEN_X400:
+        case GEN_EDIPARTY:
+                a->d.other = value;
+                break;
+        case GEN_OTHERNAME:
+                a->d.otherName = value;
+                break;
+        case GEN_EMAIL:
+        case GEN_DNS:
+        case GEN_URI:
+                a->d.ia5 = value;
+                break;
+        case GEN_DIRNAME:
+                a->d.dirn = value;
+                break;
+        case GEN_IPADD:
+                a->d.ip = value;
+                break;
+        
+        case GEN_RID:
+                a->d.rid = value;
+                break;
+                }
+        a->type = type;
+        }
+void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype)
+        {
+        if (ptype)
+                *ptype = a->type;
+        switch(a->type)
+                {
+        case GEN_X400:
+        case GEN_EDIPARTY:
+                return a->d.other;
+        case GEN_OTHERNAME:
+                return a->d.otherName;
+        case GEN_EMAIL:
+        case GEN_DNS:
+        case GEN_URI:
+                return a->d.ia5;
+        case GEN_DIRNAME:
+                return a->d.dirn;
+        case GEN_IPADD:
+                return a->d.ip;
+        
+        case GEN_RID:
+                return a->d.rid;
+        default:
+                return NULL;
+                }
+        }
+int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
+                                ASN1_OBJECT *oid, ASN1_TYPE *value)
+        {
+        OTHERNAME *oth;
+        oth = OTHERNAME_new();
+        if (!oth)
+                return 0;
+        oth->type_id = oid;
+        oth->value = value;
+        GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth);
+        return 1;
+        }
+int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, 
+                                ASN1_OBJECT **poid, ASN1_TYPE **pvalue)
+        {
+        if (gen->type != GEN_OTHERNAME)
+                return 0;
+        if (poid)
+                *poid = gen->d.otherName->type_id;
+        if (pvalue)
+                *pvalue = gen->d.otherName->value;
+        return 1;
+        }
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_lib.c b/src/lib/libssl/src/crypto/x509v3/v3_lib.c
index df3a48f43e..0f1e1d4422 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_lib.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_lib.c
@@ -84,20 +84,24 @@ int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
 }
 static int ext_cmp(const X509V3_EXT_METHOD * const *a,
-                const X509V3_EXT_METHOD * const *b)
+                   const X509V3_EXT_METHOD * const *b)
 {
        return ((*a)->ext_nid - (*b)->ext_nid);
 }
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
+DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *,
+                           ext);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
+                             const X509V3_EXT_METHOD *, ext);
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
 {
-        X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
+        X509V3_EXT_METHOD tmp;
+        const X509V3_EXT_METHOD *t = &tmp, * const *ret;
        int idx;
        if(nid < 0) return NULL;
        tmp.ext_nid = nid;
-        ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
+        ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT);
-                        (char *)standard_exts, STANDARD_EXTENSION_COUNT,
-                        sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
        if(ret) return *ret;
        if(!ext_list) return NULL;
        idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
@@ -105,7 +109,7 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
        return sk_X509V3_EXT_METHOD_value(ext_list, idx);
 }
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
 {
        int nid;
        if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
@@ -122,7 +126,9 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
 int X509V3_EXT_add_alias(int nid_to, int nid_from)
 {
-        X509V3_EXT_METHOD *ext, *tmpext;
+        const X509V3_EXT_METHOD *ext;
+        X509V3_EXT_METHOD *tmpext;
        if(!(ext = X509V3_EXT_get_nid(nid_from))) {
                X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
                return 0;
@@ -161,7 +167,7 @@ int X509V3_add_standard_extensions(void)
 void *X509V3_EXT_d2i(X509_EXTENSION *ext)
 {
-        X509V3_EXT_METHOD *method;
+        const X509V3_EXT_METHOD *method;
        const unsigned char *p;
        if(!(method = X509V3_EXT_get(ext))) return NULL;
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c b/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c
index e426ea930c..0c165af314 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c
@@ -68,19 +68,26 @@
 /* OCSP extensions and a couple of CRL entry extensions
 */
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+                          BIO *out, int indent);
-static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
+                            BIO *out, int indent);
+static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
+                      int indent);
 static void *ocsp_nonce_new(void);
 static int i2d_ocsp_nonce(void *a, unsigned char **pp);
 static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
 static void ocsp_nonce_free(void *a);
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+                          BIO *out, int indent);
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
+                            void *nocheck, BIO *out, int indent);
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                              const char *str);
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+                               BIO *bp, int ind);
 const X509V3_EXT_METHOD v3_ocsp_crlid = {
        NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
@@ -148,44 +155,47 @@ const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
        NULL
 };
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
+                          int ind)
 {
        OCSP_CRLID *a = in;
        if (a->crlUrl)
                {
-                if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
+                if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) goto err;
                if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
-                if (!BIO_write(bp, "\n", 1)) goto err;
+                if (BIO_write(bp, "\n", 1) <= 0) goto err;
                }
        if (a->crlNum)
                {
-                if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
+                if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) goto err;
-                if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
+                if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) goto err;
-                if (!BIO_write(bp, "\n", 1)) goto err;
+                if (BIO_write(bp, "\n", 1) <= 0) goto err;
                }
        if (a->crlTime)
                {
-                if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
+                if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) goto err;
                if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
-                if (!BIO_write(bp, "\n", 1)) goto err;
+                if (BIO_write(bp, "\n", 1) <= 0) goto err;
                }
        return 1;
        err:
        return 0;
 }
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
+                            BIO *bp, int ind)
 {
-        if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+        if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0;
        if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
        return 1;
 }
-static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
+static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
+                      int ind)
 {
-        if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+        if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0;
-        if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
+        if(i2a_ASN1_OBJECT(bp, oid) <= 0) return 0;
        return 1;
 }
@@ -232,7 +242,8 @@ static void ocsp_nonce_free(void *a)
        M_ASN1_OCTET_STRING_free(a);
 }
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+                          BIO *out, int indent)
 {
        if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
        if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
@@ -241,17 +252,20 @@ static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int
 /* Nocheck is just a single NULL. Don't print anything and always set it */
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
+                            BIO *out, int indent)
 {
        return 1;
 }
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                              const char *str)
 {
        return ASN1_NULL_new();
 }
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+                               BIO *bp, int ind)
        {
        int i;
        OCSP_SERVICELOC *a = in;
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_pci.c b/src/lib/libssl/src/crypto/x509v3/v3_pci.c
index 601211f416..0dcfa004fe 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_pci.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_pci.c
@@ -82,7 +82,7 @@ static int process_pci_value(CONF_VALUE *val,
                {
                if (*language)
                        {
-                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
+                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
                        X509V3_conf_err(val);
                        return 0;
                        }
@@ -97,7 +97,7 @@ static int process_pci_value(CONF_VALUE *val,
                {
                if (*pathlen)
                        {
-                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
+                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
                        X509V3_conf_err(val);
                        return 0;
                        }
@@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val,
                        unsigned char *tmp_data2 =
                                string_to_hex(val->value + 4, &val_len);
-                        if (!tmp_data2) goto err;
+                        if (!tmp_data2) 
+                                {
+                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);
+                                X509V3_conf_err(val);
+                                goto err;
+                                }
                        tmp_data = OPENSSL_realloc((*policy)->data,
                                (*policy)->length + val_len + 1);
@@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val,
                                (*policy)->length += val_len;
                                (*policy)->data[(*policy)->length] = '\0';
                                }
+                        else
+                                {
+                                OPENSSL_free(tmp_data2);
+                                /* realloc failure implies the original data space is b0rked too! */
+                                (*policy)->data = NULL;
+                                (*policy)->length = 0;
+                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
+                                X509V3_conf_err(val);
+                                goto err;
+                                }
+                        OPENSSL_free(tmp_data2);
                        }
                else if (strncmp(val->value, "file:", 5) == 0)
                        {
@@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val,
                                (*policy)->length += n;
                                (*policy)->data[(*policy)->length] = '\0';
                                }
+                        BIO_free_all(b);
                        if (n < 0)
                                {
@@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val,
                                (*policy)->length += val_len;
                                (*policy)->data[(*policy)->length] = '\0';
                                }
+                        else
+                                {
+                                /* realloc failure implies the original data space is b0rked too! */
+                                (*policy)->data = NULL;
+                                (*policy)->length = 0;
+                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
+                                X509V3_conf_err(val);
+                                goto err;
+                                }
                        }
                else
                        {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_prn.c b/src/lib/libssl/src/crypto/x509v3/v3_prn.c
index c1bb17f105..3146218708 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_prn.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_prn.c
@@ -110,7 +110,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
        void *ext_str = NULL;
        char *value = NULL;
        const unsigned char *p;
-        X509V3_EXT_METHOD *method;      
+        const X509V3_EXT_METHOD *method;        
        STACK_OF(CONF_VALUE) *nval = NULL;
        int ok = 1;
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_purp.c b/src/lib/libssl/src/crypto/x509v3/v3_purp.c
index e18751e01c..181bd34979 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_purp.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_purp.c
@@ -71,6 +71,7 @@ static int purpose_smime(const X509 *x, int ca);
 static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
@@ -87,6 +88,7 @@ static X509_PURPOSE xstandard[] = {
        {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
        {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
        {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
+        {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL},
 };
 #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
@@ -265,11 +267,14 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
        return xp->trust;
 }
-static int nid_cmp(int *a, int *b)
+static int nid_cmp(const int *a, const int *b)
        {
        return *a - *b;
        }
+DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid);
 int X509_supported_extension(X509_EXTENSION *ex)
        {
        /* This table is a list of the NIDs of supported extensions:
@@ -280,7 +285,7 @@ int X509_supported_extension(X509_EXTENSION *ex)
         * searched using bsearch.
         */
-        static int supported_nids[] = {
+        static const int supported_nids[] = {
                NID_netscape_cert_type, /* 71 */
                NID_key_usage,          /* 83 */
                NID_subject_alt_name,   /* 85 */
@@ -292,24 +297,62 @@ int X509_supported_extension(X509_EXTENSION *ex)
                NID_sbgp_autonomousSysNum, /* 291 */
 #endif
                NID_policy_constraints, /* 401 */
-                NID_proxyCertInfo,      /* 661 */
+                NID_proxyCertInfo,      /* 663 */
+                NID_name_constraints,   /* 666 */
+                NID_policy_mappings,    /* 747 */
                NID_inhibit_any_policy  /* 748 */
        };
-        int ex_nid;
+        int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
-        ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
        if (ex_nid == NID_undef) 
                return 0;
-        if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
+        if (OBJ_bsearch_nid(&ex_nid, supported_nids,
-                sizeof(supported_nids)/sizeof(int), sizeof(int),
+                        sizeof(supported_nids)/sizeof(int)))
-                (int (*)(const void *, const void *))nid_cmp))
                return 1;
        return 0;
        }
- 
+static void setup_dp(X509 *x, DIST_POINT *dp)
+        {
+        X509_NAME *iname = NULL;
+        int i;
+        if (dp->reasons)
+                {
+                if (dp->reasons->length > 0)
+                        dp->dp_reasons = dp->reasons->data[0];
+                if (dp->reasons->length > 1)
+                        dp->dp_reasons |= (dp->reasons->data[1] << 8);
+                dp->dp_reasons &= CRLDP_ALL_REASONS;
+                }
+        else
+                dp->dp_reasons = CRLDP_ALL_REASONS;
+        if (!dp->distpoint || (dp->distpoint->type != 1))
+                return;
+        for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++)
+                {
+                GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
+                if (gen->type == GEN_DIRNAME)
+                        {
+                        iname = gen->d.directoryName;
+                        break;
+                        }
+                }
+        if (!iname)
+                iname = X509_get_issuer_name(x);
+        DIST_POINT_set_dpname(dp->distpoint, iname);
+        }
+static void setup_crldp(X509 *x)
+        {
+        int i;
+        x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
+        for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
+                setup_dp(x, sk_DIST_POINT_value(x->crldp, i));
+        }
 static void x509v3_cache_extensions(X509 *x)
 {
@@ -417,16 +460,25 @@ static void x509v3_cache_extensions(X509 *x)
        }
        x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
        x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
+        x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+        x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL);
+        if (!x->nc && (i != -1))
+                x->ex_flags |= EXFLAG_INVALID;
+        setup_crldp(x);
 #ifndef OPENSSL_NO_RFC3779
-        x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
+        x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
-        x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
+        x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
-                                          NULL, NULL);
+                                          NULL, NULL);
 #endif
        for (i = 0; i < X509_get_ext_count(x); i++)
                {
                ex = X509_get_ext(x, i);
                if (!X509_EXTENSION_get_critical(ex))
                        continue;
+                if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
+                                        == NID_freshest_crl)
+                        x->ex_flags |= EXFLAG_FRESHEST;
                if (!X509_supported_extension(ex))
                        {
                        x->ex_flags |= EXFLAG_CRITICAL;
@@ -594,6 +646,41 @@ static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
        return 1;
 }
+static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
+                                        int ca)
+{
+        int i_ext;
+        /* If ca is true we must return if this is a valid CA certificate. */
+        if (ca) return check_ca(x);
+        /* 
+         * Check the optional key usage field:
+         * if Key Usage is present, it must be one of digitalSignature 
+         * and/or nonRepudiation (other values are not consistent and shall
+         * be rejected).
+         */
+        if ((x->ex_flags & EXFLAG_KUSAGE)
+            && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||
+                !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE))))
+                return 0;
+        /* Only time stamp key usage is permitted and it's required. */
+        if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP)
+                return 0;
+        /* Extended Key Usage MUST be critical */
+        i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0);
+        if (i_ext >= 0)
+                {
+                X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext);
+                if (!X509_EXTENSION_get_critical(ext))
+                        return 0;
+                }
+        return 1;
+}
 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
        return 1;
@@ -618,39 +705,14 @@ int X509_check_issued(X509 *issuer, X509 *subject)
                                return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
        x509v3_cache_extensions(issuer);
        x509v3_cache_extensions(subject);
-        if(subject->akid) {
-                /* Check key ids (if present) */
+        if(subject->akid)
-                if(subject->akid->keyid && issuer->skid &&
+                {
-                 ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) )
+                int ret = X509_check_akid(issuer, subject->akid);
-                                return X509_V_ERR_AKID_SKID_MISMATCH;
+                if (ret != X509_V_OK)
-                /* Check serial number */
+                        return ret;
-                if(subject->akid->serial &&
-                        ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
-                                                subject->akid->serial))
-                                return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
-                /* Check issuer name */
-                if(subject->akid->issuer) {
-                        /* Ugh, for some peculiar reason AKID includes
-                         * SEQUENCE OF GeneralName. So look for a DirName.
-                         * There may be more than one but we only take any
-                         * notice of the first.
-                         */
-                        GENERAL_NAMES *gens;
-                        GENERAL_NAME *gen;
-                        X509_NAME *nm = NULL;
-                        int i;
-                        gens = subject->akid->issuer;
-                        for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
-                                gen = sk_GENERAL_NAME_value(gens, i);
-                                if(gen->type == GEN_DIRNAME) {
-                                        nm = gen->d.dirn;
-                                        break;
-                                }
-                        }
-                        if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
-                                return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
                }
-        }
        if(subject->ex_flags & EXFLAG_PROXY)
                {
                if(ku_reject(issuer, KU_DIGITAL_SIGNATURE))
@@ -661,3 +723,45 @@ int X509_check_issued(X509 *issuer, X509 *subject)
        return X509_V_OK;
 }
+int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
+        {
+        if(!akid)
+                return X509_V_OK;
+        /* Check key ids (if present) */
+        if(akid->keyid && issuer->skid &&
+                 ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid) )
+                                return X509_V_ERR_AKID_SKID_MISMATCH;
+        /* Check serial number */
+        if(akid->serial &&
+                ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial))
+                                return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+        /* Check issuer name */
+        if(akid->issuer)
+                {
+                /* Ugh, for some peculiar reason AKID includes
+                 * SEQUENCE OF GeneralName. So look for a DirName.
+                 * There may be more than one but we only take any
+                 * notice of the first.
+                 */
+                GENERAL_NAMES *gens;
+                GENERAL_NAME *gen;
+                X509_NAME *nm = NULL;
+                int i;
+                gens = akid->issuer;
+                for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
+                        {
+                        gen = sk_GENERAL_NAME_value(gens, i);
+                        if(gen->type == GEN_DIRNAME)
+                                {
+                                nm = gen->d.dirn;
+                                break;
+                                }
+                        }
+                if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
+                        return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+                }
+        return X509_V_OK;
+        }
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_utl.c b/src/lib/libssl/src/crypto/x509v3/v3_utl.c
index 7a45216c00..e030234540 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_utl.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_utl.c
@@ -67,9 +67,9 @@
 static char *strip_spaces(char *name);
 static int sk_strcmp(const char * const *a, const char * const *b);
-static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
+static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens);
-static void str_free(void *str);
+static void str_free(OPENSSL_STRING str);
-static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email);
 static int ipv4_from_asc(unsigned char *v4, const char *in);
 static int ipv6_from_asc(unsigned char *v6, const char *in);
@@ -360,10 +360,10 @@ static char *strip_spaces(char *name)
 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
 */
-char *hex_to_string(unsigned char *buffer, long len)
+char *hex_to_string(const unsigned char *buffer, long len)
 {
        char *tmp, *q;
-        unsigned char *p;
+        const unsigned char *p;
        int i;
        const static char hexdig[] = "0123456789ABCDEF";
        if(!buffer || !len) return NULL;
@@ -389,7 +389,7 @@ char *hex_to_string(unsigned char *buffer, long len)
 * a buffer
 */
-unsigned char *string_to_hex(char *str, long *len)
+unsigned char *string_to_hex(const char *str, long *len)
 {
        unsigned char *hexbuf, *q;
        unsigned char ch, cl, *p;
@@ -463,21 +463,23 @@ static int sk_strcmp(const char * const *a, const char * const *b)
        return strcmp(*a, *b);
 }
-STACK *X509_get1_email(X509 *x)
+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x)
 {
        GENERAL_NAMES *gens;
-        STACK *ret;
+        STACK_OF(OPENSSL_STRING) *ret;
        gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
        ret = get_email(X509_get_subject_name(x), gens);
        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
        return ret;
 }
-STACK *X509_get1_ocsp(X509 *x)
+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x)
 {
        AUTHORITY_INFO_ACCESS *info;
-        STACK *ret = NULL;
+        STACK_OF(OPENSSL_STRING) *ret = NULL;
        int i;
        info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
        if (!info)
                return NULL;
@@ -497,11 +499,12 @@ STACK *X509_get1_ocsp(X509 *x)
        return ret;
 }
-STACK *X509_REQ_get1_email(X509_REQ *x)
+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x)
 {
        GENERAL_NAMES *gens;
        STACK_OF(X509_EXTENSION) *exts;
-        STACK *ret;
+        STACK_OF(OPENSSL_STRING) *ret;
        exts = X509_REQ_get_extensions(x);
        gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
        ret = get_email(X509_REQ_get_subject_name(x), gens);
@@ -511,9 +514,9 @@ STACK *X509_REQ_get1_email(X509_REQ *x)
 }
-static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
+static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens)
 {
-        STACK *ret = NULL;
+        STACK_OF(OPENSSL_STRING) *ret = NULL;
        X509_NAME_ENTRY *ne;
        ASN1_IA5STRING *email;
        GENERAL_NAME *gen;
@@ -536,23 +539,23 @@ static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
        return ret;
 }
-static void str_free(void *str)
+static void str_free(OPENSSL_STRING str)
 {
        OPENSSL_free(str);
 }
-static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)
 {
        char *emtmp;
        /* First some sanity checks */
        if(email->type != V_ASN1_IA5STRING) return 1;
        if(!email->data || !email->length) return 1;
-        if(!*sk) *sk = sk_new(sk_strcmp);
+        if(!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp);
        if(!*sk) return 0;
        /* Don't add duplicates */
-        if(sk_find(*sk, (char *)email->data) != -1) return 1;
+        if(sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1;
        emtmp = BUF_strdup((char *)email->data);
-        if(!emtmp || !sk_push(*sk, emtmp)) {
+        if(!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
                X509_email_free(*sk);
                *sk = NULL;
                return 0;
@@ -560,9 +563,9 @@ static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
        return 1;
 }
-void X509_email_free(STACK *sk)
+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk)
 {
-        sk_pop_free(sk, str_free);
+        sk_OPENSSL_STRING_pop_free(sk, str_free);
 }
 /* Convert IP addresses both IPv4 and IPv6 into an 
diff --git a/src/lib/libssl/src/crypto/x509v3/v3err.c b/src/lib/libssl/src/crypto/x509v3/v3err.c
index d538ad8b80..f9f6f1f91f 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3err.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3err.c
@@ -1,6 +1,6 @@
 /* crypto/x509v3/v3err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,6 +70,7 @@
 static ERR_STRING_DATA X509V3_str_functs[]=
        {
+{ERR_FUNC(X509V3_F_A2I_GENERAL_NAME),   "A2I_GENERAL_NAME"},
 {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE),        "ASIDENTIFIERCHOICE_CANONIZE"},
 {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL),    "ASIDENTIFIERCHOICE_IS_CANONICAL"},
 {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
@@ -79,6 +80,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
 {ERR_FUNC(X509V3_F_DO_EXT_NCONF),       "DO_EXT_NCONF"},
 {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS),    "DO_I2V_NAME_CONSTRAINTS"},
+{ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME),       "GNAMES_FROM_SECTNAME"},
 {ERR_FUNC(X509V3_F_HEX_TO_STRING),      "hex_to_string"},
 {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED),        "i2s_ASN1_ENUMERATED"},
 {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
@@ -95,6 +97,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING),      "s2i_ASN1_OCTET_STRING"},
 {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID),   "S2I_ASN1_SKEY_ID"},
 {ERR_FUNC(X509V3_F_S2I_SKEY_ID),        "S2I_SKEY_ID"},
+{ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME),        "SET_DIST_POINT_NAME"},
 {ERR_FUNC(X509V3_F_STRING_TO_HEX),      "string_to_hex"},
 {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC),   "SXNET_add_id_asc"},
 {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER),       "SXNET_add_id_INTEGER"},
@@ -110,6 +113,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE),     "V2I_EXTENDED_KEY_USAGE"},
 {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES),  "v2i_GENERAL_NAMES"},
 {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX),        "v2i_GENERAL_NAME_ex"},
+{ERR_FUNC(X509V3_F_V2I_IDP),    "V2I_IDP"},
 {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS),   "V2I_IPADDRBLOCKS"},
 {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT),     "V2I_ISSUER_ALT"},
 {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS),       "V2I_NAME_CONSTRAINTS"},
@@ -141,6 +145,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR)    ,"bn dec2bn error"},
 {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},
 {ERR_REASON(X509V3_R_DIRNAME_ERROR)      ,"dirname error"},
+{ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET),"distpoint already set"},
 {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID)  ,"duplicate zone id"},
 {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},
 {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},
@@ -154,6 +159,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"},
 {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT)  ,"illegal hex digit"},
 {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
+{ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS),"invalid multiple rdns"},
 {ERR_REASON(X509V3_R_INVALID_ASNUMBER)   ,"invalid asnumber"},
 {ERR_REASON(X509V3_R_INVALID_ASRANGE)    ,"invalid asrange"},
 {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
@@ -187,9 +193,9 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
 {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"},
 {ERR_REASON(X509V3_R_OTHERNAME_ERROR)    ,"othername error"},
-{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},
+{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),"policy language already defined"},
 {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},
+{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),"policy path length already defined"},
 {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
 {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
 {ERR_REASON(X509V3_R_SECTION_NOT_FOUND)  ,"section not found"},
@@ -200,6 +206,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"},
 {ERR_REASON(X509V3_R_UNKNOWN_OPTION)     ,"unknown option"},
 {ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"},
+{ERR_REASON(X509V3_R_UNSUPPORTED_TYPE)   ,"unsupported type"},
 {ERR_REASON(X509V3_R_USER_TOO_LONG)      ,"user too long"},
 {0,NULL}
        };
diff --git a/src/lib/libssl/src/crypto/x509v3/x509v3.h b/src/lib/libssl/src/crypto/x509v3/x509v3.h
index 9ef83da755..b308abe7cd 100644
--- a/src/lib/libssl/src/crypto/x509v3/x509v3.h
+++ b/src/lib/libssl/src/crypto/x509v3/x509v3.h
@@ -76,12 +76,19 @@ typedef void * (*X509V3_EXT_NEW)(void);
 typedef void (*X509V3_EXT_FREE)(void *);
 typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
 typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
-typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
+typedef STACK_OF(CONF_VALUE) *
-typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
+  (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext,
-typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
+                    STACK_OF(CONF_VALUE) *extlist);
-typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
+typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method,
-typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
+                                 struct v3_ext_ctx *ctx,
-typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
+                                 STACK_OF(CONF_VALUE) *values);
+typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext);
+typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method,
+                                 struct v3_ext_ctx *ctx, const char *str);
+typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext,
+                              BIO *out, int indent);
+typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method,
+                                 struct v3_ext_ctx *ctx, const char *str);
 /* V3 extension structure */
@@ -220,24 +227,41 @@ union {
        GENERAL_NAMES *fullname;
        STACK_OF(X509_NAME_ENTRY) *relativename;
 } name;
+/* If relativename then this contains the full distribution point name */
+X509_NAME *dpname;
 } DIST_POINT_NAME;
+/* All existing reasons */
-typedef struct DIST_POINT_st {
+#define CRLDP_ALL_REASONS       0x807f
+#define CRL_REASON_NONE                         -1
+#define CRL_REASON_UNSPECIFIED                  0
+#define CRL_REASON_KEY_COMPROMISE               1
+#define CRL_REASON_CA_COMPROMISE                2
+#define CRL_REASON_AFFILIATION_CHANGED          3
+#define CRL_REASON_SUPERSEDED                   4
+#define CRL_REASON_CESSATION_OF_OPERATION       5
+#define CRL_REASON_CERTIFICATE_HOLD             6
+#define CRL_REASON_REMOVE_FROM_CRL              8
+#define CRL_REASON_PRIVILEGE_WITHDRAWN          9
+#define CRL_REASON_AA_COMPROMISE                10
+struct DIST_POINT_st {
 DIST_POINT_NAME *distpoint;
 ASN1_BIT_STRING *reasons;
 GENERAL_NAMES *CRLissuer;
-} DIST_POINT;
+int dp_reasons;
+};
 typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
 DECLARE_STACK_OF(DIST_POINT)
 DECLARE_ASN1_SET_OF(DIST_POINT)
-typedef struct AUTHORITY_KEYID_st {
+struct AUTHORITY_KEYID_st {
 ASN1_OCTET_STRING *keyid;
 GENERAL_NAMES *issuer;
 ASN1_INTEGER *serial;
-} AUTHORITY_KEYID;
+};
 /* Strong extranet structures */
@@ -303,10 +327,10 @@ typedef struct GENERAL_SUBTREE_st {
 DECLARE_STACK_OF(GENERAL_SUBTREE)
-typedef struct NAME_CONSTRAINTS_st {
+struct NAME_CONSTRAINTS_st {
        STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
        STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
-} NAME_CONSTRAINTS;
+};
 typedef struct POLICY_CONSTRAINTS_st {
        ASN1_INTEGER *requireExplicitPolicy;
@@ -329,6 +353,31 @@ typedef struct PROXY_CERT_INFO_EXTENSION_st
 DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
 DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
+struct ISSUING_DIST_POINT_st
+        {
+        DIST_POINT_NAME *distpoint;
+        int onlyuser;
+        int onlyCA;
+        ASN1_BIT_STRING *onlysomereasons;
+        int indirectCRL;
+        int onlyattr;
+        };
+/* Values in idp_flags field */
+/* IDP present */
+#define IDP_PRESENT     0x1
+/* IDP values inconsistent */
+#define IDP_INVALID     0x2
+/* onlyuser true */
+#define IDP_ONLYUSER    0x4
+/* onlyCA true */
+#define IDP_ONLYCA      0x8
+/* onlyattr true */
+#define IDP_ONLYATTR    0x10
+/* indirectCRL true */
+#define IDP_INDIRECT    0x20
+/* onlysomereasons present */
+#define IDP_REASONS     0x40
 #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
 ",name:", val->name, ",value:", val->value);
@@ -373,6 +422,7 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
 #define EXFLAG_PROXY            0x400
 #define EXFLAG_INVALID_POLICY   0x800
+#define EXFLAG_FRESHEST         0x1000
 #define KU_DIGITAL_SIGNATURE    0x0080
 #define KU_NON_REPUDIATION      0x0040
@@ -424,9 +474,10 @@ typedef struct x509_purpose_st {
 #define X509_PURPOSE_CRL_SIGN           6
 #define X509_PURPOSE_ANY                7
 #define X509_PURPOSE_OCSP_HELPER        8
+#define X509_PURPOSE_TIMESTAMP_SIGN     9
 #define X509_PURPOSE_MIN                1
-#define X509_PURPOSE_MAX                8
+#define X509_PURPOSE_MAX                9
 /* Flags for X509V3_EXT_print() */
@@ -471,6 +522,9 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
 DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
 DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
+GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
+int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
 ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
@@ -486,11 +540,18 @@ DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
                GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 DECLARE_ASN1_FUNCTIONS(OTHERNAME)
 DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
+int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
+void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
+void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype);
+int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
+                                ASN1_OBJECT *oid, ASN1_TYPE *value);
+int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, 
+                                ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
 ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
@@ -507,6 +568,11 @@ DECLARE_ASN1_FUNCTIONS(NOTICEREF)
 DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
 DECLARE_ASN1_FUNCTIONS(DIST_POINT)
 DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
+DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
+int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
+int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
 DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
 DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
@@ -524,11 +590,16 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
 DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
 DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
+GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
+                               const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                               int gen_type, char *value, int is_nc);
 #ifdef HEADER_CONF_H
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                        CONF_VALUE *cnf);
+                               CONF_VALUE *cnf);
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method,
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
-                                X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
+                                  const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
 void X509V3_conf_free(CONF_VALUE *val);
 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
@@ -538,18 +609,23 @@ int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert)
 int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
 int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
+                                    int ext_nid, char *value);
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
+                                char *name, char *value);
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                        char *section, X509 *cert);
+int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            char *section, X509_CRL *crl);
 int X509V3_add_value_bool_nf(char *name, int asn1_bool,
-                                                STACK_OF(CONF_VALUE) **extlist);
+                             STACK_OF(CONF_VALUE) **extlist);
 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
 void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
 #endif
 char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
@@ -576,8 +652,8 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
 int X509V3_EXT_add_alias(int nid_to, int nid_from);
 void X509V3_EXT_cleanup(void);
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
 int X509V3_add_standard_extensions(void);
 STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
 void *X509V3_EXT_d2i(X509_EXTENSION *ext);
@@ -587,8 +663,8 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
 int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
-char *hex_to_string(unsigned char *buffer, long len);
+char *hex_to_string(const unsigned char *buffer, long len);
-unsigned char *string_to_hex(char *str, long *len);
+unsigned char *string_to_hex(const char *str, long *len);
 int name_cmp(const char *name, const char *cmp);
 void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
@@ -603,6 +679,7 @@ int X509_check_purpose(X509 *x, int id, int ca);
 int X509_supported_extension(X509_EXTENSION *ex);
 int X509_PURPOSE_set(int *p, int purpose);
 int X509_check_issued(X509 *issuer, X509 *subject);
+int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
 int X509_PURPOSE_get_count(void);
 X509_PURPOSE * X509_PURPOSE_get0(int idx);
 int X509_PURPOSE_get_by_sname(char *sname);
@@ -616,10 +693,10 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
 void X509_PURPOSE_cleanup(void);
 int X509_PURPOSE_get_id(X509_PURPOSE *);
-STACK *X509_get1_email(X509 *x);
+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
-STACK *X509_REQ_get1_email(X509_REQ *x);
+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
-void X509_email_free(STACK *sk);
+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
-STACK *X509_get1_ocsp(X509 *x);
+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
 ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
@@ -628,6 +705,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
                                                unsigned long chtype);
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
+DECLARE_STACK_OF(X509_POLICY_NODE)
 #ifndef OPENSSL_NO_RFC3779
@@ -787,8 +865,9 @@ void ERR_load_X509V3_strings(void);
 /* Error codes for the X509V3 functions. */
 /* Function codes. */
-#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE             156
+#define X509V3_F_A2I_GENERAL_NAME                        164
-#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL         157
+#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE             161
+#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL         162
 #define X509V3_F_COPY_EMAIL                              122
 #define X509V3_F_COPY_ISSUER                             123
 #define X509V3_F_DO_DIRNAME                              144
@@ -796,6 +875,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_F_DO_EXT_I2D                              135
 #define X509V3_F_DO_EXT_NCONF                            151
 #define X509V3_F_DO_I2V_NAME_CONSTRAINTS                 148
+#define X509V3_F_GNAMES_FROM_SECTNAME                    156
 #define X509V3_F_HEX_TO_STRING                           111
 #define X509V3_F_I2S_ASN1_ENUMERATED                     121
 #define X509V3_F_I2S_ASN1_IA5STRING                      149
@@ -812,13 +892,14 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_F_S2I_ASN1_OCTET_STRING                   112
 #define X509V3_F_S2I_ASN1_SKEY_ID                        114
 #define X509V3_F_S2I_SKEY_ID                             115
+#define X509V3_F_SET_DIST_POINT_NAME                     158
 #define X509V3_F_STRING_TO_HEX                           113
 #define X509V3_F_SXNET_ADD_ID_ASC                        125
 #define X509V3_F_SXNET_ADD_ID_INTEGER                    126
 #define X509V3_F_SXNET_ADD_ID_ULONG                      127
 #define X509V3_F_SXNET_GET_ID_ASC                        128
 #define X509V3_F_SXNET_GET_ID_ULONG                      129
-#define X509V3_F_V2I_ASIDENTIFIERS                       158
+#define X509V3_F_V2I_ASIDENTIFIERS                       163
 #define X509V3_F_V2I_ASN1_BIT_STRING                     101
 #define X509V3_F_V2I_AUTHORITY_INFO_ACCESS               139
 #define X509V3_F_V2I_AUTHORITY_KEYID                     119
@@ -827,6 +908,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_F_V2I_EXTENDED_KEY_USAGE                  103
 #define X509V3_F_V2I_GENERAL_NAMES                       118
 #define X509V3_F_V2I_GENERAL_NAME_EX                     117
+#define X509V3_F_V2I_IDP                                 157
 #define X509V3_F_V2I_IPADDRBLOCKS                        159
 #define X509V3_F_V2I_ISSUER_ALT                          153
 #define X509V3_F_V2I_NAME_CONSTRAINTS                    147
@@ -855,6 +937,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_BN_DEC2BN_ERROR                         100
 #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 #define X509V3_R_DIRNAME_ERROR                           149
+#define X509V3_R_DISTPOINT_ALREADY_SET                   160
 #define X509V3_R_DUPLICATE_ZONE_ID                       133
 #define X509V3_R_ERROR_CONVERTING_ZONE                   131
 #define X509V3_R_ERROR_CREATING_EXTENSION                144
@@ -868,12 +951,13 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_ILLEGAL_EMPTY_EXTENSION                 151
 #define X509V3_R_ILLEGAL_HEX_DIGIT                       113
 #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG             152
-#define X509V3_R_INVALID_ASNUMBER                        160
+#define X509V3_R_INVALID_MULTIPLE_RDNS                   161
-#define X509V3_R_INVALID_ASRANGE                         161
+#define X509V3_R_INVALID_ASNUMBER                        162
+#define X509V3_R_INVALID_ASRANGE                         163
 #define X509V3_R_INVALID_BOOLEAN_STRING                  104
 #define X509V3_R_INVALID_EXTENSION_STRING                105
-#define X509V3_R_INVALID_INHERITANCE                     162
+#define X509V3_R_INVALID_INHERITANCE                     165
-#define X509V3_R_INVALID_IPADDRESS                       163
+#define X509V3_R_INVALID_IPADDRESS                       166
 #define X509V3_R_INVALID_NAME                            106
 #define X509V3_R_INVALID_NULL_ARGUMENT                   107
 #define X509V3_R_INVALID_NULL_NAME                       108
@@ -901,9 +985,9 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_ODD_NUMBER_OF_DIGITS                    112
 #define X509V3_R_OPERATION_NOT_DEFINED                   148
 #define X509V3_R_OTHERNAME_ERROR                         147
-#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED        155
+#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED         155
 #define X509V3_R_POLICY_PATH_LENGTH                      156
-#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED     157
+#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED      157
 #define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED   158
 #define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
 #define X509V3_R_SECTION_NOT_FOUND                       150
@@ -914,6 +998,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 #define X509V3_R_UNKNOWN_OPTION                          120
 #define X509V3_R_UNSUPPORTED_OPTION                      117
+#define X509V3_R_UNSUPPORTED_TYPE                        167
 #define X509V3_R_USER_TOO_LONG                           132
 #ifdef  __cplusplus
diff --git a/src/lib/libssl/src/demos/engines/rsaref/build.com b/src/lib/libssl/src/demos/engines/rsaref/build.com
index b956912916..72b013d45e 100644
--- a/src/lib/libssl/src/demos/engines/rsaref/build.com
+++ b/src/lib/libssl/src/demos/engines/rsaref/build.com
@@ -7,6 +7,14 @@ $	    write sys$error "RSAref 2.0 hasn't been properly extracted."
 $           exit
 $       endif
 $
+$       if (f$getsyi("cpu").lt.128)
+$       then
+$           arch := vax
+$       else
+$           arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$           if (arch .eqs. "") then arch = "UNK"
+$       endif
+$
 $       _save_default = f$environment("default")
 $       set default [.install]
 $       files := desc,digit,md2c,md5c,nn,prime,-
@@ -29,14 +37,8 @@ $	set default [-]
 $       define/user openssl [---.include.openssl]
 $       cc/define=ENGINE_DYNAMIC_SUPPORT rsaref.c
 $
-$       if f$getsyi("CPU") .ge. 128
+$       if arch .eqs. "VAX"
 $       then
-$           link/share=librsaref.exe sys$input:/option
-[]rsaref.obj
-[.install]rsaref.olb/lib
-[---.axp.exe.crypto]libcrypto.olb/lib
-symbol_vector=(bind_engine=procedure,v_check=procedure)
-$       else
 $           macro/object=rsaref_vec.obj sys$input:
 ;
 ; Transfer vector for VAX shareable image
@@ -80,6 +82,24 @@ PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
 []rsaref.obj
 [.install]rsaref.olb/lib
 [---.vax.exe.crypto]libcrypto.olb/lib
+$       else
+$           if arch_name .eqs. "ALPHA"
+$           then
+$               link/share=librsaref.exe sys$input:/option
+[]rsaref.obj
+[.install]rsaref.olb/lib
+[---.alpha.exe.crypto]libcrypto.olb/lib
+symbol_vector=(bind_engine=procedure,v_check=procedure)
+$           else
+$               if arch_name .eqs. "IA64"
+$               then
+$                   link /shareable=librsaref.exe sys$input: /options
+[]rsaref.obj
+[.install]rsaref.olb/lib
+[---.ia64.exe.crypto]libcrypto.olb/lib
+symbol_vector=(bind_engine=procedure,v_check=procedure)
+$               endif
+$           endif
 $       endif
 $
 $       set default '_save_default'
diff --git a/src/lib/libssl/src/demos/pkcs12/pkread.c b/src/lib/libssl/src/demos/pkcs12/pkread.c
index 8e1b686312..fa8f509237 100644
--- a/src/lib/libssl/src/demos/pkcs12/pkread.c
+++ b/src/lib/libssl/src/demos/pkcs12/pkread.c
@@ -20,7 +20,7 @@ int main(int argc, char **argv)
                fprintf(stderr, "Usage: pkread p12file password opfile\n");
                exit (1);
        }
-        SSLeay_add_all_algorithms();
+        OpenSSL_add_all_algorithms();
        ERR_load_crypto_strings();
        if (!(fp = fopen(argv[1], "rb"))) {
                fprintf(stderr, "Error opening file %s\n", argv[1]);
@@ -51,7 +51,7 @@ int main(int argc, char **argv)
                fprintf(fp, "***User Certificate***\n");
                PEM_write_X509_AUX(fp, cert);
        }
-        if (ca && sk_num(ca)) {
+        if (ca && sk_X509_num(ca)) {
                fprintf(fp, "***Other Certificates***\n");
                for (i = 0; i < sk_X509_num(ca); i++) 
                    PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
diff --git a/src/lib/libssl/src/demos/tunala/autoungunk.sh b/src/lib/libssl/src/demos/tunala/autoungunk.sh
index 0c9123b6cf..21790880d7 100644
--- a/src/lib/libssl/src/demos/tunala/autoungunk.sh
+++ b/src/lib/libssl/src/demos/tunala/autoungunk.sh
@@ -15,4 +15,5 @@ fi
 rm -f aclocal.m4 config.* configure install-sh \
        missing mkinstalldirs stamp-h.* Makefile.in \
-        ltconfig ltmain.sh
+        ltconfig ltmain.sh depcomp
+rm -rf autom4te.cache
diff --git a/src/lib/libssl/src/demos/tunala/cb.c b/src/lib/libssl/src/demos/tunala/cb.c
index e64983896e..f6e452ae93 100644
--- a/src/lib/libssl/src/demos/tunala/cb.c
+++ b/src/lib/libssl/src/demos/tunala/cb.c
@@ -134,8 +134,27 @@ RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength)
        /* TODO: Perhaps make it so our global key can be generated on-the-fly
         * after certain intervals? */
        static RSA *rsa_tmp = NULL;
-        if(!rsa_tmp)
+        BIGNUM *bn = NULL;
-                rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
+        int ok = 1;
+        if(!rsa_tmp) {
+                ok = 0;
+                if(!(bn = BN_new()))
+                        goto end;
+                if(!BN_set_word(bn, RSA_F4))
+                        goto end;
+                if(!(rsa_tmp = RSA_new()))
+                        goto end;
+                if(!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
+                        goto end;
+                ok = 1;
+        }
+end:
+        if(bn)
+                BN_free(bn);
+        if(!ok) {
+                RSA_free(rsa_tmp);
+                rsa_tmp = NULL;
+        }
        return rsa_tmp;
 }
diff --git a/src/lib/libssl/src/demos/tunala/tunala.c b/src/lib/libssl/src/demos/tunala/tunala.c
index e918cba2ce..ec49d3e943 100644
--- a/src/lib/libssl/src/demos/tunala/tunala.c
+++ b/src/lib/libssl/src/demos/tunala/tunala.c
@@ -697,9 +697,11 @@ static int ctx_set_dh(SSL_CTX *ctx, const char *dh_file, const char *dh_special)
                        abort();
                fprintf(stderr, "Info, generating DH parameters ... ");
                fflush(stderr);
-                if((dh = DH_generate_parameters(512, DH_GENERATOR_5,
+                if(!(dh = DH_new()) || !DH_generate_parameters_ex(dh, 512,
-                                        NULL, NULL)) == NULL) {
+                                        DH_GENERATOR_5, NULL)) {
                        fprintf(stderr, "error!\n");
+                        if(dh)
+                                DH_free(dh);
                        return 0;
                }
                fprintf(stderr, "complete\n");
@@ -733,7 +735,7 @@ static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
                unsigned int verify_depth)
 {
        SSL_CTX *ctx = NULL, *ret = NULL;
-        SSL_METHOD *meth;
+        const SSL_METHOD *meth;
        ENGINE *e = NULL;
        OpenSSL_add_ssl_algorithms();
diff --git a/src/lib/libssl/src/demos/x509/mkcert.c b/src/lib/libssl/src/demos/x509/mkcert.c
index c5e67b8e28..6a52e5d0fc 100644
--- a/src/lib/libssl/src/demos/x509/mkcert.c
+++ b/src/lib/libssl/src/demos/x509/mkcert.c
@@ -136,7 +136,7 @@ int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
        }
 #endif
        
-        if (!X509_sign(x,pk,EVP_md5()))
+        if (!X509_sign(x,pk,EVP_sha1()))
                goto err;
        *x509p=x;
diff --git a/src/lib/libssl/src/demos/x509/mkreq.c b/src/lib/libssl/src/demos/x509/mkreq.c
index 3dfc65f164..d17e4ade94 100644
--- a/src/lib/libssl/src/demos/x509/mkreq.c
+++ b/src/lib/libssl/src/demos/x509/mkreq.c
@@ -134,7 +134,7 @@ int mkreq(X509_REQ **req, EVP_PKEY **pkeyp, int bits, int serial, int days)
 #endif
        
-        if (!X509_REQ_sign(x,pk,EVP_md5()))
+        if (!X509_REQ_sign(x,pk,EVP_sha1()))
                goto err;
        *req=x;
diff --git a/src/lib/libssl/src/doc/apps/asn1parse.pod b/src/lib/libssl/src/doc/apps/asn1parse.pod
index 542d969066..f7bb926211 100644
--- a/src/lib/libssl/src/doc/apps/asn1parse.pod
+++ b/src/lib/libssl/src/doc/apps/asn1parse.pod
@@ -72,11 +72,11 @@ option can be used multiple times to "drill down" into a nested structure.
 =item B<-genstr string>, B<-genconf file>
 generate encoded data based on B<string>, B<file> or both using
-ASN1_generate_nconf() format. If B<file> only is present then the string
+L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> format. If B<file> only is
-is obtained from the default section using the name B<asn1>. The encoded
+present then the string is obtained from the default section using the name
-data is passed through the ASN1 parser and printed out as though it came
+B<asn1>. The encoded data is passed through the ASN1 parser and printed out as
-from a file, the contents can thus be examined and written to a file
+though it came from a file, the contents can thus be examined and written to a
-using the B<out> option. 
+file using the B<out> option. 
 =back
@@ -168,4 +168,8 @@ Example config file:
 There should be options to change the format of output lines. The output of some
 ASN.1 types is not well handled (if at all).
+=head1 SEE ALSO
+L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)>
 =cut
diff --git a/src/lib/libssl/src/doc/apps/ca.pod b/src/lib/libssl/src/doc/apps/ca.pod
index 5618c2dc9d..9ff0cc3612 100644
--- a/src/lib/libssl/src/doc/apps/ca.pod
+++ b/src/lib/libssl/src/doc/apps/ca.pod
@@ -205,7 +205,9 @@ the section of the configuration file containing certificate extensions
 to be added when a certificate is issued (defaults to B<x509_extensions>
 unless the B<-extfile> option is used). If no extension section is
 present then, a V1 certificate is created. If the extension section
-is present (even if it is empty), then a V3 certificate is created.
+is present (even if it is empty), then a V3 certificate is created. See the:w
+L<x509v3_config(5)|x509v3_config(5)> manual page for details of the
+extension section format.
 =item B<-extfile file>
@@ -215,7 +217,7 @@ used).
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<ca>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
@@ -299,7 +301,9 @@ include. If no CRL extension section is present then a V1 CRL is
 created, if the CRL extension section is present (even if it is
 empty) then a V2 CRL is created. The CRL extensions specified are
 CRL extensions and B<not> CRL entry extensions.  It should be noted
-that some software (for example Netscape) can't handle V2 CRLs. 
+that some software (for example Netscape) can't handle V2 CRLs. See
+L<x509v3_config(5)|x509v3_config(5)> manual page for details of the
+extension section format.
 =back
@@ -666,6 +670,6 @@ then even if a certificate is issued with CA:TRUE it will not be valid.
 =head1 SEE ALSO
 L<req(1)|req(1)>, L<spkac(1)|spkac(1)>, L<x509(1)|x509(1)>, L<CA.pl(1)|CA.pl(1)>,
-L<config(5)|config(5)>
+L<config(5)|config(5)>, L<x509v3_config(5)|x509v3_config(5)> 
 =cut
diff --git a/src/lib/libssl/src/doc/apps/ciphers.pod b/src/lib/libssl/src/doc/apps/ciphers.pod
index 694e433ef3..f44aa00a2f 100644
--- a/src/lib/libssl/src/doc/apps/ciphers.pod
+++ b/src/lib/libssl/src/doc/apps/ciphers.pod
@@ -8,6 +8,7 @@ ciphers - SSL cipher display and cipher list tool.
 B<openssl> B<ciphers>
 [B<-v>]
+[B<-V>]
 [B<-ssl2>]
 [B<-ssl3>]
 [B<-tls1>]
@@ -15,7 +16,7 @@ B<openssl> B<ciphers>
 =head1 DESCRIPTION
-The B<cipherlist> command converts OpenSSL cipher lists into ordered
+The B<ciphers> command converts textual OpenSSL cipher lists into ordered
 SSL cipher preference lists. It can be used as a test tool to determine
 the appropriate cipherlist.
@@ -25,7 +26,7 @@ the appropriate cipherlist.
 =item B<-v>
-verbose option. List ciphers with a complete description of
+Verbose option. List ciphers with a complete description of
 protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
 authentication, encryption and mac algorithms used along with any key size
 restrictions and whether the algorithm is classed as an "export" cipher.
@@ -33,6 +34,10 @@ Note that without the B<-v> option, ciphers may seem to appear twice
 in a cipher list; this is when similar ciphers are available for
 SSL v2 and for SSL v3/TLS v1.
+=item B<-V>
+Like B<-V>, but include cipher suite codes in output (hex format).
 =item B<-ssl3>
 only include SSL v3 ciphers.
@@ -104,8 +109,8 @@ The following is a list of all permitted cipher strings and their meanings.
 =item B<DEFAULT>
-the default cipher list. This is determined at compile time and is normally
+the default cipher list. This is determined at compile time and, as of OpenSSL
-B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string
+1.0.0, is normally B<ALL:!aNULL:!eNULL>. This must be the first cipher string
 specified.
 =item B<COMPLEMENTOFDEFAULT>
@@ -116,7 +121,8 @@ not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
 =item B<ALL>
-all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled.
+all cipher suites except the B<eNULL> ciphers which must be explicitly enabled;
+as of OpenSSL, the B<ALL> cipher suites are reasonably ordered by default
 =item B<COMPLEMENTOFALL>
@@ -245,6 +251,33 @@ cipher suites using MD5.
 cipher suites using SHA1.
+=item B<aGOST> 
+cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction
+(needs an engine supporting GOST algorithms). 
+=item B<aGOST01>
+cipher suites using GOST R 34.10-2001 authentication.
+=item B<aGOST94>
+cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94
+standard has been expired so use GOST R 34.10-2001)
+=item B<kGOST>
+cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
+=item B<GOST94>
+cipher suites, using HMAC based on GOST R 34.11-94.
+=item B<GOST89MAC>
+cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
 =back
 =head1 CIPHER SUITE NAMES
@@ -370,6 +403,16 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
 TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
+=head2 GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0
+Note: these ciphers require an engine which including GOST cryptographic
+algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution.
+ TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
+ TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
+ TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
+ TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
 =head2 Additional Export 1024 and other cipher suites
 Note: these ciphers can also be used in SSL v3.
@@ -428,7 +471,8 @@ L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
 =head1 HISTORY
-The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were
+The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options
-added in version 0.9.7.
+for cipherlist strings were added in OpenSSL 0.9.7.
+The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
 =cut
diff --git a/src/lib/libssl/src/doc/apps/dgst.pod b/src/lib/libssl/src/doc/apps/dgst.pod
index 908cd2a6d6..b035edf08e 100644
--- a/src/lib/libssl/src/doc/apps/dgst.pod
+++ b/src/lib/libssl/src/doc/apps/dgst.pod
@@ -14,6 +14,7 @@ B<openssl> B<dgst>
 [B<-binary>]
 [B<-out filename>]
 [B<-sign filename>]
+[B<-keyform arg>]
 [B<-passin arg>]
 [B<-verify filename>]
 [B<-prverify filename>]
@@ -61,6 +62,23 @@ filename to output to, or standard output by default.
 digitally sign the digest using the private key in "filename".
+=item B<-keyform arg>
+Specifies the key format to sign digest with. Only PEM and ENGINE
+formats are supported by the B<dgst> command.
+=item B<-engine id>
+Use engine B<id> for operations (including private key storage).
+This engine is not used as source for digest algorithms, unless it is
+also specified in the configuration file.
+=item B<-sigopt nm:v>
+Pass options to the signature algorithm during sign or verify operations.
+Names and values of these options are algorithm-specific.
 =item B<-passin arg>
 the private key password source. For more information about the format of B<arg>
@@ -83,6 +101,35 @@ the actual signature to verify.
 create a hashed MAC using "key".
+=item B<-mac alg>
+create MAC (keyed Message Authentication Code). The most popular MAC
+algorithm is HMAC (hash-based MAC), but there are other MAC algorithms
+which are not based on hash, for instance B<gost-mac> algorithm,
+supported by B<ccgost> engine. MAC keys and other options should be set
+via B<-macopt> parameter.
+=item B<-macopt nm:v>
+Passes options to MAC algorithm, specified by B<-mac> key.
+Following options are supported by both by B<HMAC> and B<gost-mac>:
+=over 8
+=item B<key:string>
+        
+Specifies MAC key as alphnumeric string (use if key contain printable
+characters only). String length must conform to any restrictions of
+the MAC algorithm for example exactly 32 chars for gost-mac.
+=item B<hexkey:string>
+Specifies MAC key in hexadecimal form (two hex digits per byte).
+Key length must conform to any restrictions of the MAC algorithm
+for example exactly 32 chars for gost-mac.
+=back
 =item B<-rand file(s)>
 a file or files containing random data used to seed the random number
diff --git a/src/lib/libssl/src/doc/apps/dhparam.pod b/src/lib/libssl/src/doc/apps/dhparam.pod
index c31db95a47..9edb4ff4e1 100644
--- a/src/lib/libssl/src/doc/apps/dhparam.pod
+++ b/src/lib/libssl/src/doc/apps/dhparam.pod
@@ -99,7 +99,7 @@ be loaded by calling the B<get_dh>I<numbits>B<()> function.
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<dhparam>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
diff --git a/src/lib/libssl/src/doc/apps/dsa.pod b/src/lib/libssl/src/doc/apps/dsa.pod
index ed06b8806d..ddbc9327fa 100644
--- a/src/lib/libssl/src/doc/apps/dsa.pod
+++ b/src/lib/libssl/src/doc/apps/dsa.pod
@@ -109,7 +109,7 @@ a public key.
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<dsa>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
diff --git a/src/lib/libssl/src/doc/apps/dsaparam.pod b/src/lib/libssl/src/doc/apps/dsaparam.pod
index b9b1b93b42..ba5ec4d72c 100644
--- a/src/lib/libssl/src/doc/apps/dsaparam.pod
+++ b/src/lib/libssl/src/doc/apps/dsaparam.pod
@@ -85,7 +85,7 @@ the input file (if any) is ignored.
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<dsaparam>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
diff --git a/src/lib/libssl/src/doc/apps/enc.pod b/src/lib/libssl/src/doc/apps/enc.pod
index 4391c93360..3dee4ed992 100644
--- a/src/lib/libssl/src/doc/apps/enc.pod
+++ b/src/lib/libssl/src/doc/apps/enc.pod
@@ -12,17 +12,24 @@ B<openssl enc -ciphername>
 [B<-pass arg>]
 [B<-e>]
 [B<-d>]
-[B<-a>]
+[B<-a/-base64>]
 [B<-A>]
 [B<-k password>]
 [B<-kfile filename>]
 [B<-K key>]
 [B<-iv IV>]
+[B<-S salt>]
+[B<-salt>]
+[B<-nosalt>]
+[B<-z>]
+[B<-md>]
 [B<-p>]
 [B<-P>]
 [B<-bufsize number>]
 [B<-nopad>]
 [B<-debug>]
+[B<-none>]
+[B<-engine id>]
 =head1 DESCRIPTION
@@ -50,15 +57,13 @@ see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
 =item B<-salt>
-use a salt in the key derivation routines. This option should B<ALWAYS>
+use a salt in the key derivation routines. This is the default.
-be used unless compatibility with previous versions of OpenSSL or SSLeay
-is required. This option is only present on OpenSSL versions 0.9.5 or
-above.
 =item B<-nosalt>
-don't use a salt in the key derivation routines. This is the default for
+don't use a salt in the key derivation routines. This option B<SHOULD NOT> be
-compatibility with previous versions of OpenSSL and SSLeay.
+used except for test purposes or compatibility with ancient versions of OpenSSL
+and SSLeay.
 =item B<-e>
@@ -74,6 +79,10 @@ base64 process the data. This means that if encryption is taking place
 the data is base64 encoded after encryption. If decryption is set then
 the input data is base64 decoded before being decrypted.
+=item B<-base64>
+same as B<-a>
 =item B<-A>
 if the B<-a> option is set then base64 process the data on one line.
@@ -89,10 +98,18 @@ read the password to derive the key from the first line of B<filename>.
 This is for compatibility with previous versions of OpenSSL. Superseded by
 the B<-pass> argument.
+=item B<-nosalt>
+do not use a salt 
+=item B<-salt>
+use salt (randomly generated or provide with B<-S> option) when
+encrypting (this is the default).
 =item B<-S salt>
-the actual salt to use: this must be represented as a string comprised only
+the actual salt to use: this must be represented as a string of hex digits.
-of hex digits.
 =item B<-K key>
@@ -131,12 +148,34 @@ disable standard block padding
 debug the BIOs used for I/O.
+=item B<-z>
+Compress or decompress clear text using zlib before encryption or after
+decryption. This option exists only if OpenSSL with compiled with zlib
+or zlib-dynamic option.
+=item B<-none>
+Use NULL cipher (no encryption or decryption of input).
 =back
 =head1 NOTES
 The program can be called either as B<openssl ciphername> or
-B<openssl enc -ciphername>.
+B<openssl enc -ciphername>. But the first form doesn't work with
+engine-provided ciphers, because this form is processed before the
+configuration file is read and any ENGINEs loaded.
+Engines which provide entirely new encryption algorithms (such as ccgost
+engine which provides gost89 algorithm) should be configured in the
+configuration file. Engines, specified in the command line using -engine
+options can only be used for hadrware-assisted implementations of
+ciphers, which are supported by OpenSSL core or other engine, specified
+in the configuration file.
+When enc command lists supported ciphers, ciphers provided by engines,
+specified in the configuration files are listed too.
 A password will be prompted for to derive the key and IV if necessary.
@@ -169,6 +208,14 @@ Blowfish and RC5 algorithms use a 128 bit key.
 =head1 SUPPORTED CIPHERS
+Note that some of these ciphers can be disabled at compile time
+and some are available only if an appropriate engine is configured
+in the configuration file. The output of the B<enc> command run with
+unsupported options (for example B<openssl enc -help>) includes a
+list of ciphers, supported by your versesion of OpenSSL, including
+ones provided by configured engines.
 base64             Base 64
 bf-cbc             Blowfish in CBC mode
@@ -203,6 +250,9 @@ Blowfish and RC5 algorithms use a 128 bit key.
 desx               DESX algorithm.
+ gost89             GOST 28147-89 in CFB mode (provided by ccgost engine)
+ gost89-cnt        `GOST 28147-89 in CNT mode (provided by ccgost engine) 
 idea-cbc           IDEA algorithm in CBC mode
 idea               same as idea-cbc
 idea-cfb           IDEA in CFB mode
diff --git a/src/lib/libssl/src/doc/apps/gendsa.pod b/src/lib/libssl/src/doc/apps/gendsa.pod
index 2c56cc7888..8c7f114ca0 100644
--- a/src/lib/libssl/src/doc/apps/gendsa.pod
+++ b/src/lib/libssl/src/doc/apps/gendsa.pod
@@ -40,7 +40,7 @@ all others.
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<gendsa>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
diff --git a/src/lib/libssl/src/doc/apps/genrsa.pod b/src/lib/libssl/src/doc/apps/genrsa.pod
index 25af4d1475..7dcac2a779 100644
--- a/src/lib/libssl/src/doc/apps/genrsa.pod
+++ b/src/lib/libssl/src/doc/apps/genrsa.pod
@@ -57,7 +57,7 @@ all others.
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<genrsa>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
diff --git a/src/lib/libssl/src/doc/apps/ocsp.pod b/src/lib/libssl/src/doc/apps/ocsp.pod
index b58ddc1788..af2e12e418 100644
--- a/src/lib/libssl/src/doc/apps/ocsp.pod
+++ b/src/lib/libssl/src/doc/apps/ocsp.pod
@@ -51,6 +51,7 @@ B<openssl> B<ocsp>
 [B<-ndays n>]
 [B<-resp_key_id>]
 [B<-nrequest n>]
+[B<-md5|-sha1|...>]
 =head1 DESCRIPTION
@@ -206,6 +207,11 @@ information is immediately available. In this case the age of the B<notBefore> f
 is checked to see it is not older than B<age> seconds old. By default this additional
 check is not performed.
+=item B<-md5|-sha1|-sha256|-ripemod160|...>
+this option sets digest algorithm to use for certificate identification
+in the OCSP request. By default SHA-1 is used. 
 =back
 =head1 OCSP SERVER OPTIONS
diff --git a/src/lib/libssl/src/doc/apps/openssl.pod b/src/lib/libssl/src/doc/apps/openssl.pod
index 964cdf0f02..738142e9ff 100644
--- a/src/lib/libssl/src/doc/apps/openssl.pod
+++ b/src/lib/libssl/src/doc/apps/openssl.pod
@@ -12,7 +12,7 @@ I<command>
 [ I<command_opts> ]
 [ I<command_args> ]
-B<openssl> [ B<list-standard-commands> | B<list-message-digest-commands> | B<list-cipher-commands> ]
+B<openssl> [ B<list-standard-commands> | B<list-message-digest-commands> | B<list-cipher-commands> | B<list-cipher-algorithms> | B<list-message-digest-algorithms> | B<list-public-key-algorithms>]
 B<openssl> B<no->I<XXX> [ I<arbitrary options> ]
@@ -26,12 +26,14 @@ The B<openssl> program is a command line tool for using the various
 cryptography functions of OpenSSL's B<crypto> library from the shell. 
 It can be used for 
- o  Creation of RSA, DH and DSA key parameters
+ o  Creation and management of private keys, public keys and parameters
+ o  Public key cryptographic operations
 o  Creation of X.509 certificates, CSRs and CRLs 
 o  Calculation of Message Digests
 o  Encryption and Decryption with Ciphers
 o  SSL/TLS Client and Server Tests
 o  Handling of S/MIME signed or encrypted mail
+ o  Time Stamp requests, generation and verification
 =head1 COMMAND SUMMARY
@@ -44,6 +46,14 @@ and B<list-cipher-commands> output a list (one entry per line) of the names
 of all standard commands, message digest commands, or cipher commands,
 respectively, that are available in the present B<openssl> utility.
+The pseudo-commands B<list-cipher-algorithms> and
+B<list-message-digest-algorithms> list all cipher and message digest names, one entry per line. Aliases are listed as:
+ from => to
+The pseudo-command B<list-public-key-algorithms> lists all supported public
+key algorithms.
 The pseudo-command B<no->I<XXX> tests whether a command of the
 specified name is available.  If no command named I<XXX> exists, it
 returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1
@@ -71,6 +81,10 @@ Certificate Authority (CA) Management.
 Cipher Suite Description Determination.
+=item L<B<cms>|cms(1)>
+CMS (Cryptographic Message Syntax) utility
 =item L<B<crl>|crl(1)>
 Certificate Revocation List (CRL) Management.
@@ -88,25 +102,40 @@ Message Digest Calculation.
 Diffie-Hellman Parameter Management.
 Obsoleted by L<B<dhparam>|dhparam(1)>.
+=item L<B<dhparam>|dhparam(1)>
+Generation and Management of Diffie-Hellman Parameters. Superseded by 
+L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>
 =item L<B<dsa>|dsa(1)>
 DSA Data Management.
 =item L<B<dsaparam>|dsaparam(1)>
-DSA Parameter Generation.
+DSA Parameter Generation and Management. Superseded by 
+L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>
+=item L<B<ec>|ec(1)>
+EC (Elliptic curve) key processing
+=item L<B<ecparam>|ecparam(1)>
+EC parameter manipulation and generation
 =item L<B<enc>|enc(1)>
 Encoding with Ciphers.
-=item L<B<errstr>|errstr(1)>
+=item L<B<engine>|engine(1)>
-Error Number to Error String Conversion.
+Engine (loadble module) information and manipulation.
-=item L<B<dhparam>|dhparam(1)>
+=item L<B<errstr>|errstr(1)>
-Generation and Management of Diffie-Hellman Parameters.
+Error Number to Error String Conversion.
 =item B<gendh>
@@ -115,11 +144,20 @@ Obsoleted by L<B<dhparam>|dhparam(1)>.
 =item L<B<gendsa>|gendsa(1)>
-Generation of DSA Parameters.
+Generation of DSA Private Key from Parameters. Superseded by 
+L<B<genpkey>|genpkey(1)> and L<B<pkey>|pkey(1)>
+=item L<B<genpkey>|genpkey(1)>
+Generation of Private Key or Parameters.
 =item L<B<genrsa>|genrsa(1)>
-Generation of RSA Parameters.
+Generation of RSA Private Key. Superceded by L<B<genpkey>|genpkey(1)>.
+=item L<B<nseq>|nseq(1)>
+Create or examine a netscape certificate sequence
 =item L<B<ocsp>|ocsp(1)>
@@ -137,21 +175,35 @@ PKCS#12 Data Management.
 PKCS#7 Data Management.
+=item L<B<pkey>|pkey(1)>
+Public and private key management.
+=item L<B<pkeyparam>|pkeyparam(1)>
+Public key algorithm parameter management.
+=item L<B<pkeyutl>|pkeyutl(1)>
+Public key algorithm cryptographic operation utility.
 =item L<B<rand>|rand(1)>
 Generate pseudo-random bytes.
 =item L<B<req>|req(1)>
-X.509 Certificate Signing Request (CSR) Management.
+PKCS#10 X.509 Certificate Signing Request (CSR) Management.
 =item L<B<rsa>|rsa(1)>
-RSA Data Management.
+RSA key management.
 =item L<B<rsautl>|rsautl(1)>
-RSA utility for signing, verification, encryption, and decryption.
+RSA utility for signing, verification, encryption, and decryption. Superseded
+by  L<B<pkeyutl>|pkeyutl(1)>
 =item L<B<s_client>|s_client(1)>
@@ -185,6 +237,14 @@ S/MIME mail processing.
 Algorithm Speed Measurement.
+=item L<B<spkac>|spkac(1)>
+SPKAC printing and generating utility
+=item L<B<ts>|ts(1)>
+Time Stamping Authority tool (client/server)
 =item L<B<verify>|verify(1)>
 X.509 Certificate Verification.
@@ -227,6 +287,8 @@ SHA Digest
 SHA-1 Digest
+=back
 =item B<sha224>
 SHA-224 Digest
@@ -243,8 +305,6 @@ SHA-384 Digest
 SHA-512 Digest
-=back
 =head2 ENCODING AND CIPHER COMMANDS
 =over 10
@@ -339,7 +399,7 @@ read the password from standard input.
 L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>,
 L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkcs7(1)>, L<dgst(1)|dgst(1)>,
 L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
-L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>,
+L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>,
 L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
 L<passwd(1)|passwd(1)>,
 L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
@@ -348,12 +408,13 @@ L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
 L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
 L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
 L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>,
-L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)> 
+L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>, L<x509v3_config(5)|x509v3_config(5)> 
 =head1 HISTORY
 The openssl(1) document appeared in OpenSSL 0.9.2.
 The B<list->I<XXX>B<-commands> pseudo-commands were added in OpenSSL 0.9.3;
+The B<list->I<XXX>B<-algorithms> pseudo-commands were added in OpenSSL 1.0.0;
 the B<no->I<XXX> pseudo-commands were added in OpenSSL 0.9.5a.
 For notes on the availability of other commands, see their individual
 manual pages.
diff --git a/src/lib/libssl/src/doc/apps/pkcs12.pod b/src/lib/libssl/src/doc/apps/pkcs12.pod
index 7d84146293..f69a5c5a4c 100644
--- a/src/lib/libssl/src/doc/apps/pkcs12.pod
+++ b/src/lib/libssl/src/doc/apps/pkcs12.pod
@@ -23,22 +23,23 @@ B<openssl> B<pkcs12>
 [B<-cacerts>]
 [B<-nokeys>]
 [B<-info>]
-[B<-des>]
+[B<-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -camellia128 | -camellia192 | -camellia256 | -nodes>]
-[B<-des3>]
-[B<-idea>]
-[B<-nodes>]
 [B<-noiter>]
-[B<-maciter>]
+[B<-maciter | -nomaciter | -nomac>]
 [B<-twopass>]
 [B<-descert>]
-[B<-certpbe>]
+[B<-certpbe cipher>]
-[B<-keypbe>]
+[B<-keypbe cipher>]
+[B<-macalg digest>]
 [B<-keyex>]
 [B<-keysig>]
 [B<-password arg>]
 [B<-passin arg>]
 [B<-passout arg>]
 [B<-rand file(s)>]
+[B<-CAfile file>]
+[B<-CApath dir>]
+[B<-CSP name>]
 =head1 DESCRIPTION
@@ -49,7 +50,7 @@ programs including Netscape, MSIE and MS Outlook.
 =head1 COMMAND OPTIONS
 There are a lot of options the meaning of some depends of whether a PKCS#12 file
-is being created or parsed. By default a PKCS#12 file is parsed a PKCS#12
+is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12
 file can be created by using the B<-export> option (see below).
 =head1 PARSING OPTIONS
@@ -63,25 +64,25 @@ by default.
 =item B<-out filename>
-The filename to write certificates and private keys to, standard output by default.
+The filename to write certificates and private keys to, standard output by
-They are all written in PEM format.
+default.  They are all written in PEM format.
 =item B<-pass arg>, B<-passin arg>
-the PKCS#12 file (i.e. input file) password source. For more information about the
+the PKCS#12 file (i.e. input file) password source. For more information about
-format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
 L<openssl(1)|openssl(1)>.
 =item B<-passout arg>
-pass phrase source to encrypt any outputed private keys with. For more information
+pass phrase source to encrypt any outputed private keys with. For more
-about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section
-L<openssl(1)|openssl(1)>.
+in L<openssl(1)|openssl(1)>.
 =item B<-noout>
-this option inhibits output of the keys and certificates to the output file version
+this option inhibits output of the keys and certificates to the output file
-of the PKCS#12 file.
+version of the PKCS#12 file.
 =item B<-clcerts>
@@ -116,6 +117,14 @@ use triple DES to encrypt private keys before outputting, this is the default.
 use IDEA to encrypt private keys before outputting.
+=item B<-aes128>, B<-aes192>, B<-aes256>
+use AES to encrypt private keys before outputting.
+=item B<-camellia128>, B<-camellia192>, B<-camellia256>
+use Camellia to encrypt private keys before outputting.
 =item B<-nodes>
 don't encrypt the private keys at all.
@@ -148,10 +157,10 @@ by default.
 =item B<-in filename>
-The filename to read certificates and private keys from, standard input by default.
+The filename to read certificates and private keys from, standard input by
-They must all be in PEM format. The order doesn't matter but one private key and
+default.  They must all be in PEM format. The order doesn't matter but one
-its corresponding certificate should be present. If additional certificates are
+private key and its corresponding certificate should be present. If additional
-present they will also be included in the PKCS#12 file.
+certificates are present they will also be included in the PKCS#12 file.
 =item B<-inkey filename>
@@ -160,8 +169,8 @@ in the input file.
 =item B<-name friendlyname>
-This specifies the "friendly name" for the certificate and private key. This name
+This specifies the "friendly name" for the certificate and private key. This
-is typically displayed in list boxes by software importing the file.
+name is typically displayed in list boxes by software importing the file.
 =item B<-certfile filename>
@@ -201,9 +210,11 @@ key is encrypted using triple DES and the certificate using 40 bit RC2.
 =item B<-keypbe alg>, B<-certpbe alg>
 these options allow the algorithm used to encrypt the private key and
-certificates to be selected. Although any PKCS#5 v1.5 or PKCS#12 algorithms
+certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name
-can be selected it is advisable only to use PKCS#12 algorithms. See the list
+can be used (see B<NOTES> section for more information). If a a cipher name
-in the B<NOTES> section for more information.
+(as output by the B<list-cipher-algorithms> command is specified then it
+is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only
+use PKCS#12 algorithms.
 =item B<-keyex|-keysig>
@@ -216,6 +227,10 @@ S/MIME signing, authenticode (ActiveX control signing)  and SSL client
 authentication, however due to a bug only MSIE 5.0 and later support
 the use of signing only keys for SSL client authentication.
+=item B<-macalg digest>
+specify the MAC digest algorithm. If not included them SHA1 will be used.
 =item B<-nomaciter>, B<-noiter>
 these options affect the iteration counts on the MAC and key algorithms.
@@ -239,6 +254,10 @@ option.
 This option is included for compatibility with previous versions, it used
 to be needed to use MAC iterations counts but they are now used by default.
+=item B<-nomac>
+don't attempt to provide the MAC integrity.
 =item B<-rand file(s)>
 a file or files containing random data used to seed the random number
@@ -247,6 +266,20 @@ Multiple files can be specified separated by a OS-dependent character.
 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
+=item B<-CAfile file>
+CA storage as a file.
+=item B<-CApath dir>
+CA storage as a directory. This directory must be a standard certificate
+directory: that is a hash of each subject name (using B<x509 -hash>) should be
+linked to each certificate.
+=item B<-CSP name>
+write B<name> as a Microsoft CSP name.
 =back
 =head1 NOTES
diff --git a/src/lib/libssl/src/doc/apps/pkcs7.pod b/src/lib/libssl/src/doc/apps/pkcs7.pod
index a0a636328b..acfb8100f0 100644
--- a/src/lib/libssl/src/doc/apps/pkcs7.pod
+++ b/src/lib/libssl/src/doc/apps/pkcs7.pod
@@ -62,7 +62,7 @@ is B<-print_certs> is set).
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<pkcs7>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
diff --git a/src/lib/libssl/src/doc/apps/pkcs8.pod b/src/lib/libssl/src/doc/apps/pkcs8.pod
index 68ecd65b10..84abee78f3 100644
--- a/src/lib/libssl/src/doc/apps/pkcs8.pod
+++ b/src/lib/libssl/src/doc/apps/pkcs8.pod
@@ -125,7 +125,7 @@ list of possible algorithms is included below.
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<pkcs8>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
diff --git a/src/lib/libssl/src/doc/apps/req.pod b/src/lib/libssl/src/doc/apps/req.pod
index 82b565c9d4..ff48bbdf28 100644
--- a/src/lib/libssl/src/doc/apps/req.pod
+++ b/src/lib/libssl/src/doc/apps/req.pod
@@ -22,12 +22,13 @@ B<openssl> B<req>
 [B<-new>]
 [B<-rand file(s)>]
 [B<-newkey rsa:bits>]
-[B<-newkey dsa:file>]
+[B<-newkey alg:file>]
 [B<-nodes>]
 [B<-key filename>]
 [B<-keyform PEM|DER>]
 [B<-keyout filename>]
-[B<-[md5|sha1|md2|mdc2]>]
+[B<-keygen_engine id>]
+[B<-[digest]>]
 [B<-config filename>]
 [B<-subj arg>]
 [B<-multivalue-rdn>]
@@ -35,11 +36,15 @@ B<openssl> B<req>
 [B<-days n>]
 [B<-set_serial n>]
 [B<-asn1-kludge>]
+[B<-no-asn1-kludge>]
 [B<-newhdr>]
 [B<-extensions section>]
 [B<-reqexts section>]
 [B<-utf8>]
 [B<-nameopt>]
+[B<-reqopt>]
+[B<-subject>]
+[B<-subj arg>]
 [B<-batch>]
 [B<-verbose>]
 [B<-engine id>]
@@ -91,6 +96,11 @@ see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
 prints out the certificate request in text form.
+=item B<-subject>
+prints out the request subject (or certificate subject if B<-x509> is
+specified)
 =item B<-pubkey>
 outputs the public key.
@@ -118,6 +128,13 @@ in the configuration file and any requested extensions.
 If the B<-key> option is not used it will generate a new RSA private
 key using information specified in the configuration file.
+=item B<-subj arg>
+Replaces subject field of input request with specified data and outputs
+modified request. The arg must be formatted as
+I</type0=value0/type1=value1/type2=...>,
+characters may be escaped by \ (backslash), no spaces are skipped.
 =item B<-rand file(s)>
 a file or files containing random data used to seed the random number
@@ -129,10 +146,35 @@ all others.
 =item B<-newkey arg>
 this option creates a new certificate request and a new private
-key. The argument takes one of two forms. B<rsa:nbits>, where
+key. The argument takes one of several forms. B<rsa:nbits>, where
 B<nbits> is the number of bits, generates an RSA key B<nbits>
-in size. B<dsa:filename> generates a DSA key using the parameters
+in size. If B<nbits> is omitted, i.e. B<-newkey rsa> specified,
-in the file B<filename>.
+the default key size, specified in the configuration file is used.
+All other algorithms support the B<-newkey alg:file> form, where file may be
+an algorithm parameter file, created by the B<genpkey -genparam> command
+or and X.509 certificate for a key with approriate algorithm.
+B<param:file> generates a key using the parameter file or certificate B<file>,
+the algorithm is determined by the parameters. B<algname:file> use algorithm
+B<algname> and parameter file B<file>: the two algorithms must match or an
+error occurs. B<algname> just uses algorithm B<algname>, and parameters,
+if neccessary should be specified via B<-pkeyopt> parameter.
+B<dsa:filename> generates a DSA key using the parameters
+in the file B<filename>. B<ec:filename> generates EC key (usable both with
+ECDSA or ECDH algorithms), B<gost2001:filename> generates GOST R
+34.10-2001 key (requires B<ccgost> engine configured in the configuration
+file). If just B<gost2001> is specified a parameter set should be
+specified by B<-pkeyopt paramset:X>
+=item B<-pkeyopt opt:value>
+set the public key algorithm option B<opt> to B<value>. The precise set of
+options supported depends on the public key algorithm used and its
+implementation. See B<KEY GENERATION OPTIONS> in the B<genpkey> manual page
+for more details.
 =item B<-key filename>
@@ -155,11 +197,15 @@ configuration file is used.
 if this option is specified then if a private key is created it
 will not be encrypted.
-=item B<-[md5|sha1|md2|mdc2]>
+=item B<-[digest]>
+this specifies the message digest to sign the request with (such as
+B<-md5>, B<-sha1>). This overrides the digest algorithm specified in
+the configuration file.
-this specifies the message digest to sign the request with. This
+Some public key algorithms may override this choice. For instance, DSA
-overrides the digest algorithm specified in the configuration file.
+signatures always use SHA1, GOST R 34.10 signatures always use
-This option is ignored for DSA requests: they always use SHA1.
+GOST R 34.11-94 (B<-md_gost94>).
 =item B<-config filename>
@@ -227,6 +273,15 @@ B<option> argument can be a single option or multiple options separated by
 commas.  Alternatively the B<-nameopt> switch may be used more than once to
 set multiple options. See the L<x509(1)|x509(1)> manual page for details.
+=item B<-reqopt>
+customise the output format used with B<-text>. The B<option> argument can be
+a single option or multiple options separated by commas. 
+See discission of the  B<-certopt> parameter in the L<B<x509>|x509(1)>
+command.
 =item B<-asn1-kludge>
 by default the B<req> command outputs certificate requests containing
@@ -242,6 +297,10 @@ B<SET OF> whereas the correct form does.
 It should be noted that very few CAs still require the use of this option.
+=item B<-no-asn1-kludge>
+Reverses effect of B<-asn1-kludge>
 =item B<-newhdr>
 Adds the word B<NEW> to the PEM file header and footer lines on the outputed
@@ -257,11 +316,16 @@ print extra details about the operations being performed.
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<req>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
+=item B<-keygen_engine id>
+specifies an engine (by its unique B<id> string) which would be used
+for key generation operations.
 =back
 =head1 CONFIGURATION FILE FORMAT
@@ -344,7 +408,9 @@ problems with BMPStrings and UTF8Strings: in particular Netscape.
 this specifies the configuration file section containing a list of
 extensions to add to the certificate request. It can be overridden
-by the B<-reqexts> command line switch.
+by the B<-reqexts> command line switch. See the 
+L<x509v3_config(5)|x509v3_config(5)> manual page for details of the
+extension section format.
 =item B<x509_extensions>
@@ -606,6 +672,7 @@ address in subjectAltName should be input by the user.
 =head1 SEE ALSO
 L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>,
-L<gendsa(1)|gendsa(1)>, L<config(5)|config(5)>
+L<gendsa(1)|gendsa(1)>, L<config(5)|config(5)>,
+L<x509v3_config(5)|x509v3_config(5)> 
 =cut
diff --git a/src/lib/libssl/src/doc/apps/rsa.pod b/src/lib/libssl/src/doc/apps/rsa.pod
index 4d7640995e..69b2bef82c 100644
--- a/src/lib/libssl/src/doc/apps/rsa.pod
+++ b/src/lib/libssl/src/doc/apps/rsa.pod
@@ -120,7 +120,7 @@ the input is a public key.
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<rsa>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
diff --git a/src/lib/libssl/src/doc/apps/s_client.pod b/src/lib/libssl/src/doc/apps/s_client.pod
index c44d357cf7..4ebf7b5854 100644
--- a/src/lib/libssl/src/doc/apps/s_client.pod
+++ b/src/lib/libssl/src/doc/apps/s_client.pod
@@ -101,6 +101,11 @@ also used when building the client certificate chain.
 A file containing trusted certificates to use during server authentication
 and to use when attempting to build the client certificate chain.
+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
+Set various certificate chain valiadition option. See the
+L<B<verify>|verify(1)> manual page for details.
 =item B<-reconnect>
 reconnects to the same server 5 times using the same session ID, this can
@@ -161,6 +166,16 @@ input.
 inhibit printing of session and certificate information.  This implicitly
 turns on B<-ign_eof> as well.
+=item B<-psk_identity identity>
+Use the PSK identity B<identity> when using a PSK cipher suite.
+=item B<-psk key>
+Use the PSK key B<key> when using a PSK cipher suite. The key is
+given as a hexadecimal number without leading 0x, for example -psk
+1a2b3c4d.
 =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
 these options disable the use of certain SSL or TLS protocols. By default
@@ -192,14 +207,11 @@ supported keywords are "smtp", "pop3", "imap", and "ftp".
 =item B<-tlsextdebug>
-print out a hex dump of any TLS extensions received from the server. Note: this
+print out a hex dump of any TLS extensions received from the server.
-option is only available if extension support is explicitly enabled at compile
-time
 =item B<-no_ticket>
-disable RFC4507bis session ticket support. Note: this option is only available
+disable RFC4507bis session ticket support. 
-if extension support is explicitly enabled at compile time
 =item B<-sess_out filename>
@@ -212,7 +224,7 @@ connection from this session.
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<s_client>
+specifying an engine (by its unique B<id> string) will cause B<s_client>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
@@ -274,9 +286,6 @@ Since the SSLv23 client hello cannot include compression methods or extensions
 these will only be supported if its use is disabled, for example by using the
 B<-no_sslv2> option.
-TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly
-enabled at compile time using for example the B<enable-tlsext> switch.
 =head1 BUGS
 Because this program has a lot of options and also because some of
diff --git a/src/lib/libssl/src/doc/apps/s_server.pod b/src/lib/libssl/src/doc/apps/s_server.pod
index fdcc170e28..3e503e17e1 100644
--- a/src/lib/libssl/src/doc/apps/s_server.pod
+++ b/src/lib/libssl/src/doc/apps/s_server.pod
@@ -191,6 +191,16 @@ this option translated a line feed from the terminal into CR+LF.
 inhibit printing of session and certificate information.
+=item B<-psk_hint hint>
+Use the PSK identity hint B<hint> when using a PSK cipher suite.
+=item B<-psk key>
+Use the PSK key B<key> when using a PSK cipher suite. The key is
+given as a hexadecimal number without leading 0x, for example -psk
+1a2b3c4d.
 =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
 these options disable the use of certain SSL or TLS protocols. By default
@@ -246,7 +256,7 @@ are part of the HTTP response line and headers must end with CRLF).
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<s_server>
+specifying an engine (by its unique B<id> string) will cause B<s_server>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
@@ -325,9 +335,6 @@ mean any CA is acceptable. This is useful for debugging purposes.
 The session parameters can printed out using the B<sess_id> program.
-TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly
-enabled at compile time using for example the B<enable-tlsext> switch.
 =head1 BUGS
 Because this program has a lot of options and also because some of
diff --git a/src/lib/libssl/src/doc/apps/smime.pod b/src/lib/libssl/src/doc/apps/smime.pod
index caf2d2689e..42c0733bcb 100644
--- a/src/lib/libssl/src/doc/apps/smime.pod
+++ b/src/lib/libssl/src/doc/apps/smime.pod
@@ -10,19 +10,10 @@ B<openssl> B<smime>
 [B<-encrypt>]
 [B<-decrypt>]
 [B<-sign>]
+[B<-resign>]
 [B<-verify>]
 [B<-pk7out>]
-[B<-des>]
+[B<-[cipher]>]
-[B<-des3>]
-[B<-rc2-40>]
-[B<-rc2-64>]
-[B<-rc2-128>]
-[B<-aes128>]
-[B<-aes192>]
-[B<-aes256>]
-[B<-camellia128>]
-[B<-camellia192>]
-[B<-camellia256>]
 [B<-in file>]
 [B<-certfile file>]
 [B<-signer file>]
@@ -37,7 +28,11 @@ B<openssl> B<smime>
 [B<-from ad>]
 [B<-subject s>]
 [B<-text>]
+[B<-indef>]
+[B<-noindef>]
+[B<-stream>]
 [B<-rand file(s)>]
+[B<-md digest>]
 [cert.pem]...
 =head1 DESCRIPTION
@@ -47,7 +42,7 @@ verify S/MIME messages.
 =head1 COMMAND OPTIONS
-There are five operation options that set the type of operation to be performed.
+There are six operation options that set the type of operation to be performed.
 The meaning of the other options varies according to the operation type.
 =over 4
@@ -78,6 +73,10 @@ the signed data. Both clear text and opaque signing is supported.
 takes an input message and writes out a PEM encoded PKCS#7 structure.
+=item B<-resign>
+resign a message: take an existing message and one or more new signers.
 =item B<-in filename>
 the input message to be encrypted or signed or the MIME message to
@@ -106,6 +105,21 @@ instead. This currently only affects the output format of the PKCS#7
 structure, if no PKCS#7 structure is being output (for example with
 B<-verify> or B<-decrypt>) this option has no effect.
+=item B<-stream -indef -noindef>
+the B<-stream> and B<-indef> options are equivalent and enable streaming I/O
+for encoding operations. This permits single pass processing of data without
+the need to hold the entire contents in memory, potentially supporting very
+large files. Streaming is automatically set for S/MIME signing with detached
+data if the output format is B<SMIME> it is currently off by default for all
+other operations.
+=item B<-noindef>
+disable streaming I/O where it would produce and indefinite length constructed
+encoding. This option currently has no effect. In future streaming will be
+enabled by default on all relevant operations and this option will disable it.
 =item B<-content filename>
 This specifies a file containing the detached content, this is only
@@ -132,11 +146,20 @@ B<-verify>. This directory must be a standard certificate directory: that
 is a hash of each subject name (using B<x509 -hash>) should be linked
 to each certificate.
-=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256>
+=item B<-md digest>
-the encryption algorithm to use. DES (56 bits), triple DES (168 bits),
+digest algorithm to use when signing or resigning. If not present then the
-40, 64 or 128 bit RC2, 128, 192 or 256 bit AES, or 128, 192 or 256 bit Camellia respectively.  If not
+default digest algorithm for the signing key will be used (usually SHA1).
-specified 40 bit RC2 is used. Only used with B<-encrypt>.
+=item B<-[cipher]>
+the encryption algorithm to use. For example DES  (56 bits) - B<-des>,
+triple DES (168 bits) - B<-des3>,
+EVP_get_cipherbyname() function) can also be used preceded by a dash, for 
+example B<-aes_128_cbc>. See L<B<enc>|enc(1)> for list of ciphers
+supported by your version of OpenSSL.
+If not specified 40 bit RC2 is used. Only used with B<-encrypt>.
 =item B<-nointern>
@@ -193,9 +216,10 @@ the signers certificates. The certificates should be in PEM format.
 =item B<-signer file>
-the signers certificate when signing a message. If a message is
+a signing certificate when signing or resigning a message, this option can be
-being verified then the signers certificates will be written to this
+used multiple times if more than one signer is required. If a message is being
-file if the verification was successful.
+verified then the signers certificates will be written to this file if the
+verification was successful.
 =item B<-recip file>
@@ -207,7 +231,8 @@ must match one of the recipients of the message or an error occurs.
 the private key to use when signing or decrypting. This must match the
 corresponding certificate. If this option is not specified then the
 private key must be included in the certificate file specified with
-the B<-recip> or B<-signer> file.
+the B<-recip> or B<-signer> file. When signing this option can be used
+multiple times to specify successive keys.
 =item B<-passin arg>
@@ -234,6 +259,11 @@ portion of a message so they may be included manually. If signing
 then many S/MIME mail clients check the signers certificate's email
 address matches that specified in the From: address.
+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
+Set various options of certificate chain verification. See
+L<B<verify>|verify(1)> manual page for details.
 =back
 =head1 NOTES
@@ -261,6 +291,19 @@ The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME
 clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7
 encrypted data is used for other purposes.
+The B<-resign> option uses an existing message digest when adding a new
+signer. This means that attributes must be present in at least one existing
+signer using the same message digest or this operation will fail.
+The B<-stream> and B<-indef> options enable experimental streaming I/O support.
+As a result the encoding is BER using indefinite length constructed encoding
+and no longer DER. Streaming is supported for the B<-encrypt> operation and the
+B<-sign> operation if the content is not detached.
+Streaming is always used for the B<-sign> operation with detached data but
+since the content is no longer part of the PKCS#7 structure the encoding
+remains DER.
 =head1 EXIT CODES
 =over 4
@@ -300,7 +343,7 @@ Create a cleartext signed message:
 openssl smime -sign -in message.txt -text -out mail.msg \
        -signer mycert.pem
-Create and opaque signed message
+Create an opaque signed message
 openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
        -signer mycert.pem
@@ -311,6 +354,11 @@ read the private key from another file:
 openssl smime -sign -in in.txt -text -out mail.msg \
        -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+Create a signed message with two signers:
+ openssl smime -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem -signer othercert.pem
 Send a signed message under Unix directly to sendmail, including headers:
 openssl smime -sign -in in.txt -text -signer mycert.pem \
@@ -334,8 +382,8 @@ Sign and encrypt mail:
        -from steve@openssl.org -to someone@somewhere \
        -subject "Signed and Encrypted message" -des3 user.pem
-Note: the encryption command does not include the B<-text> option because the message
+Note: the encryption command does not include the B<-text> option because the
-being encrypted already has MIME headers.
+message being encrypted already has MIME headers.
 Decrypt mail:
@@ -361,16 +409,22 @@ Create an encrypted message using 128 bit Camellia:
 openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
+Add a signer to an existing message:
+ openssl smime -resign -in mail.msg -signer newsign.pem -out mail2.msg
 =head1 BUGS
-The MIME parser isn't very clever: it seems to handle most messages that I've thrown
+The MIME parser isn't very clever: it seems to handle most messages that I've
-at it but it may choke on others.
+thrown at it but it may choke on others.
-The code currently will only write out the signer's certificate to a file: if the
+The code currently will only write out the signer's certificate to a file: if
-signer has a separate encryption certificate this must be manually extracted. There
+the signer has a separate encryption certificate this must be manually
-should be some heuristic that determines the correct encryption certificate.
+extracted. There should be some heuristic that determines the correct
+encryption certificate.
-Ideally a database should be maintained of a certificates for each email address.
+Ideally a database should be maintained of a certificates for each email
+address.
 The code doesn't currently take note of the permitted symmetric encryption
 algorithms as supplied in the SMIMECapabilities signed attribute. this means the
@@ -382,4 +436,10 @@ No revocation checking is done on the signer's certificate.
 The current code can only handle S/MIME v2 messages, the more complex S/MIME v3
 structures may cause parsing errors.
+=head1 HISTORY
+The use of multiple B<-signer> options and the B<-resign> command were first
+added in OpenSSL 1.0.0
 =cut
diff --git a/src/lib/libssl/src/doc/apps/speed.pod b/src/lib/libssl/src/doc/apps/speed.pod
index 0dcdba873e..1cd1998d16 100644
--- a/src/lib/libssl/src/doc/apps/speed.pod
+++ b/src/lib/libssl/src/doc/apps/speed.pod
@@ -44,7 +44,7 @@ This command is used to test the performance of cryptographic algorithms.
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<speed>
+specifying an engine (by its unique B<id> string) will cause B<speed>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
diff --git a/src/lib/libssl/src/doc/apps/spkac.pod b/src/lib/libssl/src/doc/apps/spkac.pod
index c3f1ff9c64..97fb80e401 100644
--- a/src/lib/libssl/src/doc/apps/spkac.pod
+++ b/src/lib/libssl/src/doc/apps/spkac.pod
@@ -81,7 +81,7 @@ verifies the digital signature on the supplied SPKAC.
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<spkac>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
diff --git a/src/lib/libssl/src/doc/apps/verify.pod b/src/lib/libssl/src/doc/apps/verify.pod
index ff2629d2cf..336098f1e3 100644
--- a/src/lib/libssl/src/doc/apps/verify.pod
+++ b/src/lib/libssl/src/doc/apps/verify.pod
@@ -10,6 +10,18 @@ B<openssl> B<verify>
 [B<-CApath directory>]
 [B<-CAfile file>]
 [B<-purpose purpose>]
+[B<-policy arg>]
+[B<-ignore_critical>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-policy_check>]
+[B<-explicit_policy>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-x509_strict>]
+[B<-extended_crl>]
+[B<-use_deltas>]
+[B<-policy_print>]
 [B<-untrusted file>]
 [B<-help>]
 [B<-issuer_checks>]
@@ -66,6 +78,68 @@ certificate was rejected. However the presence of rejection messages
 does not itself imply that anything is wrong: during the normal
 verify process several rejections may take place.
+=item B<-policy arg>
+Enable policy processing and add B<arg> to the user-initial-policy-set
+(see RFC3280 et al). The policy B<arg> can be an object name an OID in numeric
+form. This argument can appear more than once.
+=item B<-policy_check>
+Enables certificate policy processing.
+=item B<-explicit_policy>
+Set policy variable require-explicit-policy (see RFC3280 et al).
+=item B<-inhibit_any>
+Set policy variable inhibit-any-policy (see RFC3280 et al).
+=item B<-inhibit_map>
+Set policy variable inhibit-policy-mapping (see RFC3280 et al).
+=item B<-policy_print>
+Print out diagnostics, related to policy checking
+=item B<-crl_check>
+Checks end entity certificate validity by attempting to lookup a valid CRL.
+If a valid CRL cannot be found an error occurs. 
+=item B<-crl_check_all>
+Checks the validity of B<all> certificates in the chain by attempting
+to lookup valid CRLs.
+=item B<-ignore_critical>
+Normally if an unhandled critical extension is present which is not
+supported by OpenSSL the certificate is rejected (as required by
+RFC3280 et al). If this option is set critical extensions are
+ignored.
+=item B<-x509_strict>
+Disable workarounds for broken certificates which have to be disabled
+for strict X.509 compliance.
+=item B<-extended_crl>
+Enable extended CRL features such as indirect CRLs and alternate CRL
+signing keys.
+=item B<-use_deltas>
+Enable support for delta CRLs.
+=item B<-check_ss_sig>
+Verify the signature on the self-signed root CA. This is disabled by default
+because it doesn't add any security.
 =item B<->
 marks the last option. All arguments following this are assumed to be
@@ -166,12 +240,12 @@ the operation was successful.
 =item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
-the issuer certificate could not be found: this occurs if the issuer certificate
+the issuer certificate of a looked up certificate could not be found. This
-of an untrusted certificate cannot be found.
+normally means the list of trusted certificates is not complete.
 =item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
-the CRL of a certificate could not be found. Unused.
+the CRL of a certificate could not be found.
 =item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
@@ -194,7 +268,7 @@ the signature of the certificate is invalid.
 =item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
-the signature of the certificate is invalid. Unused.
+the signature of the certificate is invalid.
 =item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
@@ -206,11 +280,11 @@ the certificate has expired: that is the notAfter date is before the current tim
 =item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
-the CRL is not yet valid. Unused.
+the CRL is not yet valid.
 =item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
-the CRL has expired. Unused.
+the CRL has expired.
 =item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
@@ -222,11 +296,11 @@ the certificate notAfter field contains an invalid time.
 =item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
-the CRL lastUpdate field contains an invalid time. Unused.
+the CRL lastUpdate field contains an invalid time.
 =item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
-the CRL nextUpdate field contains an invalid time. Unused.
+the CRL nextUpdate field contains an invalid time.
 =item B<17 X509_V_ERR_OUT_OF_MEM: out of memory>
@@ -244,8 +318,8 @@ be found locally.
 =item B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
-the issuer certificate of a locally looked up certificate could not be found. This normally means
+the issuer certificate could not be found: this occurs if the issuer
-the list of trusted certificates is not complete.
+certificate of an untrusted certificate cannot be found.
 =item B<21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
@@ -258,7 +332,7 @@ the certificate chain length is greater than the supplied maximum depth. Unused.
 =item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked>
-the certificate has been revoked. Unused.
+the certificate has been revoked.
 =item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate>
@@ -321,6 +395,10 @@ the certificates in the file will be recognised.
 Previous versions of OpenSSL assume certificates with matching subject name are identical and
 mishandled them.
+Previous versions of this documentation swapped the meaning of the
+B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> and
+B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes.
 =head1 SEE ALSO
 L<x509(1)|x509(1)>
diff --git a/src/lib/libssl/src/doc/apps/x509.pod b/src/lib/libssl/src/doc/apps/x509.pod
index f43c175235..3002b08123 100644
--- a/src/lib/libssl/src/doc/apps/x509.pod
+++ b/src/lib/libssl/src/doc/apps/x509.pod
@@ -23,6 +23,7 @@ B<openssl> B<x509>
 [B<-issuer>]
 [B<-nameopt option>]
 [B<-email>]
+[B<-ocsp_uri>]
 [B<-startdate>]
 [B<-enddate>]
 [B<-purpose>]
@@ -103,7 +104,7 @@ then this option has no effect: SHA1 is always used with DSA keys.
 =item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<req>
+specifying an engine (by its unique B<id> string) will cause B<x509>
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
@@ -157,6 +158,16 @@ outputs the "hash" of the certificate issuer name.
 synonym for "-subject_hash" for backward compatibility reasons.
+=item B<-subject_hash_old>
+outputs the "hash" of the certificate subject name using the older algorithm
+as used by OpenSSL versions before 1.0.0.
+=item B<-issuer_hash_old>
+outputs the "hash" of the certificate issuer name using the older algorithm
+as used by OpenSSL versions before 1.0.0.
 =item B<-subject>
 outputs the subject name.
@@ -176,6 +187,10 @@ set multiple options. See the B<NAME OPTIONS> section for more information.
 outputs the email address(es) if any.
+=item B<-ocsp_uri>
+outputs the OCSP responder address(es) if any.
 =item B<-startdate>
 prints out the start date of the certificate, that is the notBefore date.
@@ -376,7 +391,9 @@ no extensions are added to the certificate.
 the section to add certificate extensions from. If this option is not
 specified then the extensions should either be contained in the unnamed
 (default) section or the default section should contain a variable called
-"extensions" which contains the section to use.
+"extensions" which contains the section to use. See the
+L<x509v3_config(5)|x509v3_config(5)> manual page for details of the
+extension section format.
 =back
@@ -823,10 +840,17 @@ OpenSSL 0.9.5 and later.
 =head1 SEE ALSO
 L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>,
-L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)>
+L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)>,
+L<x509v3_config(5)|x509v3_config(5)> 
 =head1 HISTORY
 Before OpenSSL 0.9.8, the default digest for RSA keys was MD5.
+The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options
+before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding
+of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
+canonical version of the DN using SHA1. This means that any directories using
+the old form must have their links rebuilt using B<c_rehash> or similar. 
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod b/src/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod
index 51679bfcd9..9bae40fccf 100644
--- a/src/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod
+++ b/src/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod
@@ -6,6 +6,8 @@ ASN1_OBJECT_new, ASN1_OBJECT_free, - object allocation functions
 =head1 SYNOPSIS
+ #include <openssl/asn1.h>
 ASN1_OBJECT *ASN1_OBJECT_new(void);
 void ASN1_OBJECT_free(ASN1_OBJECT *a);
diff --git a/src/lib/libssl/src/doc/crypto/ASN1_STRING_length.pod b/src/lib/libssl/src/doc/crypto/ASN1_STRING_length.pod
index c4ec693f17..a08e9a0fa4 100644
--- a/src/lib/libssl/src/doc/crypto/ASN1_STRING_length.pod
+++ b/src/lib/libssl/src/doc/crypto/ASN1_STRING_length.pod
@@ -8,6 +8,8 @@ ASN1_STRING utility functions
 =head1 SYNOPSIS
+ #include <openssl/asn1.h>
 int ASN1_STRING_length(ASN1_STRING *x);
 unsigned char * ASN1_STRING_data(ASN1_STRING *x);
diff --git a/src/lib/libssl/src/doc/crypto/ASN1_STRING_new.pod b/src/lib/libssl/src/doc/crypto/ASN1_STRING_new.pod
index 5b1bbb7eb2..8ac2a03ae2 100644
--- a/src/lib/libssl/src/doc/crypto/ASN1_STRING_new.pod
+++ b/src/lib/libssl/src/doc/crypto/ASN1_STRING_new.pod
@@ -7,6 +7,8 @@ ASN1_STRING allocation functions
 =head1 SYNOPSIS
+ #include <openssl/asn1.h>
 ASN1_STRING * ASN1_STRING_new(void);
 ASN1_STRING * ASN1_STRING_type_new(int type);
 void ASN1_STRING_free(ASN1_STRING *a);
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_buffer.pod b/src/lib/libssl/src/doc/crypto/BIO_f_buffer.pod
index c9093c6a57..c0dccf1abe 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_f_buffer.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_buffer.pod
@@ -31,7 +31,7 @@ BIO_get_buffer_num_lines() returns the number of lines currently buffered.
 BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size()
 set the read, write or both read and write buffer sizes to B<size>. The initial
-buffer size is DEFAULT_BUFFER_SIZE, currently 1024. Any attempt to reduce the
+buffer size is DEFAULT_BUFFER_SIZE, currently 4096. Any attempt to reduce the
 buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared
 when the buffer is resized.
@@ -66,4 +66,9 @@ there was an error.
 =head1 SEE ALSO
-TBA
+L<BIO(3)|BIO(3)>,
+L<BIO_reset(3)|BIO_reset(3)>,
+L<BIO_flush(3)|BIO_flush(3)>,
+L<BIO_pop(3)|BIO_pop(3)>,
+L<BIO_ctrl(3)|BIO_ctrl(3)>,
+L<BIO_int_ctrl(3)|BIO_ctrl(3)>
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_md.pod b/src/lib/libssl/src/doc/crypto/BIO_f_md.pod
index 0d24083e6d..2cc41f89d2 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_f_md.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_md.pod
@@ -58,6 +58,12 @@ If an application needs to call BIO_gets() or BIO_puts() through
 a chain containing digest BIOs then this can be done by prepending
 a buffering BIO.
+Before OpenSSL 1.0.0 the call to BIO_get_md_ctx() would only work if the BIO
+had been initialized for example by calling BIO_set_md() ). In OpenSSL
+1.0.0 and later the context is always returned and the BIO is state is set
+to initialized. This allows applications to initialize the context externally
+if the standard calls such as BIO_set_md() are not sufficiently flexible.
 =head1 RETURN VALUES
 BIO_f_md() returns the digest BIO method.
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod b/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod
index f0b731731f..bc5861ab34 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod
@@ -308,6 +308,15 @@ a client and also echoes the request to standard output.
 BIO_free_all(sbio);
+=head1 BUGS
+In OpenSSL versions before 1.0.0 the BIO_pop() call was handled incorrectly,
+the I/O BIO reference count was incorrectly incremented (instead of
+decremented) and dissociated with the SSL BIO even if the SSL BIO was not
+explicitly being popped (e.g. a pop higher up the chain). Applications which
+included workarounds for this bug (e.g. freeing BIOs more than once) should
+be modified to handle this fix or they may free up an already freed BIO.
 =head1 SEE ALSO
 TBA
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_file.pod b/src/lib/libssl/src/doc/crypto/BIO_s_file.pod
index b2a29263f4..188aea347d 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_s_file.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_file.pod
@@ -76,6 +76,10 @@ normally be closed so the BIO_NOCLOSE flag should be set.
 Because the file BIO calls the underlying stdio functions any quirks
 in stdio behaviour will be mirrored by the corresponding BIO.
+On Windows BIO_new_files reserves for the filename argument to be
+UTF-8 encoded. In other words if you have to make it work in multi-
+lingual environment, encode file names in UTF-8.
 =head1 EXAMPLES
 File BIO "hello world":
diff --git a/src/lib/libssl/src/doc/crypto/BIO_s_mem.pod b/src/lib/libssl/src/doc/crypto/BIO_s_mem.pod
index 19648acfae..8f85e0dcee 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_s_mem.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_s_mem.pod
@@ -74,7 +74,7 @@ Writes to memory BIOs will always succeed if memory is available: that is
 their size can grow indefinitely.
 Every read from a read write memory BIO will remove the data just read with
-an internal copy operation, if a BIO contains a lots of data and it is
+an internal copy operation, if a BIO contains a lot of data and it is
 read in small chunks the operation can be very slow. The use of a read only
 memory BIO avoids this problem. If the BIO must be read write then adding
 a buffering BIO to the chain will speed up the process.
diff --git a/src/lib/libssl/src/doc/crypto/BIO_should_retry.pod b/src/lib/libssl/src/doc/crypto/BIO_should_retry.pod
index 539c391272..b6d51f719d 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_should_retry.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_should_retry.pod
@@ -45,7 +45,7 @@ needs to read data.
 BIO_should_io_special() is true if some "special" condition, that is a
 reason other than reading or writing is the cause of the condition.
-BIO_get_retry_reason() returns a mask of the cause of a retry condition
+BIO_retry_type() returns a mask of the cause of a retry condition
 consisting of the values B<BIO_FLAGS_READ>, B<BIO_FLAGS_WRITE>,
 B<BIO_FLAGS_IO_SPECIAL> though current BIO types will only set one of
 these.
diff --git a/src/lib/libssl/src/doc/crypto/CRYPTO_set_ex_data.pod b/src/lib/libssl/src/doc/crypto/CRYPTO_set_ex_data.pod
index 1bd5bed67d..7409c02aac 100644
--- a/src/lib/libssl/src/doc/crypto/CRYPTO_set_ex_data.pod
+++ b/src/lib/libssl/src/doc/crypto/CRYPTO_set_ex_data.pod
@@ -6,6 +6,8 @@ CRYPTO_set_ex_data, CRYPTO_get_ex_data - internal application specific data func
 =head1 SYNOPSIS
+ #include <openssl/crypto.h>
 int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
 void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
diff --git a/src/lib/libssl/src/doc/crypto/DSA_get_ex_new_index.pod b/src/lib/libssl/src/doc/crypto/DSA_get_ex_new_index.pod
index 4612e708ec..fb6efc1182 100644
--- a/src/lib/libssl/src/doc/crypto/DSA_get_ex_new_index.pod
+++ b/src/lib/libssl/src/doc/crypto/DSA_get_ex_new_index.pod
@@ -6,7 +6,7 @@ DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specifi
 =head1 SYNOPSIS
- #include <openssl/DSA.h>
+ #include <openssl/dsa.h>
 int DSA_get_ex_new_index(long argl, void *argp,
                CRYPTO_EX_new *new_func,
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
index 130cd7f60a..5b477ac6ec 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
@@ -64,9 +64,9 @@ EVP digest routines
 The EVP digest routines are a high level interface to message digests.
-EVP_MD_CTX_init() initializes digest contet B<ctx>.
+EVP_MD_CTX_init() initializes digest context B<ctx>.
-EVP_MD_CTX_create() allocates, initializes and returns a digest contet.
+EVP_MD_CTX_create() allocates, initializes and returns a digest context.
 EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
 B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
@@ -102,7 +102,7 @@ the passed context B<ctx> does not have to be initialized, and it always
 uses the default digest implementation.
 EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest
-contet B<ctx> is automatically cleaned up.
+context B<ctx> is automatically cleaned up.
 EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination
 B<out> does not have to be initialized.
@@ -132,7 +132,9 @@ return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 dige
 algorithms respectively. The associated signature algorithm is RSA in each case.
 EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
-algorithms but using DSS (DSA) for the signature algorithm.
+algorithms but using DSS (DSA) for the signature algorithm. Note: there is 
+no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are
+however retained for compatibility.
 EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it
 returns is of zero length.
@@ -228,12 +230,6 @@ digest name passed on the command line.
 printf("\n");
 }
-=head1 BUGS
-The link between digests and signing algorithms results in a situation where
-EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS
-even though they are identical digests.
 =head1 SEE ALSO
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
@@ -253,4 +249,11 @@ EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
 EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
 changed to return truely const EVP_MD * in OpenSSL 0.9.7.
+The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
+later, so now EVP_sha1() can be used with RSA and DSA, there is no need to
+use EVP_dss1() any more.
+OpenSSL 1.0 and later does not include the MD2 digest algorithm in the
+default configuration due to its security weaknesses.
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verifyrecover.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verifyrecover.pod
new file mode 100644
index 0000000000..e2a2a8c6f8
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verifyrecover.pod
@@ -0,0 +1,103 @@
+=pod
+=head1 NAME
+EVP_PKEY_verifyrecover_init, EVP_PKEY_verifyrecover - recover signature using a public key algorithm
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_verifyrecover_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_verifyrecover(EVP_PKEY_CTX *ctx,
+                        unsigned char *rout, size_t *routlen,
+                        const unsigned char *sig, size_t siglen);
+=head1 DESCRIPTION
+The EVP_PKEY_verifyrecover_init() function initializes a public key algorithm
+context using key B<pkey> for a verify recover operation.
+The EVP_PKEY_verifyrecover() function recovers signed data
+using B<ctx>. The signature is specified using the B<sig> and
+B<siglen> parameters. If B<rout> is B<NULL> then the maximum size of the output
+buffer is written to the B<routlen> parameter. If B<rout> is not B<NULL> then
+before the call the B<routlen> parameter should contain the length of the
+B<rout> buffer, if the call is successful recovered data is written to
+B<rout> and the amount of data written to B<routlen>.
+=head1 NOTES
+Normally an application is only interested in whether a signature verification
+operation is successful in those cases the EVP_verify() function should be 
+used.
+Sometimes however it is useful to obtain the data originally signed using a
+signing operation. Only certain public key algorithms can recover a signature
+in this way (for example RSA in PKCS padding mode).
+After the call to EVP_PKEY_verifyrecover_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+The function EVP_PKEY_verifyrecover() can be called more than once on the same
+context if several operations are performed using the same parameters.
+=head1 RETURN VALUES
+EVP_PKEY_verifyrecover_init() and EVP_PKEY_verifyrecover() return 1 for success
+and 0 or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+=head1 EXAMPLE
+Recover digest originally signed using PKCS#1 and SHA256 digest:
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ unsigned char *rout, *sig;
+ size_t routlen, siglen; 
+ EVP_PKEY *verify_key;
+ /* NB: assumes verify_key, sig and siglen are already set up
+  * and that verify_key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(verify_key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_verifyrecover_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+        /* Error */
+ /* Determine buffer length */
+ if (EVP_PKEY_verifyrecover(ctx, rout, &routlen, sig, siglen) <= 0)
+        /* Error */
+ rout = OPENSSL_malloc(routlen);
+ if (!rout)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_verifyrecover(ctx, rout, &routlen, sig, siglen) <= 0)
+        /* Error */
+ /* Recovered data is routlen bytes written to buffer rout */
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
index b6e62ce7f6..620a623ab6 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
@@ -77,6 +77,15 @@ will occur.
 Older versions of this documentation wrongly stated that calls to 
 EVP_SignUpdate() could not be made after calling EVP_SignFinal().
+Since the private key is passed in the call to EVP_SignFinal() any error
+relating to the private key (for example an unsuitable key and digest
+combination) will not be indicated until after potentially large amounts of
+data have been passed through EVP_SignUpdate().
+It is not possible to change the signing parameters using these function.
+The previous two bugs are fixed in the newer EVP_SignDigest*() function.
 =head1 SEE ALSO
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
diff --git a/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod b/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
index b6afaedee5..9097f09410 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
@@ -67,6 +67,15 @@ will occur.
 Older versions of this documentation wrongly stated that calls to 
 EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
+Since the public key is passed in the call to EVP_SignFinal() any error
+relating to the private key (for example an unsuitable key and digest
+combination) will not be indicated until after potentially large amounts of
+data have been passed through EVP_SignUpdate().
+It is not possible to change the signing parameters using these function.
+The previous two bugs are fixed in the newer EVP_VerifyDigest*() function.
 =head1 SEE ALSO
 L<evp(3)|evp(3)>,
diff --git a/src/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod b/src/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod
index 7dcc07923f..1e45dd40f6 100644
--- a/src/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod
+++ b/src/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod
@@ -8,6 +8,8 @@ functions
 =head1 SYNOPSIS
+ #include <openssl/objects.h>
 ASN1_OBJECT * OBJ_nid2obj(int n);
 const char *  OBJ_nid2ln(int n);
 const char *  OBJ_nid2sn(int n);
diff --git a/src/lib/libssl/src/doc/crypto/PKCS12_parse.pod b/src/lib/libssl/src/doc/crypto/PKCS12_parse.pod
index 51344f883a..c54cf2ad61 100644
--- a/src/lib/libssl/src/doc/crypto/PKCS12_parse.pod
+++ b/src/lib/libssl/src/doc/crypto/PKCS12_parse.pod
@@ -20,24 +20,31 @@ certificate to B<*cert> and any additional certificates to B<*ca>.
 =head1 NOTES
-The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL>
+The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL> in
-in which case additional certificates will be discarded. B<*ca> can also
+which case additional certificates will be discarded. B<*ca> can also be a
-be a valid STACK in which case additional certificates are appended to
+valid STACK in which case additional certificates are appended to B<*ca>. If
-B<*ca>. If B<*ca> is B<NULL> a new STACK will be allocated.
+B<*ca> is B<NULL> a new STACK will be allocated.
-The B<friendlyName> and B<localKeyID> attributes (if present) on each certificate
+The B<friendlyName> and B<localKeyID> attributes (if present) on each
-will be stored in the B<alias> and B<keyid> attributes of the B<X509> structure.
+certificate will be stored in the B<alias> and B<keyid> attributes of the
+B<X509> structure.
+=head1 RETURN VALUES
+PKCS12_parse() returns 1 for success and zero if an error occurred.
+The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>
 =head1 BUGS
-Only a single private key and corresponding certificate is returned by this function.
+Only a single private key and corresponding certificate is returned by this
-More complex PKCS#12 files with multiple private keys will only return the first
+function. More complex PKCS#12 files with multiple private keys will only
-match.
+return the first match.
-Only B<friendlyName> and B<localKeyID> attributes are currently stored in certificates.
+Only B<friendlyName> and B<localKeyID> attributes are currently stored in
-Other attributes are discarded.
+certificates. Other attributes are discarded.
-Attributes currently cannot be store in the private key B<EVP_PKEY> structure.
+Attributes currently cannot be stored in the private key B<EVP_PKEY> structure.
 =head1 SEE ALSO
diff --git a/src/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod b/src/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod
index b0ca067b89..325699d0b6 100644
--- a/src/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod
+++ b/src/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod
@@ -6,7 +6,9 @@ PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure
 =head1 SYNOPSIS
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+ #include <openssl/pkcs7.h>
+ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod b/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod
index 1a507b22a2..2cd925a7e0 100644
--- a/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod
+++ b/src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod
@@ -6,7 +6,9 @@ PKCS7_encrypt - create a PKCS#7 envelopedData structure
 =head1 SYNOPSIS
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
+ #include <openssl/pkcs7.h>
+ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
 =head1 DESCRIPTION
@@ -16,43 +18,55 @@ B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
 =head1 NOTES
-Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates
+Only RSA keys are supported in PKCS#7 and envelopedData so the recipient
-supplied to this function must all contain RSA public keys, though they do not have to
+certificates supplied to this function must all contain RSA public keys, though
-be signed using the RSA algorithm.
+they do not have to be signed using the RSA algorithm.
-EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because
+EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
-most clients will support it.
+because most clients will support it.
-Some old "export grade" clients may only support weak encryption using 40 or 64 bit
+Some old "export grade" clients may only support weak encryption using 40 or 64
-RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively.
+bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc()
+respectively.
-The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its
+The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
-parameters. 
+its parameters. 
-Many browsers implement a "sign and encrypt" option which is simply an S/MIME 
+Many browsers implement a "sign and encrypt" option which is simply an S/MIME
 envelopedData containing an S/MIME signed message. This can be readily produced
 by storing the S/MIME signed message in a memory BIO and passing it to
 PKCS7_encrypt().
 The following flags can be passed in the B<flags> parameter.
-If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are
-to the data.
+prepended to the data.
-Normally the supplied content is translated into MIME canonical format (as required
+Normally the supplied content is translated into MIME canonical format (as
-by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
+required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation
-option should be used if the supplied data is in binary format otherwise the translation
+occurs. This option should be used if the supplied data is in binary format
-will corrupt it. If B<PKCS7_BINARY> is set then B<PKCS7_TEXT> is ignored.
+otherwise the translation will corrupt it. If B<PKCS7_BINARY> is set then
+B<PKCS7_TEXT> is ignored.
-=head1 RETURN VALUES
+If the B<PKCS7_STREAM> flag is set a partial B<PKCS7> structure is output
+suitable for streaming I/O: no data is read from the BIO B<in>.
-PKCS7_encrypt() returns either a valid PKCS7 structure or NULL if an error occurred.
+=head1 NOTES
-The error can be obtained from ERR_get_error(3).
-=head1 BUGS
+If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
+complete and outputting its contents via a function that does not
+properly finalize the B<PKCS7> structure will give unpredictable 
+results.
-The lack of single pass processing and need to hold all data in memory as
+Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(),
-mentioned in PKCS7_sign() also applies to PKCS7_verify().
+PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming ASN1 B<BIO> directly using
+BIO_new_PKCS7().
+=head1 RETURN VALUES
+PKCS7_encrypt() returns either a PKCS7 structure or NULL if an error occurred.
+The error can be obtained from ERR_get_error(3).
 =head1 SEE ALSO
@@ -61,5 +75,6 @@ L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
 =head1 HISTORY
 PKCS7_decrypt() was added to OpenSSL 0.9.5
+The B<PKCS7_STREAM> flag was first supported in OpenSSL 1.0.0.
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/PKCS7_sign.pod b/src/lib/libssl/src/doc/crypto/PKCS7_sign.pod
index ffd0c734b0..64a35144f8 100644
--- a/src/lib/libssl/src/doc/crypto/PKCS7_sign.pod
+++ b/src/lib/libssl/src/doc/crypto/PKCS7_sign.pod
@@ -6,14 +6,16 @@ PKCS7_sign - create a PKCS#7 signedData structure
 =head1 SYNOPSIS
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
+ #include <openssl/pkcs7.h>
+ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
 =head1 DESCRIPTION
-PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert>
+PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> is
-is the certificate to sign with, B<pkey> is the corresponsding private key.
+the certificate to sign with, B<pkey> is the corresponsding private key.
-B<certs> is an optional additional set of certificates to include in the
+B<certs> is an optional additional set of certificates to include in the PKCS#7
-PKCS#7 structure (for example any intermediate CAs in the chain). 
+structure (for example any intermediate CAs in the chain). 
 The data to be signed is read from BIO B<data>.
@@ -21,72 +23,83 @@ B<flags> is an optional set of flags.
 =head1 NOTES
-Any of the following flags (ored together) can be passed in the B<flags> parameter.
+Any of the following flags (ored together) can be passed in the B<flags>
+parameter.
 Many S/MIME clients expect the signed content to include valid MIME headers. If
 the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
 to the data.
 If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
-PKCS7 structure, the signer's certificate must still be supplied in the B<signcert>
+PKCS7 structure, the signer's certificate must still be supplied in the
-parameter though. This can reduce the size of the signature if the signers certificate
+B<signcert> parameter though. This can reduce the size of the signature if the
-can be obtained by other means: for example a previously signed message.
+signers certificate can be obtained by other means: for example a previously
+signed message.
-The data being signed is included in the PKCS7 structure, unless B<PKCS7_DETACHED> 
-is set in which case it is omitted. This is used for PKCS7 detached signatures
+The data being signed is included in the PKCS7 structure, unless
-which are used in S/MIME plaintext signed messages for example.
+B<PKCS7_DETACHED> is set in which case it is omitted. This is used for PKCS7
+detached signatures which are used in S/MIME plaintext signed messages for
+example.
+Normally the supplied content is translated into MIME canonical format (as
+required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it.
+The signedData structure includes several PKCS#7 autenticatedAttributes
+including the signing time, the PKCS#7 content type and the supported list of
+ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no
+authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just
+the SMIMECapabilities are omitted.
-Normally the supplied content is translated into MIME canonical format (as required
+If present the SMIMECapabilities attribute indicates support for the following
-by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
+algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of
-option should be used if the supplied data is in binary format otherwise the translation
+these algorithms is disabled then it will not be included.
-will corrupt it.
-The signedData structure includes several PKCS#7 autenticatedAttributes including
+If the flags B<PKCS7_STREAM> is set then the returned B<PKCS7> structure is
-the signing time, the PKCS#7 content type and the supported list of ciphers in
+just initialized ready to perform the signing operation. The signing is however
-an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no authenticatedAttributes
+B<not> performed and the data to be signed is not read from the B<data>
-will be used. If B<PKCS7_NOSMIMECAP> is set then just the SMIMECapabilities are
+parameter. Signing is deferred until after the data has been written. In this
-omitted.
+way data can be signed in a single pass.
-If present the SMIMECapabilities attribute indicates support for the following
+If the B<PKCS7_PARTIAL> flag is set a partial B<PKCS7> structure is output to
-algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any
+which additional signers and capabilities can be added before finalization.
-of these algorithms is disabled then it will not be included.
-If the flags B<PKCS7_PARTSIGN> is set then the returned B<PKCS7> structure
-is just initialized ready to perform the signing operation. The signing
-is however B<not> performed and the data to be signed is not read from
-the B<data> parameter. Signing is deferred until after the data has been
-written. In this way data can be signed in a single pass. Currently the
-flag B<PKCS7_DETACHED> B<must> also be set.
 =head1 NOTES
-Currently the flag B<PKCS7_PARTSIGN> is only supported for detached
+If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
-data. If this flag is set the returned B<PKCS7> structure is B<not>
+complete and outputting its contents via a function that does not properly
-complete and outputting its contents via a function that does not
+finalize the B<PKCS7> structure will give unpredictable results.
-properly finalize the B<PKCS7> structure will give unpredictable 
-results.
-At present only the SMIME_write_PKCS7() function properly finalizes the
+Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(),
-structure.
+PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming ASN1 B<BIO> directly using
+BIO_new_PKCS7().
-=head1 BUGS
+If a signer is specified it will use the default digest for the signing
+algorithm. This is B<SHA1> for both RSA and DSA keys.
+In OpenSSL 1.0.0 the B<certs>, B<signcert> and B<pkey> parameters can all be
+B<NULL> if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added
+using the function B<PKCS7_sign_add_signer()>. B<PKCS7_final()> must also be
+called to finalize the structure if streaming is not enabled. Alternative
+signing digests can also be specified using this method.
-PKCS7_sign() is somewhat limited. It does not support multiple signers, some
+In OpenSSL 1.0.0 if B<signcert> and B<pkey> are NULL then a certificates only
-advanced attributes such as counter signatures are not supported.
+PKCS#7 structure is output.
-The SHA1 digest algorithm is currently always used.
+In versions of OpenSSL before 1.0.0 the B<signcert> and B<pkey> parameters must
+B<NOT> be NULL.
-When the signed data is not detached it will be stored in memory within the
+=head1 BUGS
-B<PKCS7> structure. This effectively limits the size of messages which can be
-signed due to memory restraints. There should be a way to sign data without
-having to hold it all in memory, this would however require fairly major
-revisions of the OpenSSL ASN1 code.
+Some advanced attributes such as counter signatures are not supported.
 =head1 RETURN VALUES
-PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error occurred.
+PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error
-The error can be obtained from ERR_get_error(3).
+occurred.  The error can be obtained from ERR_get_error(3).
 =head1 SEE ALSO
@@ -96,6 +109,8 @@ L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)>
 PKCS7_sign() was added to OpenSSL 0.9.5
-The B<PKCS7_PARTSIGN> flag was added in OpenSSL 0.9.8
+The B<PKCS7_PARTIAL> flag was added in OpenSSL 1.0.0
+The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod b/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod
index 3490b5dc82..7c10a4cc3c 100644
--- a/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod
+++ b/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod
@@ -6,9 +6,11 @@ PKCS7_verify - verify a PKCS#7 signedData structure
 =head1 SYNOPSIS
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+ #include <openssl/pkcs7.h>
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/crypto/SMIME_read_PKCS7.pod b/src/lib/libssl/src/doc/crypto/SMIME_read_PKCS7.pod
index ffafa37887..9d46715941 100644
--- a/src/lib/libssl/src/doc/crypto/SMIME_read_PKCS7.pod
+++ b/src/lib/libssl/src/doc/crypto/SMIME_read_PKCS7.pod
@@ -6,7 +6,9 @@ SMIME_read_PKCS7 - parse S/MIME message.
 =head1 SYNOPSIS
-PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
+ #include <openssl/pkcs7.h>
+ PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/crypto/SMIME_write_PKCS7.pod b/src/lib/libssl/src/doc/crypto/SMIME_write_PKCS7.pod
index 61945b3887..ca6bd02763 100644
--- a/src/lib/libssl/src/doc/crypto/SMIME_write_PKCS7.pod
+++ b/src/lib/libssl/src/doc/crypto/SMIME_write_PKCS7.pod
@@ -6,17 +6,18 @@ SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format.
 =head1 SYNOPSIS
-int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
+ #include <openssl/pkcs7.h>
+ int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
 =head1 DESCRIPTION
 SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7
 structure to produce an S/MIME message.
-B<out> is the BIO to write the data to. B<p7> is the appropriate
+B<out> is the BIO to write the data to. B<p7> is the appropriate B<PKCS7>
-B<PKCS7> structure. If cleartext signing (B<multipart/signed>) is
+structure. If streaming is enabled then the content must be supplied in the
-being used then the signed data must be supplied in the B<data> 
+B<data> argument. B<flags> is an optional set of flags.
-argument. B<flags> is an optional set of flags.
 =head1 NOTES
@@ -30,15 +31,18 @@ If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain>
 are added to the content, this only makes sense if B<PKCS7_DETACHED>
 is also set.
-If the B<PKCS7_PARTSIGN> flag is set the signed data is finalized
+If the B<PKCS7_STREAM> flag is set streaming is performed. This flag should
-and output along with the content. This flag should only be set
+only be set if B<PKCS7_STREAM> was also set in the previous call to
-if B<PKCS7_DETACHED> is also set and the previous call to PKCS7_sign()
+PKCS7_sign() or B<PKCS7_encrypt()>.
-also set these flags.
-If cleartext signing is being used and B<PKCS7_PARTSIGN> not set then
+If cleartext signing is being used and B<PKCS7_STREAM> not set then
 the data must be read twice: once to compute the signature in PKCS7_sign()
 and once to output the S/MIME message.
+If streaming is performed the content is output in BER format using indefinite
+length constructuted encoding except in the case of signed data with detached
+content where the content is absent and DER format is used.
 =head1 BUGS
 SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there
diff --git a/src/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod b/src/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod
index 11b35f6fd3..41902c0d45 100644
--- a/src/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod
@@ -9,15 +9,17 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
 =head1 SYNOPSIS
-ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+ #include <openssl/x509.h>
-ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
+ ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
+ ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
+ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
+ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod b/src/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod
index e2ab4b0d2b..1afd008cb3 100644
--- a/src/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod
@@ -7,15 +7,17 @@ X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
 =head1 SYNOPSIS
-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
+ #include <openssl/x509.h>
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
+ int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
+ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
-int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
+ int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+ int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
+ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod b/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod
index 333323d734..3b1f9ff43b 100644
--- a/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod
@@ -8,14 +8,16 @@ X509_NAME lookup and enumeration functions
 =head1 SYNOPSIS
-int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
+ #include <openssl/x509.h>
-int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
-int X509_NAME_entry_count(X509_NAME *name);
+ int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+ int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
-int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
+ int X509_NAME_entry_count(X509_NAME *name);
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
+ X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
+ int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/crypto/X509_new.pod b/src/lib/libssl/src/doc/crypto/X509_new.pod
index fd5fc65ce1..d38872335f 100644
--- a/src/lib/libssl/src/doc/crypto/X509_new.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_new.pod
@@ -6,6 +6,8 @@ X509_new, X509_free - X509 certificate ASN1 allocation functions
 =head1 SYNOPSIS
+ #include <openssl/x509.h>
 X509 *X509_new(void);
 void X509_free(X509 *a);
diff --git a/src/lib/libssl/src/doc/crypto/bn_internal.pod b/src/lib/libssl/src/doc/crypto/bn_internal.pod
index 891914678c..91840b0f0d 100644
--- a/src/lib/libssl/src/doc/crypto/bn_internal.pod
+++ b/src/lib/libssl/src/doc/crypto/bn_internal.pod
@@ -13,6 +13,8 @@ library internal functions
 =head1 SYNOPSIS
+ #include <openssl/bn.h>
 BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
 BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
   BN_ULONG w);
@@ -70,24 +72,34 @@ applications.
 =head2 The BIGNUM structure
- typedef struct bignum_st
+ typedef struct bignum_st BIGNUM;
+ struct bignum_st
        {
-        int top;      /* number of words used in d */
+        BN_ULONG *d;    /* Pointer to an array of 'BN_BITS2' bit chunks. */
-        BN_ULONG *d;  /* pointer to an array containing the integer value */
+        int top;        /* Index of last used d +1. */
-        int max;      /* size of the d array */
+        /* The next are internal book keeping for bn_expand. */
-        int neg;      /* sign */
+        int dmax;       /* Size of the d array. */
-        } BIGNUM;
+        int neg;        /* one if the number is negative */
+        int flags;
+        };
 The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>),
 least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits
 in size, depending on the 'number of bits' (B<BITS2>) specified in
 C<openssl/bn.h>.
-B<max> is the size of the B<d> array that has been allocated.  B<top>
+B<dmax> is the size of the B<d> array that has been allocated.  B<top>
 is the number of words being used, so for a value of 4, bn.d[0]=4 and
 bn.top=1.  B<neg> is 1 if the number is negative.  When a B<BIGNUM> is
 B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
+B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The 
+flags begin with B<BN_FLG_>. The macros BN_set_flags(b,n) and 
+BN_get_flags(b,n) exist to enable or fetch flag(s) B<n> from B<BIGNUM>
+structure B<b>.
 Various routines in this library require the use of temporary
 B<BIGNUM> variables during their execution.  Since dynamic memory
 allocation to create B<BIGNUM>s is rather expensive when used in
@@ -207,12 +219,12 @@ significant non-zero word plus one when B<a> has shrunk.
 =head2 Debugging
 bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
-E<lt>= (a)-E<gt>max)>.  A violation will cause the program to abort.
+E<lt>= (a)-E<gt>dmax)>.  A violation will cause the program to abort.
 bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
 (in reverse order, i.e. most significant word first) to stderr.
-bn_set_max() makes B<a> a static number with a B<max> of its current size.
+bn_set_max() makes B<a> a static number with a B<dmax> of its current size.
 This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
 B<BIGNUM> that contains the B<n> low or high words of B<a>.
diff --git a/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod b/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod
index 279b29c873..aa6078bcf6 100644
--- a/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod
+++ b/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod
@@ -11,21 +11,21 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
- RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
+ RSA * d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length);
 int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
- RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length);
+ RSA * d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
 int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
- RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
+ RSA * d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length);
 int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
 int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
- RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+ RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/crypto/d2i_X509.pod b/src/lib/libssl/src/doc/crypto/d2i_X509.pod
index 5bfa18afbb..298ec54a4c 100644
--- a/src/lib/libssl/src/doc/crypto/d2i_X509.pod
+++ b/src/lib/libssl/src/doc/crypto/d2i_X509.pod
@@ -15,8 +15,8 @@ i2d_X509_fp - X509 encode and decode functions
 X509 *d2i_X509_bio(BIO *bp, X509 **x);
 X509 *d2i_X509_fp(FILE *fp, X509 **x);
- int i2d_X509_bio(X509 *x, BIO *bp);
+ int i2d_X509_bio(BIO *bp, X509 *x);
- int i2d_X509_fp(X509 *x, FILE *fp);
+ int i2d_X509_fp(FILE *fp, X509 *x);
 =head1 DESCRIPTION
@@ -212,11 +212,11 @@ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
 or B<NULL> if an error occurs. The error code that can be obtained by
 L<ERR_get_error(3)|ERR_get_error(3)>. 
-i2d_X509(), i2d_X509_bio() and i2d_X509_fp() return a the number of bytes
+i2d_X509() returns the number of bytes successfully encoded or a negative
-successfully encoded or a negative value if an error occurs. The error code
+value if an error occurs. The error code can be obtained by
-can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
+L<ERR_get_error(3)|ERR_get_error(3)>. 
-i2d_X509_bio() and i2d_X509_fp() returns 1 for success and 0 if an error 
+i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error 
 occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
 =head1 SEE ALSO
diff --git a/src/lib/libssl/src/doc/crypto/d2i_X509_CRL.pod b/src/lib/libssl/src/doc/crypto/d2i_X509_CRL.pod
index e7295a5d61..224f9e082b 100644
--- a/src/lib/libssl/src/doc/crypto/d2i_X509_CRL.pod
+++ b/src/lib/libssl/src/doc/crypto/d2i_X509_CRL.pod
@@ -15,8 +15,8 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions.
 X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
 X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
- int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp);
+ int i2d_X509_CRL_bio(BIO *bp, X509_CRL *x);
- int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp);
+ int i2d_X509_CRL_fp(FILE *fp, X509_CRL *x);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/crypto/d2i_X509_REQ.pod b/src/lib/libssl/src/doc/crypto/d2i_X509_REQ.pod
index ae32a3891d..91c0c1974b 100644
--- a/src/lib/libssl/src/doc/crypto/d2i_X509_REQ.pod
+++ b/src/lib/libssl/src/doc/crypto/d2i_X509_REQ.pod
@@ -15,8 +15,8 @@ i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions.
 X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);
 X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
- int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp);
+ int i2d_X509_REQ_bio(BIO *bp, X509_REQ *x);
- int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp);
+ int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/crypto/evp.pod b/src/lib/libssl/src/doc/crypto/evp.pod
index b3ca14314f..9faa349243 100644
--- a/src/lib/libssl/src/doc/crypto/evp.pod
+++ b/src/lib/libssl/src/doc/crypto/evp.pod
@@ -22,14 +22,24 @@ digital signatures.
 Symmetric encryption is available with the B<EVP_Encrypt>I<...>
 functions.  The B<EVP_Digest>I<...> functions provide message digests.
+The B<EVP_PKEY>I<...> functions provide a high level interface to
+asymmetric algorithms.
 Algorithms are loaded with OpenSSL_add_all_algorithms(3).
-All the symmetric algorithms (ciphers) and digests can be replaced by ENGINE
+All the symmetric algorithms (ciphers), digests and asymmetric algorithms
-modules providing alternative implementations. If ENGINE implementations of
+(public key algorithms) can be replaced by ENGINE modules providing alternative
-ciphers or digests are registered as defaults, then the various EVP functions
+implementations. If ENGINE implementations of ciphers or digests are registered
-will automatically use those implementations automatically in preference to
+as defaults, then the various EVP functions will automatically use those
-built in software implementations. For more information, consult the engine(3)
+implementations automatically in preference to built in software
-man page.
+implementations. For more information, consult the engine(3) man page.
+Although low level algorithm specific functions exist for many algorithms
+their use is discouraged. They cannot be used with an ENGINE and ENGINE
+versions of new algorithms cannot be accessed using the low level functions.
+Also makes code harder to adapt to new algorithms and some options are not 
+cleanly supported at the low level and some operations are more efficient
+using the high level interface.
 =head1 SEE ALSO
diff --git a/src/lib/libssl/src/doc/crypto/hmac.pod b/src/lib/libssl/src/doc/crypto/hmac.pod
index 0bd79a6d3a..d92138d273 100644
--- a/src/lib/libssl/src/doc/crypto/hmac.pod
+++ b/src/lib/libssl/src/doc/crypto/hmac.pod
@@ -15,12 +15,12 @@ authentication code
 void HMAC_CTX_init(HMAC_CTX *ctx);
- void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+ int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
               const EVP_MD *md);
- void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
+ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
                   const EVP_MD *md, ENGINE *impl);
- void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
- void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 void HMAC_CTX_cleanup(HMAC_CTX *ctx);
 void HMAC_cleanup(HMAC_CTX *ctx);
@@ -41,8 +41,6 @@ If B<md> is NULL, the digest is placed in a static array.  The size of
 the output is placed in B<md_len>, unless it is B<NULL>.
 B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
-B<key> and B<evp_md> may be B<NULL> if a key and hash function have
-been set in a previous call to HMAC_Init() for that B<HMAC_CTX>.
 HMAC_CTX_init() initialises a B<HMAC_CTX> before first use. It must be
 called.
@@ -78,10 +76,13 @@ must have space for the hash function output.
 =head1 RETURN VALUES
-HMAC() returns a pointer to the message authentication code.
+HMAC() returns a pointer to the message authentication code or NULL if
+an error occurred.
-HMAC_CTX_init(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
+HMAC_Init_ex(), HMAC_Update() and HMAC_Final() return 1 for success or 0 if
-HMAC_CTX_cleanup() do not return values.
+an error occurred.
+HMAC_CTX_init() and HMAC_CTX_cleanup() do not return values.
 =head1 CONFORMING TO
@@ -99,4 +100,7 @@ are available since SSLeay 0.9.0.
 HMAC_CTX_init(), HMAC_Init_ex() and HMAC_CTX_cleanup() are available
 since OpenSSL 0.9.7.
+HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
+versions of OpenSSL before 1.0.0.
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/lhash.pod b/src/lib/libssl/src/doc/crypto/lhash.pod
index dcdbb43a8e..73a19b6c7e 100644
--- a/src/lib/libssl/src/doc/crypto/lhash.pod
+++ b/src/lib/libssl/src/doc/crypto/lhash.pod
@@ -8,18 +8,20 @@ lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_e
 #include <openssl/lhash.h>
- LHASH *lh_new(LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE compare);
+ DECLARE_LHASH_OF(<type>);
- void lh_free(LHASH *table);
- void *lh_insert(LHASH *table, void *data);
+ LHASH *lh_<type>_new();
- void *lh_delete(LHASH *table, void *data);
+ void lh_<type>_free(LHASH_OF(<type> *table);
- void *lh_retrieve(LHASH *table, void *data);
- void lh_doall(LHASH *table, LHASH_DOALL_FN_TYPE func);
+ <type> *lh_<type>_insert(LHASH_OF(<type> *table, <type> *data);
- void lh_doall_arg(LHASH *table, LHASH_DOALL_ARG_FN_TYPE func,
+ <type> *lh_<type>_delete(LHASH_OF(<type> *table, <type> *data);
-          void *arg);
+ <type> *lh_retrieve(LHASH_OF<type> *table, <type> *data);
- int lh_error(LHASH *table);
+ void lh_<type>_doall(LHASH_OF(<type> *table, LHASH_DOALL_FN_TYPE func);
+ void lh_<type>_doall_arg(LHASH_OF(<type> *table, LHASH_DOALL_ARG_FN_TYPE func,
+          <type2>, <type2> *arg);
+ int lh_<type>_error(LHASH_OF(<type> *table);
 typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
 typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
@@ -28,113 +30,115 @@ lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_e
 =head1 DESCRIPTION
-This library implements dynamic hash tables. The hash table entries
+This library implements type-checked dynamic hash tables. The hash
-can be arbitrary structures. Usually they consist of key and value
+table entries can be arbitrary structures. Usually they consist of key
-fields.
+and value fields.
-lh_new() creates a new B<LHASH> structure to store arbitrary data
+lh_<type>_new() creates a new B<LHASH_OF(<type>> structure to store
-entries, and provides the 'hash' and 'compare' callbacks to be used in
+arbitrary data entries, and provides the 'hash' and 'compare'
-organising the table's entries.  The B<hash> callback takes a pointer
+callbacks to be used in organising the table's entries.  The B<hash>
-to a table entry as its argument and returns an unsigned long hash
+callback takes a pointer to a table entry as its argument and returns
-value for its key field.  The hash value is normally truncated to a
+an unsigned long hash value for its key field.  The hash value is
-power of 2, so make sure that your hash function returns well mixed
+normally truncated to a power of 2, so make sure that your hash
-low order bits.  The B<compare> callback takes two arguments (pointers
+function returns well mixed low order bits.  The B<compare> callback
-to two hash table entries), and returns 0 if their keys are equal,
+takes two arguments (pointers to two hash table entries), and returns
-non-zero otherwise.  If your hash table will contain items of some
+0 if their keys are equal, non-zero otherwise.  If your hash table
-particular type and the B<hash> and B<compare> callbacks hash/compare
+will contain items of some particular type and the B<hash> and
-these types, then the B<DECLARE_LHASH_HASH_FN> and
+B<compare> callbacks hash/compare these types, then the
-B<IMPLEMENT_LHASH_COMP_FN> macros can be used to create callback
+B<DECLARE_LHASH_HASH_FN> and B<IMPLEMENT_LHASH_COMP_FN> macros can be
-wrappers of the prototypes required by lh_new().  These provide
+used to create callback wrappers of the prototypes required by
-per-variable casts before calling the type-specific callbacks written
+lh_<type>_new().  These provide per-variable casts before calling the
-by the application author.  These macros, as well as those used for
+type-specific callbacks written by the application author.  These
-the "doall" callbacks, are defined as;
+macros, as well as those used for the "doall" callbacks, are defined
+as;
- #define DECLARE_LHASH_HASH_FN(f_name,o_type) \
-         unsigned long f_name##_LHASH_HASH(const void *);
+ #define DECLARE_LHASH_HASH_FN(name, o_type) \
- #define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \
+         unsigned long name##_LHASH_HASH(const void *);
-         unsigned long f_name##_LHASH_HASH(const void *arg) { \
+ #define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
-                 o_type a = (o_type)arg; \
+         unsigned long name##_LHASH_HASH(const void *arg) { \
-                 return f_name(a); }
+                 const o_type *a = arg; \
- #define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
+                 return name##_hash(a); }
+ #define LHASH_HASH_FN(name) name##_LHASH_HASH
- #define DECLARE_LHASH_COMP_FN(f_name,o_type) \
-         int f_name##_LHASH_COMP(const void *, const void *);
+ #define DECLARE_LHASH_COMP_FN(name, o_type) \
- #define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \
+         int name##_LHASH_COMP(const void *, const void *);
-         int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \
+ #define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
-                 o_type a = (o_type)arg1; \
+         int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
-                 o_type b = (o_type)arg2; \
+                 const o_type *a = arg1;                    \
-                 return f_name(a,b); }
+                 const o_type *b = arg2; \
- #define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
+                 return name##_cmp(a,b); }
+ #define LHASH_COMP_FN(name) name##_LHASH_COMP
- #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
-         void f_name##_LHASH_DOALL(const void *);
+ #define DECLARE_LHASH_DOALL_FN(name, o_type) \
- #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
+         void name##_LHASH_DOALL(void *);
-         void f_name##_LHASH_DOALL(const void *arg) { \
+ #define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \
-                 o_type a = (o_type)arg; \
+         void name##_LHASH_DOALL(void *arg) { \
-                 f_name(a); }
+                 o_type *a = arg; \
- #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
+                 name##_doall(a); }
+ #define LHASH_DOALL_FN(name) name##_LHASH_DOALL
- #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
-         void f_name##_LHASH_DOALL_ARG(const void *, const void *);
+ #define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
- #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+         void name##_LHASH_DOALL_ARG(void *, void *);
-         void f_name##_LHASH_DOALL_ARG(const void *arg1, const void *arg2) { \
+ #define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-                 o_type a = (o_type)arg1; \
+         void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
-                 a_type b = (a_type)arg2; \
+                 o_type *a = arg1; \
-                 f_name(a,b); }
+                 a_type *b = arg2; \
- #define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
+                 name##_doall_arg(a, b); }
+ #define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
-An example of a hash table storing (pointers to) structures of type 'STUFF'
-could be defined as follows;
+ An example of a hash table storing (pointers to) structures of type 'STUFF'
+ could be defined as follows;
 /* Calculates the hash value of 'tohash' (implemented elsewhere) */
 unsigned long STUFF_hash(const STUFF *tohash);
 /* Orders 'arg1' and 'arg2' (implemented elsewhere) */
- int STUFF_cmp(const STUFF *arg1, const STUFF *arg2);
+ int stuff_cmp(const STUFF *arg1, const STUFF *arg2);
 /* Create the type-safe wrapper functions for use in the LHASH internals */
- static IMPLEMENT_LHASH_HASH_FN(STUFF_hash, const STUFF *)
+ static IMPLEMENT_LHASH_HASH_FN(stuff, STUFF);
- static IMPLEMENT_LHASH_COMP_FN(STUFF_cmp, const STUFF *);
+ static IMPLEMENT_LHASH_COMP_FN(stuff, STUFF);
 /* ... */
 int main(int argc, char *argv[]) {
         /* Create the new hash table using the hash/compare wrappers */
-         LHASH *hashtable = lh_new(LHASH_HASH_FN(STUFF_hash),
+         LHASH_OF(STUFF) *hashtable = lh_STUFF_new(LHASH_HASH_FN(STUFF_hash),
                                   LHASH_COMP_FN(STUFF_cmp));
         /* ... */
 }
-lh_free() frees the B<LHASH> structure B<table>. Allocated hash table
+lh_<type>_free() frees the B<LHASH_OF(<type>> structure
-entries will not be freed; consider using lh_doall() to deallocate any
+B<table>. Allocated hash table entries will not be freed; consider
-remaining entries in the hash table (see below).
+using lh_<type>_doall() to deallocate any remaining entries in the
+hash table (see below).
-lh_insert() inserts the structure pointed to by B<data> into B<table>.
+lh_<type>_insert() inserts the structure pointed to by B<data> into
-If there already is an entry with the same key, the old value is
+B<table>.  If there already is an entry with the same key, the old
-replaced. Note that lh_insert() stores pointers, the data are not
+value is replaced. Note that lh_<type>_insert() stores pointers, the
-copied.
+data are not copied.
-lh_delete() deletes an entry from B<table>.
+lh_<type>_delete() deletes an entry from B<table>.
-lh_retrieve() looks up an entry in B<table>. Normally, B<data> is
+lh_<type>_retrieve() looks up an entry in B<table>. Normally, B<data>
-a structure with the key field(s) set; the function will return a
+is a structure with the key field(s) set; the function will return a
 pointer to a fully populated structure.
-lh_doall() will, for every entry in the hash table, call B<func> with
+lh_<type>_doall() will, for every entry in the hash table, call
-the data item as its parameter.  For lh_doall() and lh_doall_arg(),
+B<func> with the data item as its parameter.  For lh_<type>_doall()
-function pointer casting should be avoided in the callbacks (see
+and lh_<type>_doall_arg(), function pointer casting should be avoided
-B<NOTE>) - instead, either declare the callbacks to match the
+in the callbacks (see B<NOTE>) - instead use the declare/implement
-prototype required in lh_new() or use the declare/implement macros to
+macros to create type-checked wrappers that cast variables prior to
-create type-safe wrappers that cast variables prior to calling your
+calling your type-specific callbacks.  An example of this is
-type-specific callbacks.  An example of this is illustrated here where
+illustrated here where the callback is used to cleanup resources for
-the callback is used to cleanup resources for items in the hash table
+items in the hash table prior to the hashtable itself being
-prior to the hashtable itself being deallocated:
+deallocated:
 /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */
- void STUFF_cleanup(STUFF *a);
+ void STUFF_cleanup_doall(STUFF *a);
 /* Implement a prototype-compatible wrapper for "STUFF_cleanup" */
- IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF *)
+ IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF)
         /* ... then later in the code ... */
 /* So to run "STUFF_cleanup" against all items in a hash table ... */
- lh_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup));
+ lh_STUFF_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup));
 /* Then the hash table itself can be deallocated */
- lh_free(hashtable);
+ lh_STUFF_free(hashtable);
 When doing this, be careful if you delete entries from the hash table
 in your callbacks: the table may decrease in size, moving the item
@@ -145,51 +149,52 @@ you start (which will stop the hash table ever decreasing in size).
 The best solution is probably to avoid deleting items from the hash
 table inside a "doall" callback!
-lh_doall_arg() is the same as lh_doall() except that B<func> will be
+lh_<type>_doall_arg() is the same as lh_<type>_doall() except that
-called with B<arg> as the second argument and B<func> should be of
+B<func> will be called with B<arg> as the second argument and B<func>
-type B<LHASH_DOALL_ARG_FN_TYPE> (a callback prototype that is passed
+should be of type B<LHASH_DOALL_ARG_FN_TYPE> (a callback prototype
-both the table entry and an extra argument).  As with lh_doall(), you
+that is passed both the table entry and an extra argument).  As with
-can instead choose to declare your callback with a prototype matching
+lh_doall(), you can instead choose to declare your callback with a
-the types you are dealing with and use the declare/implement macros to
+prototype matching the types you are dealing with and use the
-create compatible wrappers that cast variables before calling your
+declare/implement macros to create compatible wrappers that cast
-type-specific callbacks.  An example of this is demonstrated here
+variables before calling your type-specific callbacks.  An example of
-(printing all hash table entries to a BIO that is provided by the
+this is demonstrated here (printing all hash table entries to a BIO
-caller):
+that is provided by the caller):
 /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */
- void STUFF_print(const STUFF *a, BIO *output_bio);
+ void STUFF_print_doall_arg(const STUFF *a, BIO *output_bio);
 /* Implement a prototype-compatible wrapper for "STUFF_print" */
- static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF_print, const STUFF *, BIO *)
+ static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF, const STUFF, BIO)
         /* ... then later in the code ... */
 /* Print out the entire hashtable to a particular BIO */
- lh_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), logging_bio);
+ lh_STUFF_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), BIO,
+                    logging_bio);
 
-lh_error() can be used to determine if an error occurred in the last
+lh_<type>_error() can be used to determine if an error occurred in the last
-operation. lh_error() is a macro.
+operation. lh_<type>_error() is a macro.
 =head1 RETURN VALUES
-lh_new() returns B<NULL> on error, otherwise a pointer to the new
+lh_<type>_new() returns B<NULL> on error, otherwise a pointer to the new
 B<LHASH> structure.
-When a hash table entry is replaced, lh_insert() returns the value
+When a hash table entry is replaced, lh_<type>_insert() returns the value
 being replaced. B<NULL> is returned on normal operation and on error.
-lh_delete() returns the entry being deleted.  B<NULL> is returned if
+lh_<type>_delete() returns the entry being deleted.  B<NULL> is returned if
 there is no such value in the hash table.
-lh_retrieve() returns the hash table entry if it has been found,
+lh_<type>_retrieve() returns the hash table entry if it has been found,
 B<NULL> otherwise.
-lh_error() returns 1 if an error occurred in the last operation, 0
+lh_<type>_error() returns 1 if an error occurred in the last operation, 0
 otherwise.
-lh_free(), lh_doall() and lh_doall_arg() return no values.
+lh_<type>_free(), lh_<type>_doall() and lh_<type>_doall_arg() return no values.
 =head1 NOTE
 The various LHASH macros and callback types exist to make it possible
-to write type-safe code without resorting to function-prototype
+to write type-checked code without resorting to function-prototype
 casting - an evil that makes application code much harder to
 audit/verify and also opens the window of opportunity for stack
 corruption and other hard-to-find bugs.  It also, apparently, violates
@@ -227,7 +232,7 @@ without any "const" qualifiers.
 =head1 BUGS
-lh_insert() returns B<NULL> both for success and error.
+lh_<type>_insert() returns B<NULL> both for success and error.
 =head1 INTERNALS
@@ -272,8 +277,8 @@ lh_strhash() is a demo string hashing function:
 unsigned long lh_strhash(const char *c);
 Since the B<LHASH> routines would normally be passed structures, this
-routine would not normally be passed to lh_new(), rather it would be
+routine would not normally be passed to lh_<type>_new(), rather it would be
-used in the function passed to lh_new().
+used in the function passed to lh_<type>_new().
 =head1 SEE ALSO
@@ -291,4 +296,7 @@ were changed for better type safety, and the function types LHASH_COMP_FN_TYPE,
 LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE and LHASH_DOALL_ARG_FN_TYPE 
 became available.
+In OpenSSL 1.0.0, the lhash interface was revamped for even better
+type checking.
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/pem.pod b/src/lib/libssl/src/doc/crypto/pem.pod
index 4f9a27df0c..d5b1896119 100644
--- a/src/lib/libssl/src/doc/crypto/pem.pod
+++ b/src/lib/libssl/src/doc/crypto/pem.pod
@@ -2,7 +2,7 @@
 =head1 NAME
-PEM - PEM routines
+PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines
 =head1 SYNOPSIS
diff --git a/src/lib/libssl/src/doc/crypto/threads.pod b/src/lib/libssl/src/doc/crypto/threads.pod
index 3df4ecd776..dc0e9391dc 100644
--- a/src/lib/libssl/src/doc/crypto/threads.pod
+++ b/src/lib/libssl/src/doc/crypto/threads.pod
@@ -2,7 +2,9 @@
 =head1 NAME
-CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
+CRYPTO_THREADID_set_callback, CRYPTO_THREADID_get_callback,
+CRYPTO_THREADID_current, CRYPTO_THREADID_cmp, CRYPTO_THREADID_cpy,
+CRYPTO_THREADID_hash, CRYPTO_set_locking_callback, CRYPTO_num_locks,
 CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback,
 CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid,
 CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
@@ -11,14 +13,26 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
 #include <openssl/crypto.h>
- void CRYPTO_set_locking_callback(void (*locking_function)(int mode,
+ /* Don't use this structure directly. */
-        int n, const char *file, int line));
+ typedef struct crypto_threadid_st
+         {
- void CRYPTO_set_id_callback(unsigned long (*id_function)(void));
+         void *ptr;
+         unsigned long val;
+         } CRYPTO_THREADID;
+ /* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
+ void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val);
+ void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr);
+ int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *));
+ void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *);
+ void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
+ int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a,
+                         const CRYPTO_THREADID *b);
+ void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest,
+                          const CRYPTO_THREADID *src);
+ unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
 int CRYPTO_num_locks(void);
 /* struct CRYPTO_dynlock_value needs to be defined by the user */
 struct CRYPTO_dynlock_value;
@@ -50,7 +64,8 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
 =head1 DESCRIPTION
 OpenSSL can safely be used in multi-threaded applications provided
-that at least two callback functions are set.
+that at least two callback functions are set, locking_function and
+threadid_func.
 locking_function(int mode, int n, const char *file, int line) is
 needed to perform locking on shared data structures. 
@@ -65,10 +80,42 @@ B<CRYPTO_LOCK>, and releases it otherwise.
 B<file> and B<line> are the file number of the function setting the
 lock. They can be useful for debugging.
-id_function(void) is a function that returns a thread ID, for example
+threadid_func(CRYPTO_THREADID *id) is needed to record the currently-executing
-pthread_self() if it returns an integer (see NOTES below).  It isn't
+thread's identifier into B<id>. The implementation of this callback should not
-needed on Windows nor on platforms where getpid() returns a different
+fill in B<id> directly, but should use CRYPTO_THREADID_set_numeric() if thread
-ID for each thread (see NOTES below).
+IDs are numeric, or CRYPTO_THREADID_set_pointer() if they are pointer-based.
+If the application does not register such a callback using
+CRYPTO_THREADID_set_callback(), then a default implementation is used - on
+Windows and BeOS this uses the system's default thread identifying APIs, and on
+all other platforms it uses the address of B<errno>. The latter is satisfactory
+for thread-safety if and only if the platform has a thread-local error number
+facility.
+Once threadid_func() is registered, or if the built-in default implementation is
+to be used;
+=over 4
+=item *
+CRYPTO_THREADID_current() records the currently-executing thread ID into the
+given B<id> object.
+=item *
+CRYPTO_THREADID_cmp() compares two thread IDs (returning zero for equality, ie.
+the same semantics as memcmp()).
+=item *
+CRYPTO_THREADID_cpy() duplicates a thread ID value,
+=item *
+CRYPTO_THREADID_hash() returns a numeric value usable as a hash-table key. This
+is usually the exact numeric or pointer-based thread ID used internally, however
+this also handles the unusual case where pointers are larger than 'long'
+variables and the platform's thread IDs are pointer-based - in this case, mixing
+is done to attempt to produce a unique numeric value even though it is not as
+wide as the platform's true thread IDs.
+=back
 Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
 of OpenSSL need it for better performance.  To enable this, the following
@@ -140,22 +187,6 @@ You can find out if OpenSSL was configured with thread support:
 Also, dynamic locks are currently not used internally by OpenSSL, but
 may do so in the future.
-Defining id_function(void) has it's own issues.  Generally speaking,
-pthread_self() should be used, even on platforms where getpid() gives
-different answers in each thread, since that may depend on the machine
-the program is run on, not the machine where the program is being
-compiled.  For instance, Red Hat 8 Linux and earlier used
-LinuxThreads, whose getpid() returns a different value for each
-thread.  Red Hat 9 Linux and later use NPTL, which is
-Posix-conformant, and has a getpid() that returns the same value for
-all threads in a process.  A program compiled on Red Hat 8 and run on
-Red Hat 9 will therefore see getpid() returning the same value for
-all threads.
-There is still the issue of platforms where pthread_self() returns
-something other than an integer.  This is a bit unusual, and this
-manual has no cookbook solution for that case.
 =head1 EXAMPLES
 B<crypto/threads/mttest.c> shows examples of the callback functions on
@@ -163,10 +194,14 @@ Solaris, Irix and Win32.
 =head1 HISTORY
-CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are
+CRYPTO_set_locking_callback() is
 available in all versions of SSLeay and OpenSSL.
 CRYPTO_num_locks() was added in OpenSSL 0.9.4.
 All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev.
+B<CRYPTO_THREADID> and associated functions were introduced in OpenSSL 1.0.0
+to replace (actually, deprecate) the previous CRYPTO_set_id_callback(),
+CRYPTO_get_id_callback(), and CRYPTO_thread_id() functions which assumed
+thread IDs to always be represented by 'unsigned long'.
 =head1 SEE ALSO
diff --git a/src/lib/libssl/src/doc/crypto/ui_compat.pod b/src/lib/libssl/src/doc/crypto/ui_compat.pod
index 9ab3c69bf2..adf2ae5e53 100644
--- a/src/lib/libssl/src/doc/crypto/ui_compat.pod
+++ b/src/lib/libssl/src/doc/crypto/ui_compat.pod
@@ -7,6 +7,8 @@ Compatibility user interface functions
 =head1 SYNOPSIS
+ #include <openssl/des_old.h>
 int des_read_password(DES_cblock *key,const char *prompt,int verify);
 int des_read_2passwords(DES_cblock *key1,DES_cblock *key2,
        const char *prompt,int verify);
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod b/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod
index f62a869a9b..eb772b55de 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod
@@ -11,7 +11,7 @@ SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_des
 const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
 int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
 char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
- char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size);
+ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod
index 465220a75c..73e8c47f9a 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod
@@ -8,7 +8,7 @@ SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled funct
 #include <openssl/ssl.h>
- SSL_CTX *SSL_CTX_new(SSL_METHOD *method);
+ SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod
index 9822544e5e..8cb669daeb 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod
@@ -61,6 +61,16 @@ deal with read/write operations returning without success report. The
 flag SSL_MODE_AUTO_RETRY will cause read/write operations to only
 return after the handshake and successful completion.
+=item SSL_MODE_RELEASE_BUFFERS
+When we no longer need a read buffer or a write buffer for a given SSL,
+then release the memory we were using to hold it.  Released memory is
+either appended to a list of unused RAM chunks on the SSL_CTX, or simply
+freed if the list of unused chunks would become longer than 
+SSL_CTX->freelist_max_len, which defaults to 32.  Using this flag can
+save around 34k per idle SSL connection.
+This flag has no effect on SSL v2 connections, or on DTLS connections.
 =back
 =head1 RETURN VALUES
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
index eaed190809..310db84b31 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
@@ -2,7 +2,7 @@
 =head1 NAME
-SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - manipulate SSL engine options
+SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support - manipulate SSL options
 =head1 SYNOPSIS
@@ -11,26 +11,41 @@ SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - man
 long SSL_CTX_set_options(SSL_CTX *ctx, long options);
 long SSL_set_options(SSL *ssl, long options);
+ long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
+ long SSL_clear_options(SSL *ssl, long options);
 long SSL_CTX_get_options(SSL_CTX *ctx);
 long SSL_get_options(SSL *ssl);
+ long SSL_get_secure_renegotiation_support(SSL *ssl);
 =head1 DESCRIPTION
+Note: all these functions are implemented using macros.
 SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
 Options already set before are not cleared!
 SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
 Options already set before are not cleared!
+SSL_CTX_clear_options() clears the options set via bitmask in B<options>
+to B<ctx>.
+SSL_clear_options() clears the options set via bitmask in B<options> to B<ssl>.
 SSL_CTX_get_options() returns the options set for B<ctx>.
 SSL_get_options() returns the options set for B<ssl>.
+SSL_get_secure_renegotiation_support() indicates whether the peer supports
+secure renegotiation.
 =head1 NOTES
 The behaviour of the SSL library can be changed by setting several options.
 The options are coded as bitmasks and can be combined by a logical B<or>
-operation (|). Options can only be added but can never be reset.
+operation (|).
 SSL_CTX_set_options() and SSL_set_options() affect the (external)
 protocol behaviour of the SSL library. The (internal) behaviour of
@@ -199,26 +214,117 @@ Do not use the TLSv1 protocol.
 When performing renegotiation as a server, always start a new session
 (i.e., session resumption requests are only accepted in the initial
-handshake).  This option is not needed for clients.
+handshake). This option is not needed for clients.
 =item SSL_OP_NO_TICKET
 Normally clients and servers will, where possible, transparently make use
-of RFC4507bis tickets for stateless session resumption if extension support
+of RFC4507bis tickets for stateless session resumption.
-is explicitly set when OpenSSL is compiled.
 If this option is set this functionality is disabled and tickets will
 not be used by clients or servers.
+=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
+servers. See the B<SECURE RENEGOTIATION> section for more details.
+=item SSL_OP_LEGACY_SERVER_CONNECT
+Allow legacy insecure renegotiation between OpenSSL and unpatched servers
+B<only>: this option is currently set by default. See the
+B<SECURE RENEGOTIATION> section for more details.
 =back
+=head1 SECURE RENEGOTIATION
+OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
+described in RFC5746. This counters the prefix attack described in
+CVE-2009-3555 and elsewhere.
+The deprecated and highly broken SSLv2 protocol does not support
+renegotiation at all: its use is B<strongly> discouraged.
+This attack has far reaching consequences which application writers should be
+aware of. In the description below an implementation supporting secure
+renegotiation is referred to as I<patched>. A server not supporting secure
+renegotiation is referred to as I<unpatched>.
+The following sections describe the operations permitted by OpenSSL's secure
+renegotiation implementation.
+=head2 Patched client and server
+Connections and renegotiation are always permitted by OpenSSL implementations.
+=head2 Unpatched client and patched OpenSSL server
+The initial connection suceeds but client renegotiation is denied by the
+server with a B<no_renegotiation> warning alert if TLS v1.0 is used or a fatal
+B<handshake_failure> alert in SSL v3.0.
+If the patched OpenSSL server attempts to renegotiate a fatal
+B<handshake_failure> alert is sent. This is because the server code may be
+unaware of the unpatched nature of the client.
+If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then
+renegotiation B<always> succeeds.
+B<NB:> a bug in OpenSSL clients earlier than 0.9.8m (all of which are
+unpatched) will result in the connection hanging if it receives a
+B<no_renegotiation> alert. OpenSSL versions 0.9.8m and later will regard
+a B<no_renegotiation> alert as fatal and respond with a fatal
+B<handshake_failure> alert. This is because the OpenSSL API currently has
+no provision to indicate to an application that a renegotiation attempt
+was refused.
+=head2 Patched OpenSSL client and unpatched server.
+If the option B<SSL_OP_LEGACY_SERVER_CONNECT> or
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then initial connections
+and renegotiation between patched OpenSSL clients and unpatched servers
+succeeds. If neither option is set then initial connections to unpatched
+servers will fail.
+The option B<SSL_OP_LEGACY_SERVER_CONNECT> is currently set by default even
+though it has security implications: otherwise it would be impossible to
+connect to unpatched servers (i.e. all of them initially) and this is clearly
+not acceptable. Renegotiation is permitted because this does not add any
+additional security issues: during an attack clients do not see any
+renegotiations anyway.
+As more servers become patched the option B<SSL_OP_LEGACY_SERVER_CONNECT> will
+B<not> be set by default in a future version of OpenSSL.
+OpenSSL client applications wishing to ensure they can connect to unpatched
+servers should always B<set> B<SSL_OP_LEGACY_SERVER_CONNECT>
+OpenSSL client applications that want to ensure they can B<not> connect to
+unpatched servers (and thus avoid any security issues) should always B<clear>
+B<SSL_OP_LEGACY_SERVER_CONNECT> using SSL_CTX_clear_options() or
+SSL_clear_options().
+The difference between the B<SSL_OP_LEGACY_SERVER_CONNECT> and
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> options is that
+B<SSL_OP_LEGACY_SERVER_CONNECT> enables initial connections and secure
+renegotiation between OpenSSL clients and unpatched servers B<only>, while
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> allows initial connections
+and renegotiation between OpenSSL and unpatched clients or servers.
 =head1 RETURN VALUES
 SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
 after adding B<options>.
+SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask
+after clearing B<options>.
 SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
+SSL_get_secure_renegotiation_support() returns 1 is the peer supports
+secure renegotiation and 0 if it does not.
 =head1 SEE ALSO
 L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
@@ -241,4 +347,11 @@ Versions up to OpenSSL 0.9.6c do not include the countermeasure that
 can be disabled with this option (in OpenSSL 0.9.6d, it was always
 enabled).
+SSL_CTX_clear_options() and SSL_clear_options() were first added in OpenSSL
+0.9.8m.
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>, B<SSL_OP_LEGACY_SERVER_CONNECT>
+and the function SSL_get_secure_renegotiation_support() were first added in
+OpenSSL 0.9.8m.
 =cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod
index 0020180965..254f2b4397 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -9,9 +9,9 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
 #include <openssl/ssl.h>
- int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *method);
+ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method);
- int SSL_set_ssl_method(SSL *s, SSL_METHOD *method);
+ int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
- SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
+ const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
 =head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/ssl/SSL_library_init.pod b/src/lib/libssl/src/doc/ssl/SSL_library_init.pod
index ecf3c4858e..8766776fea 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_library_init.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_library_init.pod
@@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
 =head1 DESCRIPTION
-SSL_library_init() registers the available ciphers and digests.
+SSL_library_init() registers the available SSL/TLS ciphers and digests.
 OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms
 for SSL_library_init().
@@ -23,27 +23,32 @@ for SSL_library_init().
 =head1 NOTES
 SSL_library_init() must be called before any other action takes place.
+SSL_library_init() is not reentrant. 
 =head1 WARNING
-SSL_library_init() only registers ciphers. Another important initialization
+SSL_library_init() adds ciphers and digests used directly and indirectly by
-is the seeding of the PRNG (Pseudo Random Number Generator), which has to
+SSL/TLS.
-be performed separately.
 =head1 EXAMPLES
 A typical TLS/SSL application will start with the library initialization,
-will provide readable error messages and will seed the PRNG.
+and provide readable error messages.
 SSL_load_error_strings();                /* readable error messages */
 SSL_library_init();                      /* initialize library */
- actions_to_seed_PRNG(); 
 =head1 RETURN VALUES
 SSL_library_init() always returns "1", so it is safe to discard the return
 value.
+=head1 NOTES
+OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init().
+Applications which need to use SHA2 in earlier versions of OpenSSL should call
+OpenSSL_add_all_algorithms() as well.
 =head1 SEE ALSO
 L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>,
diff --git a/src/lib/libssl/src/doc/ssl/ssl.pod b/src/lib/libssl/src/doc/ssl/ssl.pod
index 266697d221..2b6004ee32 100644
--- a/src/lib/libssl/src/doc/ssl/ssl.pod
+++ b/src/lib/libssl/src/doc/ssl/ssl.pod
@@ -130,39 +130,39 @@ protocol methods defined in B<SSL_METHOD> structures.
 =over 4
-=item SSL_METHOD *B<SSLv2_client_method>(void);
+=item const SSL_METHOD *B<SSLv2_client_method>(void);
 Constructor for the SSLv2 SSL_METHOD structure for a dedicated client.
-=item SSL_METHOD *B<SSLv2_server_method>(void);
+=item const SSL_METHOD *B<SSLv2_server_method>(void);
 Constructor for the SSLv2 SSL_METHOD structure for a dedicated server.
-=item SSL_METHOD *B<SSLv2_method>(void);
+=item const SSL_METHOD *B<SSLv2_method>(void);
 Constructor for the SSLv2 SSL_METHOD structure for combined client and server.
-=item SSL_METHOD *B<SSLv3_client_method>(void);
+=item const SSL_METHOD *B<SSLv3_client_method>(void);
 Constructor for the SSLv3 SSL_METHOD structure for a dedicated client.
-=item SSL_METHOD *B<SSLv3_server_method>(void);
+=item const SSL_METHOD *B<SSLv3_server_method>(void);
 Constructor for the SSLv3 SSL_METHOD structure for a dedicated server.
-=item SSL_METHOD *B<SSLv3_method>(void);
+=item const SSL_METHOD *B<SSLv3_method>(void);
 Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
-=item SSL_METHOD *B<TLSv1_client_method>(void);
+=item const SSL_METHOD *B<TLSv1_client_method>(void);
 Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
-=item SSL_METHOD *B<TLSv1_server_method>(void);
+=item cosnt SSL_METHOD *B<TLSv1_server_method>(void);
 Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
-=item SSL_METHOD *B<TLSv1_method>(void);
+=item const SSL_METHOD *B<TLSv1_method>(void);
 Constructor for the TLSv1 SSL_METHOD structure for combined client and server.
@@ -249,7 +249,7 @@ protocol context defined in the B<SSL_CTX> structure.
 =item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx);
-=item SSL_CTX *B<SSL_CTX_new>(SSL_METHOD *meth);
+=item SSL_CTX *B<SSL_CTX_new>(const SSL_METHOD *meth);
 =item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
@@ -327,7 +327,7 @@ protocol context defined in the B<SSL_CTX> structure.
 =item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
-=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, SSL_METHOD *meth);
+=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, const SSL_METHOD *meth);
 =item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t);
@@ -374,6 +374,15 @@ session instead of a context.
 =item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type);
+=item void B<SSL_CTX_set_psk_client_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
+=item int B<SSL_CTX_use_psk_identity_hint>(SSL_CTX *ctx, const char *hint);
+=item void B<SSL_CTX_set_psk_server_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
 =back
 =head2 DEALING WITH SESSIONS
@@ -512,7 +521,7 @@ connection defined in the B<SSL> structure.
 =item int B<SSL_get_shutdown>(const SSL *ssl);
-=item SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl);
+=item const SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl);
 =item int B<SSL_get_state>(const SSL *ssl);
@@ -596,7 +605,7 @@ connection defined in the B<SSL> structure.
 =item void B<SSL_set_shutdown>(SSL *ssl, int mode);
-=item int B<SSL_set_ssl_method>(SSL *ssl, SSL_METHOD *meth);
+=item int B<SSL_set_ssl_method>(SSL *ssl, const SSL_METHOD *meth);
 =item void B<SSL_set_time>(SSL *ssl, long t);
@@ -650,6 +659,16 @@ connection defined in the B<SSL> structure.
 =item int B<SSL_write>(SSL *ssl, const void *buf, int num);
+=item void B<SSL_set_psk_client_callback>(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
+=item int B<SSL_use_psk_identity_hint>(SSL *ssl, const char *hint);
+=item void B<SSL_set_psk_server_callback>(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
+=item const char *B<SSL_get_psk_identity_hint>(SSL *ssl);
+=item const char *B<SSL_get_psk_identity>(SSL *ssl);
 =back
 =head1 SEE ALSO
@@ -726,7 +745,10 @@ L<SSL_write(3)|SSL_write(3)>,
 L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
 L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>,
 L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
-L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>
+L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
+L<SSL_CTX_set_psk_client_callback(3)|SSL_CTX_set_psk_client_callback(3)>,
+L<SSL_CTX_use_psk_identity_hint(3)|SSL_CTX_use_psk_identity_hint(3)>,
+L<SSL_get_psk_identity(3)|SSL_get_psk_identity(3)>
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/ssleay.txt b/src/lib/libssl/src/doc/ssleay.txt
index a8b04d7059..4d2e714868 100644
--- a/src/lib/libssl/src/doc/ssleay.txt
+++ b/src/lib/libssl/src/doc/ssleay.txt
@@ -20,7 +20,7 @@ don't do that.
 ==== readme ========================================================
 This is the old 0.6.6 docuementation.  Most of the cipher stuff is still
-relevent but I'm working (very slowly) on new docuemtation.
+relevent but I'm working (very slowly) on new documentation.
 The current version can be found online at
 http://www.cryptsoft.com/ssleay/doc
@@ -548,8 +548,8 @@ application, ssleay.  This one program is composed of many programs that
 can all be compiled independantly.
 ssleay has 3 modes of operation.
-1) If the ssleay binaray has the name of one of its component programs, it
+1) If the ssleay binary has the name of one of its component programs, it
-executes that program and then exits.  This can be achieve by using hard or
+executes that program and then exits.  This can be achieved by using hard or
 symbolic links, or failing that, just renaming the binary.
 2) If the first argument to ssleay is the name of one of the component
 programs, that program runs that program and then exits.
@@ -1185,7 +1185,7 @@ typedef struct bio_st
        example is for BIO_s_sock().  A socket needs to be 
        assigned to the BIO before it can be used.
 -       'shutdown', this flag indicates if the underlying 
-        comunication primative being used should be closed/freed 
+        communication primitive being used should be closed/freed 
        when the BIO is closed.
 -       'flags' is used to hold extra state.  It is primarily used 
        to hold information about why a non-blocking operation 
@@ -1799,7 +1799,7 @@ int BN_set_word(BIGNUM *a, unsigned long w);
 unsigned long BN_get_word(BIGNUM *a);
        Returns 'a' in an unsigned long.  Not remarkably, often 'a' will
-        be biger than a word, in which case 0xffffffffL is returned.
+        be bigger than a word, in which case 0xffffffffL is returned.
 Word Operations
 These functions are much more efficient that the normal bignum arithmetic
@@ -2058,7 +2058,7 @@ Now you will notice that macros like
                PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
                                        (char *)x, NULL,NULL,0,NULL)
 Don't do encryption normally.  If you want to PEM encrypt your X509 structure,
-either just call PEM_ASN1_write directly or just define you own
+either just call PEM_ASN1_write directly or just define your own
 macro variant.  As you can see, this macro just sets all encryption related
 parameters to NULL.
@@ -5566,7 +5566,7 @@ These 2 functions create and destroy SSL_CTX structures
 The SSL_CTX has a session_cache_mode which is by default,
 in SSL_SESS_CACHE_SERVER mode.  What this means is that the library
-will automatically add new session-id's to the cache apon sucsessful
+will automatically add new session-id's to the cache upon successful
 SSL_accept() calls.
 If SSL_SESS_CACHE_CLIENT is set, then client certificates are also added
 to the cache.
@@ -5580,12 +5580,12 @@ SSL_SESS_NO_CACHE_BOTH	- Either SSL_accept() or SSL_connect().
 If SSL_SESS_CACHE_NO_AUTO_CLEAR is set, old timed out sessions are
 not automatically removed each 255, SSL_connect()s or SSL_accept()s.
-By default, apon every 255 successful SSL_connect() or SSL_accept()s,
+By default, upon every 255 successful SSL_connect() or SSL_accept()s,
 the cache is flush.  Please note that this could be expensive on
 a heavily loaded SSL server, in which case, turn this off and
 clear the cache of old entries 'manually' (with one of the functions
 listed below) every few hours.  Perhaps I should up this number, it is hard
-to say.  Remember, the '255' new calls is just a mechanims to get called
+to say.  Remember, the '255' new calls is just a mechanism to get called
 every now and then, in theory at most 255 new session-id's will have been
 added but if 100 are added every minute, you would still have
 500 in the cache before any would start being flushed (assuming a 3 minute
@@ -5628,10 +5628,10 @@ if copy is 1.  Otherwise, the reference count is not modified.
 void SSL_CTX_sess_set_get_cb(ctx,cb) sets the callback and
 int (*cb)()SSL_CTX_sess_get_get_cb(ctx) returns the callback.
-These callbacks are basically indended to be used by processes to
+These callbacks are basically intended to be used by processes to
 send their session-id's to other processes.  I currently have not implemented
-non-blocking semantics for these callbacks, it is upto the appication
+non-blocking semantics for these callbacks, it is upto the application
-to make the callbacks effiecent if they require blocking (perhaps
+to make the callbacks efficient if they require blocking (perhaps
 by 'saving' them and then 'posting them' when control returns from
 the SSL_accept().
@@ -6589,7 +6589,7 @@ This information can be used to recall the functions when the 'error'
 condition has dissapeared.
 After the connection has been made, information can be retrived about the
-SSL session and the session-id values that have been decided apon.
+SSL session and the session-id values that have been decided upon.
 The 'peer' certificate can be retrieved.
 The session-id values include
diff --git a/src/lib/libssl/src/doc/standards.txt b/src/lib/libssl/src/doc/standards.txt
index a5ce778f8e..7bada8d35f 100644
--- a/src/lib/libssl/src/doc/standards.txt
+++ b/src/lib/libssl/src/doc/standards.txt
@@ -69,6 +69,10 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
 3174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones.
     September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL)
+3161 Internet X.509 Public Key Infrastructure, Time-Stamp Protocol (TSP)
+     C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001
+     (Status: PROPOSED STANDARD)
 3268 Advanced Encryption Standard (AES) Ciphersuites for Transport
     Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes)
     (Status: PROPOSED STANDARD)
diff --git a/src/lib/libssl/src/e_os.h b/src/lib/libssl/src/e_os.h
index 9c5c6fdb92..5ceeeeb950 100644
--- a/src/lib/libssl/src/e_os.h
+++ b/src/lib/libssl/src/e_os.h
@@ -112,7 +112,7 @@ extern "C" {
 /********************************************************************
 The Microsoft section
 ********************************************************************/
-/* The following is used becaue of the small stack in some
+/* The following is used because of the small stack in some
 * Microsoft operating systems */
 #if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32)
 #  define MS_STATIC     static
@@ -123,9 +123,6 @@ extern "C" {
 #if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
 #  define WIN32
 #endif
-#if defined(OPENSSL_SYS_WIN16) && !defined(WIN16)
-#  define WIN16
-#endif
 #if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS)
 #  define WINDOWS
 #endif
@@ -153,7 +150,6 @@ extern "C" {
 #define clear_socket_error()    WSASetLastError(0)
 #define readsocket(s,b,n)       recv((s),(b),(n),0)
 #define writesocket(s,b,n)      send((s),(b),(n),0)
-#define EADDRINUSE              WSAEADDRINUSE
 #elif defined(__DJGPP__)
 #define WATT32
 #define get_last_socket_error() errno
@@ -181,6 +177,13 @@ extern "C" {
 #define closesocket(s)              close(s)
 #define readsocket(s,b,n)           read((s),(b),(n))
 #define writesocket(s,b,n)          write((s),(char *)(b),(n))
+#elif defined(OPENSSL_SYS_BEOS_R5)
+#define get_last_socket_error() errno
+#define clear_socket_error()    errno=0
+#define FIONBIO SO_NONBLOCK
+#define ioctlsocket(a,b,c)                setsockopt((a),SOL_SOCKET,(b),(c),sizeof(*(c)))
+#define readsocket(s,b,n)       recv((s),(b),(n),0)
+#define writesocket(s,b,n)      send((s),(b),(n),0)
 #elif defined(OPENSSL_SYS_NETWARE)
 #if defined(NETWARE_BSDSOCK)
 #define get_last_socket_error() errno
@@ -209,7 +212,7 @@ extern "C" {
 #define writesocket(s,b,n)      write((s),(b),(n))
 #endif
-#ifdef WIN16
+#ifdef WIN16 /* never the case */
 #  define MS_CALLBACK   _far _loadds
 #  define MS_FAR        _far
 #else
@@ -255,19 +258,31 @@ extern "C" {
       /*
        * Defining _WIN32_WINNT here in e_os.h implies certain "discipline."
        * Most notably we ought to check for availability of each specific
-        * routine with GetProcAddress() and/or quard NT-specific calls with
+        * routine with GetProcAddress() and/or guard NT-specific calls with
        * GetVersion() < 0x80000000. One can argue that in latter "or" case
        * we ought to /DELAYLOAD some .DLLs in order to protect ourselves
        * against run-time link errors. This doesn't seem to be necessary,
        * because it turned out that already Windows 95, first non-NT Win32
        * implementation, is equipped with at least NT 3.51 stubs, dummy
        * routines with same name, but which do nothing. Meaning that it's
-        * apparently appropriate to guard generic NT calls with GetVersion
+        * apparently sufficient to guard "vanilla" NT calls with GetVersion
-        * alone, while NT 4.0 and above calls ought to be additionally
+        * alone, while NT 4.0 and above interfaces ought to be linked with
-        * checked upon with GetProcAddress.
+        * GetProcAddress at run-time.
        */
 #      define _WIN32_WINNT 0x0400
 #    endif
+#    if !defined(OPENSSL_NO_SOCK) && defined(_WIN32_WINNT)
+       /*
+        * Just like defining _WIN32_WINNT including winsock2.h implies
+        * certain "discipline" for maintaining [broad] binary compatibility.
+        * As long as structures are invariant among Winsock versions,
+        * it's sufficient to check for specific Winsock2 API availability
+        * at run-time [DSO_global_lookup is recommended]...
+        */
+#      include <winsock2.h>
+#      include <ws2tcpip.h>
+       /* yes, they have to be #included prior to <windows.h> */
+#    endif
 #    include <windows.h>
 #    include <stdio.h>
 #    include <stddef.h>
@@ -308,8 +323,8 @@ static unsigned int _strlen31(const char *str)
         /* pre-1300 has __p__iob(), but it's available only in msvcrt.lib,
          * or in other words with /MD. Declaring implicit import, i.e.
          * with _imp_ prefix, works correctly with all compiler options,
-          * but without /MD results in LINK warning LNK4049:
+          * but without /MD results in LINK warning LNK4049:
-          * 'locally defined symbol "__iob" imported'.
+          * 'locally defined symbol "__iob" imported'.
          */
         extern FILE *_imp___iob;
 #        define stdin  (&_imp___iob[0])
@@ -322,7 +337,7 @@ static unsigned int _strlen31(const char *str)
 #  include <fcntl.h>
 #  ifdef OPENSSL_SYS_WINCE
-#    include <winsock_extras.h>
+#    define OPENSSL_NO_POSIX_IO
 #  endif
 #  define ssize_t long
@@ -335,12 +350,7 @@ static unsigned int _strlen31(const char *str)
 #    define _kbhit kbhit
 #  endif
-#  if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+#  define EXIT(n) exit(n)
-#    define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
-#    define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
-#  else
-#    define EXIT(n) exit(n)
-#  endif
 #  define LIST_SEPARATOR_CHAR ';'
 #  ifndef X_OK
 #    define X_OK        0
@@ -361,7 +371,7 @@ static unsigned int _strlen31(const char *str)
 #    define DEFAULT_HOME  "C:"
 #  endif
-#else /* The non-microsoft world world */
+#else /* The non-microsoft world */
 #  ifdef OPENSSL_SYS_VMS
 #    define VMS 1
@@ -414,7 +424,6 @@ static unsigned int _strlen31(const char *str)
       extern int GetThreadID(void);
 /* #      include <conio.h> */
       extern int kbhit(void);
-       extern void delay(unsigned milliseconds);
 #    else
 #      include <screen.h>
 #    endif
@@ -454,6 +463,10 @@ static unsigned int _strlen31(const char *str)
 #      define setvbuf(a, b, c, d) setbuffer((a), (b), (d))
       typedef unsigned long clock_t;
 #    endif
+#    ifdef OPENSSL_SYS_WIN32_CYGWIN
+#      include <io.h>
+#      include <fcntl.h>
+#    endif
 #    define OPENSSL_CONF        "openssl.cnf"
 #    define SSLEAY_CONF         OPENSSL_CONF
@@ -480,8 +493,19 @@ static unsigned int _strlen31(const char *str)
 #      define SHUTDOWN(fd)              close(fd)
 #      define SHUTDOWN2(fd)             close(fd)
 #    elif !defined(__DJGPP__)
-#      include <winsock.h>
+#      if defined(_WIN32_WCE) && _WIN32_WCE<410
-extern HINSTANCE _hInstance;
+#        define getservbyname _masked_declaration_getservbyname
+#      endif
+#      if !defined(IPPROTO_IP)
+         /* winsock[2].h was included already? */
+#        include <winsock.h>
+#      endif
+#      ifdef getservbyname
+#        undef getservbyname
+         /* this is used to be wcecompat/include/winsock_extras.h */
+         struct servent* PASCAL getservbyname(const char*,const char*);
+#      endif
 #      ifdef _WIN64
 /*
 * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because
@@ -553,8 +577,10 @@ extern HINSTANCE _hInstance;
 #        include <sys/filio.h> /* Added for FIONBIO under unixware */
 #      endif
 #      include <netinet/in.h>
+#      if !defined(OPENSSL_SYS_BEOS_R5)
 #      include <arpa/inet.h>
 #    endif
+#    endif
 #    if defined(NeXT) || defined(_NEXT_SOURCE)
 #      include <sys/fcntl.h>
@@ -597,6 +623,18 @@ extern HINSTANCE _hInstance;
 #    define INVALID_SOCKET      (-1)
 #    endif /* INVALID_SOCKET */
 #  endif
+/* Some IPv6 implementations are broken, disable them in known bad
+ * versions.
+ */
+#  if !defined(OPENSSL_USE_IPV6)
+#    if defined(AF_INET6) && !defined(OPENSSL_SYS_BEOS_BONE) && !defined(NETWARE_CLIB)
+#      define OPENSSL_USE_IPV6 1
+#    else
+#      define OPENSSL_USE_IPV6 0
+#    endif
+#  endif
 #endif
 #if defined(__ultrix)
@@ -630,18 +668,6 @@ extern char *sys_errlist[]; extern int sys_nerr;
 /***********************************************/
-/* do we need to do this for getenv.
- * Just define getenv for use under windows */
-#ifdef WIN16
-/* How to do this needs to be thought out a bit more.... */
-/*char *GETENV(char *);
-#define Getenv  GETENV*/
-#define Getenv  getenv
-#else
-#define Getenv getenv
-#endif
 #define DG_GCC_BUG      /* gcc < 2.6.3 on DGUX */
 #ifdef sgi
@@ -703,6 +729,15 @@ struct servent *getservbyname(const char *name, const char *proto);
 #endif
 /* end vxworks */
+/* beos */
+#if defined(OPENSSL_SYS_BEOS_R5)
+#define SO_ERROR 0
+#define NO_SYS_UN
+#define IPPROTO_IP 0
+#include <OS.h>
+#endif
 #ifdef  __cplusplus
 }
 #endif
diff --git a/src/lib/libssl/src/e_os2.h b/src/lib/libssl/src/e_os2.h
index 9da0b65448..4c785c62cf 100644
--- a/src/lib/libssl/src/e_os2.h
+++ b/src/lib/libssl/src/e_os2.h
@@ -202,6 +202,17 @@ extern "C" {
 # define OPENSSL_SYS_VXWORKS
 #endif
+/* --------------------------------- BeOS ---------------------------------- */
+#if defined(__BEOS__)
+# define OPENSSL_SYS_BEOS
+# include <sys/socket.h>
+# if defined(BONE_VERSION)
+#  define OPENSSL_SYS_BEOS_BONE
+# else
+#  define OPENSSL_SYS_BEOS_R5
+# endif
+#endif
 /**
 * That's it for OS-specific stuff
 *****************************************************************************/
@@ -251,24 +262,23 @@ extern "C" {
 #define OPENSSL_EXTERN OPENSSL_IMPORT
 /* Macros to allow global variables to be reached through function calls when
-   required (if a shared library version requvres it, for example.
+   required (if a shared library version requires it, for example.
   The way it's done allows definitions like this:
        // in foobar.c
-        OPENSSL_IMPLEMENT_GLOBAL(int,foobar) = 0;
+        OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0)
        // in foobar.h
        OPENSSL_DECLARE_GLOBAL(int,foobar);
        #define foobar OPENSSL_GLOBAL_REF(foobar)
 */
 #ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
-# define OPENSSL_IMPLEMENT_GLOBAL(type,name)                         \
+# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value)                      \
-        extern type _hide_##name;                                    \
+        type *_shadow_##name(void)                                      \
-        type *_shadow_##name(void) { return &_hide_##name; }         \
+        { static type _hide_##name=value; return &_hide_##name; }
-        static type _hide_##name
 # define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
 # define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
 #else
-# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name
+# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) OPENSSL_GLOBAL type _shadow_##name=value;
 # define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
 # define OPENSSL_GLOBAL_REF(name) _shadow_##name
 #endif
diff --git a/src/lib/libssl/src/engines/makeengines.com b/src/lib/libssl/src/engines/makeengines.com
index 840864f7cf..6cf4236077 100644
--- a/src/lib/libssl/src/engines/makeengines.com
+++ b/src/lib/libssl/src/engines/makeengines.com
@@ -1,11 +1,11 @@
 $!
-$!  MAKEAPPS.COM
+$!  MAKEENGINES.COM
 $!  Written By:  Richard Levitte
 $!               richard@levitte.org
 $!
 $!  This command file compiles and creates the various engines in form
 $!  of shared images.  They are placed in [.xxx.EXE.ENGINES], where "xxx"
-$!  is either AXP or VAX depending on your hardware.
+$!  is ALPHA, IA64 or VAX, depending on your hardware.
 $!
 $!  P1  if this is ENGINES or ALL, the engines will build, otherwise not.
 $!
@@ -30,22 +30,49 @@ $!	all available engines are built.
 $!
 $!-----------------------------------------------------------------------------
 $!
+$! Set the default TCP/IP library to link against if needed
+$!
+$ TCPIP_LIB = ""
+$!
+$! Check What Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").LT.128)
+$ THEN
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH = "VAX"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
+$!
+$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
 $! Set the names of the engines we want to build
+$! NOTE: Some might think this list ugly.  However, it's made this way to
+$! reflect the LIBNAMES variable in Makefile as closely as possible,
+$! thereby making it fairly easy to verify that the lists are the same.
+$! NOTE: gmp isn't built, as it's mostly a test engine and brings in another
+$! library that isn't necessarely ported to VMS.
 $!
 $ ENGINES = "," + P6
 $ IF ENGINES .EQS. "," THEN -
-        ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,capi"
+        ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock,"
 $!
-$! Set the default TCP/IP library to link against if needed
+$! GOST requires a 64-bit integer type, unavailable on VAX.
-$!
-$ TCPIP_LIB = ""
 $!
-$! Set the architecture name
+$ IF (ARCH .NES. "VAX") THEN -
+       ENGINES = ENGINES+ ",ccgost"
 $!
-$ ARCH := VAX
+$! Set the goal directories, and create them if necessary
-$ IF F$GETSYI("CPU") .GE. 128 THEN ARCH := AXP
-$!
-$! Set the goal directories, and creat them if necessary
 $!
 $ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.ENGINES]
 $ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.ENGINES]
@@ -55,7 +82,6 @@ $!
 $! Set the goal files, and create them if necessary
 $!
 $ CRYPTO_LIB :=SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
-$ CRYPTO_EXE :=SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE
 $ IF F$SEARCH(CRYPTO_LIB) .EQS. "" THEN LIBRARY/CREATE/OBJECT 'CRYPTO_LIB'
 $!
 $! OK, time to check options and initialise
@@ -71,13 +97,15 @@ $ GOSUB CHECK_OPTIONS
 $ GOSUB INITIALISE
 $ GOSUB CHECK_OPT_FILE
 $!
-$! Define what goes into each engine
+$! Define what goes into each engine.  VAX includes a transfer vector.
 $!
 $ ENGINE_ = ""
+$ TV_OBJ = ""
 $ IF ARCH .EQS. "VAX"
 $ THEN
 $   ENGINE_ = "engine_vector.mar"
-$   EXTRA_OBJ := ,'OBJ_DIR'ENGINE_VECTOR.OBJ
+$   TV_OBJ_NAME = OBJ_DIR + F$PARSE(ENGINE_,,,"NAME","SYNTAX_ONLY") + ".OBJ"
+$   TV_OBJ = ",''TV_OBJ_NAME'"
 $ ENDIF
 $ ENGINE_4758CCA = "e_4758cca"
 $ ENGINE_aep = "e_aep"
@@ -87,7 +115,13 @@ $ ENGINE_chil = "e_chil"
 $ ENGINE_nuron = "e_nuron"
 $ ENGINE_sureware = "e_sureware"
 $ ENGINE_ubsec = "e_ubsec"
-$ ENGINE_capi = "e_capi"
+$ ENGINE_padlock = "e_padlock"
+$
+$ ENGINE_ccgost_SUBDIR = "ccgost"
+$ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -
+                  "gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ -
+                  "gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ -
+                  "gost_sign"
 $!
 $! Define which programs need to be linked with a TCP/IP library
 $!
@@ -134,6 +168,13 @@ $ ELSE
 $   WRITE SYS$OUTPUT "Compiling Support Files. (",BUILDALL,")"
 $ ENDIF
 $!
+$! Create a .OPT file for the object files (for a real engine name).
+$!
+$ IF ENGINE_NAME .NES. ""
+$ THEN
+$   OPEN/WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT
+$ ENDIF
+$!
 $! Here's the start of per-engine module loop.
 $!
 $ FILE_COUNTER = 0
@@ -150,7 +191,12 @@ $ IF FILE_NAME .EQS. "" THEN GOTO FILE_NEXT
 $!
 $! Set up the source and object reference
 $!
-$ SOURCE_FILE = F$PARSE(FILE_NAME,"SYS$DISK:[].C",,,"SYNTAX_ONLY")
+$ IF F$TYPE('LIB_ENGINE'_SUBDIR) .EQS. ""
+$ THEN
+$     SOURCE_FILE = F$PARSE(FILE_NAME,"SYS$DISK:[].C",,,"SYNTAX_ONLY")
+$ ELSE
+$     SOURCE_FILE = F$PARSE(FILE_NAME,"SYS$DISK:[."+'LIB_ENGINE'_SUBDIR+"].C",,,"SYNTAX_ONLY")
+$ ENDIF
 $ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ"
 $!
 $! If we get some problem, we just go on trying to build the next module.
@@ -173,13 +219,34 @@ $!
 $! Do the dirty work.
 $!
 $ ON ERROR THEN GOTO FILE_NEXT
-$ IF FILE_NAME - ".MAR" .NES. FILE_NAME
+$ IF F$EDIT(F$PARSE(SOURCE_FILE,,,"TYPE","SYNTAX_ONLY"),"UPCASE") .EQS. ".MAR"
 $ THEN
 $   MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $ ELSE
 $   CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $ ENDIF
 $!
+$! Write the entry to the .OPT file (for a real engine name).
+$!
+$ IF ENGINE_NAME .NES. ""
+$ THEN
+$   WRITE OBJECTS OBJECT_FILE
+$ ENDIF
+$!
+$! Next file
+$!
+$ GOTO FILE_NEXT
+$!
+$ FILE_DONE:
+$!
+$! Do not link the support files.
+$!
+$ IF ENGINE_NAME .EQS. "" THEN GOTO ENGINE_NEXT
+$!
+$! Close the linker options file (for a real engine name).
+$!
+$ CLOSE OBJECTS
+$!
 $! Now, there are two ways to handle this.  We can either build 
 $! shareable images or stick the engine object file into libcrypto.
 $! For now, the latter is NOT supported.
@@ -193,26 +260,16 @@ $ ENGINE_OPT := SYS$DISK:[]'ARCH'.OPT
 $ IF TCPIP_LIB .NES. ""
 $ THEN
 $   LINK/'DEBUGGER'/'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE -
-        'OBJECT_FILE''EXTRA_OBJ', -
+        'EXE_DIR''ENGINE_NAME'.OPT/OPTION'TV_OBJ', -
        'CRYPTO_LIB'/LIBRARY, -
        'ENGINE_OPT'/OPTION,'TCPIP_LIB','OPT_FILE'/OPTION
 $ ELSE
 $   LINK/'DEBUGGER'/'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE -
-        'OBJECT_FILE''EXTRA_OBJ', -
+        'EXE_DIR''ENGINE_NAME'.OPT/OPTION'TV_OBJ', -
        'CRYPTO_LIB'/LIBRARY, -
        'ENGINE_OPT'/OPTION,'OPT_FILE'/OPTION
 $ ENDIF
 $!
-$! Clean up
-$!
-$ DELETE 'OBJECT_FILE';*
-$!
-$! Next file
-$!
-$ GOTO FILE_NEXT
-$!
-$ FILE_DONE:
-$!
 $! Next engine
 $!
 $ GOTO ENGINE_NEXT
@@ -299,7 +356,7 @@ $!
 $   IF (F$SEARCH(OPT_FILE).EQS."")
 $   THEN
 $!
-$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!    Figure Out If We Need A non-VAX Or A VAX Linker Option File.
 $!
 $     IF ARCH .EQS. "VAX"
 $     THEN
@@ -319,19 +376,19 @@ $!    Else...
 $!
 $     ELSE
 $!
-$!      Create The AXP Linker Option File.
+$!      Create The non-VAX Linker Option File.
 $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For AXP To Link Agianst 
+! Default System Options File For non-VAX To Link Agianst 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
 SYS$SHARE:CMA$OPEN_RTL/SHARE
 $EOD
 $!
-$!    End The VAX/AXP DEC C Option File Check.
+$!    End The DEC C Option File Check.
 $!
 $     ENDIF
 $!
@@ -368,13 +425,13 @@ $! Else...
 $!
 $ ELSE
 $!
-$!  Else, Check To See If OPT_PHASE Has A Valid Arguement.
+$!  Else, Check To See If OPT_PHASE Has A Valid Argument.
 $!
 $   IF ("," + ACCEPT_PHASE + ",") - ("," + OPT_PHASE + ",") -
       .NES. ("," + ACCEPT_PHASE + ",")
 $   THEN
 $!
-$!    A Valid Arguement.
+$!    A Valid Argument.
 $!
 $     BUILDALL = OPT_PHASE
 $!
@@ -396,15 +453,16 @@ $     IF ("," + ACCEPT_PHASE + ",") - ",ENGINES," -
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " where 'xxx' stands for:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "        AXP  :  Alpha architecture."
+$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha architecture."
-$     WRITE SYS$OUTPUT "        VAX  :  VAX architecture."
+$     WRITE SYS$OUTPUT "    IA64     :  IA64 architecture."
+$     WRITE SYS$OUTPUT "    VAX      :  VAX architecture."
 $     WRITE SYS$OUTPUT ""
 $!
 $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -457,7 +515,7 @@ $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -522,7 +580,7 @@ $   ELSE
 $!
 $!    Check To See If We Have VAXC Or DECC.
 $!
-$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
 $     THEN 
 $!
 $!      Looks Like DECC, Set To Use DECC.
@@ -633,7 +691,7 @@ $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -655,7 +713,7 @@ $!
 $!    Compile Using VAXC.
 $!
 $     CC = "CC"
-$     IF ARCH.EQS."AXP"
+$     IF ARCH.NES."VAX"
 $     THEN
 $       WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
 $       EXIT
@@ -672,7 +730,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -699,7 +757,7 @@ $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -726,7 +784,7 @@ $!  Show user the result
 $!
 $   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
@@ -744,14 +802,14 @@ $!  Time To EXIT.
 $!
 $   EXIT
 $!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
 $!
 $ ENDIF
 $!
 $! Build a MACRO command for the architecture at hand
 $!
 $ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
-$ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
+$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
 $!
 $!  Show user the result
 $!
@@ -840,7 +898,7 @@ $!  Print info
 $!
 $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
diff --git a/src/lib/libssl/src/install.com b/src/lib/libssl/src/install.com
index 4e4fe80dfe..d15c23a832 100644
--- a/src/lib/libssl/src/install.com
+++ b/src/lib/libssl/src/install.com
@@ -5,15 +5,25 @@ $! Time of creation: 22-MAY-1998 10:13
 $!
 $! P1   root of the directory tree
 $!
+$       DEF_ORIG = F$ENVIRONMENT( "DEFAULT")
+$       ON ERROR THEN GOTO TIDY
+$       ON CONTROL_C THEN GOTO TIDY
+$
 $       IF P1 .EQS. ""
 $       THEN
 $           WRITE SYS$OUTPUT "First argument missing."
-$           WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$           WRITE SYS$OUTPUT -
+                  "It Should be the directory where you want things installed."
 $           EXIT
 $       ENDIF
 $
-$       ARCH = "AXP"
+$       IF (F$GETSYI("CPU").LT.128)
-$       IF F$GETSYI("CPU") .LT. 128 THEN ARCH = "VAX"
+$       THEN
+$           ARCH := VAX
+$       ELSE
+$           ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$           IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$       ENDIF
 $
 $       ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
 $       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
@@ -22,25 +32,26 @@ $	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
 $       ROOT = ROOT_DEV + "[" + ROOT_DIR
 $
 $       DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$       DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$       DEFINE/NOLOG WRK_SSLXLIB WRK_SSLROOT:['ARCH'_LIB]
-$       DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
 $       DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:[LIB]
 $       DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$       DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$       DEFINE/NOLOG WRK_SSLXEXE WRK_SSLROOT:['ARCH'_EXE]
-$       DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
 $       DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
 $       DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
 $
+$!
+$! Exhibit the destination directory.
+$!
+$       WRITE SYS$OUTPUT "   Installing to (WRK_SSLROOT) ="
+$       WRITE SYS$OUTPUT "    ''f$trnlnm( "WRK_SSLROOT")'"
+$       WRITE SYS$OUTPUT ""
+$
 $       IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
           CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$       IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
+$       IF F$PARSE("WRK_SSLXEXE:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLVEXE:
+           CREATE/DIR/LOG WRK_SSLXEXE:
-$       IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
+$       IF F$PARSE("WRK_SSLXLIB:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLAEXE:
+           CREATE/DIR/LOG WRK_SSLXLIB:
-$       IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLVLIB:
-$       IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLALIB:
 $       IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
           CREATE/DIR/LOG WRK_SSLLIB:
 $       IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
@@ -70,20 +81,21 @@ $	SET DEFAULT [-]
 $       GOTO LOOP_SDIRS
 $ LOOP_SDIRS_END:
 $
-$       DEASSIGN WRK_SSLROOT
-$       DEASSIGN WRK_SSLVLIB
-$       DEASSIGN WRK_SSLALIB
-$       DEASSIGN WRK_SSLLIB
-$       DEASSIGN WRK_SSLINCLUDE
-$       DEASSIGN WRK_SSLVEXE
-$       DEASSIGN WRK_SSLAEXE
-$       DEASSIGN WRK_SSLCERTS
-$       DEASSIGN WRK_SSLPRIVATE
-$
 $       WRITE SYS$OUTPUT ""
 $       WRITE SYS$OUTPUT "      Installation done!"
 $       WRITE SYS$OUTPUT ""
 $       WRITE SYS$OUTPUT "      You might want to purge ",ROOT,"...]"
 $       WRITE SYS$OUTPUT ""
 $
+$ TIDY:
+$       SET DEFAULT 'DEF_ORIG'
+$
+$       DEASSIGN WRK_SSLROOT
+$       DEASSIGN WRK_SSLXLIB
+$       DEASSIGN WRK_SSLLIB
+$       DEASSIGN WRK_SSLINCLUDE
+$       DEASSIGN WRK_SSLXEXE
+$       DEASSIGN WRK_SSLCERTS
+$       DEASSIGN WRK_SSLPRIVATE
+$
 $       EXIT
diff --git a/src/lib/libssl/src/makevms.com b/src/lib/libssl/src/makevms.com
index e0b856d1bb..b46e69a423 100644
--- a/src/lib/libssl/src/makevms.com
+++ b/src/lib/libssl/src/makevms.com
@@ -7,18 +7,19 @@ $!                A-Com Computing, Inc.
 $!                byer@mail.all-net.net
 $!
 $! Changes by Richard Levitte <richard@levitte.org>
+$!            Zoltan Arpadffy <zoli@polarhome.com>
 $!
 $! This procedure creates the SSL libraries of "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB"
 $! "[.xxx.EXE.SSL]LIBSSL.OLB"
-$! The "xxx" denotes the machine architecture of AXP or VAX.
+$! The "xxx" denotes the machine architecture of ALPHA, IA64 or VAX.
 $!
 $! This procedures accepts two command line options listed below.
 $!
 $! Specify one of the following build options for P1.
 $!
 $!      ALL       Just build "everything".
-$!      CONFIG    Just build the "[.CRYPTO]OPENSSLCONF.H" file.
+$!      CONFIG    Just build the "[.CRYPTO._xxx]OPENSSLCONF.H" file.
-$!      BUILDINF  Just build the "[.CRYPTO]BUILDINF.H" file.
+$!      BUILDINF  Just build the "[.CRYPTO._xxx]BUILDINF.H" file.
 $!      SOFTLINKS Just fix the Unix soft links.
 $!      BUILDALL  Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done.
 $!      CRYPTO    Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
@@ -34,10 +35,10 @@ $!
 $! P2 is ignored (it was used to denote if RSAref should be used or not,
 $! and is simply kept so surrounding scripts don't get confused)
 $!
-$! Speficy DEBUG or NODEBUG as P3 to compile with or without debugging
+$! Specify DEBUG or NODEBUG as P3 to compile with or without debugging
 $! information.
 $!
-$! Specify which compiler at P4 to try to compile under.
+$! Specify which compiler as P4 to try to compile under.
 $!
 $!        VAXC   For VAX C.
 $!        DECC   For DEC C.
@@ -45,7 +46,7 @@ $!	  GNUC	 For GNU C.
 $!        LINK   To only link the programs from existing object files.
 $!               (not yet implemented)
 $!
-$! If you don't speficy a compiler, it will try to determine which
+$! If you don't specify a compiler, it will try to determine which
 $! "C" compiler to use.
 $!
 $! P5, if defined, sets a TCP/IP library to use, through one of the following
@@ -62,6 +63,10 @@ $!
 $! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
 $!
 $!
+$ DEF_ORIG = F$ENVIRONMENT( "DEFAULT")
+$ ON ERROR THEN GOTO TIDY
+$ ON CONTROL_C THEN GOTO TIDY
+$!
 $! Check if we're in a batch job, and make sure we get to 
 $! the directory this script is in
 $!
@@ -72,27 +77,32 @@ $   COMPATH=F$PARSE("A.;",COMNAME) - "A.;"
 $   SET DEF 'COMPATH'
 $ ENDIF
 $!
-$! Check Which Architecture We Are Using.
+$! Check What Architecture We Are Using.
 $!
-$ IF (F$GETSYI("CPU").GE.128)
+$ IF (F$GETSYI("CPU").LT.128)
 $ THEN
 $!
-$!  The Architecture Is AXP.
+$!  The Architecture Is VAX.
 $!
-$   ARCH := AXP
+$   ARCH = "VAX"
 $!
 $! Else...
 $!
 $ ELSE
 $!
-$!  The Architecture Is VAX.
+$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
 $!
-$   ARCH := VAX
+$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
 $!
 $! End The Architecture Check.
 $!
 $ ENDIF
 $!
+$! Get VMS version.
+$!
+$ VMS_VERSION = f$edit( f$getsyi( "VERSION"), "TRIM")
+$!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
 $ GOSUB CHECK_OPTIONS
@@ -155,25 +165,55 @@ $ ENDIF
 $!
 $! Time To EXIT.
 $!
-$ EXIT
+$ GOTO TIDY
 $!
-$! Rebuild The "[.CRYPTO]OPENSSLCONF.H" file.
+$! Rebuild The [.CRYPTO._xxx]OPENSSLCONF.H" file.
 $!
 $ CONFIG:
 $!
-$! Tell The User We Are Creating The [.CRYPTO]OPENSSLCONF.H File.
+$! Tell The User We Are Creating The [.CRYPTO._xxx]OPENSSLCONF.H File.
+$!
+$ WRITE SYS$OUTPUT "Creating [.CRYPTO._''ARCH']OPENSSLCONF.H Include File."
+$!
+$! First, make sure the directory exists.
 $!
-$ WRITE SYS$OUTPUT "Creating [.CRYPTO]OPENSSLCONF.H Include File."
+$ IF F$PARSE("SYS$DISK:[.CRYPTO._''ARCH']") .EQS. "" THEN -
+     CREATE/DIRECTORY SYS$DISK:[.CRYPTO._'ARCH']
+$!
+$! Different tar/UnZip versions/option may have named the file differently
+$ IF F$SEARCH("[.crypto]opensslconf.h_in") .NES. ""
+$ THEN
+$   OPENSSLCONF_H_IN = "[.crypto]opensslconf.h_in"
+$ ELSE
+$   IF F$SEARCH( "[.crypto]opensslconf_h.in") .NES. ""
+$   THEN
+$     OPENSSLCONF_H_IN = "[.crypto]opensslconf_h.in"
+$   ELSE
+$     ! For ODS-5
+$     IF F$SEARCH( "[.crypto]opensslconf.h.in") .NES. ""
+$     THEN
+$       OPENSSLCONF_H_IN = "[.crypto]opensslconf.h.in"
+$     ELSE
+$       WRITE SYS$ERROR "Couldn't find a [.crypto]opensslconf.h.in.  Exiting!"
+$       $STATUS = %X00018294 ! "%RMS-F-FNF, file not found".
+$       GOTO TIDY
+$     ENDIF
+$   ENDIF
+$ ENDIF
 $!
-$! Create The [.CRYPTO]OPENSSLCONF.H File.
+$! Create The [.CRYPTO._xxx]OPENSSLCONF.H File.
+$! Make sure it has the right format.
 $!
-$ OPEN/WRITE H_FILE SYS$DISK:[.CRYPTO]OPENSSLCONF.H
+$ OSCH_NAME = "SYS$DISK:[.CRYPTO._''ARCH']OPENSSLCONF.H"
+$ CREATE /FDL=SYS$INPUT: 'OSCH_NAME'
+RECORD
+        FORMAT stream_lf
+$ OPEN /APPEND H_FILE 'OSCH_NAME'
 $!
-$! Write The [.CRYPTO]OPENSSLCONF.H File.
+$! Write The [.CRYPTO._xxx]OPENSSLCONF.H File.
 $!
 $ WRITE H_FILE "/* This file was automatically built using makevms.com */"
-$ WRITE H_FILE "/* and [.CRYPTO]OPENSSLCONF.H_IN */"
+$ WRITE H_FILE "/* and ''OPENSSLCONF_H_IN' */"
-$
 $!
 $! Write a few macros that indicate how this system was built.
 $!
@@ -181,78 +221,253 @@ $ WRITE H_FILE ""
 $ WRITE H_FILE "#ifndef OPENSSL_SYS_VMS"
 $ WRITE H_FILE "# define OPENSSL_SYS_VMS"
 $ WRITE H_FILE "#endif"
-$ CONFIG_LOGICALS := NO_ASM,NO_RSA,NO_DSA,NO_DH,NO_MD2,NO_MD5,NO_RIPEMD,-
+$
-        NO_SHA,NO_SHA0,NO_SHA1,NO_DES/NO_MDC2;NO_MDC2,NO_RC2,NO_RC4,NO_RC5,-
+$! One of the best way to figure out what the list should be is to do
-        NO_IDEA,NO_BF,NO_CAST,NO_CAMELLIA,NO_SEED,NO_HMAC,NO_SSL2
+$! the followin on a Unix system:
+$!   grep OPENSSL_NO_ crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep ':# *if'|sed -e 's/^.*def //'|sort|uniq
+$! For that reason, the list will also always end up in alphabetical order
+$ CONFIG_LOGICALS := AES,-
+                     ASM,INLINE_ASM,-
+                     BF,-
+                     BIO,-
+                     BUFFER,-
+                     BUF_FREELISTS,-
+                     CAMELLIA,-
+                     CAST,-
+                     CMS,-
+                     COMP,-
+                     DEPRECATED,-
+                     DES,-
+                     DGRAM,-
+                     DH,-
+                     DSA,-
+                     EC,-
+                     ECDH,-
+                     ECDSA,-
+                     ENGINE,-
+                     ERR,-
+                     EVP,-
+                     FP_API,-
+                     GMP,-
+                     GOST,-
+                     HASH_COMP,-
+                     HMAC,-
+                     IDEA,-
+                     JPAKE,-
+                     KRB5,-
+                     LHASH,-
+                     MD2,-
+                     MD4,-
+                     MD5,-
+                     MDC2,-
+                     OCSP,-
+                     PSK,-
+                     RC2,-
+                     RC4,-
+                     RC5,-
+                     RFC3779,-
+                     RIPEMD,-
+                     RSA,-
+                     SEED,-
+                     SHA,-
+                     SHA0,-
+                     SHA1,-
+                     SHA256,-
+                     SHA512,-
+                     SOCK,-
+                     SSL2,-
+                     STACK,-
+                     STATIC_ENGINE,-
+                     STDIO,-
+                     STORE,-
+                     TLSEXT,-
+                     WHIRLPOOL,-
+                     X509
+$! Add a few that we know about
+$ CONFIG_LOGICALS := 'CONFIG_LOGICALS',-
+                     THREADS
+$! The following rules, which dictate how some algorithm choices affect
+$! others, are picked from Configure.
+$! Quick syntax:
+$!  list = item[ ; list]
+$!  item = algos / dependents
+$!  algos = algo [, algos]
+$!  dependents = dependent [, dependents]
+$! When a list of algos is specified in one item, it means that they must
+$! all be disabled for the rule to apply.
+$! When a list of dependents is specified in one item, it means that they
+$! will all be disabled if the rule applies.
+$! Rules are checked sequentially.  If a rule disables an algorithm, it will
+$! affect all following rules that depend on that algorithm being disabled.
+$! To force something to be enabled or disabled, have no algorithms in the
+$! algos part.
+$ CONFIG_DISABLE_RULES := RIJNDAEL/AES;-
+                          DES/MDC2;-
+                          EC/ECDSA,ECDH;-
+                          MD5/SSL2,SSL3,TLS1;-
+                          SHA/SSL3,TLS1;-
+                          RSA/SSL2;-
+                          RSA,DSA/SSL2;-
+                          DH/SSL3,TLS1;-
+                          TLS1/TLSEXT;-
+                          EC/GOST;-
+                          DSA/GOST;-
+                          DH/GOST;-
+                          /STATIC_ENGINE;-
+                          /KRB5
+$ CONFIG_ENABLE_RULES := ZLIB_DYNAMIC/ZLIB;-
+                         /THREADS
+$
+$! Architecture specific rule addtions
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$   ! Disable algorithms that require 64 bit integers in C
+$   CONFIG_DISABLE_RULES = CONFIG_DISABLE_RULES + -
+                           ";/GOST" + -
+                           ";/WHIRLPOOL"
+$ ENDIF
+$
 $ CONFIG_LOG_I = 0
-$ CONFIG_LOG_LOOP:
+$ CONFIG_LOG_LOOP1:
-$   CONFIG_LOG_E1 = F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS)
+$   CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM")
 $   CONFIG_LOG_I = CONFIG_LOG_I + 1
-$   IF CONFIG_LOG_E1 .EQS. "" THEN GOTO CONFIG_LOG_LOOP
+$   IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP1
-$   IF CONFIG_LOG_E1 .EQS. "," THEN GOTO CONFIG_LOG_LOOP_END
+$   IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP1_END
-$   CONFIG_LOG_E2 = F$EDIT(CONFIG_LOG_E1,"TRIM")
+$   IF F$TRNLNM("OPENSSL_NO_"+CONFIG_LOG_E)
-$   CONFIG_LOG_E1 = F$ELEMENT(0,";",CONFIG_LOG_E2)
-$   CONFIG_LOG_E2 = F$ELEMENT(1,";",CONFIG_LOG_E2)
-$   CONFIG_LOG_E0 = F$ELEMENT(0,"/",CONFIG_LOG_E1)
-$   CONFIG_LOG_E1 = F$ELEMENT(1,"/",CONFIG_LOG_E1)
-$   IF F$TRNLNM("OPENSSL_"+CONFIG_LOG_E0)
 $   THEN
-$     WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E0
+$       CONFIG_DISABLED_'CONFIG_LOG_E' := YES
-$     WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E0
+$       CONFIG_ENABLED_'CONFIG_LOG_E' := NO
-$     WRITE H_FILE "#endif"
+$       CONFIG_CHANGED_'CONFIG_LOG_E' := YES
-$     IF CONFIG_LOG_E1 .NES. "/"
+$   ELSE
+$       CONFIG_DISABLED_'CONFIG_LOG_E' := NO
+$       CONFIG_ENABLED_'CONFIG_LOG_E' := YES
+$       ! Because all algorithms are assumed enabled by default
+$       CONFIG_CHANGED_'CONFIG_LOG_E' := NO
+$   ENDIF
+$   GOTO CONFIG_LOG_LOOP1
+$ CONFIG_LOG_LOOP1_END:
+$
+$! Apply cascading disable rules
+$ CONFIG_DISABLE_I = 0
+$ CONFIG_DISABLE_LOOP0:
+$   CONFIG_DISABLE_E = F$EDIT(F$ELEMENT(CONFIG_DISABLE_I,";",CONFIG_DISABLE_RULES),"TRIM")
+$   CONFIG_DISABLE_I = CONFIG_DISABLE_I + 1
+$   IF CONFIG_DISABLE_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP0
+$   IF CONFIG_DISABLE_E .EQS. ";" THEN GOTO CONFIG_DISABLE_LOOP0_END
+$
+$   CONFIG_DISABLE_ALGOS = F$EDIT(F$ELEMENT(0,"/",CONFIG_DISABLE_E),"TRIM")
+$   CONFIG_DISABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_DISABLE_E),"TRIM")
+$   TO_DISABLE := YES
+$   CONFIG_ALGO_I = 0
+$   CONFIG_DISABLE_LOOP1:
+$     CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",",CONFIG_DISABLE_ALGOS),"TRIM")
+$     CONFIG_ALGO_I = CONFIG_ALGO_I + 1
+$     IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP1
+$     IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP1_END
+$     IF F$TYPE(CONFIG_DISABLED_'CONFIG_ALGO_E') .EQS. ""
 $     THEN
-$       WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E1
+$       TO_DISABLE := NO
-$       WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E1
+$     ELSE
-$       WRITE H_FILE "#endif"
+$       IF .NOT. CONFIG_DISABLED_'CONFIG_ALGO_E' THEN TO_DISABLE := NO
 $     ENDIF
-$   ELSE
+$     GOTO CONFIG_DISABLE_LOOP1
-$     IF CONFIG_LOG_E2 .NES. ";"
+$   CONFIG_DISABLE_LOOP1_END:
+$
+$   IF TO_DISABLE
+$   THEN
+$     CONFIG_DEPENDENT_I = 0
+$     CONFIG_DISABLE_LOOP2:
+$       CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",",CONFIG_DISABLE_DEPENDENTS),"TRIM")
+$       CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1
+$       IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP2
+$       IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP2_END
+$       CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := YES
+$       CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := NO
+$       ! Better not to assume defaults at this point...
+$       CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES
+$       WRITE SYS$ERROR "''CONFIG_DEPENDENT_E' disabled by rule ''CONFIG_DISABLE_E'"
+$       GOTO CONFIG_DISABLE_LOOP2
+$     CONFIG_DISABLE_LOOP2_END:
+$   ENDIF
+$   GOTO CONFIG_DISABLE_LOOP0
+$ CONFIG_DISABLE_LOOP0_END:
+$       
+$! Apply cascading enable rules
+$ CONFIG_ENABLE_I = 0
+$ CONFIG_ENABLE_LOOP0:
+$   CONFIG_ENABLE_E = F$EDIT(F$ELEMENT(CONFIG_ENABLE_I,";",CONFIG_ENABLE_RULES),"TRIM")
+$   CONFIG_ENABLE_I = CONFIG_ENABLE_I + 1
+$   IF CONFIG_ENABLE_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP0
+$   IF CONFIG_ENABLE_E .EQS. ";" THEN GOTO CONFIG_ENABLE_LOOP0_END
+$
+$   CONFIG_ENABLE_ALGOS = F$EDIT(F$ELEMENT(0,"/",CONFIG_ENABLE_E),"TRIM")
+$   CONFIG_ENABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_ENABLE_E),"TRIM")
+$   TO_ENABLE := YES
+$   CONFIG_ALGO_I = 0
+$   CONFIG_ENABLE_LOOP1:
+$     CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",",CONFIG_ENABLE_ALGOS),"TRIM")
+$     CONFIG_ALGO_I = CONFIG_ALGO_I + 1
+$     IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP1
+$     IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP1_END
+$     IF F$TYPE(CONFIG_ENABLED_'CONFIG_ALGO_E') .EQS. ""
 $     THEN
-$       IF F$TRNLNM("OPENSSL_"+CONFIG_LOG_E2)
+$       TO_ENABLE := NO
-$       THEN
+$     ELSE
-$         WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E2
+$       IF .NOT. CONFIG_ENABLED_'CONFIG_ALGO_E' THEN TO_ENABLE := NO
-$         WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E2
-$         WRITE H_FILE "#endif"
-$       ENDIF
 $     ENDIF
+$     GOTO CONFIG_ENABLE_LOOP1
+$   CONFIG_ENABLE_LOOP1_END:
+$
+$   IF TO_ENABLE
+$   THEN
+$     CONFIG_DEPENDENT_I = 0
+$     CONFIG_ENABLE_LOOP2:
+$       CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",",CONFIG_ENABLE_DEPENDENTS),"TRIM")
+$       CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1
+$       IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP2
+$       IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP2_END
+$       CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := NO
+$       CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := YES
+$       ! Better not to assume defaults at this point...
+$       CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES
+$       WRITE SYS$ERROR "''CONFIG_DEPENDENT_E' enabled by rule ''CONFIG_ENABLE_E'"
+$       GOTO CONFIG_ENABLE_LOOP2
+$     CONFIG_ENABLE_LOOP2_END:
 $   ENDIF
-$   GOTO CONFIG_LOG_LOOP
+$   GOTO CONFIG_ENABLE_LOOP0
-$ CONFIG_LOG_LOOP_END:
+$ CONFIG_ENABLE_LOOP0_END:
-$ WRITE H_FILE "#ifndef OPENSSL_NO_STATIC_ENGINE"
+$
-$ WRITE H_FILE "# define OPENSSL_NO_STATIC_ENGINE"
+$! Write to the configuration
-$ WRITE H_FILE "#endif"
+$ CONFIG_LOG_I = 0
-$ WRITE H_FILE "#ifndef OPENSSL_THREADS"
+$ CONFIG_LOG_LOOP2:
-$ WRITE H_FILE "# define OPENSSL_THREADS"
+$   CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM")
-$ WRITE H_FILE "#endif"
+$   CONFIG_LOG_I = CONFIG_LOG_I + 1
-$ WRITE H_FILE "#ifndef OPENSSL_NO_KRB5"
+$   IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP2
-$ WRITE H_FILE "# define OPENSSL_NO_KRB5"
+$   IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP2_END
-$ WRITE H_FILE "#endif"
+$   IF CONFIG_CHANGED_'CONFIG_LOG_E'
-$ WRITE H_FILE ""
-$!
-$! Different tar version may have named the file differently
-$ IF F$SEARCH("[.CRYPTO]OPENSSLCONF.H_IN") .NES. ""
-$ THEN
-$   TYPE [.CRYPTO]OPENSSLCONF.H_IN /OUTPUT=H_FILE:
-$ ELSE
-$   IF F$SEARCH("[.CRYPTO]OPENSSLCONF_H.IN") .NES. ""
 $   THEN
-$     TYPE [.CRYPTO]OPENSSLCONF_H.IN /OUTPUT=H_FILE:
+$     IF CONFIG_DISABLED_'CONFIG_LOG_E'
-$   ELSE
-$     ! For ODS-5
-$     IF F$SEARCH("[.CRYPTO]OPENSSLCONF.H.IN") .NES. ""
 $     THEN
-$       TYPE [.CRYPTO]OPENSSLCONF.H.IN /OUTPUT=H_FILE:
+$       WRITE H_FILE "#ifndef OPENSSL_NO_",CONFIG_LOG_E
+$       WRITE H_FILE "# define OPENSSL_NO_",CONFIG_LOG_E
+$       WRITE H_FILE "#endif"
 $     ELSE
-$       WRITE SYS$ERROR "Couldn't find a [.CRYPTO]OPENSSLCONF.H_IN.  Exiting!"
+$       WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E
-$       EXIT 0
+$       WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E
+$       WRITE H_FILE "#endif"
 $     ENDIF
 $   ENDIF
-$ ENDIF
+$   GOTO CONFIG_LOG_LOOP2
-$ IF ARCH .EQS. "AXP"
+$ CONFIG_LOG_LOOP2_END:
+$!
+$! Add in the common "crypto/opensslconf.h.in".
+$!
+$ TYPE 'OPENSSLCONF_H_IN' /OUTPUT=H_FILE:
+$!
+$ IF ARCH .NES. "VAX"
 $ THEN
 $!
-$!  Write the Alpha specific data
+$!  Write the non-VAX specific data
 $!
 $   WRITE H_FILE "#if defined(HEADER_RC4_H)"
 $   WRITE H_FILE "#undef RC4_INT"
@@ -318,10 +533,11 @@ $   WRITE H_FILE "#undef SIXTEEN_BIT"
 $   WRITE H_FILE "#undef EIGHT_BIT"
 $   WRITE H_FILE "#endif"
 $!
-$   WRITE H_FILE "#if defined(HEADER_SHA_H)"
+$! Oddly enough, the following symbol is tested in crypto/sha/sha512.c
+$! before sha.h gets included (and HEADER_SHA_H defined), so we will not
+$! protect this one...
 $   WRITE H_FILE "#undef OPENSSL_NO_SHA512"
 $   WRITE H_FILE "#define OPENSSL_NO_SHA512"
-$   WRITE H_FILE "#endif"
 $!
 $   WRITE H_FILE "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION"
 $   WRITE H_FILE "#define OPENSSL_EXPORT_VAR_AS_FUNCTION"
@@ -330,40 +546,53 @@ $!  End
 $!
 $ ENDIF
 $!
-$! Close the [.CRYPTO]OPENSSLCONF.H file
+$! Close the [.CRYPTO._xxx]OPENSSLCONF.H file
 $!
 $ CLOSE H_FILE
 $!
+$! Purge The [.CRYPTO._xxx]OPENSSLCONF.H file
+$!
+$ PURGE SYS$DISK:[.CRYPTO._'ARCH']OPENSSLCONF.H
+$!
 $! That's All, Time To RETURN.
 $!
 $ RETURN
 $!
-$! Rebuild The "[.CRYPTO]BUILDINF.H" file.
+$! Rebuild The "[.CRYPTO._xxx]BUILDINF.H" file.
 $!
 $ BUILDINF:
 $!
-$! Tell The User We Are Creating The [.CRYPTO]BUILDINF.H File.
+$! Tell The User We Are Creating The [.CRYPTO._xxx]BUILDINF.H File.
+$!
+$ WRITE SYS$OUTPUT "Creating [.CRYPTO._''ARCH']BUILDINF.H Include File."
 $!
-$ WRITE SYS$OUTPUT "Creating [.CRYPTO]BUILDINF.H Include File."
+$! Create The [.CRYPTO._xxx]BUILDINF.H File.
 $!
-$! Create The [.CRYPTO]BUILDINF.H File.
+$ BIH_NAME = "SYS$DISK:[.CRYPTO._''ARCH']BUILDINF.H"
+$ CREATE /FDL=SYS$INPUT: 'BIH_NAME'
+RECORD
+        FORMAT stream_lf
 $!
-$ OPEN/WRITE H_FILE SYS$DISK:[.CRYPTO]BUILDINF.H
+$ OPEN /APPEND H_FILE 'bih_name'
 $!
 $! Get The Current Date & Time.
 $!
 $ TIME = F$TIME()
 $!
-$! Write The [.CRYPTO]BUILDINF.H File.
+$! Write The [.CRYPTO._xxx]BUILDINF.H File.
 $!
 $ WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */"
-$ WRITE H_FILE "#define PLATFORM ""VMS"""
+$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCH' ''VMS_VERSION'"""
 $ WRITE H_FILE "#define DATE ""''TIME'"" "
 $!
-$! Close The [.CRYPTO]BUILDINF.H File.
+$! Close The [.CRYPTO._xxx]BUILDINF.H File.
 $!
 $ CLOSE H_FILE
 $!
+$! Purge The [.CRYPTO._xxx]BUILDINF.H File.
+$!
+$ PURGE SYS$DISK:[.CRYPTO._'ARCH']BUILDINF.H
+$!
 $! That's All, Time To RETURN.
 $!
 $ RETURN
@@ -374,42 +603,14 @@ $ SOFTLINKS:
 $!
 $! Tell The User We Are Partly Rebuilding The [.APPS] Directory.
 $!
-$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C', '[.APPS]MD5.C' And '[.APPS]RMD160.C' Files."
+$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C' File."
 $!
-$ DELETE SYS$DISK:[.APPS]MD4.C;*,MD5.C;*,RMD160.C;*
+$ DELETE SYS$DISK:[.APPS]MD4.C;*
 $!
 $! Copy MD4.C from [.CRYPTO.MD4] into [.APPS]
 $!
 $ COPY SYS$DISK:[.CRYPTO.MD4]MD4.C SYS$DISK:[.APPS]
 $!
-$! Copy MD5.C from [.CRYPTO.MD5] into [.APPS]
-$!
-$ COPY SYS$DISK:[.CRYPTO.MD5]MD5.C SYS$DISK:[.APPS]
-$!
-$! Copy RMD160.C from [.CRYPTO.RIPEMD] into [.APPS]
-$!
-$ COPY SYS$DISK:[.CRYPTO.RIPEMD]RMD160.C SYS$DISK:[.APPS]
-$!
-$! Tell The User We Are Partly Rebuilding The [.TEST] Directory.
-$!
-$ WRITE SYS$OUTPUT "Rebuilding The '[.TEST]*.C' Files."
-$!
-$! First, We Have To "Rebuild" The "[.TEST]" Directory, So Delete
-$! All The "C" Files That Are Currently There Now.
-$!
-$ DELETE SYS$DISK:[.TEST]*.C;*
-$ DELETE SYS$DISK:[.TEST]EVPTESTS.TXT;*
-$!
-$! Copy all the *TEST.C files from [.CRYPTO...] into [.TEST]
-$!
-$ COPY SYS$DISK:[.CRYPTO.*]%*TEST.C SYS$DISK:[.TEST]
-$ COPY SYS$DISK:[.CRYPTO.SHA]SHA%%%T.C SYS$DISK:[.TEST]
-$ COPY SYS$DISK:[.CRYPTO.EVP]EVPTESTS.TXT SYS$DISK:[.TEST]
-$!
-$! Copy all the *TEST.C files from [.SSL...] into [.TEST]
-$!
-$ COPY SYS$DISK:[.SSL]%*TEST.C SYS$DISK:[.TEST]
-$!
 $! Tell The User We Are Rebuilding The [.INCLUDE.OPENSSL] Directory.
 $!
 $ WRITE SYS$OUTPUT "Rebuilding The '[.INCLUDE.OPENSSL]' Directory."
@@ -427,15 +628,16 @@ $!
 $! Copy All The ".H" Files From The [.CRYPTO] Directory Tree.
 $!
 $ SDIRS := ,-
+   _'ARCH',-
   OBJECTS,-
-   MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,-
+   MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,-
-   DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,-
+   DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,-
   BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,-
   BUFFER,BIO,STACK,LHASH,RAND,ERR,-
   EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,-
-   STORE,CMS,PQUEUE,JPAKE
+   STORE,CMS,PQUEUE,TS,JPAKE
-$ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,symhacks.h,-
+$ EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h
-                ossl_typ.h
+$ EXHEADER__'ARCH' := opensslconf.h
 $ EXHEADER_OBJECTS := objects.h,obj_mac.h
 $ EXHEADER_MD2 := md2.h
 $ EXHEADER_MD4 := md4.h
@@ -444,6 +646,7 @@ $ EXHEADER_SHA := sha.h
 $ EXHEADER_MDC2 := mdc2.h
 $ EXHEADER_HMAC := hmac.h
 $ EXHEADER_RIPEMD := ripemd.h
+$ EXHEADER_WHRLPOOL := whrlpool.h
 $ EXHEADER_DES := des.h,des_old.h
 $ EXHEADER_AES := aes.h
 $ EXHEADER_RC2 := rc2.h
@@ -454,6 +657,7 @@ $ EXHEADER_BF := blowfish.h
 $ EXHEADER_CAST := cast.h
 $ EXHEADER_CAMELLIA := camellia.h
 $ EXHEADER_SEED := seed.h
+$ EXHEADER_MODES := modes.h
 $ EXHEADER_BN := bn.h
 $ EXHEADER_EC := ec.h
 $ EXHEADER_RSA := rsa.h
@@ -485,7 +689,8 @@ $ EXHEADER_KRB5 := krb5_asn.h
 $!EXHEADER_STORE := store.h,str_compat.h
 $ EXHEADER_STORE := store.h
 $ EXHEADER_CMS := cms.h
-$ EXHEADER_PQUEUE := pqueue.h,pq_compat.h
+$ EXHEADER_PQUEUE := pqueue.h
+$ EXHEADER_TS := ts.h
 $ EXHEADER_JPAKE := jpake.h
 $
 $ I = 0
@@ -697,15 +902,16 @@ $! Else...
 $!
 $ ELSE
 $!
-$!  Else, Check To See If P1 Has A Valid Arguement.
+$!  Else, Check To See If P1 Has A Valid Argument.
 $!
 $   IF (P1.EQS."CONFIG").OR.(P1.EQS."BUILDINF").OR.(P1.EQS."SOFTLINKS") -
       .OR.(P1.EQS."BUILDALL") -
       .OR.(P1.EQS."CRYPTO").OR.(P1.EQS."SSL") -
-       .OR.(P1.EQS."SSL_TASK").OR.(P1.EQS."TEST").OR.(P1.EQS."APPS")
+       .OR.(P1.EQS."SSL_TASK").OR.(P1.EQS."TEST").OR.(P1.EQS."APPS") -
+       .OR.(P1.EQS."ENGINES")
 $   THEN
 $!
-$!    A Valid Arguement.
+$!    A Valid Argument.
 $!
 $     BUILDCOMMAND = P1
 $!
@@ -716,11 +922,15 @@ $!
 $!    Tell The User We Don't Know What They Want.
 $!
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT "USAGE:   @MAKEVMS.COM [Target] [not-used option] [Debug option] <Compiler>"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL NORSAREF NODEBUG "
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Target ",P1," Is Invalid.  The Valid Target Options Are:"
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
-$     WRITE SYS$OUTPUT "    CONFIG   :  Just build the [.CRYPTO]OPENSSLCONF.H file."
+$     WRITE SYS$OUTPUT "    CONFIG   :  Just build the [.CRYPTO._xxx]OPENSSLCONF.H file."
-$     WRITE SYS$OUTPUT "    BUILDINF :  Just build the [.CRYPTO]BUILDINF.H file."
+$     WRITE SYS$OUTPUT "    BUILDINF :  Just build the [.CRYPTO._xxx]BUILDINF.H file."
 $     WRITE SYS$OUTPUT "    SOFTLINKS:  Just Fix The Unix soft links."
 $     WRITE SYS$OUTPUT "    BUILDALL :  Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done."
 $     WRITE SYS$OUTPUT "    CRYPTO   :  To Build Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
@@ -730,16 +940,18 @@ $     WRITE SYS$OUTPUT "    SSL      :  To Build Just The [.xxx.EXE.SSL]LIBSSL.O
 $     WRITE SYS$OUTPUT "    SSL_TASK :  To Build Just The [.xxx.EXE.SSL]SSL_TASK.EXE Program."
 $     WRITE SYS$OUTPUT "    TEST     :  To Build Just The OpenSSL Test Programs."
 $     WRITE SYS$OUTPUT "    APPS     :  To Build Just The OpenSSL Application Programs."
+$     WRITE SYS$OUTPUT "    ENGINES  :  To Build Just The ENGINES"
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
+$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
 $     WRITE SYS$OUTPUT ""
 $!
 $!    Time To EXIT.
 $!
-$     EXIT
+$     GOTO TIDY
 $!
 $!  End The Valid Argument Check.
 $!
@@ -786,9 +998,9 @@ $     WRITE SYS$OUTPUT ""
 $!
 $!    Time To EXIT.
 $!
-$     EXIT
+$     GOTO TIDY
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -927,7 +1139,7 @@ $!    End The GNU C Check.
 $!
 $     ENDIF
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $   ELSE
 $!
@@ -943,9 +1155,9 @@ $     WRITE SYS$OUTPUT ""
 $!
 $!    Time To EXIT.
 $!
-$     EXIT
+$     GOTO TIDY
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -1052,7 +1264,7 @@ $!  Print info
 $!
 $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $   IF P5 .NES. ""
@@ -1071,7 +1283,7 @@ $     WRITE SYS$OUTPUT ""
 $!
 $!    Time To EXIT.
 $!
-$     EXIT
+$     GOTO TIDY
 $   ELSE
 $!
 $! If TCPIP is not defined, then hardcode it to make
@@ -1107,7 +1319,7 @@ $!
 $!  Get The Version Of VMS We Are Using.
 $!
 $   ISSEVEN :=
-$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,VMS_VERSION))
 $   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
 $!
 $!  Check To See If The VMS Version Is v7.1 Or Later.
@@ -1130,3 +1342,8 @@ $!
 $!  Time To RETURN...
 $!
 $ RETURN
+$!
+$ TIDY:
+$ SET DEFAULT 'DEF_ORIG'
+$ EXIT
+$!
diff --git a/src/lib/libssl/src/ms/README b/src/lib/libssl/src/ms/README
index 7a45db1081..07f1925d5f 100644
--- a/src/lib/libssl/src/ms/README
+++ b/src/lib/libssl/src/ms/README
@@ -4,7 +4,7 @@ to build with visual C++ 4.[01].
 The results will be in the out directory.
-These makefiles and def files were generated my typing
+These makefiles and def files were generated by typing
 perl util\mk1mf.pl VC-NT >ms/nt.mak
 perl util\mk1mf.pl VC-NT dll >ms/ntdll.mak
diff --git a/src/lib/libssl/src/ms/bcb4.bat b/src/lib/libssl/src/ms/bcb4.bat
index 71a670e794..00fb9e8459 100644
--- a/src/lib/libssl/src/ms/bcb4.bat
+++ b/src/lib/libssl/src/ms/bcb4.bat
@@ -1,6 +1,6 @@
-perl Configure BC-32
+perl Configure BC-32
-perl util\mkfiles.pl > MINFO
+perl util\mkfiles.pl > MINFO
-@rem create make file
+@rem create make file
-perl util\mk1mf.pl no-asm BC-NT > bcb.mak
+perl util\mk1mf.pl no-asm BC-NT > bcb.mak
diff --git a/src/lib/libssl/src/ms/do_ms.bat b/src/lib/libssl/src/ms/do_ms.bat
index 9323336f9b..55014d3fc3 100644
--- a/src/lib/libssl/src/ms/do_ms.bat
+++ b/src/lib/libssl/src/ms/do_ms.bat
@@ -1,9 +1,11 @@
-perl util\mkfiles.pl >MINFO
+perl util\mkfiles.pl >MINFO
-perl util\mk1mf.pl no-asm VC-WIN32 >ms\nt.mak
+perl util\mk1mf.pl no-asm VC-WIN32 >ms\nt.mak
-perl util\mk1mf.pl dll no-asm VC-WIN32 >ms\ntdll.mak
+perl util\mk1mf.pl dll no-asm VC-WIN32 >ms\ntdll.mak
-perl util\mk1mf.pl no-asm VC-CE >ms\ce.mak
+if x%OSVERSION% == x goto skipce
-perl util\mk1mf.pl dll no-asm VC-CE >ms\cedll.mak
+perl util\mk1mf.pl no-asm VC-CE >ms\ce.mak
+perl util\mk1mf.pl dll no-asm VC-CE >ms\cedll.mak
-perl util\mkdef.pl 32 libeay > ms\libeay32.def
+:skipce
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
+perl util\mkdef.pl 32 libeay > ms\libeay32.def
+perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
diff --git a/src/lib/libssl/src/ms/do_nasm.bat b/src/lib/libssl/src/ms/do_nasm.bat
index 7656c498df..7b3f3edbf0 100644
--- a/src/lib/libssl/src/ms/do_nasm.bat
+++ b/src/lib/libssl/src/ms/do_nasm.bat
@@ -1,76 +1,4 @@
-@echo off
-SET ASMOPTS=-DOPENSSL_IA32_SSE2
-echo Generating x86 for NASM assember
-echo Bignum
-cd crypto\bn\asm
-perl bn-586.pl win32n %ASMOPTS% > bn_win32.asm
-perl co-586.pl win32n %ASMOPTS% > co_win32.asm
-perl mo-586.pl win32n %ASMOPTS% > mt_win32.asm
-cd ..\..\..
-echo AES
-cd crypto\aes\asm
-perl aes-586.pl win32n %ASMOPTS% > a_win32.asm
-cd ..\..\..
-echo DES
-cd crypto\des\asm
-perl des-586.pl win32n %ASMOPTS% > d_win32.asm
-cd ..\..\..
-echo "crypt(3)"
-cd crypto\des\asm
-perl crypt586.pl win32n %ASMOPTS% > y_win32.asm
-cd ..\..\..
-echo Blowfish
-cd crypto\bf\asm
-perl bf-586.pl win32n %ASMOPTS% > b_win32.asm
-cd ..\..\..
-echo CAST5
-cd crypto\cast\asm
-perl cast-586.pl win32n %ASMOPTS% > c_win32.asm
-cd ..\..\..
-echo RC4
-cd crypto\rc4\asm
-perl rc4-586.pl win32n %ASMOPTS% > r4_win32.asm
-cd ..\..\..
-echo MD5
-cd crypto\md5\asm
-perl md5-586.pl win32n %ASMOPTS% > m5_win32.asm
-cd ..\..\..
-echo SHA1
-cd crypto\sha\asm
-perl sha1-586.pl win32n %ASMOPTS% > s1_win32.asm
-perl sha512-sse2.pl win32n %ASMOPTS% > sha512-sse2.asm
-cd ..\..\..
-echo RIPEMD160
-cd crypto\ripemd\asm
-perl rmd-586.pl win32n %ASMOPTS% > rm_win32.asm
-cd ..\..\..
-echo RC5\32
-cd crypto\rc5\asm
-perl rc5-586.pl win32n %ASMOPTS% > r5_win32.asm
-cd ..\..\..
-echo CPU-ID
-cd crypto
-perl x86cpuid.pl win32n %ASMOPTS% > cpu_win32.asm
-cd ..
-echo on
 perl util\mkfiles.pl >MINFO
 perl util\mk1mf.pl nasm VC-WIN32 >ms\nt.mak
 perl util\mk1mf.pl dll nasm VC-WIN32 >ms\ntdll.mak
diff --git a/src/lib/libssl/src/ms/do_nt.bat b/src/lib/libssl/src/ms/do_nt.bat
index 9c06c27caa..e2d525e05d 100644
--- a/src/lib/libssl/src/ms/do_nt.bat
+++ b/src/lib/libssl/src/ms/do_nt.bat
@@ -1,7 +1,7 @@
-perl util\mkfiles.pl >MINFO
+perl util\mkfiles.pl >MINFO
-perl util\mk1mf.pl no-asm VC-NT >ms\nt.mak
+perl util\mk1mf.pl no-asm VC-NT >ms\nt.mak
-perl util\mk1mf.pl dll no-asm VC-NT >ms\ntdll.mak
+perl util\mk1mf.pl dll no-asm VC-NT >ms\ntdll.mak
-perl util\mkdef.pl libeay NT > ms\libeay32.def
+perl util\mkdef.pl libeay NT > ms\libeay32.def
-perl util\mkdef.pl ssleay NT > ms\ssleay32.def
+perl util\mkdef.pl ssleay NT > ms\ssleay32.def
diff --git a/src/lib/libssl/src/ms/do_win64a.bat b/src/lib/libssl/src/ms/do_win64a.bat
index 825c690221..495f1ea7d8 100755
--- a/src/lib/libssl/src/ms/do_win64a.bat
+++ b/src/lib/libssl/src/ms/do_win64a.bat
@@ -1,9 +1,9 @@
-perl util\mkfiles.pl >MINFO
+perl util\mkfiles.pl >MINFO
-perl ms\uplink.pl win64a > ms\uptable.asm
+perl ms\uplink.pl win64a > ms\uptable.asm
-ml64 -c -Foms\uptable.obj ms\uptable.asm
+ml64 -c -Foms\uptable.obj ms\uptable.asm
-perl util\mk1mf.pl no-asm VC-WIN64A >ms\nt.mak
+perl util\mk1mf.pl no-asm VC-WIN64A >ms\nt.mak
-perl util\mk1mf.pl dll no-asm VC-WIN64A >ms\ntdll.mak
+perl util\mk1mf.pl dll no-asm VC-WIN64A >ms\ntdll.mak
-perl util\mkdef.pl 32 libeay > ms\libeay32.def
+perl util\mkdef.pl 32 libeay > ms\libeay32.def
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
+perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
diff --git a/src/lib/libssl/src/ms/do_win64i.bat b/src/lib/libssl/src/ms/do_win64i.bat
index 7bfc2f1818..15ebcaaeb6 100755
--- a/src/lib/libssl/src/ms/do_win64i.bat
+++ b/src/lib/libssl/src/ms/do_win64i.bat
@@ -1,9 +1,9 @@
-perl util\mkfiles.pl >MINFO
+perl util\mkfiles.pl >MINFO
-perl ms\uplink.pl win64i > ms\uptable.asm
+perl ms\uplink.pl win64i > ms\uptable.asm
-ias -o ms\uptable.obj ms\uptable.asm
+ias -o ms\uptable.obj ms\uptable.asm
-perl util\mk1mf.pl no-asm VC-WIN64I >ms\nt.mak
+perl util\mk1mf.pl no-asm VC-WIN64I >ms\nt.mak
-perl util\mk1mf.pl dll no-asm VC-WIN64I >ms\ntdll.mak
+perl util\mk1mf.pl dll no-asm VC-WIN64I >ms\ntdll.mak
-perl util\mkdef.pl 32 libeay > ms\libeay32.def
+perl util\mkdef.pl 32 libeay > ms\libeay32.def
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
+perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
diff --git a/src/lib/libssl/src/ms/mingw32.bat b/src/lib/libssl/src/ms/mingw32.bat
index f9377a8695..06b5733878 100644
--- a/src/lib/libssl/src/ms/mingw32.bat
+++ b/src/lib/libssl/src/ms/mingw32.bat
@@ -60,10 +60,6 @@ echo RC5\32
 cd crypto\rc5\asm
 perl rc5-586.pl gaswin > r5-win32.s
 cd ..\..\..
-echo CPUID
-cd crypto
-perl x86cpuid.pl gaswin > cpu-win32.s
-cd ..
 :noasm
@@ -83,7 +79,7 @@ mingw32-make -f ms/mingw32a.mak
 if errorlevel 1 goto end
 echo Generating the DLLs and input libraries
-dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lwsock32 -lgdi32
+dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lws2_32 -lgdi32
 if errorlevel 1 goto end
 dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a
 if errorlevel 1 goto end
diff --git a/src/lib/libssl/src/ms/mw.bat b/src/lib/libssl/src/ms/mw.bat
index c5ccd693e3..35e00a4508 100644
--- a/src/lib/libssl/src/ms/mw.bat
+++ b/src/lib/libssl/src/ms/mw.bat
@@ -1,26 +1,26 @@
-@rem OpenSSL with Mingw32
+@rem OpenSSL with Mingw32
-@rem --------------------
+@rem --------------------
-@rem Makefile
+@rem Makefile
-perl util\mkfiles.pl >MINFO
+perl util\mkfiles.pl >MINFO
-perl util\mk1mf.pl Mingw32 >ms\mingw32.mak
+perl util\mk1mf.pl Mingw32 >ms\mingw32.mak
-@rem DLL definition files
+@rem DLL definition files
-perl util\mkdef.pl 32 libeay >ms\libeay32.def
+perl util\mkdef.pl 32 libeay >ms\libeay32.def
-if errorlevel 1 goto end
+if errorlevel 1 goto end
-perl util\mkdef.pl 32 ssleay >ms\ssleay32.def
+perl util\mkdef.pl 32 ssleay >ms\ssleay32.def
-if errorlevel 1 goto end
+if errorlevel 1 goto end
-@rem Build the libraries
+@rem Build the libraries
-make -f ms/mingw32.mak
+make -f ms/mingw32.mak
-if errorlevel 1 goto end
+if errorlevel 1 goto end
-@rem Generate the DLLs and input libraries
+@rem Generate the DLLs and input libraries
-dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lwsock32 -lgdi32
+dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lws2_32 -lgdi32
-if errorlevel 1 goto end
+if errorlevel 1 goto end
-dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a
+dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a
-if errorlevel 1 goto end
+if errorlevel 1 goto end
-echo Done compiling OpenSSL
+echo Done compiling OpenSSL
-:end
+:end
diff --git a/src/lib/libssl/src/ms/tenc.bat b/src/lib/libssl/src/ms/tenc.bat
index 466fdfccbf..a4fa7f3652 100644
--- a/src/lib/libssl/src/ms/tenc.bat
+++ b/src/lib/libssl/src/ms/tenc.bat
@@ -1,14 +1,14 @@
-rem called by testenc
+rem called by testenc
-echo test %1 %2 %3 %4 %5 %6 
+echo test %1 %2 %3 %4 %5 %6 
-%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in %input% -out %tmp1%
+%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in %input% -out %tmp1%
-%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in %tmp1% -out %out1%
+%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in %tmp1% -out %out1%
-%cmp% %input% %out1%
+%cmp% %input% %out1%
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-echo test base64 %1 %2 %3 %4 %5 %6 
+echo test base64 %1 %2 %3 %4 %5 %6 
-%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in %input% -out %tmp1%
+%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in %input% -out %tmp1%
-%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in %tmp1% -out %out1%
+%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in %tmp1% -out %out1%
-%cmp% %input% %out1%
+%cmp% %input% %out1%
-:err
+:err
diff --git a/src/lib/libssl/src/ms/tencce.bat b/src/lib/libssl/src/ms/tencce.bat
index 6a944d7671..c8b1acd4b4 100644
--- a/src/lib/libssl/src/ms/tencce.bat
+++ b/src/lib/libssl/src/ms/tencce.bat
@@ -1,19 +1,19 @@
-rem called by testencce
+rem called by testencce
-echo test %1 %2 %3 %4 %5 %6 
+echo test %1 %2 %3 %4 %5 %6 
-cecopy %input% CE:\OpenSSL
+cecopy %input% CE:\OpenSSL
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%
+cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%
+cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%
-del %out1% >nul 2>&1
+del %out1% >nul 2>&1
-cecopy CE:\OpenSSL\%out1% .
+cecopy CE:\OpenSSL\%out1% .
-%cmp% %input% %out1%
+%cmp% %input% %out1%
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-echo test base64 %1 %2 %3 %4 %5 %6 
+echo test base64 %1 %2 %3 %4 %5 %6 
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%
+cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%
+cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%
-del %out1% >nul 2>&1
+del %out1% >nul 2>&1
-cecopy CE:\OpenSSL\%out1% .
+cecopy CE:\OpenSSL\%out1% .
-%cmp% %input% %out1%
+%cmp% %input% %out1%
-:err
+:err
diff --git a/src/lib/libssl/src/ms/test.bat b/src/lib/libssl/src/ms/test.bat
index f729261782..f490546ebb 100644
--- a/src/lib/libssl/src/ms/test.bat
+++ b/src/lib/libssl/src/ms/test.bat
@@ -35,10 +35,6 @@ echo md5test
 md5test
 if errorlevel 1 goto done
-echo md2test
-md2test
-if errorlevel 1 goto done
 echo rc2test
 rc2test
 if errorlevel 1 goto done
@@ -181,7 +177,6 @@ echo test sslv2/sslv3 with both client and server authentication via BIO pair
 %SSL_TEST% -bio_pair -server_auth -client_auth
 if errorlevel 1 goto done
 echo passed all tests
 goto end
 :done
diff --git a/src/lib/libssl/src/ms/testenc.bat b/src/lib/libssl/src/ms/testenc.bat
index 4b99bd5895..f8e90939ed 100644
--- a/src/lib/libssl/src/ms/testenc.bat
+++ b/src/lib/libssl/src/ms/testenc.bat
@@ -1,94 +1,94 @@
-@echo off
+@echo off
-echo start testenc
+echo start testenc
-path=..\ms;%path%
+path=..\ms;%path%
-set ssleay=%1%
+set ssleay=%1%
-set input=..\ms\testenc.bat
+set input=..\ms\testenc.bat
-set tmp1=..\ms\cipher.out
+set tmp1=..\ms\cipher.out
-set out1=..\ms\clear.out
+set out1=..\ms\clear.out
-set cmp=perl ..\ms\cmp.pl
+set cmp=perl ..\ms\cmp.pl
-cd
+cd
-call tenc.bat enc
+call tenc.bat enc
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat rc4
+call tenc.bat rc4
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat des-cfb
+call tenc.bat des-cfb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat des-ede-cfb
+call tenc.bat des-ede-cfb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat des-ede3-cfb
+call tenc.bat des-ede3-cfb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat des-ofb
+call tenc.bat des-ofb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat des-ede-ofb
+call tenc.bat des-ede-ofb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat des-ede3-ofb
+call tenc.bat des-ede3-ofb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat des-ecb
+call tenc.bat des-ecb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat des-ede
+call tenc.bat des-ede
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat des-ede3
+call tenc.bat des-ede3
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat des-cbc
+call tenc.bat des-cbc
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat des-ede-cbc
+call tenc.bat des-ede-cbc
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat des-ede3-cbc
+call tenc.bat des-ede3-cbc
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat idea-ecb
+call tenc.bat idea-ecb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat idea-cfb
+call tenc.bat idea-cfb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat idea-ofb
+call tenc.bat idea-ofb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat idea-cbc
+call tenc.bat idea-cbc
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat rc2-ecb
+call tenc.bat rc2-ecb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat rc2-cfb
+call tenc.bat rc2-cfb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat rc2-ofb
+call tenc.bat rc2-ofb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat rc2-cbc
+call tenc.bat rc2-cbc
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat bf-ecb
+call tenc.bat bf-ecb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat bf-cfb
+call tenc.bat bf-cfb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat bf-ofb
+call tenc.bat bf-ofb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tenc.bat bf-cbc
+call tenc.bat bf-cbc
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-echo OK
+echo OK
-del %out1%
+del %out1%
-del %tmp1%
+del %tmp1%
-:err
+:err
diff --git a/src/lib/libssl/src/ms/testencce.bat b/src/lib/libssl/src/ms/testencce.bat
index 04faa5d99b..1da3e0861f 100644
--- a/src/lib/libssl/src/ms/testencce.bat
+++ b/src/lib/libssl/src/ms/testencce.bat
@@ -1,97 +1,97 @@
-@echo off
+@echo off
-echo start testenc
+echo start testenc
-path=..\ms;%path%
+path=..\ms;%path%
-set ssleay=%1%
+set ssleay=%1%
-copy ..\ms\testenc.bat >nul
+copy ..\ms\testenc.bat >nul
-set input=testenc.bat
+set input=testenc.bat
-set tmp1=cipher.out
+set tmp1=cipher.out
-set out1=clear.out
+set out1=clear.out
-set cmp=perl ..\ms\cmp.pl
+set cmp=perl ..\ms\cmp.pl
-cecopy %ssleay% CE:\OpenSSL
+cecopy %ssleay% CE:\OpenSSL
-cd
+cd
-call tencce.bat enc
+call tencce.bat enc
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat rc4
+call tencce.bat rc4
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat des-cfb
+call tencce.bat des-cfb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat des-ede-cfb
+call tencce.bat des-ede-cfb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat des-ede3-cfb
+call tencce.bat des-ede3-cfb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat des-ofb
+call tencce.bat des-ofb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat des-ede-ofb
+call tencce.bat des-ede-ofb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat des-ede3-ofb
+call tencce.bat des-ede3-ofb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat des-ecb
+call tencce.bat des-ecb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat des-ede
+call tencce.bat des-ede
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat des-ede3
+call tencce.bat des-ede3
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat des-cbc
+call tencce.bat des-cbc
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat des-ede-cbc
+call tencce.bat des-ede-cbc
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat des-ede3-cbc
+call tencce.bat des-ede3-cbc
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat idea-ecb
+call tencce.bat idea-ecb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat idea-cfb
+call tencce.bat idea-cfb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat idea-ofb
+call tencce.bat idea-ofb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat idea-cbc
+call tencce.bat idea-cbc
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat rc2-ecb
+call tencce.bat rc2-ecb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat rc2-cfb
+call tencce.bat rc2-cfb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat rc2-ofb
+call tencce.bat rc2-ofb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat rc2-cbc
+call tencce.bat rc2-cbc
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat bf-ecb
+call tencce.bat bf-ecb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat bf-cfb
+call tencce.bat bf-cfb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat bf-ofb
+call tencce.bat bf-ofb
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tencce.bat bf-cbc
+call tencce.bat bf-cbc
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-echo OK
+echo OK
-del %out1% >nul 2>&1
+del %out1% >nul 2>&1
-del %tmp1% >nul 2>&1
+del %tmp1% >nul 2>&1
-:err
+:err
diff --git a/src/lib/libssl/src/ms/testpem.bat b/src/lib/libssl/src/ms/testpem.bat
index 005f13b67e..8b2e844d36 100644
--- a/src/lib/libssl/src/ms/testpem.bat
+++ b/src/lib/libssl/src/ms/testpem.bat
@@ -1,32 +1,32 @@
-@echo off
+@echo off
-set ssleay=%1%
+set ssleay=%1%
-set tmp1=pem.out
+set tmp1=pem.out
-set cmp=fc.exe
+set cmp=fc.exe
-call tpem.bat crl ..\test\testcrl.pem
+call tpem.bat crl ..\test\testcrl.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tpem.bat pkcs7 ..\test\testp7.pem
+call tpem.bat pkcs7 ..\test\testp7.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tpem.bat req ..\test\testreq2.pem
+call tpem.bat req ..\test\testreq2.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tpem.bat rsa ..\test\testrsa.pem
+call tpem.bat rsa ..\test\testrsa.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tpem.bat x509 ..\test\testx509.pem
+call tpem.bat x509 ..\test\testx509.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tpem.bat x509 ..\test\v3-cert1.pem
+call tpem.bat x509 ..\test\v3-cert1.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tpem.bat x509 ..\test\v3-cert1.pem
+call tpem.bat x509 ..\test\v3-cert1.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-call tpem.bat sess_id ..\test\testsid.pem
+call tpem.bat sess_id ..\test\testsid.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-echo OK
+echo OK
-del %tmp1%
+del %tmp1%
-:err
+:err
diff --git a/src/lib/libssl/src/ms/testpemce.bat b/src/lib/libssl/src/ms/testpemce.bat
index c793c3e514..ac64a7912c 100644
--- a/src/lib/libssl/src/ms/testpemce.bat
+++ b/src/lib/libssl/src/ms/testpemce.bat
@@ -1,42 +1,42 @@
-@echo off
+@echo off
-set ssleay=%1%
+set ssleay=%1%
-set tmp1=pem.out
+set tmp1=pem.out
-set cmp=fc.exe
+set cmp=fc.exe
-cecopy %ssleay% CE:\OpenSSL
+cecopy %ssleay% CE:\OpenSSL
-copy ..\test\testcrl.pem >nul
+copy ..\test\testcrl.pem >nul
-call tpemce.bat crl testcrl.pem
+call tpemce.bat crl testcrl.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-copy ..\test\testp7.pem >nul
+copy ..\test\testp7.pem >nul
-call tpemce.bat pkcs7 testp7.pem
+call tpemce.bat pkcs7 testp7.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-copy ..\test\testreq2.pem >nul
+copy ..\test\testreq2.pem >nul
-call tpemce.bat req testreq2.pem
+call tpemce.bat req testreq2.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-copy ..\test\testrsa.pem >nul
+copy ..\test\testrsa.pem >nul
-call tpemce.bat rsa testrsa.pem
+call tpemce.bat rsa testrsa.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-copy ..\test\testx509.pem >nul
+copy ..\test\testx509.pem >nul
-call tpemce.bat x509 testx509.pem
+call tpemce.bat x509 testx509.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-copy ..\test\v3-cert1.pem >nul
+copy ..\test\v3-cert1.pem >nul
-call tpemce.bat x509 v3-cert1.pem
+call tpemce.bat x509 v3-cert1.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-copy ..\test\v3-cert1.pem >nul
+copy ..\test\v3-cert1.pem >nul
-call tpemce.bat x509 v3-cert1.pem
+call tpemce.bat x509 v3-cert1.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-copy ..\test\testsid.pem >nul
+copy ..\test\testsid.pem >nul
-call tpemce.bat sess_id testsid.pem
+call tpemce.bat sess_id testsid.pem
-if errorlevel 1 goto err
+if errorlevel 1 goto err
-echo OK
+echo OK
-del %tmp1% >nul 2>&1
+del %tmp1% >nul 2>&1
-:err
+:err
diff --git a/src/lib/libssl/src/ms/testss.bat b/src/lib/libssl/src/ms/testss.bat
index b4aaf3c601..5afa131dba 100644
--- a/src/lib/libssl/src/ms/testss.bat
+++ b/src/lib/libssl/src/ms/testss.bat
@@ -1,98 +1,98 @@
-@echo off
+@echo off
-rem set ssleay=..\out\ssleay
+rem set ssleay=..\out\ssleay
-set ssleay=%1
+set ssleay=%1
-set reqcmd=%ssleay% req
+set reqcmd=%ssleay% req
-set x509cmd=%ssleay% x509 -sha1
+set x509cmd=%ssleay% x509 -sha1
-set verifycmd=%ssleay% verify
+set verifycmd=%ssleay% verify
-set CAkey=keyCA.ss
+set CAkey=keyCA.ss
-set CAcert=certCA.ss
+set CAcert=certCA.ss
-set CAserial=certCA.srl
+set CAserial=certCA.srl
-set CAreq=reqCA.ss
+set CAreq=reqCA.ss
-set CAconf=..\test\CAss.cnf
+set CAconf=..\test\CAss.cnf
-set CAreq2=req2CA.ss    
+set CAreq2=req2CA.ss    
-set Uconf=..\test\Uss.cnf
+set Uconf=..\test\Uss.cnf
-set Ukey=keyU.ss
+set Ukey=keyU.ss
-set Ureq=reqU.ss
+set Ureq=reqU.ss
-set Ucert=certU.ss
+set Ucert=certU.ss
-echo make a certificate request using 'req'
+echo make a certificate request using 'req'
-%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
+%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
-if errorlevel 1 goto e_req
+if errorlevel 1 goto e_req
-echo convert the certificate request into a self signed certificate using 'x509'
+echo convert the certificate request into a self signed certificate using 'x509'
-%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% >err.ss
+%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% >err.ss
-if errorlevel 1 goto e_x509
+if errorlevel 1 goto e_x509
-echo --
+echo --
-echo convert a certificate into a certificate request using 'x509'
+echo convert a certificate into a certificate request using 'x509'
-%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% >err.ss
+%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% >err.ss
-if errorlevel 1 goto e_x509_2
+if errorlevel 1 goto e_x509_2
-%reqcmd% -verify -in %CAreq% -noout
+%reqcmd% -verify -in %CAreq% -noout
-if errorlevel 1 goto e_vrfy_1
+if errorlevel 1 goto e_vrfy_1
-%reqcmd% -verify -in %CAreq2% -noout
+%reqcmd% -verify -in %CAreq2% -noout
-if errorlevel 1 goto e_vrfy_2
+if errorlevel 1 goto e_vrfy_2
-%verifycmd% -CAfile %CAcert% %CAcert%
+%verifycmd% -CAfile %CAcert% %CAcert%
-if errorlevel 1 goto e_vrfy_3
+if errorlevel 1 goto e_vrfy_3
-echo --
+echo --
-echo make another certificate request using 'req'
+echo make another certificate request using 'req'
-%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new >err.ss
+%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new >err.ss
-if errorlevel 1 goto e_req_gen
+if errorlevel 1 goto e_req_gen
-echo --
+echo --
-echo sign certificate request with the just created CA via 'x509'
+echo sign certificate request with the just created CA via 'x509'
-%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
+%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
-if errorlevel 1 goto e_x_sign
+if errorlevel 1 goto e_x_sign
-%verifycmd% -CAfile %CAcert% %Ucert%
+%verifycmd% -CAfile %CAcert% %Ucert%
-echo --
+echo --
-echo Certificate details
+echo Certificate details
-%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
+%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
-echo Everything appeared to work
+echo Everything appeared to work
-echo --
+echo --
-echo The generated CA certificate is %CAcert%
+echo The generated CA certificate is %CAcert%
-echo The generated CA private key is %CAkey%
+echo The generated CA private key is %CAkey%
-echo The current CA signing serial number is in %CAserial%
+echo The current CA signing serial number is in %CAserial%
-echo The generated user certificate is %Ucert%
+echo The generated user certificate is %Ucert%
-echo The generated user private key is %Ukey%
+echo The generated user private key is %Ukey%
-echo --
+echo --
-del err.ss
+del err.ss
-goto end
+goto end
-:e_req
+:e_req
-echo error using 'req' to generate a certificate request
+echo error using 'req' to generate a certificate request
-goto end
+goto end
-:e_x509
+:e_x509
-echo error using 'x509' to self sign a certificate request
+echo error using 'x509' to self sign a certificate request
-goto end
+goto end
-:e_x509_2
+:e_x509_2
-echo error using 'x509' convert a certificate to a certificate request
+echo error using 'x509' convert a certificate to a certificate request
-goto end
+goto end
-:e_vrfy_1
+:e_vrfy_1
-echo first generated request is invalid
+echo first generated request is invalid
-goto end
+goto end
-:e_vrfy_2
+:e_vrfy_2
-echo second generated request is invalid
+echo second generated request is invalid
-goto end
+goto end
-:e_vrfy_3
+:e_vrfy_3
-echo first generated cert is invalid
+echo first generated cert is invalid
-goto end
+goto end
-:e_req_gen
+:e_req_gen
-echo error using 'req' to generate a certificate request
+echo error using 'req' to generate a certificate request
-goto end
+goto end
-:e_x_sign
+:e_x_sign
-echo error using 'x509' to sign a certificate request
+echo error using 'x509' to sign a certificate request
-goto end
+goto end
-:end
+:end
diff --git a/src/lib/libssl/src/ms/testssce.bat b/src/lib/libssl/src/ms/testssce.bat
index dbb25abdb0..18381ed2fa 100644
--- a/src/lib/libssl/src/ms/testssce.bat
+++ b/src/lib/libssl/src/ms/testssce.bat
@@ -1,104 +1,104 @@
-rem set ssleay=..\out\ssleay
+rem set ssleay=..\out\ssleay
-set ssleay=%1
+set ssleay=%1
-set reqcmd=%ssleay% req
+set reqcmd=%ssleay% req
-set x509cmd=%ssleay% x509
+set x509cmd=%ssleay% x509
-set verifycmd=%ssleay% verify
+set verifycmd=%ssleay% verify
-set CAkey=\OpenSSL\keyCA.ss
+set CAkey=\OpenSSL\keyCA.ss
-set CAcert=\OpenSSL\certCA.ss
+set CAcert=\OpenSSL\certCA.ss
-set CAserial=\OpenSSL\certCA.srl
+set CAserial=\OpenSSL\certCA.srl
-set CAreq=\OpenSSL\reqCA.ss
+set CAreq=\OpenSSL\reqCA.ss
-cecopy ..\test\CAss.cnf CE:\OpenSSL
+cecopy ..\test\CAss.cnf CE:\OpenSSL
-set CAconf=\OpenSSL\CAss.cnf
+set CAconf=\OpenSSL\CAss.cnf
-set CAreq2=\OpenSSL\req2CA.ss   
+set CAreq2=\OpenSSL\req2CA.ss   
-cecopy ..\test\Uss.cnf CE:\OpenSSL
+cecopy ..\test\Uss.cnf CE:\OpenSSL
-set Uconf=\OpenSSL\Uss.cnf
+set Uconf=\OpenSSL\Uss.cnf
-set Ukey=\OpenSSL\keyU.ss
+set Ukey=\OpenSSL\keyU.ss
-set Ureq=\OpenSSL\reqU.ss
+set Ureq=\OpenSSL\reqU.ss
-set Ucert=\OpenSSL\certU.ss
+set Ucert=\OpenSSL\certU.ss
-echo make a certificate request using 'req'
+echo make a certificate request using 'req'
-cerun CE:\OpenSSL\%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
+cerun CE:\OpenSSL\%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
-if errorlevel 1 goto e_req
+if errorlevel 1 goto e_req
-echo convert the certificate request into a self signed certificate using 'x509'
+echo convert the certificate request into a self signed certificate using 'x509'
-cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% "> \OpenSSL\err.ss"
+cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% "> \OpenSSL\err.ss"
-if errorlevel 1 goto e_x509
+if errorlevel 1 goto e_x509
-echo --
+echo --
-echo convert a certificate into a certificate request using 'x509'
+echo convert a certificate into a certificate request using 'x509'
-cerun CE:\OpenSSL\%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% "> \OpenSSL\err.ss"
+cerun CE:\OpenSSL\%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% "> \OpenSSL\err.ss"
-if errorlevel 1 goto e_x509_2
+if errorlevel 1 goto e_x509_2
-cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq% -noout
+cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq% -noout
-if errorlevel 1 goto e_vrfy_1
+if errorlevel 1 goto e_vrfy_1
-cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq2% -noout
+cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq2% -noout
-if errorlevel 1 goto e_vrfy_2
+if errorlevel 1 goto e_vrfy_2
-cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %CAcert%
+cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %CAcert%
-if errorlevel 1 goto e_vrfy_3
+if errorlevel 1 goto e_vrfy_3
-echo --
+echo --
-echo make another certificate request using 'req'
+echo make another certificate request using 'req'
-cerun CE:\OpenSSL\%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new "> \OpenSSL\err.ss"
+cerun CE:\OpenSSL\%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new "> \OpenSSL\err.ss"
-if errorlevel 1 goto e_req_gen
+if errorlevel 1 goto e_req_gen
-echo --
+echo --
-echo sign certificate request with the just created CA via 'x509'
+echo sign certificate request with the just created CA via 'x509'
-cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
+cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
-if errorlevel 1 goto e_x_sign
+if errorlevel 1 goto e_x_sign
-cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %Ucert%
+cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %Ucert%
-echo --
+echo --
-echo Certificate details
+echo Certificate details
-cerun CE:\OpenSSL\%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
+cerun CE:\OpenSSL\%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
-cecopy CE:%CAcert% .
+cecopy CE:%CAcert% .
-cecopy CE:%CAkey% .
+cecopy CE:%CAkey% .
-cecopy CE:%CAserial% .
+cecopy CE:%CAserial% .
-cecopy CE:%Ucert% .
+cecopy CE:%Ucert% .
-cecopy CE:%Ukey% .
+cecopy CE:%Ukey% .
-echo Everything appeared to work
+echo Everything appeared to work
-echo --
+echo --
-echo The generated CA certificate is %CAcert%
+echo The generated CA certificate is %CAcert%
-echo The generated CA private key is %CAkey%
+echo The generated CA private key is %CAkey%
-echo The current CA signing serial number is in %CAserial%
+echo The current CA signing serial number is in %CAserial%
-echo The generated user certificate is %Ucert%
+echo The generated user certificate is %Ucert%
-echo The generated user private key is %Ukey%
+echo The generated user private key is %Ukey%
-echo --
+echo --
-cedel CE:\OpenSSL\err.ss
+cedel CE:\OpenSSL\err.ss
-goto end
+goto end
-:e_req
+:e_req
-echo error using 'req' to generate a certificate request
+echo error using 'req' to generate a certificate request
-goto end
+goto end
-:e_x509
+:e_x509
-echo error using 'x509' to self sign a certificate request
+echo error using 'x509' to self sign a certificate request
-goto end
+goto end
-:e_x509_2
+:e_x509_2
-echo error using 'x509' convert a certificate to a certificate request
+echo error using 'x509' convert a certificate to a certificate request
-goto end
+goto end
-:e_vrfy_1
+:e_vrfy_1
-echo first generated request is invalid
+echo first generated request is invalid
-goto end
+goto end
-:e_vrfy_2
+:e_vrfy_2
-echo second generated request is invalid
+echo second generated request is invalid
-goto end
+goto end
-:e_vrfy_3
+:e_vrfy_3
-echo first generated cert is invalid
+echo first generated cert is invalid
-goto end
+goto end
-:e_req_gen
+:e_req_gen
-echo error using 'req' to generate a certificate request
+echo error using 'req' to generate a certificate request
-goto end
+goto end
-:e_x_sign
+:e_x_sign
-echo error using 'x509' to sign a certificate request
+echo error using 'x509' to sign a certificate request
-goto end
+goto end
-:end
+:end
diff --git a/src/lib/libssl/src/ms/tpem.bat b/src/lib/libssl/src/ms/tpem.bat
index 7fc7a83279..cd01792e9f 100644
--- a/src/lib/libssl/src/ms/tpem.bat
+++ b/src/lib/libssl/src/ms/tpem.bat
@@ -1,6 +1,6 @@
-rem called by testpem
+rem called by testpem
-echo test %1 %2
+echo test %1 %2
-%ssleay% %1 -in %2 -out %tmp1%
+%ssleay% %1 -in %2 -out %tmp1%
-%cmp% %2 %tmp1%
+%cmp% %2 %tmp1%
diff --git a/src/lib/libssl/src/ms/tpemce.bat b/src/lib/libssl/src/ms/tpemce.bat
index 17b2acd390..483f559cfa 100644
--- a/src/lib/libssl/src/ms/tpemce.bat
+++ b/src/lib/libssl/src/ms/tpemce.bat
@@ -1,8 +1,8 @@
-rem called by testpemce
+rem called by testpemce
-echo test %1 %2
+echo test %1 %2
-cecopy %2 CE:\OpenSSL
+cecopy %2 CE:\OpenSSL
-cerun CE:\OpenSSL\%ssleay% %1 -in \OpenSSL\%2 -out \OpenSSL\%tmp1%
+cerun CE:\OpenSSL\%ssleay% %1 -in \OpenSSL\%2 -out \OpenSSL\%tmp1%
-del %tmp1% >nul 2>&1
+del %tmp1% >nul 2>&1
-cecopy CE:\OpenSSL\%tmp1% .
+cecopy CE:\OpenSSL\%tmp1% .
-%cmp% %2 %tmp1%
+%cmp% %2 %tmp1%
diff --git a/src/lib/libssl/src/ms/uplink-common.pl b/src/lib/libssl/src/ms/uplink-common.pl
new file mode 100755
index 0000000000..1d20e6e03e
--- /dev/null
+++ b/src/lib/libssl/src/ms/uplink-common.pl
@@ -0,0 +1,22 @@
+#!/usr/bin/env perl
+#
+# pull APPLINK_MAX value from applink.c...
+$applink_c=$0;
+$applink_c=~s|[^/\\]+$||g;
+$applink_c.="applink.c";
+open(INPUT,$applink_c) || die "can't open $applink_c: $!";
+@max=grep {/APPLINK_MAX\s+(\d+)/} <INPUT>;
+close(INPUT);
+($#max==0) or die "can't find APPLINK_MAX in $applink_c";
+$max[0]=~/APPLINK_MAX\s+(\d+)/;
+$N=$1;  # number of entries in OPENSSL_UplinkTable not including
+        # OPENSSL_UplinkTable[0], which contains this value...
+1;
+# Idea is to fill the OPENSSL_UplinkTable with pointers to stubs
+# which invoke 'void OPENSSL_Uplink (ULONG_PTR *table,int index)';
+# and then dereference themselves. Latter shall result in endless
+# loop *unless* OPENSSL_Uplink does not replace 'table[index]' with
+# something else, e.g. as 'table[index]=unimplemented;'...
diff --git a/src/lib/libssl/src/ms/uplink-ia64.pl b/src/lib/libssl/src/ms/uplink-ia64.pl
new file mode 100755
index 0000000000..4204c73d58
--- /dev/null
+++ b/src/lib/libssl/src/ms/uplink-ia64.pl
@@ -0,0 +1,50 @@
+#!/usr/bin/env perl
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}.");
+require "uplink-common.pl";
+local $V=8;     # max number of args uplink functions may accept...
+my $loc0 = "r".(32+$V);
+print <<___;
+.text
+.global OPENSSL_Uplink#
+.type   OPENSSL_Uplink#,\@function
+___
+for ($i=1;$i<=$N;$i++) {
+print <<___;
+.proc   lazy$i#
+lazy$i:
+        .prologue
+{ .mii; .save   ar.pfs,$loc0
+        alloc   loc0=ar.pfs,$V,3,2,0
+        .save   b0,loc1
+        mov     loc1=b0
+        addl    loc2=\@ltoff(OPENSSL_UplinkTable#),gp   };;
+        .body
+{ .mmi; ld8     out0=[loc2]
+        mov     out1=$i                                 };;
+{ .mib; add     loc2=8*$i,out0
+        br.call.sptk.many       b0=OPENSSL_Uplink#      };;
+{ .mmi; ld8     r31=[loc2];;
+        ld8     r30=[r31],8                             };;
+{ .mii; ld8     gp=[r31]
+        mov     b6=r30
+        mov     b0=loc1                                 };;
+{ .mib; mov     ar.pfs=loc0
+        br.many b6                                      };;
+.endp   lazy$i#
+___
+}
+print <<___;
+.data
+.global OPENSSL_UplinkTable#
+OPENSSL_UplinkTable:    data8   $N      // amount of following entries
+___
+for ($i=1;$i<=$N;$i++) {   print "      data8   \@fptr(lazy$i#)\n";   }
+print <<___;
+.size   OPENSSL_UplinkTable,.-OPENSSL_UplinkTable#
+___
diff --git a/src/lib/libssl/src/ms/uplink-x86.pl b/src/lib/libssl/src/ms/uplink-x86.pl
new file mode 100755
index 0000000000..0dffc14fcd
--- /dev/null
+++ b/src/lib/libssl/src/ms/uplink-x86.pl
@@ -0,0 +1,33 @@
+#!/usr/bin/env perl
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC, "${dir}.", "${dir}../crypto/perlasm");
+require "x86asm.pl";
+require "uplink-common.pl";
+&asm_init($ARGV[0],"uplink-x86");
+&external_label("OPENSSL_Uplink");
+&public_label("OPENSSL_UplinkTable");
+for ($i=1;$i<=$N;$i++) {
+&function_begin_B("_\$lazy${i}");
+        &lea    ("eax",&DWP(&label("OPENSSL_UplinkTable")));
+        &push   ("eax");
+        &push   ($i);
+        &call   (&label("OPENSSL_Uplink"));
+        &add    ("esp",8);
+        &pop    ("eax");
+        &jmp_ptr(&DWP(4*$i,"eax"));
+&function_end_B("_\$lazy${i}");
+}
+&dataseg();
+&align(4);
+&set_label("OPENSSL_UplinkTable");
+&data_word($N);
+for ($i=1;$i<=$N;$i++) {
+&data_word(&label("_\$lazy${i}"));
+}
+&asm_finish();
diff --git a/src/lib/libssl/src/ms/uplink-x86_64.pl b/src/lib/libssl/src/ms/uplink-x86_64.pl
new file mode 100755
index 0000000000..9acbf6be6f
--- /dev/null
+++ b/src/lib/libssl/src/ms/uplink-x86_64.pl
@@ -0,0 +1,64 @@
+#!/usr/bin/env perl
+$output=shift;
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+open STDOUT,"| $^X ${dir}../crypto/perlasm/x86_64-xlate.pl $output";
+push(@INC,"${dir}.");
+require "uplink-common.pl";
+$prefix="_lazy";
+print <<___;
+.text
+.extern OPENSSL_Uplink
+.globl  OPENSSL_UplinkTable
+___
+for ($i=1;$i<=$N;$i++) {
+print <<___;
+.type   $prefix${i},\@abi-omnipotent
+.align  16
+$prefix${i}:
+        .byte   0x48,0x83,0xEC,0x28     # sub rsp,40
+        mov     %rcx,48(%rsp)
+        mov     %rdx,56(%rsp)
+        mov     %r8,64(%rsp)
+        mov     %r9,72(%rsp)
+        lea     OPENSSL_UplinkTable(%rip),%rcx
+        mov     \$$i,%rdx
+        call    OPENSSL_Uplink
+        mov     48(%rsp),%rcx
+        mov     56(%rsp),%rdx
+        mov     64(%rsp),%r8
+        mov     72(%rsp),%r9
+        lea     OPENSSL_UplinkTable(%rip),%rax
+        add     \$40,%rsp
+        jmp     *8*$i(%rax)
+$prefix${i}_end:
+.size   $prefix${i},.-$prefix${i}
+___
+}
+print <<___;
+.data
+OPENSSL_UplinkTable:
+        .quad   $N
+___
+for ($i=1;$i<=$N;$i++) {   print "      .quad   $prefix$i\n";   }
+print <<___;
+.section        .pdata,"r"
+.align          4
+___
+for ($i=1;$i<=$N;$i++) {
+print <<___;
+        .rva    $prefix${i},$prefix${i}_end,${prefix}_unwind_info
+___
+}
+print <<___;
+.section        .xdata,"r"
+.align          8
+${prefix}_unwind_info:
+        .byte   0x01,0x04,0x01,0x00
+        .byte   0x04,0x42,0x00,0x00
+___
+close STDOUT;
diff --git a/src/lib/libssl/src/ms/x86asm.bat b/src/lib/libssl/src/ms/x86asm.bat
index ba26637812..03563c6b04 100644
--- a/src/lib/libssl/src/ms/x86asm.bat
+++ b/src/lib/libssl/src/ms/x86asm.bat
@@ -1,63 +1,57 @@
 @echo off
+echo Generating x86 assember
 echo Bignum
 cd crypto\bn\asm
-perl x86.pl %1 > bn%2
+perl x86.pl win32n > bn-win32.asm
-perl bn-586.pl %1 > bn%2
-perl co-586.pl %1 > co%2
 cd ..\..\..
 echo DES
 cd crypto\des\asm
-perl des-586.pl %1 > d%2
+perl des-586.pl win32n > d-win32.asm
 cd ..\..\..
 echo "crypt(3)"
 cd crypto\des\asm
-perl crypt586.pl %1 > y%2
+perl crypt586.pl win32n > y-win32.asm
 cd ..\..\..
 echo Blowfish
 cd crypto\bf\asm
-perl bf-586.pl %1 > b%2
+perl bf-586.pl win32n > b-win32.asm
 cd ..\..\..
 echo CAST5
 cd crypto\cast\asm
-perl cast-586.pl %1 > c%2
+perl cast-586.pl win32n > c-win32.asm
 cd ..\..\..
 echo RC4
 cd crypto\rc4\asm
-perl rc4-586.pl %1 > r4%2
+perl rc4-586.pl win32n > r4-win32.asm
 cd ..\..\..
 echo MD5
 cd crypto\md5\asm
-perl md5-586.pl %1 > m5%2
+perl md5-586.pl win32n > m5-win32.asm
 cd ..\..\..
 echo SHA1
 cd crypto\sha\asm
-perl sha1-586.pl %1 > s1%2
+perl sha1-586.pl win32n > s1-win32.asm
 cd ..\..\..
 echo RIPEMD160
 cd crypto\ripemd\asm
-perl rmd-586.pl %1 > rm%2
+perl rmd-586.pl win32n > rm-win32.asm
 cd ..\..\..
 echo RC5\32
 cd crypto\rc5\asm
-perl rc5-586.pl %1 > r5%2
+perl rc5-586.pl win32n > r5-win32.asm
 cd ..\..\..
-echo CPUID
-cd crypto
-perl x86cpuid.pl %1 > x86cpuid%2
-cd ..\
 echo on
diff --git a/src/lib/libssl/src/openssl.spec b/src/lib/libssl/src/openssl.spec
index 329e3925b7..bed337b638 100644
--- a/src/lib/libssl/src/openssl.spec
+++ b/src/lib/libssl/src/openssl.spec
@@ -1,15 +1,16 @@
-%define libmaj 0
+%define _unpackaged_files_terminate_build 0
-%define libmin 9
+%define libmaj 1
-%define librel 8
+%define libmin 0
-%define librev k
+%define librel 0
+%define librev a
 Release: 1
 %define openssldir /var/ssl
 Summary: Secure Sockets Layer and cryptography libraries and tools
 Name: openssl
-#Version: %{libmaj}.%{libmin}.%{librel}
+Version: %{libmaj}.%{libmin}.%{librel}
-Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+#Version: %{libmaj}.%{libmin}.%{librel}%{librev}
 Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
 Copyright: Freely distributable
 Group: System Environment/Libraries
@@ -96,6 +97,9 @@ perl util/perlpath.pl /usr/bin/perl
 %ifarch alpha
 ./Configure %{CONFIG_FLAGS} linux-alpha shared
 %endif
+%ifarch x86_64
+./Configure %{CONFIG_FLAGS} linux-x86_64 shared
+%endif
 LD_LIBRARY_PATH=`pwd` make
 LD_LIBRARY_PATH=`pwd` make rehash
 LD_LIBRARY_PATH=`pwd` make test
diff --git a/src/lib/libssl/src/shlib/win32.bat b/src/lib/libssl/src/shlib/win32.bat
index c807a99d35..2b0faaa17b 100644
--- a/src/lib/libssl/src/shlib/win32.bat
+++ b/src/lib/libssl/src/shlib/win32.bat
@@ -14,5 +14,5 @@ cl /Focrypto.obj -DWIN32 %OPTIONS% -c crypto\crypto.c
 cl /Fossl.obj -DWIN32 %OPTIONS% -c ssl\ssl.c
 cl /Foeay.obj -DWIN32 %OPTIONS% -c apps\eay.c
-cl /Fessleay.exe %OPTIONS% eay.obj ssl.obj crypto.obj crypto\bf\asm\b-win32.obj crypto\des\asm\c-win32.obj crypto\des\asm\d-win32.obj crypto\bn\asm\x86nt32.obj user32.lib gdi32.lib wsock32.lib
+cl /Fessleay.exe %OPTIONS% eay.obj ssl.obj crypto.obj crypto\bf\asm\b-win32.obj crypto\des\asm\c-win32.obj crypto\des\asm\d-win32.obj crypto\bn\asm\x86nt32.obj user32.lib gdi32.lib ws2_32.lib
diff --git a/src/lib/libssl/src/shlib/win32dll.bat b/src/lib/libssl/src/shlib/win32dll.bat
index 294c94c81c..844e3537c8 100644
--- a/src/lib/libssl/src/shlib/win32dll.bat
+++ b/src/lib/libssl/src/shlib/win32dll.bat
@@ -5,9 +5,9 @@ set OPTIONS2=/W3 /WX /Ox /Gf /nologo
 set OPTIONS=%OPTIONS1% %OPTIONS2%
-cl /Felibeay32.dll /GD /MD /LD -DWIN32 %OPTIONS% ms\libeay32.def crypto\crypto.c crypto\bf\asm\b-win32.obj crypto\des\asm\c-win32.obj crypto\des\asm\d-win32.obj crypto\bn\asm\x86nt32.obj user32.lib gdi32.lib wsock32.lib
+cl /Felibeay32.dll /GD /MD /LD -DWIN32 %OPTIONS% ms\libeay32.def crypto\crypto.c crypto\bf\asm\b-win32.obj crypto\des\asm\c-win32.obj crypto\des\asm\d-win32.obj crypto\bn\asm\x86nt32.obj user32.lib gdi32.lib ws2_32.lib
 cl /Fessleay32.dll /GD /MD /LD -DWIN32 %OPTIONS% ms\ssleay32.def ssl\ssl.c libeay32.lib
-cl /Fessleay.exe /MD -DWIN32 %OPTIONS% apps\eay.c ssleay32.lib libeay32.lib user32.lib wsock32.lib
+cl /Fessleay.exe /MD -DWIN32 %OPTIONS% apps\eay.c ssleay32.lib libeay32.lib user32.lib ws2_32.lib
diff --git a/src/lib/libssl/src/ssl/Makefile b/src/lib/libssl/src/ssl/Makefile
index 46c06597fa..2b275faf6a 100644
--- a/src/lib/libssl/src/ssl/Makefile
+++ b/src/lib/libssl/src/ssl/Makefile
@@ -30,7 +30,7 @@ LIBSRC=	\
        ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
        ssl_ciph.c ssl_stat.c ssl_rsa.c \
        ssl_asn1.c ssl_txt.c ssl_algs.c \
-        bio_ssl.c ssl_err.c kssl.c
+        bio_ssl.c ssl_err.c kssl.c t1_reneg.c
 LIBOBJ= \
        s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
        s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
@@ -41,7 +41,7 @@ LIBOBJ= \
        ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
        ssl_ciph.o ssl_stat.o ssl_rsa.o \
        ssl_asn1.o ssl_txt.o ssl_algs.o \
-        bio_ssl.o ssl_err.o kssl.o
+        bio_ssl.o ssl_err.o kssl.o t1_reneg.o
 SRC= $(LIBSRC)
@@ -53,7 +53,7 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
        (cd ..; $(MAKE) DIRS=$(DIR) all)
-all:    lib
+all:    shared
 lib:    $(LIBOBJ)
        $(AR) $(LIB) $(LIBOBJ)
@@ -106,45 +106,43 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 bio_ssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-bio_ssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+bio_ssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-bio_ssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+bio_ssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-bio_ssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+bio_ssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-bio_ssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+bio_ssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-bio_ssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+bio_ssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-bio_ssl.o: ../include/openssl/evp.h ../include/openssl/fips.h
 bio_ssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-bio_ssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-bio_ssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c
+bio_ssl.o: ../include/openssl/x509_vfy.h bio_ssl.c
 d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+d1_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+d1_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+d1_both.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+d1_both.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+d1_both.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_both.o: ../include/openssl/err.h ../include/openssl/evp.h
+d1_both.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_both.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 d1_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 d1_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 d1_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 d1_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 d1_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_both.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+d1_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-d1_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+d1_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+d1_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-d1_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+d1_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-d1_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+d1_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+d1_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+d1_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_both.c
-d1_both.o: ../include/openssl/x509_vfy.h d1_both.c ssl_locl.h
+d1_both.o: ssl_locl.h
 d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -152,14 +150,13 @@ d1_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
 d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_clnt.o: ../include/openssl/evp.h ../include/openssl/fips.h
+d1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+d1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-d1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h
+d1_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-d1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+d1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-d1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+d1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-d1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+d1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-d1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+d1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-d1_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 d1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 d1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 d1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
@@ -168,90 +165,83 @@ d1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 d1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 d1_clnt.o: ../include/openssl/x509_vfy.h d1_clnt.c kssl_lcl.h ssl_locl.h
 d1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+d1_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+d1_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+d1_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+d1_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+d1_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+d1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_enc.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 d1_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 d1_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
 d1_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 d1_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 d1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-d1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+d1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-d1_enc.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+d1_enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-d1_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+d1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+d1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-d1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_enc.c
+d1_enc.o: ../include/openssl/x509_vfy.h d1_enc.c ssl_locl.h
-d1_enc.o: ssl_locl.h
 d1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+d1_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+d1_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+d1_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+d1_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+d1_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+d1_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_lib.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 d1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 d1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 d1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 d1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 d1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-d1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+d1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+d1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c
+d1_lib.o: ../include/openssl/x509_vfy.h d1_lib.c ssl_locl.h
-d1_lib.o: ssl_locl.h
 d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+d1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+d1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+d1_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+d1_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+d1_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+d1_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_meth.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 d1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 d1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 d1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 d1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 d1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+d1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-d1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+d1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+d1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-d1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_meth.c
+d1_meth.o: ../include/openssl/x509_vfy.h d1_meth.c ssl_locl.h
-d1_meth.o: ssl_locl.h
 d1_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+d1_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+d1_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+d1_pkt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+d1_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+d1_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
+d1_pkt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_pkt.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 d1_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 d1_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 d1_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 d1_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 d1_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+d1_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-d1_pkt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+d1_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+d1_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-d1_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+d1_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-d1_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+d1_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+d1_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+d1_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_pkt.c
-d1_pkt.o: ../include/openssl/x509_vfy.h d1_pkt.c ssl_locl.h
+d1_pkt.o: ssl_locl.h
 d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -259,14 +249,13 @@ d1_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
 d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_srvr.o: ../include/openssl/evp.h ../include/openssl/fips.h
+d1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+d1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-d1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h
+d1_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-d1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+d1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-d1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+d1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-d1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+d1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-d1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+d1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-d1_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 d1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 d1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 d1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
@@ -275,276 +264,257 @@ d1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 d1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 d1_srvr.o: ../include/openssl/x509_vfy.h d1_srvr.c ssl_locl.h
 kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-kssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+kssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-kssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+kssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-kssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+kssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-kssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+kssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-kssl.o: ../include/openssl/ecdsa.h ../include/openssl/evp.h
+kssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-kssl.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 kssl.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
 kssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 kssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 kssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-kssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+kssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-kssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+kssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-kssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+kssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-kssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+kssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-kssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+kssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-kssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+kssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-kssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl.c
+kssl.o: ../include/openssl/x509_vfy.h kssl.c kssl_lcl.h
 s23_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s23_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s23_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s23_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s23_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s23_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s23_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s23_clnt.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s23_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s23_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s23_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s23_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s23_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+s23_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_clnt.c
-s23_clnt.o: ../include/openssl/x509_vfy.h s23_clnt.c ssl_locl.h
+s23_clnt.o: ssl_locl.h
 s23_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s23_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s23_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s23_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s23_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s23_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s23_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s23_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s23_lib.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s23_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s23_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s23_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s23_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s23_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_lib.c
+s23_lib.o: ../include/openssl/x509_vfy.h s23_lib.c ssl_locl.h
-s23_lib.o: ssl_locl.h
 s23_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s23_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s23_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s23_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s23_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s23_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s23_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s23_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s23_meth.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s23_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s23_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s23_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s23_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s23_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_meth.c
+s23_meth.o: ../include/openssl/x509_vfy.h s23_meth.c ssl_locl.h
-s23_meth.o: ssl_locl.h
 s23_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s23_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s23_pkt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s23_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s23_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s23_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s23_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_pkt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s23_pkt.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s23_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s23_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s23_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s23_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s23_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_pkt.c
+s23_pkt.o: ../include/openssl/x509_vfy.h s23_pkt.c ssl_locl.h
-s23_pkt.o: ssl_locl.h
 s23_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s23_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s23_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s23_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s23_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s23_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s23_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+s23_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s23_srvr.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s23_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s23_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s23_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s23_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s23_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+s23_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c
-s23_srvr.o: ../include/openssl/x509_vfy.h s23_srvr.c ssl_locl.h
+s23_srvr.o: ssl_locl.h
 s2_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s2_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s2_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s2_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s2_clnt.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s2_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c
-s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h
+s2_clnt.o: ssl_locl.h
 s2_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s2_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s2_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s2_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s2_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s2_enc.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_enc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s2_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c
+s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h
-s2_enc.o: ssl_locl.h
 s2_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s2_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s2_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s2_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s2_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s2_lib.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s2_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
 s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s2_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c
-s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h
+s2_lib.o: ssl_locl.h
 s2_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s2_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s2_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s2_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s2_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s2_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s2_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s2_meth.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s2_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s2_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s2_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s2_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s2_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_meth.c
+s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h
-s2_meth.o: ssl_locl.h
 s2_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s2_pkt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s2_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s2_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_pkt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s2_pkt.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s2_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c
+s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h
-s2_pkt.o: ssl_locl.h
 s2_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s2_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s2_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s2_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s2_srvr.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s2_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c
-s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h
+s2_srvr.o: ssl_locl.h
 s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s3_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s3_both.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_both.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s3_both.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_both.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_both.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_both.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s3_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_both.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s3_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s3_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c
-s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h
+s3_both.o: ssl_locl.h
 s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -553,13 +523,12 @@ s3_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
 s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_clnt.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+s3_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-s3_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-s3_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 s3_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s3_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
@@ -569,90 +538,84 @@ s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
 s3_clnt.o: s3_clnt.c ssl_locl.h
 s3_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s3_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s3_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s3_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_enc.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s3_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s3_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
 s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s3_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_enc.c
-s3_enc.o: ../include/openssl/x509_vfy.h s3_enc.c ssl_locl.h
+s3_enc.o: ssl_locl.h
-s3_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_lib.o: ../crypto/ec/ec_lcl.h ../e_os.h ../include/openssl/asn1.h
-s3_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_lib.o: ../include/openssl/bio.h ../include/openssl/bn.h
-s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s3_lib.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s3_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s3_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s3_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s3_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s3_lib.o: ../include/openssl/evp.h ../include/openssl/fips.h
+s3_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
 s3_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h
 s3_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s3_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s3_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s3_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
+s3_lib.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_lib.c ssl_locl.h
-s3_lib.o: s3_lib.c ssl_locl.h
 s3_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s3_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s3_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s3_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_meth.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s3_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s3_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s3_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s3_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s3_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_meth.c
+s3_meth.o: ../include/openssl/x509_vfy.h s3_meth.c ssl_locl.h
-s3_meth.o: ssl_locl.h
 s3_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s3_pkt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s3_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_pkt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_pkt.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s3_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s3_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s3_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s3_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s3_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_pkt.c
+s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h
-s3_pkt.o: ssl_locl.h
 s3_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -660,14 +623,13 @@ s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s3_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
 s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_srvr.o: ../include/openssl/evp.h ../include/openssl/fips.h
+s3_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_srvr.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h
+s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
-s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-s3_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 s3_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
@@ -677,47 +639,44 @@ s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
 s3_srvr.o: s3_srvr.c ssl_locl.h
 ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_algs.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_algs.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_algs.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_algs.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_algs.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_algs.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_algs.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_algs.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 ssl_algs.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 ssl_algs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ssl_algs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ssl_algs.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_algs.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+ssl_algs.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_algs.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_algs.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_algs.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_algs.c
+ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h
-ssl_algs.o: ssl_locl.h
 ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
-ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/bn.h
+ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-ssl_asn1.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+ssl_asn1.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_asn1.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_asn1.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssl_asn1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/fips.h
 ssl_asn1.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_asn1.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.c
-ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h
+ssl_asn1.o: ssl_locl.h
 ssl_cert.o: ../crypto/o_dir.h ../e_os.h ../include/openssl/asn1.h
 ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h
 ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h
@@ -726,13 +685,12 @@ ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 ssl_cert.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
 ssl_cert.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 ssl_cert.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_cert.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ssl_cert.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_cert.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+ssl_cert.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_cert.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_cert.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 ssl_cert.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
@@ -742,19 +700,18 @@ ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
 ssl_cert.o: ssl_cert.c ssl_locl.h
 ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_ciph.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_ciph.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_ciph.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_ciph.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_ciph.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_ciph.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ssl_ciph.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_ciph.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+ssl_ciph.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-ssl_ciph.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_ciph.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_ciph.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_ciph.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_ciph.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_ciph.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_ciph.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -763,255 +720,256 @@ ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_ciph.c
 ssl_ciph.o: ssl_locl.h
 ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_err.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_err.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_err.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_err.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-ssl_err.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+ssl_err.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_err.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_err.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssl_err.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_err.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_err.o: ../include/openssl/evp.h ../include/openssl/fips.h
 ssl_err.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 ssl_err.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_err.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_err.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_err.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_err.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_err.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_err.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err.c
+ssl_err.o: ../include/openssl/x509_vfy.h ssl_err.c
 ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_err2.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_err2.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-ssl_err2.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+ssl_err2.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_err2.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_err2.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssl_err2.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_err2.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_err2.o: ../include/openssl/evp.h ../include/openssl/fips.h
 ssl_err2.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_err2.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_err2.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_err2.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_err2.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.c
+ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c
 ssl_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_lib.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-ssl_lib.o: ../include/openssl/engine.h ../include/openssl/err.h
+ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_lib.o: ../include/openssl/evp.h ../include/openssl/fips.h
 ssl_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 ssl_lib.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+ssl_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-ssl_lib.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h
+ssl_lib.o: ../include/openssl/x509v3.h kssl_lcl.h ssl_lib.c ssl_locl.h
-ssl_lib.o: ssl_lib.c ssl_locl.h
 ssl_rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_rsa.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_rsa.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_rsa.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_rsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_rsa.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_rsa.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 ssl_rsa.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 ssl_rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ssl_rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ssl_rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_rsa.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+ssl_rsa.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_rsa.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_rsa.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c
-ssl_rsa.o: ssl_rsa.c
 ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_sess.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_sess.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_sess.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_sess.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-ssl_sess.o: ../include/openssl/engine.h ../include/openssl/err.h
+ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_sess.o: ../include/openssl/evp.h ../include/openssl/fips.h
 ssl_sess.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_sess.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_sess.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_sess.c
-ssl_sess.o: ssl_sess.c
 ssl_stat.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_stat.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_stat.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_stat.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_stat.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_stat.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_stat.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_stat.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_stat.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_stat.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 ssl_stat.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 ssl_stat.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ssl_stat.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ssl_stat.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_stat.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+ssl_stat.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_stat.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_stat.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_stat.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_stat.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_stat.c
-ssl_stat.o: ssl_stat.c
 ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_txt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_txt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_txt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_txt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_txt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_txt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_txt.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_txt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_txt.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 ssl_txt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 ssl_txt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ssl_txt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ssl_txt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_txt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+ssl_txt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_txt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_txt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_txt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_txt.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_txt.c
-ssl_txt.o: ssl_txt.c
 t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+t1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+t1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+t1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_clnt.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 t1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+t1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_clnt.c
+t1_clnt.o: t1_clnt.c
 t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+t1_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+t1_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+t1_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_enc.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 t1_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 t1_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
 t1_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 t1_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-t1_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+t1_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_enc.c
+t1_enc.o: t1_enc.c
 t1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
+t1_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-t1_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+t1_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-t1_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-t1_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+t1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-t1_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+t1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-t1_lib.o: ../include/openssl/evp.h ../include/openssl/fips.h
 t1_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 t1_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 t1_lib.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 t1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 t1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+t1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+t1_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssl_locl.h
-t1_lib.o: ../include/openssl/x509v3.h ssl_locl.h t1_lib.c
+t1_lib.o: t1_lib.c
 t1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+t1_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+t1_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+t1_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_meth.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 t1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+t1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_meth.c
-t1_meth.o: t1_meth.c
+t1_reneg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_reneg.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+t1_reneg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+t1_reneg.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+t1_reneg.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+t1_reneg.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+t1_reneg.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+t1_reneg.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+t1_reneg.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_reneg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_reneg.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_reneg.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_reneg.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+t1_reneg.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_reneg.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_reneg.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_reneg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_reneg.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_reneg.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_reneg.c
 t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+t1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+t1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+t1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_srvr.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 t1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+t1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_srvr.c
+t1_srvr.o: t1_srvr.c
diff --git a/src/lib/libssl/src/ssl/bio_ssl.c b/src/lib/libssl/src/ssl/bio_ssl.c
index 420deb7fc9..af319af302 100644
--- a/src/lib/libssl/src/ssl/bio_ssl.c
+++ b/src/lib/libssl/src/ssl/bio_ssl.c
@@ -398,17 +398,19 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
                        }
                break;
        case BIO_CTRL_POP:
-                /* ugly bit of a hack */
+                /* Only detach if we are the BIO explicitly being popped */
-                if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */
+                if (b == ptr)
                        {
-                        BIO_free_all(ssl->wbio);
+                        /* Shouldn't happen in practice because the
-                        }
+                         * rbio and wbio are the same when pushed.
-                if (b->next_bio != NULL)
+                         */
-                        {
+                        if (ssl->rbio != ssl->wbio)
-                        CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
+                                BIO_free_all(ssl->wbio);
+                        if (b->next_bio != NULL)
+                                CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO);
+                        ssl->wbio=NULL;
+                        ssl->rbio=NULL;
                        }
-                ssl->wbio=NULL;
-                ssl->rbio=NULL;
                break;
        case BIO_C_DO_STATE_MACHINE:
                BIO_clear_retry_flags(b);
@@ -543,7 +545,6 @@ BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
        return(ret);
 err:
        if (con != NULL) BIO_free(con);
-        if (ret != NULL) BIO_free(ret);
        return(NULL);
        }
diff --git a/src/lib/libssl/src/ssl/install.com b/src/lib/libssl/src/ssl/install.com
index fce8c66737..7f56067599 100644
--- a/src/lib/libssl/src/ssl/install.com
+++ b/src/lib/libssl/src/ssl/install.com
@@ -8,10 +8,19 @@ $!
 $       IF P1 .EQS. ""
 $       THEN
 $           WRITE SYS$OUTPUT "First argument missing."
-$           WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$           WRITE SYS$OUTPUT -
+                  "It should be the directory where you want things installed."
 $           EXIT
 $       ENDIF
 $
+$       IF (F$GETSYI("CPU").LT.128)
+$       THEN
+$           ARCH := VAX
+$       ELSE
+$           ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$           IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$       ENDIF
+$
 $       ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
 $       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
 $       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
@@ -19,31 +28,24 @@ $	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
 $       ROOT = ROOT_DEV + "[" + ROOT_DIR
 $
 $       DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$       DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$       DEFINE/NOLOG WRK_SSLXLIB WRK_SSLROOT:['ARCH'_LIB]
-$       DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
 $       DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$       DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$       DEFINE/NOLOG WRK_SSLXEXE WRK_SSLROOT:['ARCH'_EXE]
-$       DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
 $
 $       IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
           CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$       IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN -
+$       IF F$PARSE("WRK_SSLXLIB:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLVLIB:
+           CREATE/DIR/LOG WRK_SSLXLIB:
-$       IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLALIB:
 $       IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
           CREATE/DIR/LOG WRK_SSLINCLUDE:
-$       IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
+$       IF F$PARSE("WRK_SSLXEXE:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLVEXE:
+           CREATE/DIR/LOG WRK_SSLXEXE:
-$       IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLAEXE:
 $
 $       EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h
 $       E_EXE := ssl_task
 $       LIBS := LIBSSL
 $
-$       VEXE_DIR := [-.VAX.EXE.SSL]
+$       XEXE_DIR := [-.'ARCH'.EXE.SSL]
-$       AEXE_DIR := [-.AXP.EXE.SSL]
 $
 $       COPY 'EXHEADER' WRK_SSLINCLUDE:/LOG
 $       SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'EXHEADER'
@@ -54,15 +56,10 @@ $	E = F$EDIT(F$ELEMENT(I, ",", E_EXE),"TRIM")
 $       I = I + 1
 $       IF E .EQS. "," THEN GOTO LOOP_EXE_END
 $       SET NOON
-$       IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
+$       IF F$SEARCH(XEXE_DIR+E+".EXE") .NES. ""
-$       THEN
-$         COPY 'VEXE_DIR''E'.EXE WRK_SSLVEXE:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLVEXE:'E'.EXE
-$       ENDIF
-$       IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
 $       THEN
-$         COPY 'AEXE_DIR''E'.EXE WRK_SSLAEXE:'E'.EXE/log
+$         COPY 'XEXE_DIR''E'.EXE WRK_SSLXEXE:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLAEXE:'E'.EXE
+$         SET FILE/PROT=W:RE WRK_SSLXEXE:'E'.EXE
 $       ENDIF
 $       SET ON
 $       GOTO LOOP_EXE
@@ -74,27 +71,17 @@ $	E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
 $       I = I + 1
 $       IF E .EQS. "," THEN GOTO LOOP_LIB_END
 $       SET NOON
-$       IF F$SEARCH(VEXE_DIR+E+".OLB") .NES. ""
+$! Object library.
-$       THEN
+$       IF F$SEARCH(XEXE_DIR+E+".OLB") .NES. ""
-$         COPY 'VEXE_DIR''E'.OLB WRK_SSLVLIB:'E'.OLB/log
-$         SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.OLB
-$       ENDIF
-$       ! Preparing for the time when we have shareable images
-$       IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
-$       THEN
-$         COPY 'VEXE_DIR''E'.EXE WRK_SSLVLIB:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.EXE
-$       ENDIF
-$       IF F$SEARCH(AEXE_DIR+E+".OLB") .NES. ""
 $       THEN
-$         COPY 'AEXE_DIR''E'.OLB WRK_SSLALIB:'E'.OLB/log
+$         COPY 'XEXE_DIR''E'.OLB WRK_SSLXLIB:'E'.OLB/log
-$         SET FILE/PROT=W:RE WRK_SSLALIB:'E'.OLB
+$         SET FILE/PROT=W:RE WRK_SSLXLIB:'E'.OLB
 $       ENDIF
-$       ! Preparing for the time when we have shareable images
+$! Shareable image.
-$       IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
+$       IF F$SEARCH(XEXE_DIR+E+".EXE") .NES. ""
 $       THEN
-$         COPY 'AEXE_DIR''E'.EXE WRK_SSLALIB:'E'.EXE/log
+$         COPY 'XEXE_DIR''E'.EXE WRK_SSLXLIB:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLALIB:'E'.EXE
+$         SET FILE/PROT=W:RE WRK_SSLXLIB:'E'.EXE
 $       ENDIF
 $       SET ON
 $       GOTO LOOP_LIB
diff --git a/src/lib/libssl/src/ssl/kssl.c b/src/lib/libssl/src/ssl/kssl.c
index 019030ae3c..b820e37464 100644
--- a/src/lib/libssl/src/ssl/kssl.c
+++ b/src/lib/libssl/src/ssl/kssl.c
@@ -68,11 +68,6 @@
 #include <openssl/opensslconf.h>
-#define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */
-#include <time.h>
-#if 0 /* experimental */
-#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */
-#endif
 #include <string.h>
 #define KRB5_PRIVATE    1
@@ -81,6 +76,7 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/krb5_asn.h>
+#include "kssl_lcl.h"
 #ifndef OPENSSL_NO_KRB5
@@ -136,7 +132,7 @@
 #define krb5_principal_compare   kssl_krb5_principal_compare
 #define krb5_decrypt_tkt_part    kssl_krb5_decrypt_tkt_part
 #define krb5_timeofday           kssl_krb5_timeofday
-#define krb5_rc_default           kssl_krb5_rc_default
+#define krb5_rc_default          kssl_krb5_rc_default
 #ifdef krb5_rc_initialize
 #undef krb5_rc_initialize
@@ -844,7 +840,7 @@ kssl_map_enc(krb5_enctype enctype)
 **      "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and
 **      xx and yy are possibly multi-byte length fields.
 */
-int     kssl_test_confound(unsigned char *p)
+static int      kssl_test_confound(unsigned char *p)
        {
        int     len = 2;
        int     xx = 0, yy = 0;
@@ -879,7 +875,7 @@ int 	kssl_test_confound(unsigned char *p)
 **      what the highest assigned CKSUMTYPE_ constant is.  As of 1.2.2
 **      it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3).  So we will use 0x0010.
 */
-size_t  *populate_cksumlens(void)
+static size_t  *populate_cksumlens(void)
        {
        int             i, j, n;
        static size_t   *cklens = NULL;
@@ -1030,7 +1026,7 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
 /*      Display contents of krb5_principal_data struct, for debugging
 **      (krb5_principal is typedef'd == krb5_principal_data *)
 */
-void
+static void
 print_krb5_princ(char *label, krb5_principal_data *princ)
        {
        int i, ui, uj;
@@ -1229,7 +1225,7 @@ kssl_cget_tkt(	/* UPDATE */	KSSL_CTX *kssl_ctx,
 **                              code here.  This tkt should alloc/free just
 **                              like the real thing.
 */
-krb5_error_code
+static krb5_error_code
 kssl_TKT2tkt(   /* IN     */    krb5_context    krb5context,
                /* IN     */    KRB5_TKTBODY    *asn1ticket,
                /* OUT    */    krb5_ticket     **krb5ticket,
@@ -1807,6 +1803,9 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
                                     kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC,
                                     KRB5_NT_SRV_HST, &princ);
+    if (krb5rc)
+        goto exit;
    krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, 
                                princ,
                                0 /* IGNORE_VNO */,
@@ -1904,7 +1903,7 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
 **  Return pointer to the (partially) filled in struct tm on success,
 **  return NULL on failure.
 */
-struct tm       *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
+static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
        {
        char            c, *p;
@@ -1930,7 +1929,7 @@ struct tm	*k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
 **  So we try to sneek the clockskew out through the replay cache.
 **      If that fails just return a likely default (300 seconds).
 */
-krb5_deltat     get_rc_clockskew(krb5_context context)
+static krb5_deltat get_rc_clockskew(krb5_context context)
        {
        krb5_rcache     rc;
        krb5_deltat     clockskew;
@@ -2094,9 +2093,12 @@ krb5_error_code  kssl_check_authent(
        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 #ifdef KSSL_DEBUG
+        {
+        int padl;
        printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl);
        for (padl=0; padl < outl; padl++) printf("%02x ",unenc_authent[padl]);
        printf("\n");
+        }
 #endif  /* KSSL_DEBUG */
        if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL)
@@ -2126,7 +2128,7 @@ krb5_error_code  kssl_check_authent(
                tm_g = gmtime(&now);            tg = mktime(tm_g);
                tz_offset = tg - tl;
-                *atimep = tr - tz_offset;
+                *atimep = (krb5_timestamp)(tr - tz_offset);
                }
 #ifdef KSSL_DEBUG
diff --git a/src/lib/libssl/src/ssl/kssl_lcl.h b/src/lib/libssl/src/ssl/kssl_lcl.h
index 4cd8dd2d7f..c039c91b4e 100644
--- a/src/lib/libssl/src/ssl/kssl_lcl.h
+++ b/src/lib/libssl/src/ssl/kssl_lcl.h
@@ -75,7 +75,7 @@ void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
 char *kstring(char *string);
 char *knumber(int len, krb5_octet *contents);
-EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
+const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
 int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
 int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index bc918170e1..c4d8bf2eb3 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 #include <stdio.h>
 #include "ssl_locl.h"
@@ -63,10 +116,10 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-static SSL_METHOD *ssl23_get_client_method(int ver);
+static const SSL_METHOD *ssl23_get_client_method(int ver);
 static int ssl23_client_hello(SSL *s);
 static int ssl23_get_server_hello(SSL *s);
-static SSL_METHOD *ssl23_get_client_method(int ver)
+static const SSL_METHOD *ssl23_get_client_method(int ver)
        {
 #ifndef OPENSSL_NO_SSL2
        if (ver == SSL2_VERSION)
@@ -197,20 +250,40 @@ end:
        return(ret);
        }
+static int ssl23_no_ssl2_ciphers(SSL *s)
+        {
+        SSL_CIPHER *cipher;
+        STACK_OF(SSL_CIPHER) *ciphers;
+        int i;
+        ciphers = SSL_get_ciphers(s);
+        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
+                {
+                cipher = sk_SSL_CIPHER_value(ciphers, i);
+                if (cipher->algorithm_ssl == SSL_SSLV2)
+                        return 0;
+                }
+        return 1;
+        }
 static int ssl23_client_hello(SSL *s)
        {
        unsigned char *buf;
        unsigned char *p,*d;
-        int i,j,ch_len;
+        int i,ch_len;
        unsigned long Time,l;
        int ssl2_compat;
        int version = 0, version_major, version_minor;
+#ifndef OPENSSL_NO_COMP
+        int j;
        SSL_COMP *comp;
+#endif
        int ret;
        ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
+        if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
+                ssl2_compat = 0;
        if (!(s->options & SSL_OP_NO_TLSv1))
                {
                version = TLS1_VERSION;
@@ -223,7 +296,7 @@ static int ssl23_client_hello(SSL *s)
                {
                version = SSL2_VERSION;
                }
-#ifndef OPENSSL_NO_TLSEXT 
+#ifndef OPENSSL_NO_TLSEXT
        if (version != SSL2_VERSION)
                {
                /* have to disable SSL 2.0 compatibility if we need TLS extensions */
@@ -232,6 +305,10 @@ static int ssl23_client_hello(SSL *s)
                        ssl2_compat = 0;
                if (s->tlsext_status_type != -1)
                        ssl2_compat = 0;
+#ifdef TLSEXT_TYPE_opaque_prf_input
+                if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
+                        ssl2_compat = 0;
+#endif
                }
 #endif
@@ -257,14 +334,6 @@ static int ssl23_client_hello(SSL *s)
                        version_major = TLS1_VERSION_MAJOR;
                        version_minor = TLS1_VERSION_MINOR;
                        }
-#ifdef OPENSSL_FIPS
-                else if(FIPS_mode())
-                        {
-                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,
-                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                        return -1;
-                        }
-#endif
                else if (version == SSL3_VERSION)
                        {
                        version_major = SSL3_VERSION_MAJOR;
@@ -318,6 +387,10 @@ static int ssl23_client_hello(SSL *s)
                                ch_len=SSL2_MAX_CHALLENGE_LENGTH;
                        /* write out sslv2 challenge */
+                        /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
+                           because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
+                           or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
+                           check in for futurproofing */
                        if (SSL3_RANDOM_SIZE < ch_len)
                                i=SSL3_RANDOM_SIZE;
                        else
@@ -368,7 +441,11 @@ static int ssl23_client_hello(SSL *s)
                        p+=i;
                        /* COMPRESSION */
-                        if (s->ctx->comp_methods == NULL)
+#ifdef OPENSSL_NO_COMP
+                        *(p++)=1;
+#else
+                        if ((s->options & SSL_OP_NO_COMPRESSION)
+                                                || !s->ctx->comp_methods)
                                j=0;
                        else
                                j=sk_SSL_COMP_num(s->ctx->comp_methods);
@@ -378,8 +455,16 @@ static int ssl23_client_hello(SSL *s)
                                comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
                                *(p++)=comp->id;
                                }
+#endif
                        *(p++)=0; /* Add the NULL method */
 #ifndef OPENSSL_NO_TLSEXT
+                        /* TLS extensions*/
+                        if (ssl_prepare_clienthello_tlsext(s) <= 0)
+                                {
+                                SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+                                return -1;
+                                }
                        if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
                                {
                                SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
@@ -388,7 +473,6 @@ static int ssl23_client_hello(SSL *s)
 #endif
                        
                        l = p-d;
-                        *p = 42;
                        /* fill in 4-byte handshake header */
                        d=&(buf[5]);
@@ -483,6 +567,10 @@ static int ssl23_get_server_hello(SSL *s)
                        ch_len=SSL2_MAX_CHALLENGE_LENGTH;
                /* write out sslv2 challenge */
+                /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because
+                   it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
+                   SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
+                   futurproofing */
                i=(SSL3_RANDOM_SIZE < ch_len)
                        ?SSL3_RANDOM_SIZE:ch_len;
                s->s2->challenge_length=i;
@@ -503,7 +591,7 @@ static int ssl23_get_server_hello(SSL *s)
                        /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
                        s->s2->ssl2_rollback=1;
-                /* setup the 5 bytes we have read so we get them from
+                /* setup the 7 bytes we have read so we get them from
                 * the sslv2 buffer */
                s->rstate=SSL_ST_READ_HEADER;
                s->packet_length=n;
@@ -519,39 +607,16 @@ static int ssl23_get_server_hello(SSL *s)
                s->handshake_func=s->method->ssl_connect;
 #endif
                }
-        else if ((p[0] == SSL3_RT_HANDSHAKE) &&
+        else if (p[1] == SSL3_VERSION_MAJOR &&
-                 (p[1] == SSL3_VERSION_MAJOR) &&
+                 (p[2] == SSL3_VERSION_MINOR || p[2] == TLS1_VERSION_MINOR) &&
-                 ((p[2] == SSL3_VERSION_MINOR) ||
+                 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
-                  (p[2] == TLS1_VERSION_MINOR)) &&
+                  (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))
-                 (p[5] == SSL3_MT_SERVER_HELLO))
                {
-                /* we have sslv3 or tls1 */
+                /* we have sslv3 or tls1 (server hello or alert) */
-                if (!ssl_init_wbio_buffer(s,1)) goto err;
-                /* we are in this state */
-                s->state=SSL3_ST_CR_SRVR_HELLO_A;
-                /* put the 5 bytes we have read into the input buffer
-                 * for SSLv3 */
-                s->rstate=SSL_ST_READ_HEADER;
-                s->packet_length=n;
-                s->packet= &(s->s3->rbuf.buf[0]);
-                memcpy(s->packet,buf,n);
-                s->s3->rbuf.left=n;
-                s->s3->rbuf.offset=0;
                if ((p[2] == SSL3_VERSION_MINOR) &&
                        !(s->options & SSL_OP_NO_SSLv3))
                        {
-#ifdef OPENSSL_FIPS
-                        if(FIPS_mode())
-                                {
-                                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
-                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                                goto err;
-                                }
-#endif
                        s->version=SSL3_VERSION;
                        s->method=SSLv3_client_method();
                        }
@@ -566,35 +631,52 @@ static int ssl23_get_server_hello(SSL *s)
                        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
                        goto err;
                        }
-                        
-                s->handshake_func=s->method->ssl_connect;
+                if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)
-                }
-        else if ((p[0] == SSL3_RT_ALERT) &&
-                 (p[1] == SSL3_VERSION_MAJOR) &&
-                 ((p[2] == SSL3_VERSION_MINOR) ||
-                  (p[2] == TLS1_VERSION_MINOR)) &&
-                 (p[3] == 0) &&
-                 (p[4] == 2))
-                {
-                void (*cb)(const SSL *ssl,int type,int val)=NULL;
-                int j;
-                /* An alert */
-                if (s->info_callback != NULL)
-                        cb=s->info_callback;
-                else if (s->ctx->info_callback != NULL)
-                        cb=s->ctx->info_callback;
- 
-                i=p[5];
-                if (cb != NULL)
                        {
-                        j=(i<<8)|p[6];
+                        /* fatal alert */
-                        cb(s,SSL_CB_READ_ALERT,j);
+                        void (*cb)(const SSL *ssl,int type,int val)=NULL;
+                        int j;
+                        if (s->info_callback != NULL)
+                                cb=s->info_callback;
+                        else if (s->ctx->info_callback != NULL)
+                                cb=s->ctx->info_callback;
+ 
+                        i=p[5];
+                        if (cb != NULL)
+                                {
+                                j=(i<<8)|p[6];
+                                cb(s,SSL_CB_READ_ALERT,j);
+                                }
+                        
+                        if (s->msg_callback)
+                                s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg);
+                        s->rwstate=SSL_NOTHING;
+                        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
+                        goto err;
                        }
-                s->rwstate=SSL_NOTHING;
+                if (!ssl_init_wbio_buffer(s,1)) goto err;
-                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
-                goto err;
+                /* we are in this state */
+                s->state=SSL3_ST_CR_SRVR_HELLO_A;
+                /* put the 7 bytes we have read into the input buffer
+                 * for SSLv3 */
+                s->rstate=SSL_ST_READ_HEADER;
+                s->packet_length=n;
+                if (s->s3->rbuf.buf == NULL)
+                        if (!ssl3_setup_read_buffer(s))
+                                goto err;
+                s->packet= &(s->s3->rbuf.buf[0]);
+                memcpy(s->packet,buf,n);
+                s->s3->rbuf.left=n;
+                s->s3->rbuf.offset=0;
+                s->handshake_func=s->method->ssl_connect;
                }
        else
                {
@@ -612,4 +694,3 @@ static int ssl23_get_server_hello(SSL *s)
 err:
        return(-1);
        }
diff --git a/src/lib/libssl/src/ssl/s23_lib.c b/src/lib/libssl/src/ssl/s23_lib.c
index fc2981308d..e3fce53430 100644
--- a/src/lib/libssl/src/ssl/s23_lib.c
+++ b/src/lib/libssl/src/ssl/s23_lib.c
@@ -65,11 +65,6 @@ long ssl23_default_timeout(void)
        return(300);
        }
-IMPLEMENT_ssl23_meth_func(sslv23_base_method,
-                        ssl_undefined_function,
-                        ssl_undefined_function,
-                        ssl_bad_method)
 int ssl23_num_ciphers(void)
        {
        return(ssl3_num_ciphers()
@@ -79,7 +74,7 @@ int ssl23_num_ciphers(void)
            );
        }
-SSL_CIPHER *ssl23_get_cipher(unsigned int u)
+const SSL_CIPHER *ssl23_get_cipher(unsigned int u)
        {
        unsigned int uu=ssl3_num_ciphers();
@@ -95,9 +90,10 @@ SSL_CIPHER *ssl23_get_cipher(unsigned int u)
 /* This function needs to check if the ciphers required are actually
 * available */
-SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
+const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
        {
-        SSL_CIPHER c,*cp;
+        SSL_CIPHER c;
+        const SSL_CIPHER *cp;
        unsigned long id;
        int n;
diff --git a/src/lib/libssl/src/ssl/s23_meth.c b/src/lib/libssl/src/ssl/s23_meth.c
index 950d9aab3d..c6099efcf7 100644
--- a/src/lib/libssl/src/ssl/s23_meth.c
+++ b/src/lib/libssl/src/ssl/s23_meth.c
@@ -60,8 +60,8 @@
 #include <openssl/objects.h>
 #include "ssl_locl.h"
-static SSL_METHOD *ssl23_get_method(int ver);
+static const SSL_METHOD *ssl23_get_method(int ver);
-static SSL_METHOD *ssl23_get_method(int ver)
+static const SSL_METHOD *ssl23_get_method(int ver)
        {
 #ifndef OPENSSL_NO_SSL2
        if (ver == SSL2_VERSION)
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index ba06e7ae2e..836dd1f1cf 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -116,9 +116,9 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-static SSL_METHOD *ssl23_get_server_method(int ver);
+static const SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
-static SSL_METHOD *ssl23_get_server_method(int ver)
+static const SSL_METHOD *ssl23_get_server_method(int ver)
        {
 #ifndef OPENSSL_NO_SSL2
        if (ver == SSL2_VERSION)
@@ -315,7 +315,7 @@ int ssl23_get_client_hello(SSL *s)
                         (p[1] == SSL3_VERSION_MAJOR) &&
                         (p[5] == SSL3_MT_CLIENT_HELLO) &&
                         ((p[3] == 0 && p[4] < 5 /* silly record length? */)
-                                || (p[9] == p[1])))
+                                || (p[9] >= p[1])))
                        {
                        /*
                         * SSLv3 or tls1 header
@@ -339,6 +339,13 @@ int ssl23_get_client_hello(SSL *s)
                                v[1] = TLS1_VERSION_MINOR;
 #endif
                                }
+                        /* if major version number > 3 set minor to a value
+                         * which will use the highest version 3 we support.
+                         * If TLS 2.0 ever appears we will need to revise
+                         * this....
+                         */
+                        else if (p[9] > SSL3_VERSION_MAJOR)
+                                v[1]=0xff;
                        else
                                v[1]=p[10]; /* minor version according to client_version */
                        if (v[1] >= TLS1_VERSION_MINOR)
@@ -386,15 +393,6 @@ int ssl23_get_client_hello(SSL *s)
                        }
                }
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && (s->version < TLS1_VERSION))
-                {
-                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
-                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                goto err;
-                }
-#endif
        if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
                {
                /* we have SSLv3/TLSv1 in an SSLv2 header
@@ -425,7 +423,9 @@ int ssl23_get_client_hello(SSL *s)
                n2s(p,sil);
                n2s(p,cl);
                d=(unsigned char *)s->init_buf->data;
-                if ((csl+sil+cl+11) != s->packet_length)
+                if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format
+                                                          * Client Hello, can we? Error condition should be
+                                                          * '>' otherweise */
                        {
                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
                        goto err;
@@ -468,6 +468,15 @@ int ssl23_get_client_hello(SSL *s)
                *(d++)=1;
                *(d++)=0;
                
+#if 0
+                /* copy any remaining data with may be extensions */
+                p = p+csl+sil+cl;
+                while (p <  s->packet+s->packet_length)
+                        {
+                        *(d++)=*(p++);
+                        }
+#endif
                i = (d-(unsigned char *)s->init_buf->data) - 4;
                l2n3((long)i, d_len);
@@ -543,6 +552,10 @@ int ssl23_get_client_hello(SSL *s)
                         * for SSLv3 */
                        s->rstate=SSL_ST_READ_HEADER;
                        s->packet_length=n;
+                        if (s->s3->rbuf.buf == NULL)
+                                if (!ssl3_setup_read_buffer(s))
+                                        goto err;
                        s->packet= &(s->s3->rbuf.buf[0]);
                        memcpy(s->packet,buf,n);
                        s->s3->rbuf.left=n;
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c
index 782129cd5d..00ac158f9b 100644
--- a/src/lib/libssl/src/ssl/s2_clnt.c
+++ b/src/lib/libssl/src/ssl/s2_clnt.c
@@ -117,7 +117,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-static SSL_METHOD *ssl2_get_client_method(int ver);
+static const SSL_METHOD *ssl2_get_client_method(int ver);
 static int get_server_finished(SSL *s);
 static int get_server_verify(SSL *s);
 static int get_server_hello(SSL *s);
@@ -129,7 +129,7 @@ static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
        unsigned char *to,int padding);
 #define BREAK   break
-static SSL_METHOD *ssl2_get_client_method(int ver)
+static const SSL_METHOD *ssl2_get_client_method(int ver)
        {
        if (ver == SSL2_VERSION)
                return(SSLv2_client_method());
@@ -621,7 +621,7 @@ static int client_master_key(SSL *s)
        if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
                {
-                if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
+                if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
                        {
                        ssl2_return_error(s,SSL2_PE_NO_CIPHER);
                        SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
@@ -863,8 +863,10 @@ static int client_certificate(SSL *s)
                EVP_SignUpdate(&ctx,s->s2->key_material,
                               s->s2->key_material_length);
                EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
-                n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
+                i=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
-                EVP_SignUpdate(&ctx,buf,(unsigned int)n);
+                /* Don't update the signature if it fails - FIXME: probably should handle this better */
+                if(i > 0)
+                        EVP_SignUpdate(&ctx,buf,(unsigned int)i);
                p=buf;
                d=p+6;
diff --git a/src/lib/libssl/src/ssl/s2_enc.c b/src/lib/libssl/src/ssl/s2_enc.c
index 1f62acd5b1..ff3395f459 100644
--- a/src/lib/libssl/src/ssl/s2_enc.c
+++ b/src/lib/libssl/src/ssl/s2_enc.c
@@ -68,15 +68,14 @@ int ssl2_enc_init(SSL *s, int client)
        const EVP_MD *md;
        int num;
-        if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
+        if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
                {
                ssl2_return_error(s,SSL2_PE_NO_CIPHER);
                SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
                return(0);
                }
+        ssl_replace_hash(&s->read_hash,md);
-        s->read_hash=md;
+        ssl_replace_hash(&s->write_hash,md);
-        s->write_hash=md;
        if ((s->enc_read_ctx == NULL) &&
                ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
@@ -176,7 +175,7 @@ void ssl2_mac(SSL *s, unsigned char *md, int send)
        /* There has to be a MAC algorithm. */
        EVP_MD_CTX_init(&c);
-        EVP_DigestInit_ex(&c, s->read_hash, NULL);
+        EVP_MD_CTX_copy(&c, s->read_hash);
        EVP_DigestUpdate(&c,sec,
                EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
        EVP_DigestUpdate(&c,act,len); 
diff --git a/src/lib/libssl/src/ssl/s2_lib.c b/src/lib/libssl/src/ssl/s2_lib.c
index 10751b22ba..9914604109 100644
--- a/src/lib/libssl/src/ssl/s2_lib.c
+++ b/src/lib/libssl/src/ssl/s2_lib.c
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 #include "ssl_locl.h"
 #ifndef OPENSSL_NO_SSL2
@@ -68,143 +121,172 @@ const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
 #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
 /* list of available SSLv2 ciphers (sorted by id) */
-OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
+OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
-/* NULL_WITH_MD5 v3 */
 #if 0
+/* NULL_WITH_MD5 v3 */
        {
        1,
        SSL2_TXT_NULL_WITH_MD5,
        SSL2_CK_NULL_WITH_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_eNULL,
+        SSL_MD5,
+        SSL_SSLV2,
        SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
        0,
        0,
        0,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 #endif
 /* RC4_128_WITH_MD5 */
        {
        1,
        SSL2_TXT_RC4_128_WITH_MD5,
        SSL2_CK_RC4_128_WITH_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_RC4,
+        SSL_MD5,
+        SSL_SSLV2,
        SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* RC4_128_EXPORT40_WITH_MD5 */
        {
        1,
        SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
        SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_RC4,
+        SSL_MD5,
+        SSL_SSLV2,
        SSL_EXPORT|SSL_EXP40,
        SSL2_CF_5_BYTE_ENC,
        40,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* RC2_128_CBC_WITH_MD5 */
        {
        1,
        SSL2_TXT_RC2_128_CBC_WITH_MD5,
        SSL2_CK_RC2_128_CBC_WITH_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_RC2,
+        SSL_MD5,
+        SSL_SSLV2,
        SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* RC2_128_CBC_EXPORT40_WITH_MD5 */
        {
        1,
        SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
        SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_RC2,
+        SSL_MD5,
+        SSL_SSLV2,
        SSL_EXPORT|SSL_EXP40,
        SSL2_CF_5_BYTE_ENC,
        40,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
-/* IDEA_128_CBC_WITH_MD5 */
 #ifndef OPENSSL_NO_IDEA
+/* IDEA_128_CBC_WITH_MD5 */
        {
        1,
        SSL2_TXT_IDEA_128_CBC_WITH_MD5,
        SSL2_CK_IDEA_128_CBC_WITH_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_IDEA,
+        SSL_MD5,
+        SSL_SSLV2,
        SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 #endif
 /* DES_64_CBC_WITH_MD5 */
        {
        1,
        SSL2_TXT_DES_64_CBC_WITH_MD5,
        SSL2_CK_DES_64_CBC_WITH_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_DES,
+        SSL_MD5,
+        SSL_SSLV2,
        SSL_NOT_EXP|SSL_LOW,
        0,
        56,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* DES_192_EDE3_CBC_WITH_MD5 */
        {
        1,
        SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
        SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_3DES,
+        SSL_MD5,
+        SSL_SSLV2,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        168,
        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
-/* RC4_64_WITH_MD5 */
 #if 0
+/* RC4_64_WITH_MD5 */
        {
        1,
        SSL2_TXT_RC4_64_WITH_MD5,
        SSL2_CK_RC4_64_WITH_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_RC4,
+        SSL_MD5,
+        SSL_SSLV2,
        SSL_NOT_EXP|SSL_LOW,
        SSL2_CF_8_BYTE_ENC,
        64,
        64,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 #endif
-/* NULL SSLeay (testing) */
 #if 0
+/* NULL SSLeay (testing) */
        {       
        0,
        SSL2_TXT_NULL,
        SSL2_CK_NULL,
        0,
+        0,
+        0,
+        0,
+        SSL_SSLV2,
        SSL_STRONG_NONE,
        0,
        0,
        0,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 #endif
@@ -216,17 +298,12 @@ long ssl2_default_timeout(void)
        return(300);
        }
-IMPLEMENT_ssl2_meth_func(sslv2_base_method,
-                        ssl_undefined_function,
-                        ssl_undefined_function,
-                        ssl_bad_method)
 int ssl2_num_ciphers(void)
        {
        return(SSL2_NUM_CIPHERS);
        }
-SSL_CIPHER *ssl2_get_cipher(unsigned int u)
+const SSL_CIPHER *ssl2_get_cipher(unsigned int u)
        {
        if (u < SSL2_NUM_CIPHERS)
                return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
@@ -337,18 +414,16 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
 /* This function needs to check if the ciphers required are actually
 * available */
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
+const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
        {
-        SSL_CIPHER c,*cp;
+        SSL_CIPHER c;
+        const SSL_CIPHER *cp;
        unsigned long id;
        id=0x02000000L|((unsigned long)p[0]<<16L)|
                ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
        c.id=id;
-        cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
+        cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS);
-                (char *)ssl2_ciphers,
-                SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),
-                FP_ICC ssl_cipher_id_cmp);
        if ((cp == NULL) || (cp->valid == 0))
                return NULL;
        else
@@ -377,6 +452,7 @@ int ssl2_generate_key_material(SSL *s)
        unsigned char *km;
        unsigned char c='0';
        const EVP_MD *md5;
+        int md_size;
        md5 = EVP_md5();
@@ -393,10 +469,12 @@ int ssl2_generate_key_material(SSL *s)
                SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
                return 0;
                }
+        md_size = EVP_MD_size(md5);
-        for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
+        if (md_size < 0)
+            return 0;
+        for (i=0; i<s->s2->key_material_length; i += md_size)
                {
-                if (((km - s->s2->key_material) + EVP_MD_size(md5)) >
+                if (((km - s->s2->key_material) + md_size) >
                                (int)sizeof(s->s2->key_material))
                        {
                        /* EVP_DigestFinal_ex() below would write beyond buffer */
@@ -415,7 +493,7 @@ int ssl2_generate_key_material(SSL *s)
                EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
                EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
                EVP_DigestFinal_ex(&ctx,km,NULL);
-                km += EVP_MD_size(md5);
+                km += md_size;
                }
        EVP_MD_CTX_cleanup(&ctx);
diff --git a/src/lib/libssl/src/ssl/s2_meth.c b/src/lib/libssl/src/ssl/s2_meth.c
index a35e435b71..f0e8ca593d 100644
--- a/src/lib/libssl/src/ssl/s2_meth.c
+++ b/src/lib/libssl/src/ssl/s2_meth.c
@@ -61,8 +61,8 @@
 #include <stdio.h>
 #include <openssl/objects.h>
-static SSL_METHOD *ssl2_get_method(int ver);
+static const SSL_METHOD *ssl2_get_method(int ver);
-static SSL_METHOD *ssl2_get_method(int ver)
+static const SSL_METHOD *ssl2_get_method(int ver)
        {
        if (ver == SSL2_VERSION)
                return(SSLv2_method());
@@ -71,9 +71,9 @@ static SSL_METHOD *ssl2_get_method(int ver)
        }
 IMPLEMENT_ssl2_meth_func(SSLv2_method,
-                        ssl2_accept,
+                         ssl2_accept,
-                        ssl2_connect,
+                         ssl2_connect,
-                        ssl2_get_method)
+                         ssl2_get_method)
 #else /* !OPENSSL_NO_SSL2 */
diff --git a/src/lib/libssl/src/ssl/s2_pkt.c b/src/lib/libssl/src/ssl/s2_pkt.c
index a10929a757..ac963b2d47 100644
--- a/src/lib/libssl/src/ssl/s2_pkt.c
+++ b/src/lib/libssl/src/ssl/s2_pkt.c
@@ -116,7 +116,7 @@
 #define USE_SOCKETS
 static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
-static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
+static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
 static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
 static int ssl_mt_error(int n);
@@ -130,7 +130,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
        unsigned char mac[MAX_MAC_SIZE];
        unsigned char *p;
        int i;
-        unsigned int mac_size;
+        int mac_size;
 ssl2_read_again:
        if (SSL_in_init(s) && !s->in_handshake)
@@ -246,7 +246,9 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
                        }
                else
                        {
-                        mac_size=EVP_MD_size(s->read_hash);
+                        mac_size=EVP_MD_CTX_size(s->read_hash);
+                        if (mac_size < 0)
+                                return -1;
                        OPENSSL_assert(mac_size <= MAX_MAC_SIZE);
                        s->s2->mac_data=p;
                        s->s2->ract_data= &p[mac_size];
@@ -261,7 +263,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
                /* added a check for length > max_size in case
                 * encryption was not turned on yet due to an error */
                if ((!s->s2->clear_text) &&
-                        (s->s2->rlength >= mac_size))
+                        (s->s2->rlength >= (unsigned int)mac_size))
                        {
                        ssl2_enc(s,0);
                        s->s2->ract_data_length-=mac_size;
@@ -447,7 +449,7 @@ int ssl2_write(SSL *s, const void *_buf, int len)
        n=(len-tot);
        for (;;)
                {
-                i=do_ssl_write(s,&(buf[tot]),n);
+                i=n_do_ssl_write(s,&(buf[tot]),n);
                if (i <= 0)
                        {
                        s->s2->wnum=tot;
@@ -511,9 +513,10 @@ static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
                }
        }
-static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
+static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
        {
-        unsigned int j,k,olen,p,mac_size,bs;
+        unsigned int j,k,olen,p,bs;
+        int mac_size;
        register unsigned char *pp;
        olen=len;
@@ -529,7 +532,11 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
        if (s->s2->clear_text)
                mac_size=0;
        else
-                mac_size=EVP_MD_size(s->write_hash);
+                {
+                mac_size=EVP_MD_CTX_size(s->write_hash);
+                if (mac_size < 0)
+                        return -1;
+                }
        /* lets set the pad p */
        if (s->s2->clear_text)
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c
index 50d55e6bf1..1434e734dd 100644
--- a/src/lib/libssl/src/ssl/s2_srvr.c
+++ b/src/lib/libssl/src/ssl/s2_srvr.c
@@ -117,7 +117,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-static SSL_METHOD *ssl2_get_server_method(int ver);
+static const SSL_METHOD *ssl2_get_server_method(int ver);
 static int get_client_master_key(SSL *s);
 static int get_client_hello(SSL *s);
 static int server_hello(SSL *s); 
@@ -129,7 +129,7 @@ static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
        unsigned char *to,int padding);
 #define BREAK   break
-static SSL_METHOD *ssl2_get_server_method(int ver)
+static const SSL_METHOD *ssl2_get_server_method(int ver)
        {
        if (ver == SSL2_VERSION)
                return(SSLv2_server_method());
@@ -267,7 +267,7 @@ int ssl2_accept(SSL *s)
                case SSL2_ST_SEND_SERVER_VERIFY_C:
                        /* get the number of bytes to write */
                        num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
-                        if (num1 != 0)
+                        if (num1 > 0)
                                {
                                s->rwstate=SSL_WRITING;
                                num1=BIO_flush(s->wbio);
@@ -366,7 +366,7 @@ static int get_client_master_key(SSL *s)
        int is_export,i,n,keya,ek;
        unsigned long len;
        unsigned char *p;
-        SSL_CIPHER *cp;
+        const SSL_CIPHER *cp;
        const EVP_CIPHER *c;
        const EVP_MD *md;
@@ -451,7 +451,7 @@ static int get_client_master_key(SSL *s)
        is_export=SSL_C_IS_EXPORT(s->session->cipher);
        
-        if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
+        if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
                {
                ssl2_return_error(s,SSL2_PE_NO_CIPHER);
                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index 2ecfbb77cb..a6d869df59 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -160,14 +160,29 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
                p= &(d[4]);
                i=s->method->ssl3_enc->final_finish_mac(s,
-                        &(s->s3->finish_dgst1),
-                        &(s->s3->finish_dgst2),
                        sender,slen,s->s3->tmp.finish_md);
                s->s3->tmp.finish_md_len = i;
                memcpy(p, s->s3->tmp.finish_md, i);
                p+=i;
                l=i;
+                /* Copy the finished so we can use it for
+                   renegotiation checks */
+                if(s->type == SSL_ST_CONNECT)
+                        {
+                         OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+                         memcpy(s->s3->previous_client_finished, 
+                             s->s3->tmp.finish_md, i);
+                         s->s3->previous_client_finished_len=i;
+                        }
+                else
+                        {
+                        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+                        memcpy(s->s3->previous_server_finished, 
+                            s->s3->tmp.finish_md, i);
+                        s->s3->previous_server_finished_len=i;
+                        }
 #ifdef OPENSSL_SYS_WIN16
                /* MSVC 1.5 does not clear the top bytes of the word unless
                 * I do this.
@@ -232,6 +247,23 @@ int ssl3_get_finished(SSL *s, int a, int b)
                goto f_err;
                }
+        /* Copy the finished so we can use it for
+           renegotiation checks */
+        if(s->type == SSL_ST_ACCEPT)
+                {
+                OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+                memcpy(s->s3->previous_client_finished, 
+                    s->s3->tmp.peer_finish_md, i);
+                s->s3->previous_client_finished_len=i;
+                }
+        else
+                {
+                OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+                memcpy(s->s3->previous_server_finished, 
+                    s->s3->tmp.peer_finish_md, i);
+                s->s3->previous_server_finished_len=i;
+                }
        return(1);
 f_err:
        ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -264,15 +296,31 @@ int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
        return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
        }
+static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
+        {
+        int n;
+        unsigned char *p;
+        n=i2d_X509(x,NULL);
+        if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
+                {
+                SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
+                return(-1);
+                }
+        p=(unsigned char *)&(buf->data[*l]);
+        l2n3(n,p);
+        i2d_X509(x,&p);
+        *l+=n+3;
+        return(0);
+        }
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
        {
        unsigned char *p;
-        int n,i;
+        int i;
        unsigned long l=7;
        BUF_MEM *buf;
-        X509_STORE_CTX xs_ctx;
-        X509_OBJECT obj;
        int no_chain;
        if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
@@ -289,58 +337,42 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                }
        if (x != NULL)
                {
-                if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+                if (no_chain)
                        {
-                        SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+                        if (ssl3_add_cert_to_buf(buf, &l, x))
-                        return(0);
+                                return(0);
                        }
+                else
-                for (;;)
                        {
-                        n=i2d_X509(x,NULL);
+                        X509_STORE_CTX xs_ctx;
-                        if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
+                        if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
                                {
-                                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+                                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
                                return(0);
                                }
-                        p=(unsigned char *)&(buf->data[l]);
+                        X509_verify_cert(&xs_ctx);
-                        l2n3(n,p);
+                        /* Don't leave errors in the queue */
-                        i2d_X509(x,&p);
+                        ERR_clear_error();
-                        l+=n+3;
+                        for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
+                                {
-                        if (no_chain)
+                                x = sk_X509_value(xs_ctx.chain, i);
-                                break;
+                                if (ssl3_add_cert_to_buf(buf, &l, x))
-                        if (X509_NAME_cmp(X509_get_subject_name(x),
+                                        {
-                                X509_get_issuer_name(x)) == 0) break;
+                                        X509_STORE_CTX_cleanup(&xs_ctx);
+                                        return 0;
-                        i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
+                                        }
-                                X509_get_issuer_name(x),&obj);
+                                }
-                        if (i <= 0) break;
-                        x=obj.data.x509;
-                        /* Count is one too high since the X509_STORE_get uped the
-                         * ref count */
-                        X509_free(x);
-                        }
-                if (!no_chain)
                        X509_STORE_CTX_cleanup(&xs_ctx);
+                        }
                }
        /* Thawte special :-) */
-        if (s->ctx->extra_certs != NULL)
        for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
                {
                x=sk_X509_value(s->ctx->extra_certs,i);
-                n=i2d_X509(x,NULL);
+                if (ssl3_add_cert_to_buf(buf, &l, x))
-                if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
-                        {
-                        SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
                        return(0);
-                        }
-                p=(unsigned char *)&(buf->data[l]);
-                l2n3(n,p);
-                i2d_X509(x,&p);
-                l+=n+3;
                }
        l-=7;
@@ -518,9 +550,16 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
        else if (i == EVP_PKEY_EC)
                {
                ret = SSL_PKEY_ECC;
-                }
+                }       
 #endif
+        else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) 
+                {
+                ret = SSL_PKEY_GOST94;
+                }
+        else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) 
+                {
+                ret = SSL_PKEY_GOST01;
+                }
 err:
        if(!pkey) EVP_PKEY_free(pk);
        return(ret);
@@ -586,37 +625,189 @@ int ssl_verify_alarm_type(long type)
        return(al);
        }
-int ssl3_setup_buffers(SSL *s)
+#ifndef OPENSSL_NO_BUF_FREELISTS
+/* On some platforms, malloc() performance is bad enough that you can't just
+ * free() and malloc() buffers all the time, so we need to use freelists from
+ * unused buffers.  Currently, each freelist holds memory chunks of only a
+ * given size (list->chunklen); other sized chunks are freed and malloced.
+ * This doesn't help much if you're using many different SSL option settings
+ * with a given context.  (The options affecting buffer size are
+ * max_send_fragment, read buffer vs write buffer,
+ * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
+ * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.)  Using a separate freelist for every
+ * possible size is not an option, since max_send_fragment can take on many
+ * different values.
+ *
+ * If you are on a platform with a slow malloc(), and you're using SSL
+ * connections with many different settings for these options, and you need to
+ * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
+ *    - Link against a faster malloc implementation.
+ *    - Use a separate SSL_CTX for each option set.
+ *    - Improve this code.
+ */
+static void *
+freelist_extract(SSL_CTX *ctx, int for_read, int sz)
+        {
+        SSL3_BUF_FREELIST *list;
+        SSL3_BUF_FREELIST_ENTRY *ent = NULL;
+        void *result = NULL;
+        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+        list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
+        if (list != NULL && sz == (int)list->chunklen)
+                ent = list->head;
+        if (ent != NULL)
+                {
+                list->head = ent->next;
+                result = ent;
+                if (--list->len == 0)
+                        list->chunklen = 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+        if (!result)
+                result = OPENSSL_malloc(sz);
+        return result;
+}
+static void
+freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
+        {
+        SSL3_BUF_FREELIST *list;
+        SSL3_BUF_FREELIST_ENTRY *ent;
+        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+        list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
+        if (list != NULL &&
+            (sz == list->chunklen || list->chunklen == 0) &&
+            list->len < ctx->freelist_max_len &&
+            sz >= sizeof(*ent))
+                {
+                list->chunklen = sz;
+                ent = mem;
+                ent->next = list->head;
+                list->head = ent;
+                ++list->len;
+                mem = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+        if (mem)
+                OPENSSL_free(mem);
+        }
+#else
+#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
+#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
+#endif
+int ssl3_setup_read_buffer(SSL *s)
        {
        unsigned char *p;
-        unsigned int extra;
+        size_t len,align=0,headerlen;
-        size_t len;
+        
+        if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+                headerlen = DTLS1_RT_HEADER_LENGTH;
+        else
+                headerlen = SSL3_RT_HEADER_LENGTH;
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+        align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
+#endif
        if (s->s3->rbuf.buf == NULL)
                {
+                len = SSL3_RT_MAX_PLAIN_LENGTH
+                        + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
+                        + headerlen + align;
                if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
-                        extra=SSL3_RT_MAX_EXTRA;
+                        {
-                else
+                        s->s3->init_extra = 1;
-                        extra=0;
+                        len += SSL3_RT_MAX_EXTRA;
-                len = SSL3_RT_MAX_PACKET_SIZE + extra;
+                        }
-                if ((p=OPENSSL_malloc(len)) == NULL)
+#ifndef OPENSSL_NO_COMP
+                if (!(s->options & SSL_OP_NO_COMPRESSION))
+                        len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+                if ((p=freelist_extract(s->ctx, 1, len)) == NULL)
                        goto err;
                s->s3->rbuf.buf = p;
                s->s3->rbuf.len = len;
                }
+        s->packet= &(s->s3->rbuf.buf[0]);
+        return 1;
+err:
+        SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE);
+        return 0;
+        }
+int ssl3_setup_write_buffer(SSL *s)
+        {
+        unsigned char *p;
+        size_t len,align=0,headerlen;
+        if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+                headerlen = DTLS1_RT_HEADER_LENGTH + 1;
+        else
+                headerlen = SSL3_RT_HEADER_LENGTH;
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+        align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
+#endif
        if (s->s3->wbuf.buf == NULL)
                {
-                len = SSL3_RT_MAX_PACKET_SIZE;
+                len = s->max_send_fragment
-                len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
+                        + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
-                if ((p=OPENSSL_malloc(len)) == NULL)
+                        + headerlen + align;
+#ifndef OPENSSL_NO_COMP
+                if (!(s->options & SSL_OP_NO_COMPRESSION))
+                        len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+                if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+                        len += headerlen + align
+                                + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
+                if ((p=freelist_extract(s->ctx, 0, len)) == NULL)
                        goto err;
                s->s3->wbuf.buf = p;
                s->s3->wbuf.len = len;
                }
-        s->packet= &(s->s3->rbuf.buf[0]);
-        return(1);
+        return 1;
 err:
-        SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE);
+        SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE);
-        return(0);
+        return 0;
+        }
+int ssl3_setup_buffers(SSL *s)
+        {
+        if (!ssl3_setup_read_buffer(s))
+                return 0;
+        if (!ssl3_setup_write_buffer(s))
+                return 0;
+        return 1;
        }
+int ssl3_release_write_buffer(SSL *s)
+        {
+        if (s->s3->wbuf.buf != NULL)
+                {
+                freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
+                s->s3->wbuf.buf = NULL;
+                }
+        return 1;
+        }
+int ssl3_release_read_buffer(SSL *s)
+        {
+        if (s->s3->rbuf.buf != NULL)
+                {
+                freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
+                s->s3->rbuf.buf = NULL;
+                }
+        return 1;
+        }
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 50308487aa..41769febab 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -121,6 +121,32 @@
 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
 *
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #include <stdio.h>
 #include "ssl_locl.h"
@@ -130,10 +156,6 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -142,18 +164,10 @@
 #include <openssl/engine.h>
 #endif
-static SSL_METHOD *ssl3_get_client_method(int ver);
+static const SSL_METHOD *ssl3_get_client_method(int ver);
 static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
-#ifndef OPENSSL_NO_TLSEXT
-static int ssl3_check_finished(SSL *s);
-#endif
-#ifndef OPENSSL_NO_ECDH
+static const SSL_METHOD *ssl3_get_client_method(int ver)
-static int curve_id2nid(int curve_id);
-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
-#endif
-static SSL_METHOD *ssl3_get_client_method(int ver)
        {
        if (ver == SSL3_VERSION)
                return(SSLv3_client_method());
@@ -169,8 +183,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
 int ssl3_connect(SSL *s)
        {
        BUF_MEM *buf=NULL;
-        unsigned long Time=(unsigned long)time(NULL),l;
+        unsigned long Time=(unsigned long)time(NULL);
-        long num1;
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
        int ret= -1;
        int new_state,state,skip=0;
@@ -265,6 +278,7 @@ int ssl3_connect(SSL *s)
                case SSL3_ST_CR_SRVR_HELLO_B:
                        ret=ssl3_get_server_hello(s);
                        if (ret <= 0) goto end;
                        if (s->hit)
                                s->state=SSL3_ST_CR_FINISHED_A;
                        else
@@ -289,7 +303,9 @@ int ssl3_connect(SSL *s)
                                }
 #endif
                        /* Check if it is anon DH/ECDH */
-                        if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+                        /* or PSK */
+                        if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
+                            !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
                                {
                                ret=ssl3_get_server_certificate(s);
                                if (ret <= 0) goto end;
@@ -364,7 +380,6 @@ int ssl3_connect(SSL *s)
                case SSL3_ST_CW_KEY_EXCH_B:
                        ret=ssl3_send_client_key_exchange(s);
                        if (ret <= 0) goto end;
-                        l=s->s3->tmp.new_cipher->algorithms;
                        /* EAY EAY EAY need to check for DH fix cert
                         * sent back */
                        /* For TLS, cert_req is set to 2, so a cert chain
@@ -385,6 +400,11 @@ int ssl3_connect(SSL *s)
                                s->state=SSL3_ST_CW_CHANGE_A;
                                s->s3->change_cipher_spec=0;
                                }
+                        if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
+                                {
+                                s->state=SSL3_ST_CW_CHANGE_A;
+                                s->s3->change_cipher_spec=0;
+                                }
                        s->init_num=0;
                        break;
@@ -499,16 +519,13 @@ int ssl3_connect(SSL *s)
                        break;
                case SSL3_ST_CW_FLUSH:
-                        /* number of bytes to be flushed */
+                        s->rwstate=SSL_WRITING;
-                        num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+                        if (BIO_flush(s->wbio) <= 0)
-                        if (num1 > 0)
                                {
-                                s->rwstate=SSL_WRITING;
+                                ret= -1;
-                                num1=BIO_flush(s->wbio);
+                                goto end;
-                                if (num1 <= 0) { ret= -1; goto end; }
-                                s->rwstate=SSL_NOTHING;
                                }
+                        s->rwstate=SSL_NOTHING;
                        s->state=s->s3->tmp.next_state;
                        break;
@@ -594,9 +611,15 @@ int ssl3_client_hello(SSL *s)
        buf=(unsigned char *)s->init_buf->data;
        if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
                {
-                if ((s->session == NULL) ||
+                SSL_SESSION *sess = s->session;
-                        (s->session->ssl_version != s->version) ||
+                if ((sess == NULL) ||
-                        (s->session->not_resumable))
+                        (sess->ssl_version != s->version) ||
+#ifdef OPENSSL_NO_TLSEXT
+                        !sess->session_id_length ||
+#else
+                        (!sess->session_id_length && !sess->tlsext_tick) ||
+#endif
+                        (sess->not_resumable))
                        {
                        if (!ssl_get_new_session(s,0))
                                goto err;
@@ -651,7 +674,9 @@ int ssl3_client_hello(SSL *s)
 #ifdef OPENSSL_NO_COMP
                *(p++)=1;
 #else
-                if (s->ctx->comp_methods == NULL)
+                if ((s->options & SSL_OP_NO_COMPRESSION)
+                                        || !s->ctx->comp_methods)
                        j=0;
                else
                        j=sk_SSL_COMP_num(s->ctx->comp_methods);
@@ -663,13 +688,21 @@ int ssl3_client_hello(SSL *s)
                        }
 #endif
                *(p++)=0; /* Add the NULL method */
 #ifndef OPENSSL_NO_TLSEXT
+                /* TLS extensions*/
+                if (ssl_prepare_clienthello_tlsext(s) <= 0)
+                        {
+                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+                        goto err;
+                        }
                if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
                        {
                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
                        goto err;
                        }
-#endif          
+#endif
+                
                l=(p-d);
                d=buf;
                *(d++)=SSL3_MT_CLIENT_HELLO;
@@ -690,7 +723,7 @@ err:
 int ssl3_get_server_hello(SSL *s)
        {
        STACK_OF(SSL_CIPHER) *sk;
-        SSL_CIPHER *c;
+        const SSL_CIPHER *c;
        unsigned char *p,*d;
        int i,al,ok;
        unsigned int j;
@@ -708,7 +741,7 @@ int ssl3_get_server_hello(SSL *s)
        if (!ok) return((int)n);
-        if ( SSL_version(s) == DTLS1_VERSION)
+        if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
                {
                if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
                        {
@@ -759,6 +792,23 @@ int ssl3_get_server_hello(SSL *s)
                goto f_err;
                }
+#ifndef OPENSSL_NO_TLSEXT
+        /* check if we want to resume the session based on external pre-shared secret */
+        if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
+                {
+                SSL_CIPHER *pref_cipher=NULL;
+                s->session->master_key_length=sizeof(s->session->master_key);
+                if (s->tls_session_secret_cb(s, s->session->master_key,
+                                             &s->session->master_key_length,
+                                             NULL, &pref_cipher,
+                                             s->tls_session_secret_cb_arg))
+                        {
+                        s->session->cipher = pref_cipher ?
+                                pref_cipher : ssl_get_cipher_by_char(s, p+j);
+                        }
+                }
+#endif /* OPENSSL_NO_TLSEXT */
        if (j != 0 && j == s->session->session_id_length
            && memcmp(p,s->session->session_id,j) == 0)
            {
@@ -825,6 +875,8 @@ int ssl3_get_server_hello(SSL *s)
                        }
                }
        s->s3->tmp.new_cipher=c;
+        if (!ssl3_digest_cached_records(s))
+                goto f_err;
        /* lets get the compression algorithm */
        /* COMPRESSION */
@@ -835,10 +887,31 @@ int ssl3_get_server_hello(SSL *s)
                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
                goto f_err;
                }
+        /* If compression is disabled we'd better not try to resume a session
+         * using compression.
+         */
+        if (s->session->compress_meth != 0)
+                {
+                al=SSL_AD_INTERNAL_ERROR;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
+                goto f_err;
+                }
 #else
        j= *(p++);
+        if (s->hit && j != s->session->compress_meth)
+                {
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
+                goto f_err;
+                }
        if (j == 0)
                comp=NULL;
+        else if (s->options & SSL_OP_NO_COMPRESSION)
+                {
+                al=SSL_AD_ILLEGAL_PARAMETER;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED);
+                goto f_err;
+                }
        else
                comp=ssl3_comp_find(s->ctx->comp_methods,j);
        
@@ -853,9 +926,10 @@ int ssl3_get_server_hello(SSL *s)
                s->s3->tmp.new_compression=comp;
                }
 #endif
 #ifndef OPENSSL_NO_TLSEXT
        /* TLS extensions*/
-        if (s->version > SSL3_VERSION)
+        if (s->version >= SSL3_VERSION)
                {
                if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
                        {
@@ -871,7 +945,6 @@ int ssl3_get_server_hello(SSL *s)
                }
 #endif
        if (p != (d+n))
                {
                /* wrong packet length */
@@ -909,7 +982,7 @@ int ssl3_get_server_certificate(SSL *s)
        if (!ok) return((int)n);
        if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
-                ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) && 
+                ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) && 
                (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
                {
                s->s3->tmp.reuse_message=1;
@@ -974,10 +1047,10 @@ int ssl3_get_server_certificate(SSL *s)
        i=ssl_verify_cert_chain(s,sk);
        if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
 #ifndef OPENSSL_NO_KRB5
-                && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+            && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
-                != (SSL_aKRB5|SSL_kKRB5)
+                 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
 #endif /* OPENSSL_NO_KRB5 */
-                )
+                )
                {
                al=ssl_verify_alarm_type(s->verify_result);
                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
@@ -1001,15 +1074,15 @@ int ssl3_get_server_certificate(SSL *s)
        pkey=X509_get_pubkey(x);
        /* VRS: allow null cert if auth == KRB5 */
-        need_cert =     ((s->s3->tmp.new_cipher->algorithms
+        need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
-                         & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                    (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
-                         == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
+                    ? 0 : 1;
 #ifdef KSSL_DEBUG
-        printf("pkey,x = %p, %p\n", (void *)pkey,(void *)x);
+        printf("pkey,x = %p, %p\n", pkey,x);
        printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
-        printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
+        printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
-                s->s3->tmp.new_cipher->algorithms, need_cert);
+                s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
 #endif    /* KSSL_DEBUG */
        if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
@@ -1081,7 +1154,7 @@ int ssl3_get_key_exchange(SSL *s)
        EVP_MD_CTX md_ctx;
        unsigned char *param,*p;
        int al,i,j,param_len,ok;
-        long n,alg;
+        long n,alg_k,alg_a;
        EVP_PKEY *pkey=NULL;
 #ifndef OPENSSL_NO_RSA
        RSA *rsa=NULL;
@@ -1105,17 +1178,28 @@ int ssl3_get_key_exchange(SSL *s)
                -1,
                s->max_cert_list,
                &ok);
        if (!ok) return((int)n);
        if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
                {
+#ifndef OPENSSL_NO_PSK
+                /* In plain PSK ciphersuite, ServerKeyExchange can be
+                   omitted if no identity hint is sent. Set
+                   session->sess_cert anyway to avoid problems
+                   later.*/
+                if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
+                        {
+                        s->session->sess_cert=ssl_sess_cert_new();
+                        if (s->ctx->psk_identity_hint)
+                                OPENSSL_free(s->ctx->psk_identity_hint);
+                        s->ctx->psk_identity_hint = NULL;
+                        }
+#endif
                s->s3->tmp.reuse_message=1;
                return(1);
                }
        param=p=(unsigned char *)s->init_msg;
        if (s->session->sess_cert != NULL)
                {
 #ifndef OPENSSL_NO_RSA
@@ -1146,11 +1230,57 @@ int ssl3_get_key_exchange(SSL *s)
                }
        param_len=0;
-        alg=s->s3->tmp.new_cipher->algorithms;
+        alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
+        alg_a=s->s3->tmp.new_cipher->algorithm_auth;
        EVP_MD_CTX_init(&md_ctx);
+#ifndef OPENSSL_NO_PSK
+        if (alg_k & SSL_kPSK)
+                {
+                char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1];
+                al=SSL_AD_HANDSHAKE_FAILURE;
+                n2s(p,i);
+                param_len=i+2;
+                /* Store PSK identity hint for later use, hint is used
+                 * in ssl3_send_client_key_exchange.  Assume that the
+                 * maximum length of a PSK identity hint can be as
+                 * long as the maximum length of a PSK identity. */
+                if (i > PSK_MAX_IDENTITY_LEN)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+                                SSL_R_DATA_LENGTH_TOO_LONG);
+                        goto f_err;
+                        }
+                if (param_len > n)
+                        {
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+                                SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
+                        goto f_err;
+                        }
+                /* If received PSK identity hint contains NULL
+                 * characters, the hint is truncated from the first
+                 * NULL. p may not be ending with NULL, so create a
+                 * NULL-terminated string. */
+                memcpy(tmp_id_hint, p, i);
+                memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
+                if (s->ctx->psk_identity_hint != NULL)
+                        OPENSSL_free(s->ctx->psk_identity_hint);
+                s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
+                if (s->ctx->psk_identity_hint == NULL)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+                        goto f_err;
+                        }          
+                p+=i;
+                n-=param_len;
+                }
+        else
+#endif /* !OPENSSL_NO_PSK */
 #ifndef OPENSSL_NO_RSA
-        if (alg & SSL_kRSA)
+        if (alg_k & SSL_kRSA)
                {
                if ((rsa=RSA_new()) == NULL)
                        {
@@ -1189,7 +1319,7 @@ int ssl3_get_key_exchange(SSL *s)
                n-=param_len;
                /* this should be because we are using an export cipher */
-                if (alg & SSL_aRSA)
+                if (alg_a & SSL_aRSA)
                        pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
                else
                        {
@@ -1204,7 +1334,7 @@ int ssl3_get_key_exchange(SSL *s)
                ;
 #endif
 #ifndef OPENSSL_NO_DH
-        else if (alg & SSL_kEDH)
+        else if (alg_k & SSL_kEDH)
                {
                if ((dh=DH_new()) == NULL)
                        {
@@ -1258,14 +1388,14 @@ int ssl3_get_key_exchange(SSL *s)
                n-=param_len;
 #ifndef OPENSSL_NO_RSA
-                if (alg & SSL_aRSA)
+                if (alg_a & SSL_aRSA)
                        pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 #else
                if (0)
                        ;
 #endif
 #ifndef OPENSSL_NO_DSA
-                else if (alg & SSL_aDSS)
+                else if (alg_a & SSL_aDSS)
                        pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
 #endif
                /* else anonymous DH, so no certificate or pkey. */
@@ -1273,7 +1403,7 @@ int ssl3_get_key_exchange(SSL *s)
                s->session->sess_cert->peer_dh_tmp=dh;
                dh=NULL;
                }
-        else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
+        else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd))
                {
                al=SSL_AD_ILLEGAL_PARAMETER;
                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
@@ -1282,7 +1412,7 @@ int ssl3_get_key_exchange(SSL *s)
 #endif /* !OPENSSL_NO_DH */
 #ifndef OPENSSL_NO_ECDH
-        else if (alg & SSL_kECDHE)
+        else if (alg_k & SSL_kEECDH)
                {
                EC_GROUP *ngroup;
                const EC_GROUP *group;
@@ -1305,7 +1435,7 @@ int ssl3_get_key_exchange(SSL *s)
                param_len=3;
                if ((param_len > n) ||
                    (*p != NAMED_CURVE_TYPE) || 
-                    ((curve_nid = curve_id2nid(*(p + 2))) == 0)) 
+                    ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) 
                        {
                        al=SSL_AD_INTERNAL_ERROR;
                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
@@ -1366,11 +1496,11 @@ int ssl3_get_key_exchange(SSL *s)
                 */
                if (0) ;
 #ifndef OPENSSL_NO_RSA
-                else if (alg & SSL_aRSA)
+                else if (alg_a & SSL_aRSA)
                        pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 #endif
 #ifndef OPENSSL_NO_ECDSA
-                else if (alg & SSL_aECDSA)
+                else if (alg_a & SSL_aECDSA)
                        pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
 #endif
                /* else anonymous ECDH, so no certificate or pkey. */
@@ -1381,19 +1511,13 @@ int ssl3_get_key_exchange(SSL *s)
                EC_POINT_free(srvr_ecpoint);
                srvr_ecpoint = NULL;
                }
-        else if (alg & SSL_kECDH)
+        else if (alg_k)
                {
                al=SSL_AD_UNEXPECTED_MESSAGE;
                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
                goto f_err;
                }
 #endif /* !OPENSSL_NO_ECDH */
-        if (alg & SSL_aFZA)
-                {
-                al=SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
-                goto f_err;
-                }
        /* p points to the next byte, there are 'n' bytes left */
@@ -1422,8 +1546,6 @@ int ssl3_get_key_exchange(SSL *s)
                        q=md_buf;
                        for (num=2; num > 0; num--)
                                {
-                                EVP_MD_CTX_set_flags(&md_ctx,
-                                        EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
                                EVP_DigestInit_ex(&md_ctx,(num == 2)
                                        ?s->ctx->md5:s->ctx->sha1, NULL);
                                EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
@@ -1494,12 +1616,13 @@ int ssl3_get_key_exchange(SSL *s)
                }
        else
                {
-                /* still data left over */
+                if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))
-                if (!(alg & SSL_aNULL))
+                        /* aNULL or kPSK do not need public keys */
                        {
                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
                        goto err;
                        }
+                /* still data left over */
                if (n != 0)
                        {
                        al=SSL_AD_DECODE_ERROR;
@@ -1569,8 +1692,7 @@ int ssl3_get_certificate_request(SSL *s)
        /* TLS does not like anon-DH with client cert */
        if (s->version > SSL3_VERSION)
                {
-                l=s->s3->tmp.new_cipher->algorithms;
+                if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
-                if (l & SSL_aNULL)
                        {
                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
                        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
@@ -1715,6 +1837,7 @@ int ssl3_get_new_session_ticket(SSL *s)
                SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
                goto f_err;
                }
        p=d=(unsigned char *)s->init_msg;
        n2l(p, s->session->tlsext_tick_lifetime_hint);
        n2s(p, ticklen);
@@ -1738,7 +1861,28 @@ int ssl3_get_new_session_ticket(SSL *s)
                }
        memcpy(s->session->tlsext_tick, p, ticklen);
        s->session->tlsext_ticklen = ticklen;
-        
+        /* There are two ways to detect a resumed ticket sesion.
+         * One is to set an appropriate session ID and then the server
+         * must return a match in ServerHello. This allows the normal
+         * client session ID matching to work and we know much 
+         * earlier that the ticket has been accepted.
+         * 
+         * The other way is to set zero length session ID when the
+         * ticket is presented and rely on the handshake to determine
+         * session resumption.
+         *
+         * We choose the former approach because this fits in with
+         * assumptions elsewhere in OpenSSL. The session ID is set
+         * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
+         * ticket.
+         */ 
+        EVP_Digest(p, ticklen,
+                        s->session->session_id, &s->session->session_id_length,
+#ifndef OPENSSL_NO_SHA256
+                                                        EVP_sha256(), NULL);
+#else
+                                                        EVP_sha1(), NULL);
+#endif
        ret=1;
        return(ret);
 f_err:
@@ -1750,8 +1894,7 @@ err:
 int ssl3_get_cert_status(SSL *s)
        {
        int ok, al;
-        unsigned long resplen;
+        unsigned long resplen,n;
-        long n;
        const unsigned char *p;
        n=s->method->ssl_get_message(s,
@@ -1777,7 +1920,7 @@ int ssl3_get_cert_status(SSL *s)
                goto f_err;
                }
        n2l3(p, resplen);
-        if (resplen + 4 != (unsigned long)n)
+        if (resplen + 4 != n)
                {
                al = SSL_AD_DECODE_ERROR;
                SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
@@ -1846,7 +1989,7 @@ int ssl3_send_client_key_exchange(SSL *s)
        {
        unsigned char *p,*d;
        int n;
-        unsigned long l;
+        unsigned long alg_k;
 #ifndef OPENSSL_NO_RSA
        unsigned char *q;
        EVP_PKEY *pkey=NULL;
@@ -1868,12 +2011,12 @@ int ssl3_send_client_key_exchange(SSL *s)
                d=(unsigned char *)s->init_buf->data;
                p= &(d[4]);
-                l=s->s3->tmp.new_cipher->algorithms;
+                alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
                /* Fool emacs indentation */
                if (0) {}
 #ifndef OPENSSL_NO_RSA
-                else if (l & SSL_kRSA)
+                else if (alg_k & SSL_kRSA)
                        {
                        RSA *rsa;
                        unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@ -1932,7 +2075,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                        }
 #endif
 #ifndef OPENSSL_NO_KRB5
-                else if (l & SSL_kKRB5)
+                else if (alg_k & SSL_kKRB5)
                        {
                        krb5_error_code krb5rc;
                        KSSL_CTX        *kssl_ctx = s->kssl_ctx;
@@ -1940,7 +2083,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                        krb5_data       *enc_ticket;
                        krb5_data       authenticator, *authp = NULL;
                        EVP_CIPHER_CTX  ciph_ctx;
-                        EVP_CIPHER      *enc = NULL;
+                        const EVP_CIPHER *enc = NULL;
                        unsigned char   iv[EVP_MAX_IV_LENGTH];
                        unsigned char   tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
                        unsigned char   epms[SSL_MAX_MASTER_KEY_LENGTH 
@@ -1951,7 +2094,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 #ifdef KSSL_DEBUG
                        printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
-                                l, SSL_kKRB5);
+                                alg_k, SSL_kKRB5);
 #endif  /* KSSL_DEBUG */
                        authp = NULL;
@@ -2043,7 +2186,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                                sizeof tmp_buf);
                        EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
                        outl += padl;
-                        if (outl > sizeof epms)
+                        if (outl > (int)sizeof epms)
                                {
                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                                goto err;
@@ -2057,7 +2200,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                        n+=outl + 2;
                        s->session->master_key_length=
-                                s->method->ssl3_enc->generate_master_secret(s,
+                                s->method->ssl3_enc->generate_master_secret(s,
                                        s->session->master_key,
                                        tmp_buf, sizeof tmp_buf);
@@ -2066,7 +2209,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                        }
 #endif
 #ifndef OPENSSL_NO_DH
-                else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+                else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
                        {
                        DH *dh_srvr,*dh_clnt;
@@ -2075,7 +2218,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
                                goto err;
-                                }
+                                }
                        if (s->session->sess_cert->peer_dh_tmp != NULL)
                                dh_srvr=s->session->sess_cert->peer_dh_tmp;
@@ -2130,7 +2273,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 #endif
 #ifndef OPENSSL_NO_ECDH 
-                else if ((l & SSL_kECDH) || (l & SSL_kECDHE))
+                else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
                        {
                        const EC_GROUP *srvr_group = NULL;
                        EC_KEY *tkey;
@@ -2142,7 +2285,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                         * computation as part of client certificate?
                         * If so, set ecdh_clnt_cert to 1.
                         */
-                        if ((l & SSL_kECDH) && (s->cert != NULL)) 
+                        if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) 
                                {
                                /* XXX: For now, we do not support client
                                 * authentication using ECDH certificates.
@@ -2314,6 +2457,178 @@ int ssl3_send_client_key_exchange(SSL *s)
                        EVP_PKEY_free(srvr_pub_pkey);
                        }
 #endif /* !OPENSSL_NO_ECDH */
+                else if (alg_k & SSL_kGOST) 
+                        {
+                        /* GOST key exchange message creation */
+                        EVP_PKEY_CTX *pkey_ctx;
+                        X509 *peer_cert; 
+                        size_t msglen;
+                        unsigned int md_len;
+                        int keytype;
+                        unsigned char premaster_secret[32],shared_ukm[32], tmp[256];
+                        EVP_MD_CTX *ukm_hash;
+                        EVP_PKEY *pub_key;
+                        /* Get server sertificate PKEY and create ctx from it */
+                        peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST01)].x509;
+                        if (!peer_cert) 
+                                peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST94)].x509;
+                        if (!peer_cert)         {
+                                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
+                                        goto err;
+                                }       
+                                
+                        pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_cert),NULL);
+                        /* If we have send a certificate, and certificate key
+                         * parameters match those of server certificate, use
+                         * certificate key for key exchange
+                         */
+                         /* Otherwise, generate ephemeral key pair */
+                                        
+                        EVP_PKEY_encrypt_init(pkey_ctx);
+                          /* Generate session key */    
+                    RAND_bytes(premaster_secret,32);
+                        /* If we have client certificate, use its secret as peer key */
+                        if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
+                                if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->key->privatekey) <=0) {
+                                        /* If there was an error - just ignore it. Ephemeral key
+                                        * would be used
+                                        */
+                                        ERR_clear_error();
+                                }
+                        }                       
+                        /* Compute shared IV and store it in algorithm-specific
+                         * context data */
+                        ukm_hash = EVP_MD_CTX_create();
+                        EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94));
+                        EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE);
+                        EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE);
+                        EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
+                        EVP_MD_CTX_destroy(ukm_hash);
+                        if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV,
+                                8,shared_ukm)<0) {
+                                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                                SSL_R_LIBRARY_BUG);
+                                        goto err;
+                                }       
+                        /* Make GOST keytransport blob message */
+                        /*Encapsulate it into sequence */
+                        *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
+                        msglen=255;
+                        if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secret,32)<0) {
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                        SSL_R_LIBRARY_BUG);
+                                goto err;
+                        }
+                        if (msglen >= 0x80)
+                                {
+                                *(p++)=0x81;
+                                *(p++)= msglen & 0xff;
+                                n=msglen+3;
+                                }
+                        else
+                                {
+                                *(p++)= msglen & 0xff;
+                                n=msglen+2;
+                                }
+                        memcpy(p, tmp, msglen);
+                        /* Check if pubkey from client certificate was used */
+                        if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
+                                {
+                                /* Set flag "skip certificate verify" */
+                                s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
+                                }
+                        EVP_PKEY_CTX_free(pkey_ctx);
+                        s->session->master_key_length=
+                                s->method->ssl3_enc->generate_master_secret(s,
+                                        s->session->master_key,premaster_secret,32);
+                        EVP_PKEY_free(pub_key);
+                        }
+#ifndef OPENSSL_NO_PSK
+                else if (alg_k & SSL_kPSK)
+                        {
+                        char identity[PSK_MAX_IDENTITY_LEN];
+                        unsigned char *t = NULL;
+                        unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
+                        unsigned int pre_ms_len = 0, psk_len = 0;
+                        int psk_err = 1;
+                        n = 0;
+                        if (s->psk_client_callback == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                        SSL_R_PSK_NO_CLIENT_CB);
+                                goto err;
+                                }
+                        psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
+                                identity, PSK_MAX_IDENTITY_LEN,
+                                psk_or_pre_ms, sizeof(psk_or_pre_ms));
+                        if (psk_len > PSK_MAX_PSK_LEN)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                        ERR_R_INTERNAL_ERROR);
+                                goto psk_err;
+                                }
+                        else if (psk_len == 0)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                        SSL_R_PSK_IDENTITY_NOT_FOUND);
+                                goto psk_err;
+                                }
+                        /* create PSK pre_master_secret */
+                        pre_ms_len = 2+psk_len+2+psk_len;
+                        t = psk_or_pre_ms;
+                        memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
+                        s2n(psk_len, t);
+                        memset(t, 0, psk_len);
+                        t+=psk_len;
+                        s2n(psk_len, t);
+                        if (s->session->psk_identity_hint != NULL)
+                                OPENSSL_free(s->session->psk_identity_hint);
+                        s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
+                        if (s->ctx->psk_identity_hint != NULL &&
+                                s->session->psk_identity_hint == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                        ERR_R_MALLOC_FAILURE);
+                                goto psk_err;
+                                }
+                        if (s->session->psk_identity != NULL)
+                                OPENSSL_free(s->session->psk_identity);
+                        s->session->psk_identity = BUF_strdup(identity);
+                        if (s->session->psk_identity == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                        ERR_R_MALLOC_FAILURE);
+                                goto psk_err;
+                                }
+                        s->session->master_key_length =
+                                s->method->ssl3_enc->generate_master_secret(s,
+                                        s->session->master_key,
+                                        psk_or_pre_ms, pre_ms_len); 
+                        n = strlen(identity);
+                        s2n(n, p);
+                        memcpy(p, identity, n);
+                        n+=2;
+                        psk_err = 0;
+                psk_err:
+                        OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
+                        OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
+                        if (psk_err != 0)
+                                {
+                                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+                                goto err;
+                                }
+                        }
+#endif
                else
                        {
                        ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -2350,28 +2665,37 @@ int ssl3_send_client_verify(SSL *s)
        unsigned char *p,*d;
        unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
        EVP_PKEY *pkey;
+        EVP_PKEY_CTX *pctx=NULL;
 #ifndef OPENSSL_NO_RSA
        unsigned u=0;
 #endif
        unsigned long n;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
        int j;
-#endif
        if (s->state == SSL3_ST_CW_CERT_VRFY_A)
                {
                d=(unsigned char *)s->init_buf->data;
                p= &(d[4]);
                pkey=s->cert->key->privatekey;
+/* Create context from key and test if sha1 is allowed as digest */
-                s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
+                pctx = EVP_PKEY_CTX_new(pkey,NULL);
-                        &(data[MD5_DIGEST_LENGTH]));
+                EVP_PKEY_sign_init(pctx);
+                if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0)
+                        {
+                        s->method->ssl3_enc->cert_verify_mac(s,
+                                                NID_sha1,
+                                                &(data[MD5_DIGEST_LENGTH]));
+                        }
+                else
+                        {
+                        ERR_clear_error();
+                        }
 #ifndef OPENSSL_NO_RSA
                if (pkey->type == EVP_PKEY_RSA)
                        {
                        s->method->ssl3_enc->cert_verify_mac(s,
-                                &(s->s3->finish_dgst1),&(data[0]));
+                                NID_md5,
+                                &(data[0]));
                        if (RSA_sign(NID_md5_sha1, data,
                                         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
                                        &(p[2]), &u, pkey->pkey.rsa) <= 0 )
@@ -2417,10 +2741,30 @@ int ssl3_send_client_verify(SSL *s)
                        }
                else
 #endif
-                        {
+                if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) 
+                {
+                unsigned char signbuf[64];
+                int i;
+                size_t sigsize=64;
+                s->method->ssl3_enc->cert_verify_mac(s,
+                        NID_id_GostR3411_94,
+                        data);
+                if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
+                        ERR_R_INTERNAL_ERROR);
+                        goto err;
+                }
+                for (i=63,j=0; i>=0; j++, i--) {
+                        p[2+j]=signbuf[i];
+                }       
+                s2n(j,p);
+                n=j+2;
+                }
+                else
+                {
                        SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
                        goto err;
-                        }
+                }
                *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
                l2n3(n,d);
@@ -2428,8 +2772,10 @@ int ssl3_send_client_verify(SSL *s)
                s->init_num=(int)n+4;
                s->init_off=0;
                }
+        EVP_PKEY_CTX_free(pctx);
        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 err:
+        EVP_PKEY_CTX_free(pctx);
        return(-1);
        }
@@ -2514,7 +2860,7 @@ int ssl3_send_client_certificate(SSL *s)
 int ssl3_check_cert_and_algorithm(SSL *s)
        {
        int i,idx;
-        long algs;
+        long alg_k,alg_a;
        EVP_PKEY *pkey=NULL;
        SESS_CERT *sc;
 #ifndef OPENSSL_NO_RSA
@@ -2524,14 +2870,14 @@ int ssl3_check_cert_and_algorithm(SSL *s)
        DH *dh;
 #endif
-        sc=s->session->sess_cert;
+        alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
+        alg_a=s->s3->tmp.new_cipher->algorithm_auth;
-        algs=s->s3->tmp.new_cipher->algorithms;
        /* we don't have a certificate */
-        if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
+        if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
                return(1);
+        sc=s->session->sess_cert;
        if (sc == NULL)
                {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
@@ -2551,11 +2897,11 @@ int ssl3_check_cert_and_algorithm(SSL *s)
 #ifndef OPENSSL_NO_ECDH
        if (idx == SSL_PKEY_ECC)
                {
-                if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
+                if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
                    s->s3->tmp.new_cipher) == 0) 
                        { /* check failed */
                        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
-                        goto f_err;                     
+                        goto f_err;
                        }
                else 
                        {
@@ -2569,20 +2915,20 @@ int ssl3_check_cert_and_algorithm(SSL *s)
        
        /* Check that we have a certificate if we require one */
-        if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
+        if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
                {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
                goto f_err;
                }
 #ifndef OPENSSL_NO_DSA
-        else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
+        else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
                {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
                goto f_err;
                }
 #endif
 #ifndef OPENSSL_NO_RSA
-        if ((algs & SSL_kRSA) &&
+        if ((alg_k & SSL_kRSA) &&
                !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
                {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
@@ -2590,19 +2936,19 @@ int ssl3_check_cert_and_algorithm(SSL *s)
                }
 #endif
 #ifndef OPENSSL_NO_DH
-        if ((algs & SSL_kEDH) &&
+        if ((alg_k & SSL_kEDH) &&
                !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
                {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
                goto f_err;
                }
-        else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
+        else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
                {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
                goto f_err;
                }
 #ifndef OPENSSL_NO_DSA
-        else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
+        else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
                {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
                goto f_err;
@@ -2613,7 +2959,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
        if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
                {
 #ifndef OPENSSL_NO_RSA
-                if (algs & SSL_kRSA)
+                if (alg_k & SSL_kRSA)
                        {
                        if (rsa == NULL
                            || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
@@ -2625,7 +2971,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
                else
 #endif
 #ifndef OPENSSL_NO_DH
-                        if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+                        if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
                            {
                            if (dh == NULL
                                || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
@@ -2648,64 +2994,18 @@ err:
        return(0);
        }
-#ifndef OPENSSL_NO_ECDH
-/* This is the complement of nid2curve_id in s3_srvr.c. */
-static int curve_id2nid(int curve_id)
-{
-        /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
-         * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
-        static int nid_list[26] =
-        {
-                0,
-                NID_sect163k1, /* sect163k1 (1) */
-                NID_sect163r1, /* sect163r1 (2) */
-                NID_sect163r2, /* sect163r2 (3) */
-                NID_sect193r1, /* sect193r1 (4) */ 
-                NID_sect193r2, /* sect193r2 (5) */ 
-                NID_sect233k1, /* sect233k1 (6) */
-                NID_sect233r1, /* sect233r1 (7) */ 
-                NID_sect239k1, /* sect239k1 (8) */ 
-                NID_sect283k1, /* sect283k1 (9) */
-                NID_sect283r1, /* sect283r1 (10) */ 
-                NID_sect409k1, /* sect409k1 (11) */ 
-                NID_sect409r1, /* sect409r1 (12) */
-                NID_sect571k1, /* sect571k1 (13) */ 
-                NID_sect571r1, /* sect571r1 (14) */ 
-                NID_secp160k1, /* secp160k1 (15) */
-                NID_secp160r1, /* secp160r1 (16) */ 
-                NID_secp160r2, /* secp160r2 (17) */ 
-                NID_secp192k1, /* secp192k1 (18) */
-                NID_X9_62_prime192v1, /* secp192r1 (19) */ 
-                NID_secp224k1, /* secp224k1 (20) */ 
-                NID_secp224r1, /* secp224r1 (21) */
-                NID_secp256k1, /* secp256k1 (22) */ 
-                NID_X9_62_prime256v1, /* secp256r1 (23) */ 
-                NID_secp384r1, /* secp384r1 (24) */
-                NID_secp521r1  /* secp521r1 (25) */     
-        };
-        
-        if ((curve_id < 1) || (curve_id > 25)) return 0;
-        return nid_list[curve_id];
-}
-#endif
 /* Check to see if handshake is full or resumed. Usually this is just a
 * case of checking to see if a cache hit has occurred. In the case of
 * session tickets we have to check the next message to be sure.
 */
 #ifndef OPENSSL_NO_TLSEXT
-static int ssl3_check_finished(SSL *s)
+int ssl3_check_finished(SSL *s)
        {
        int ok;
        long n;
-        /* If we have no ticket or session ID is non-zero length (a match of
+        /* If we have no ticket it cannot be a resumed session. */
-         * a non-zero session length would never reach here) it cannot be a
+        if (!s->session->tlsext_tick)
-         * resumed session.
-         */
-        if (!s->session->tlsext_tick || s->session->session_id_length)
                return 1;
        /* this function is called when we really expect a Certificate
         * message, so permit appropriate message length */
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 06e54666b2..3d7aec97a2 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -108,6 +108,32 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #include <stdio.h>
 #include "ssl_locl.h"
@@ -129,10 +155,8 @@ static unsigned char ssl3_pad_2[48]={
        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
        0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };
+static int ssl3_handshake_mac(SSL *s, int md_nid,
-static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
        const char *sender, int len, unsigned char *p);
 static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
        {
        EVP_MD_CTX m5;
@@ -146,7 +170,6 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 #endif
        k=0;
        EVP_MD_CTX_init(&m5);
-        EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
        EVP_MD_CTX_init(&s1);
        for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
                {
@@ -208,6 +231,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
        is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
        c=s->s3->tmp.new_sym_enc;
        m=s->s3->tmp.new_hash;
+        /* m == NULL will lead to a crash later */
+        OPENSSL_assert(m);
 #ifndef OPENSSL_NO_COMP
        if (s->s3->tmp.new_compression == NULL)
                comp=NULL;
@@ -226,7 +251,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
                        /* make sure it's intialized in case we exit later with an error */
                        EVP_CIPHER_CTX_init(s->enc_read_ctx);
                dd= s->enc_read_ctx;
-                s->read_hash=m;
+                ssl_replace_hash(&s->read_hash,m);
 #ifndef OPENSSL_NO_COMP
                /* COMPRESS */
                if (s->expand != NULL)
@@ -262,7 +288,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                        /* make sure it's intialized in case we exit later with an error */
                        EVP_CIPHER_CTX_init(s->enc_write_ctx);
                dd= s->enc_write_ctx;
-                s->write_hash=m;
+                ssl_replace_hash(&s->write_hash,m);
 #ifndef OPENSSL_NO_COMP
                /* COMPRESS */
                if (s->compress != NULL)
@@ -289,6 +315,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
        p=s->s3->tmp.key_block;
        i=EVP_MD_size(m);
+        if (i < 0)
+                goto err2;
        cl=EVP_CIPHER_key_length(c);
        j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
                 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
@@ -369,7 +397,7 @@ int ssl3_setup_key_block(SSL *s)
        if (s->s3->tmp.key_block_length != 0)
                return(1);
-        if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
+        if (!ssl_cipher_get_evp(s->session,&c,&hash,NULL,NULL,&comp))
                {
                SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
                return(0);
@@ -383,7 +411,11 @@ int ssl3_setup_key_block(SSL *s)
        s->s3->tmp.new_compression=comp;
 #endif
-        num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
+        num=EVP_MD_size(hash);
+        if (num < 0)
+                return 0;
+        num=EVP_CIPHER_key_length(c)+num+EVP_CIPHER_iv_length(c);
        num*=2;
        ssl3_cleanup_key_block(s);
@@ -405,11 +437,11 @@ int ssl3_setup_key_block(SSL *s)
                if (s->session->cipher != NULL)
                        {
-                        if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
+                        if (s->session->cipher->algorithm_enc == SSL_eNULL)
                                s->s3->need_empty_fragments = 0;
                        
 #ifndef OPENSSL_NO_RC4
-                        if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
+                        if (s->session->cipher->algorithm_enc == SSL_RC4)
                                s->s3->need_empty_fragments = 0;
 #endif
                        }
@@ -519,50 +551,131 @@ int ssl3_enc(SSL *s, int send)
 void ssl3_init_finished_mac(SSL *s)
        {
-        EVP_MD_CTX_set_flags(&(s->s3->finish_dgst1),
+        if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer);
-                EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+        if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
-        EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL);
+    s->s3->handshake_buffer=BIO_new(BIO_s_mem());       
-        EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL);
+        (void)BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE);
        }
+void ssl3_free_digest_list(SSL *s) 
+        {
+        int i;
+        if (!s->s3->handshake_dgst) return;
+        for (i=0;i<SSL_MAX_DIGEST;i++) 
+                {
+                if (s->s3->handshake_dgst[i])
+                        EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
+                }
+        OPENSSL_free(s->s3->handshake_dgst);
+        s->s3->handshake_dgst=NULL;
+        }       
+                
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
        {
-        EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len);
+        if (s->s3->handshake_buffer) 
-        EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len);
+                {
+                BIO_write (s->s3->handshake_buffer,(void *)buf,len);
+                } 
+        else 
+                {
+                int i;
+                for (i=0;i< SSL_MAX_DIGEST;i++) 
+                        {
+                        if (s->s3->handshake_dgst[i]!= NULL)
+                        EVP_DigestUpdate(s->s3->handshake_dgst[i],buf,len);
+                        }
+                }       
        }
-int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p)
+int ssl3_digest_cached_records(SSL *s)
        {
-        return(ssl3_handshake_mac(s,ctx,NULL,0,p));
+        int i;
+        long mask;
+        const EVP_MD *md;
+        long hdatalen;
+        void *hdata;
+        /* Allocate handshake_dgst array */
+        ssl3_free_digest_list(s);
+        s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
+        memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));
+        hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata);
+        if (hdatalen <= 0)
+                {
+                SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
+                return 0;
+                }
+        /* Loop through bitso of algorithm2 field and create MD_CTX-es */
+        for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++) 
+                {
+                if ((mask & s->s3->tmp.new_cipher->algorithm2) && md) 
+                        {
+                        s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
+                        EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
+                        EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
+                        } 
+                else 
+                        {       
+                        s->s3->handshake_dgst[i]=NULL;
+                        }
+                }
+        /* Free handshake_buffer BIO */
+        BIO_free(s->s3->handshake_buffer);
+        s->s3->handshake_buffer = NULL;
+        return 1;
        }
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
+int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
+        {
+        return(ssl3_handshake_mac(s,md_nid,NULL,0,p));
+        }
+int ssl3_final_finish_mac(SSL *s, 
             const char *sender, int len, unsigned char *p)
        {
        int ret;
+        ret=ssl3_handshake_mac(s,NID_md5,sender,len,p);
-        ret=ssl3_handshake_mac(s,ctx1,sender,len,p);
        p+=ret;
-        ret+=ssl3_handshake_mac(s,ctx2,sender,len,p);
+        ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
        return(ret);
        }
+static int ssl3_handshake_mac(SSL *s, int md_nid,
-static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
             const char *sender, int len, unsigned char *p)
        {
        unsigned int ret;
        int npad,n;
        unsigned int i;
        unsigned char md_buf[EVP_MAX_MD_SIZE];
-        EVP_MD_CTX ctx;
+        EVP_MD_CTX ctx,*d=NULL;
-        EVP_MD_CTX_init(&ctx);
+        if (s->s3->handshake_buffer) 
-        EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+                if (!ssl3_digest_cached_records(s))
-        EVP_MD_CTX_copy_ex(&ctx,in_ctx);
+                        return 0;
+        /* Search for digest of specified type in the handshake_dgst
+         * array*/
+        for (i=0;i<SSL_MAX_DIGEST;i++) 
+                {
+                  if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) 
+                        {
+                        d=s->s3->handshake_dgst[i];
+                        break;
+                        }
+                }
+        if (!d) {
+                SSLerr(SSL_F_SSL3_HANDSHAKE_MAC,SSL_R_NO_REQUIRED_DIGEST);
+                return 0;
+        }       
+        EVP_MD_CTX_init(&ctx);
+        EVP_MD_CTX_copy_ex(&ctx,d);
        n=EVP_MD_CTX_size(&ctx);
-        npad=(48/n)*n;
+        if (n < 0)
+                return 0;
+        npad=(48/n)*n;
        if (sender != NULL)
                EVP_DigestUpdate(&ctx,sender,len);
        EVP_DigestUpdate(&ctx,s->session->master_key,
@@ -582,15 +695,16 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
        return((int)ret);
        }
-int ssl3_mac(SSL *ssl, unsigned char *md, int send)
+int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
        {
        SSL3_RECORD *rec;
        unsigned char *mac_sec,*seq;
        EVP_MD_CTX md_ctx;
-        const EVP_MD *hash;
+        const EVP_MD_CTX *hash;
        unsigned char *p,rec_char;
        unsigned int md_size;
        int npad;
+        int t;
        if (send)
                {
@@ -607,13 +721,16 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
                hash=ssl->read_hash;
                }
-        md_size=EVP_MD_size(hash);
+        t=EVP_MD_CTX_size(hash);
+        if (t < 0)
+                return -1;
+        md_size=t;
        npad=(48/md_size)*md_size;
        /* Chop the digest off the end :-) */
        EVP_MD_CTX_init(&md_ctx);
-        EVP_DigestInit_ex(  &md_ctx,hash, NULL);
+        EVP_MD_CTX_copy_ex( &md_ctx,hash);
        EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
        EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
        EVP_DigestUpdate(&md_ctx,seq,8);
@@ -625,7 +742,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
        EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
        EVP_DigestFinal_ex( &md_ctx,md,NULL);
-        EVP_DigestInit_ex(  &md_ctx,hash, NULL);
+        EVP_MD_CTX_copy_ex( &md_ctx,hash);
        EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
        EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
        EVP_DigestUpdate(&md_ctx,md,md_size);
@@ -718,6 +835,12 @@ int ssl3_alert_code(int code)
        case SSL_AD_INTERNAL_ERROR:     return(SSL3_AD_HANDSHAKE_FAILURE);
        case SSL_AD_USER_CANCELLED:     return(SSL3_AD_HANDSHAKE_FAILURE);
        case SSL_AD_NO_RENEGOTIATION:   return(-1); /* Don't send it :-) */
+        case SSL_AD_UNSUPPORTED_EXTENSION: return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_UNRECOGNIZED_NAME:  return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
        default:                        return(-1);
                }
        }
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 8916a0b1b3..d6b047c995 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -121,16 +121,46 @@
 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
 *
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #include <stdio.h>
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 #include "kssl_lcl.h"
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+#include "../crypto/ec/ec_lcl.h"
+#endif /* OPENSSL_NO_EC */
+#endif /* OPENSSL_NO_TLSEXT */
 #include <openssl/md5.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
-#include <openssl/pq_compat.h>
 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
@@ -138,217 +168,265 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
 /* list of available SSLv3 ciphers (sorted by id) */
 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 /* The RSA ciphers */
 /* Cipher 01 */
        {
        1,
        SSL3_TXT_RSA_NULL_MD5,
        SSL3_CK_RSA_NULL_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_eNULL,
+        SSL_MD5,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_STRONG_NONE,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
-        0,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 02 */
        {
        1,
        SSL3_TXT_RSA_NULL_SHA,
        SSL3_CK_RSA_NULL_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_eNULL,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
-        0,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 03 */
        {
        1,
        SSL3_TXT_RSA_RC4_40_MD5,
        SSL3_CK_RSA_RC4_40_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_RC4,
+        SSL_MD5,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 04 */
        {
        1,
        SSL3_TXT_RSA_RC4_128_MD5,
        SSL3_CK_RSA_RC4_128_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_SSLV3,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_RC4,
+        SSL_MD5,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 05 */
        {
        1,
        SSL3_TXT_RSA_RC4_128_SHA,
        SSL3_CK_RSA_RC4_128_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_SSLV3,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_RC4,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 06 */
        {
        1,
        SSL3_TXT_RSA_RC2_40_MD5,
        SSL3_CK_RSA_RC2_40_MD5,
-        SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_SSLV3,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_RC2,
+        SSL_MD5,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 07 */
 #ifndef OPENSSL_NO_IDEA
        {
        1,
        SSL3_TXT_RSA_IDEA_128_SHA,
        SSL3_CK_RSA_IDEA_128_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_IDEA,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 #endif
 /* Cipher 08 */
        {
        1,
        SSL3_TXT_RSA_DES_40_CBC_SHA,
        SSL3_CK_RSA_DES_40_CBC_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 09 */
        {
        1,
        SSL3_TXT_RSA_DES_64_CBC_SHA,
        SSL3_CK_RSA_DES_64_CBC_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 0A */
        {
        1,
        SSL3_TXT_RSA_DES_192_CBC3_SHA,
        SSL3_CK_RSA_DES_192_CBC3_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_3DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* The DH ciphers */
 /* Cipher 0B */
        {
        0,
        SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
        SSL3_CK_DH_DSS_DES_40_CBC_SHA,
-        SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
+        SSL_kDHd,
+        SSL_aDH,
+        SSL_DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 0C */
        {
-        0,
+        0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
        SSL3_CK_DH_DSS_DES_64_CBC_SHA,
-        SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+        SSL_kDHd,
+        SSL_aDH,
+        SSL_DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 0D */
        {
-        0,
+        0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
        SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
-        SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+        SSL_kDHd,
+        SSL_aDH,
+        SSL_3DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 0E */
        {
-        0,
+        0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
        SSL3_CK_DH_RSA_DES_40_CBC_SHA,
-        SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
+        SSL_kDHr,
+        SSL_aDH,
+        SSL_DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 0F */
        {
-        0,
+        0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
        SSL3_CK_DH_RSA_DES_64_CBC_SHA,
-        SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+        SSL_kDHr,
+        SSL_aDH,
+        SSL_DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 10 */
        {
-        0,
+        0, /* not implemented (non-ephemeral DH) */
        SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
        SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
-        SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+        SSL_kDHr,
+        SSL_aDH,
+        SSL_3DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* The Ephemeral DH ciphers */
@@ -357,158 +435,193 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
        SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
-        SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
+        SSL_kEDH,
+        SSL_aDSS,
+        SSL_DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 12 */
        {
        1,
        SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
        SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
-        SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+        SSL_kEDH,
+        SSL_aDSS,
+        SSL_DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 13 */
        {
        1,
        SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
        SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
-        SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+        SSL_kEDH,
+        SSL_aDSS,
+        SSL_3DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 14 */
        {
        1,
        SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
        SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
-        SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
+        SSL_kEDH,
+        SSL_aRSA,
+        SSL_DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 15 */
        {
        1,
        SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
        SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
-        SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+        SSL_kEDH,
+        SSL_aRSA,
+        SSL_DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 16 */
        {
        1,
        SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
        SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
-        SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+        SSL_kEDH,
+        SSL_aRSA,
+        SSL_3DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 17 */
        {
        1,
        SSL3_TXT_ADH_RC4_40_MD5,
        SSL3_CK_ADH_RC4_40_MD5,
-        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+        SSL_kEDH,
+        SSL_aNULL,
+        SSL_RC4,
+        SSL_MD5,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 18 */
        {
        1,
        SSL3_TXT_ADH_RC4_128_MD5,
        SSL3_CK_ADH_RC4_128_MD5,
-        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+        SSL_kEDH,
+        SSL_aNULL,
+        SSL_RC4,
+        SSL_MD5,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 19 */
        {
        1,
        SSL3_TXT_ADH_DES_40_CBC_SHA,
        SSL3_CK_ADH_DES_40_CBC_SHA,
-        SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
+        SSL_kEDH,
+        SSL_aNULL,
+        SSL_DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 1A */
        {
        1,
        SSL3_TXT_ADH_DES_64_CBC_SHA,
        SSL3_CK_ADH_DES_64_CBC_SHA,
-        SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+        SSL_kEDH,
+        SSL_aNULL,
+        SSL_DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 1B */
        {
        1,
        SSL3_TXT_ADH_DES_192_CBC_SHA,
        SSL3_CK_ADH_DES_192_CBC_SHA,
-        SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+        SSL_kEDH,
+        SSL_aNULL,
+        SSL_3DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
-/* Fortezza */
+/* Fortezza ciphersuite from SSL 3.0 spec */
+#if 0
 /* Cipher 1C */
        {
        0,
        SSL3_TXT_FZA_DMS_NULL_SHA,
        SSL3_CK_FZA_DMS_NULL_SHA,
-        SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
+        SSL_kFZA,
+        SSL_aFZA,
+        SSL_eNULL,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_STRONG_NONE,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
-        0,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 1D */
@@ -516,45 +629,50 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        0,
        SSL3_TXT_FZA_DMS_FZA_SHA,
        SSL3_CK_FZA_DMS_FZA_SHA,
-        SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
+        SSL_kFZA,
+        SSL_aFZA,
+        SSL_eFZA,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_STRONG_NONE,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
-        0,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
-#if 0
 /* Cipher 1E */
        {
        0,
        SSL3_TXT_FZA_DMS_RC4_SHA,
        SSL3_CK_FZA_DMS_RC4_SHA,
-        SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,
+        SSL_kFZA,
+        SSL_aFZA,
+        SSL_RC4,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 #endif
 #ifndef OPENSSL_NO_KRB5
-/* The Kerberos ciphers */
+/* The Kerberos ciphers*/
 /* Cipher 1E */
        {
        1,
        SSL3_TXT_KRB5_DES_64_CBC_SHA,
        SSL3_CK_KRB5_DES_64_CBC_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
+        SSL_kKRB5,
+        SSL_aKRB5,
+        SSL_DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 1F */
@@ -562,13 +680,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_DES_192_CBC3_SHA,
        SSL3_CK_KRB5_DES_192_CBC3_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
+        SSL_kKRB5,
+        SSL_aKRB5,
+        SSL_3DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 20 */
@@ -576,13 +696,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_RC4_128_SHA,
        SSL3_CK_KRB5_RC4_128_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1  |SSL_SSLV3,
+        SSL_kKRB5,
+        SSL_aKRB5,
+        SSL_RC4,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 21 */
@@ -590,13 +712,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
        SSL3_CK_KRB5_IDEA_128_CBC_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_SHA1  |SSL_SSLV3,
+        SSL_kKRB5,
+        SSL_aKRB5,
+        SSL_IDEA,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 22 */
@@ -604,13 +728,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_DES_64_CBC_MD5,
        SSL3_CK_KRB5_DES_64_CBC_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+        SSL_kKRB5,
+        SSL_aKRB5,
+        SSL_DES,
+        SSL_MD5,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_LOW,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        56,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 23 */
@@ -618,13 +744,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_DES_192_CBC3_MD5,
        SSL3_CK_KRB5_DES_192_CBC3_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
+        SSL_kKRB5,
+        SSL_aKRB5,
+        SSL_3DES,
+        SSL_MD5,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 24 */
@@ -632,13 +760,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_RC4_128_MD5,
        SSL3_CK_KRB5_RC4_128_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5  |SSL_SSLV3,
+        SSL_kKRB5,
+        SSL_aKRB5,
+        SSL_RC4,
+        SSL_MD5,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 25 */
@@ -646,13 +776,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
        SSL3_CK_KRB5_IDEA_128_CBC_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_MD5  |SSL_SSLV3,
+        SSL_kKRB5,
+        SSL_aKRB5,
+        SSL_IDEA,
+        SSL_MD5,
+        SSL_SSLV3,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 26 */
@@ -660,13 +792,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_DES_40_CBC_SHA,
        SSL3_CK_KRB5_DES_40_CBC_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
+        SSL_kKRB5,
+        SSL_aKRB5,
+        SSL_DES,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 27 */
@@ -674,13 +808,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_RC2_40_CBC_SHA,
        SSL3_CK_KRB5_RC2_40_CBC_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_SHA1   |SSL_SSLV3,
+        SSL_kKRB5,
+        SSL_aKRB5,
+        SSL_RC2,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 28 */
@@ -688,13 +824,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_RC4_40_SHA,
        SSL3_CK_KRB5_RC4_40_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1   |SSL_SSLV3,
+        SSL_kKRB5,
+        SSL_aKRB5,
+        SSL_RC4,
+        SSL_SHA1,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 29 */
@@ -702,13 +840,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_DES_40_CBC_MD5,
        SSL3_CK_KRB5_DES_40_CBC_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+        SSL_kKRB5,
+        SSL_aKRB5,
+        SSL_DES,
+        SSL_MD5,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        56,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 2A */
@@ -716,13 +856,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_RC2_40_CBC_MD5,
        SSL3_CK_KRB5_RC2_40_CBC_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_MD5    |SSL_SSLV3,
+        SSL_kKRB5,
+        SSL_aKRB5,
+        SSL_RC2,
+        SSL_MD5,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 2B */
@@ -730,13 +872,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_KRB5_RC4_40_MD5,
        SSL3_CK_KRB5_RC4_40_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5    |SSL_SSLV3,
+        SSL_kKRB5,
+        SSL_aKRB5,
+        SSL_RC4,
+        SSL_MD5,
+        SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        40,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 #endif  /* OPENSSL_NO_KRB5 */
@@ -746,78 +890,90 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_RSA_WITH_AES_128_SHA,
        TLS1_CK_RSA_WITH_AES_128_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_AES128,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 30 */
        {
        0,
        TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
        TLS1_CK_DH_DSS_WITH_AES_128_SHA,
-        SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kDHd,
+        SSL_aDH,
+        SSL_AES128,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 31 */
        {
        0,
        TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
        TLS1_CK_DH_RSA_WITH_AES_128_SHA,
-        SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kDHr,
+        SSL_aDH,
+        SSL_AES128,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 32 */
        {
        1,
        TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
        TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
-        SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aDSS,
+        SSL_AES128,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 33 */
        {
        1,
        TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
        TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
-        SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aRSA,
+        SSL_AES128,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 34 */
        {
        1,
        TLS1_TXT_ADH_WITH_AES_128_SHA,
        TLS1_CK_ADH_WITH_AES_128_SHA,
-        SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aNULL,
+        SSL_AES128,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 35 */
@@ -825,78 +981,94 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_RSA_WITH_AES_256_SHA,
        TLS1_CK_RSA_WITH_AES_256_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_AES256,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 36 */
        {
        0,
        TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
        TLS1_CK_DH_DSS_WITH_AES_256_SHA,
-        SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kDHd,
+        SSL_aDH,
+        SSL_AES256,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 37 */
        {
-        0,
+        0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
        TLS1_CK_DH_RSA_WITH_AES_256_SHA,
-        SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kDHr,
+        SSL_aDH,
+        SSL_AES256,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 38 */
        {
        1,
        TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
        TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
-        SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aDSS,
+        SSL_AES256,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 /* Cipher 39 */
        {
        1,
        TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
        TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
-        SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aRSA,
+        SSL_AES256,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
        /* Cipher 3A */
        {
        1,
        TLS1_TXT_ADH_WITH_AES_256_SHA,
        TLS1_CK_ADH_WITH_AES_256_SHA,
-        SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aNULL,
+        SSL_AES256,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 #ifndef OPENSSL_NO_CAMELLIA
@@ -907,78 +1079,95 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_CAMELLIA128,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS
        },
        /* Cipher 42 */
        {
        0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
-        SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_kDHd,
+        SSL_aDH,
+        SSL_CAMELLIA128,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS
        },
        /* Cipher 43 */
        {
        0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
-        SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_kDHr,
+        SSL_aDH,
+        SSL_CAMELLIA128,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS
        },
        /* Cipher 44 */
        {
        1,
        TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-        SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aDSS,
+        SSL_CAMELLIA128,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS
        },
        /* Cipher 45 */
        {
        1,
        TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-        SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aRSA,
+        SSL_CAMELLIA128,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS
        },
        /* Cipher 46 */
        {
        1,
        TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
-        SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aNULL,
+        SSL_CAMELLIA128,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS
        },
 #endif /* OPENSSL_NO_CAMELLIA */
@@ -986,98 +1175,174 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        /* New TLS Export CipherSuites from expired ID */
 #if 0
        /* Cipher 60 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
+        TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
-            TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
+        TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
-            SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
+        SSL_kRSA,
-            SSL_EXPORT|SSL_EXP56,
+        SSL_aRSA,
-            0,
+        SSL_RC4,
-            56,
+        SSL_MD5,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_EXPORT|SSL_EXP56,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        56,
+        128,
+        },
        /* Cipher 61 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+        TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-            TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+        TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-            SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
+        SSL_kRSA,
-            SSL_EXPORT|SSL_EXP56,
+        SSL_aRSA,
-            0,
+        SSL_RC2,
-            56,
+        SSL_MD5,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_EXPORT|SSL_EXP56,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        56,
+        128,
+        },
 #endif
        /* Cipher 62 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+        TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-            TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+        TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-            SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
+        SSL_kRSA,
-            SSL_EXPORT|SSL_EXP56,
+        SSL_aRSA,
-            0,
+        SSL_DES,
-            56,
+        SSL_SHA1,
-            56,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_EXPORT|SSL_EXP56,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        56,
+        56,
+        },
        /* Cipher 63 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+        TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-            TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+        TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-            SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
-            SSL_EXPORT|SSL_EXP56,
+        SSL_aDSS,
-            0,
+        SSL_DES,
-            56,
+        SSL_SHA1,
-            56,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_EXPORT|SSL_EXP56,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        56,
+        56,
+        },
        /* Cipher 64 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
+        TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
-            TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
+        TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
-            SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+        SSL_kRSA,
-            SSL_EXPORT|SSL_EXP56,
+        SSL_aRSA,
-            0,
+        SSL_RC4,
-            56,
+        SSL_SHA1,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_EXPORT|SSL_EXP56,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        56,
+        128,
+        },
        /* Cipher 65 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+        TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-            TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+        TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-            SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
-            SSL_EXPORT|SSL_EXP56,
+        SSL_aDSS,
-            0,
+        SSL_RC4,
-            56,
+        SSL_SHA1,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_EXPORT|SSL_EXP56,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        56,
+        128,
+        },
        /* Cipher 66 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+        TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
-            TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+        TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
-            SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
-            SSL_NOT_EXP|SSL_MEDIUM,
+        SSL_aDSS,
-            0,
+        SSL_RC4,
-            128,
+        SSL_SHA1,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_MEDIUM,
-            SSL_ALL_STRENGTHS
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        128,
+        128,
+        },
 #endif
+        {
+        1,
+        "GOST94-GOST89-GOST89",
+        0x3000080,
+        SSL_kGOST,
+        SSL_aGOST94,
+        SSL_eGOST2814789CNT,
+        SSL_GOST89MAC,
+        SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
+        256,
+        256
+        },
+        {
+        1,
+        "GOST2001-GOST89-GOST89",
+        0x3000081,
+        SSL_kGOST,
+        SSL_aGOST01,
+        SSL_eGOST2814789CNT,
+        SSL_GOST89MAC,
+        SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
+        256,
+        256
+        },
+        {
+        1,
+        "GOST94-NULL-GOST94",
+        0x3000082,
+        SSL_kGOST,
+        SSL_aGOST94,
+        SSL_eNULL,
+        SSL_GOST94,
+        SSL_TLSV1,
+        SSL_NOT_EXP|SSL_STRONG_NONE,
+        SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
+        0,
+        0
+        },
+        {
+        1,
+        "GOST2001-NULL-GOST94",
+        0x3000083,
+        SSL_kGOST,
+        SSL_aGOST01,
+        SSL_eNULL,
+        SSL_GOST94,
+        SSL_TLSV1,
+        SSL_NOT_EXP|SSL_STRONG_NONE,
+        SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
+        0,
+        0
+        },
 #ifndef OPENSSL_NO_CAMELLIA
        /* Camellia ciphersuites from RFC4132 (256-bit portion) */
@@ -1087,81 +1352,163 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_CAMELLIA256,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS
        },
        /* Cipher 85 */
        {
        0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
-        SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_kDHd,
+        SSL_aDH,
+        SSL_CAMELLIA256,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS
        },
        /* Cipher 86 */
        {
        0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
-        SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_kDHr,
+        SSL_aDH,
+        SSL_CAMELLIA256,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS
        },
        /* Cipher 87 */
        {
        1,
        TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-        SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aDSS,
+        SSL_CAMELLIA256,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS
        },
        /* Cipher 88 */
        {
        1,
        TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-        SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aRSA,
+        SSL_CAMELLIA256,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS
        },
        /* Cipher 89 */
        {
        1,
        TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
-        SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aNULL,
+        SSL_CAMELLIA256,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_HIGH,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS
        },
 #endif /* OPENSSL_NO_CAMELLIA */
+#ifndef OPENSSL_NO_PSK
+        /* Cipher 8A */
+        {
+        1,
+        TLS1_TXT_PSK_WITH_RC4_128_SHA,
+        TLS1_CK_PSK_WITH_RC4_128_SHA,
+        SSL_kPSK,
+        SSL_aPSK,
+        SSL_RC4,
+        SSL_SHA1,
+        SSL_TLSV1,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+        128,
+        128,
+        },
+        /* Cipher 8B */
+        {
+        1,
+        TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+        TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
+        SSL_kPSK,
+        SSL_aPSK,
+        SSL_3DES,
+        SSL_SHA1,
+        SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+        168,
+        168,
+        },
+        /* Cipher 8C */
+        {
+        1,
+        TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
+        TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
+        SSL_kPSK,
+        SSL_aPSK,
+        SSL_AES128,
+        SSL_SHA1,
+        SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+        128,
+        128,
+        },
+        /* Cipher 8D */
+        {
+        1,
+        TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
+        TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
+        SSL_kPSK,
+        SSL_aPSK,
+        SSL_AES256,
+        SSL_SHA1,
+        SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+        256,
+        256,
+        },
+#endif  /* OPENSSL_NO_PSK */
 #ifndef OPENSSL_NO_SEED
        /* SEED ciphersuites from RFC4162 */
@@ -1170,13 +1517,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_RSA_WITH_SEED_SHA,
        TLS1_CK_RSA_WITH_SEED_SHA,
-        SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_SEED,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
        /* Cipher 97 */
@@ -1184,13 +1533,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_DSS_WITH_SEED_SHA,
        TLS1_CK_DH_DSS_WITH_SEED_SHA,
-        SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+        SSL_kDHd,
+        SSL_aDH,
+        SSL_SEED,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
        /* Cipher 98 */
@@ -1198,13 +1549,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_RSA_WITH_SEED_SHA,
        TLS1_CK_DH_RSA_WITH_SEED_SHA,
-        SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+        SSL_kDHr,
+        SSL_aDH,
+        SSL_SEED,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
        /* Cipher 99 */
@@ -1212,13 +1565,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
        TLS1_CK_DHE_DSS_WITH_SEED_SHA,
-        SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aDSS,
+        SSL_SEED,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
        /* Cipher 9A */
@@ -1226,13 +1581,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
        TLS1_CK_DHE_RSA_WITH_SEED_SHA,
-        SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aRSA,
+        SSL_SEED,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
        /* Cipher 9B */
@@ -1240,376 +1597,487 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ADH_WITH_SEED_SHA,
        TLS1_CK_ADH_WITH_SEED_SHA,
-        SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1,
+        SSL_kEDH,
+        SSL_aNULL,
+        SSL_SEED,
+        SSL_SHA1,
+        SSL_TLSV1,
        SSL_NOT_EXP|SSL_MEDIUM,
-        0,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
-        SSL_ALL_CIPHERS,
-        SSL_ALL_STRENGTHS,
        },
 #endif /* OPENSSL_NO_SEED */
 #ifndef OPENSSL_NO_ECDH
        /* Cipher C001 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
+        TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
-            TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
+        TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
-            SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+        SSL_kECDHe,
-            SSL_NOT_EXP,
+        SSL_aECDH,
-            0,
+        SSL_eNULL,
-            0,
+        SSL_SHA1,
-            0,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_STRONG_NONE,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        0,
+        0,
+        },
        /* Cipher C002 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
+        TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
-            TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
+        TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
-            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+        SSL_kECDHe,
-            SSL_NOT_EXP,
+        SSL_aECDH,
-            0,
+        SSL_RC4,
-            128,
+        SSL_SHA1,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_MEDIUM,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        128,
+        128,
+        },
        /* Cipher C003 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+        TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
-            TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+        TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
-            SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+        SSL_kECDHe,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aECDH,
-            0,
+        SSL_3DES,
-            168,
+        SSL_SHA1,
-            168,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        168,
+        168,
+        },
        /* Cipher C004 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+        TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-            TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+        TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-            SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kECDHe,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aECDH,
-            0,
+        SSL_AES128,
-            128,
+        SSL_SHA1,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        128,
+        128,
+        },
        /* Cipher C005 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+        TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-            TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+        TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-            SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kECDHe,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aECDH,
-            0,
+        SSL_AES256,
-            256,
+        SSL_SHA1,
-            256,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        256,
+        256,
+        },
        /* Cipher C006 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+        TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
-            TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
+        TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
-            SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP,
+        SSL_aECDSA,
-            0,
+        SSL_eNULL,
-            0,
+        SSL_SHA1,
-            0,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_STRONG_NONE,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        0,
+        0,
+        },
        /* Cipher C007 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+        TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
-            TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
+        TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
-            SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP,
+        SSL_aECDSA,
-            0,
+        SSL_RC4,
-            128,
+        SSL_SHA1,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_MEDIUM,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        128,
+        128,
+        },
        /* Cipher C008 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+        TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-            TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+        TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-            SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aECDSA,
-            0,
+        SSL_3DES,
-            168,
+        SSL_SHA1,
-            168,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        168,
+        168,
+        },
        /* Cipher C009 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+        TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-            TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+        TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-            SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aECDSA,
-            0,
+        SSL_AES128,
-            128,
+        SSL_SHA1,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        128,
+        128,
+        },
        /* Cipher C00A */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+        TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-            TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+        TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-            SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aECDSA,
-            0,
+        SSL_AES256,
-            256,
+        SSL_SHA1,
-            256,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        256,
+        256,
+        },
        /* Cipher C00B */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
+        TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
-            TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
+        TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
-            SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+        SSL_kECDHr,
-            SSL_NOT_EXP,
+        SSL_aECDH,
-            0,
+        SSL_eNULL,
-            0,
+        SSL_SHA1,
-            0,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_STRONG_NONE,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        0,
+        0,
+        },
        /* Cipher C00C */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
+        TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
-            TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
+        TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
-            SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+        SSL_kECDHr,
-            SSL_NOT_EXP,
+        SSL_aECDH,
-            0,
+        SSL_RC4,
-            128,
+        SSL_SHA1,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_MEDIUM,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        128,
+        128,
+        },
        /* Cipher C00D */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+        TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-            TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+        TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-            SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+        SSL_kECDHr,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aECDH,
-            0,
+        SSL_3DES,
-            168,
+        SSL_SHA1,
-            168,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        168,
+        168,
+        },
        /* Cipher C00E */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
+        TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
-            TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
+        TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
-            SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kECDHr,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aECDH,
-            0,
+        SSL_AES128,
-            128,
+        SSL_SHA1,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        128,
+        128,
+        },
        /* Cipher C00F */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
+        TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
-            TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
+        TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
-            SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kECDHr,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aECDH,
-            0,
+        SSL_AES256,
-            256,
+        SSL_SHA1,
-            256,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        256,
+        256,
+        },
        /* Cipher C010 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+        TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
-            TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
+        TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
-            SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP,
+        SSL_aRSA,
-            0,
+        SSL_eNULL,
-            0,
+        SSL_SHA1,
-            0,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_STRONG_NONE,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        0,
+        0,
+        },
        /* Cipher C011 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+        TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
-            TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
+        TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
-            SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP,
+        SSL_aRSA,
-            0,
+        SSL_RC4,
-            128,
+        SSL_SHA1,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_MEDIUM,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        128,
+        128,
+        },
        /* Cipher C012 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+        TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-            TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+        TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-            SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aRSA,
-            0,
+        SSL_3DES,
-            168,
+        SSL_SHA1,
-            168,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        168,
+        168,
+        },
        /* Cipher C013 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+        TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-            TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+        TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-            SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aRSA,
-            0,
+        SSL_AES128,
-            128,
+        SSL_SHA1,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        128,
+        128,
+        },
        /* Cipher C014 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+        TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-            TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+        TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-            SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aRSA,
-            0,
+        SSL_AES256,
-            256,
+        SSL_SHA1,
-            256,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        256,
+        256,
+        },
        /* Cipher C015 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+        TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
-            TLS1_CK_ECDH_anon_WITH_NULL_SHA,
+        TLS1_CK_ECDH_anon_WITH_NULL_SHA,
-            SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP,
+        SSL_aNULL,
-            0,
+        SSL_eNULL,
-            0,
+        SSL_SHA1,
-            0,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_STRONG_NONE,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        0,
+        0,
+        },
        /* Cipher C016 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+        TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
-            TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
+        TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
-            SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP,
+        SSL_aNULL,
-            0,
+        SSL_RC4,
-            128,
+        SSL_SHA1,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_MEDIUM,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        128,
+        128,
+        },
        /* Cipher C017 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+        TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
-            TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+        TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
-            SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aNULL,
-            0,
+        SSL_3DES,
-            168,
+        SSL_SHA1,
-            168,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        168,
+        168,
+        },
        /* Cipher C018 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+        TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
-            TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
+        TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
-            SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aNULL,
-            0,
+        SSL_AES128,
-            128,
+        SSL_SHA1,
-            128,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        128,
+        128,
+        },
        /* Cipher C019 */
-            {
+        {
-            1,
+        1,
-            TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+        TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
-            TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
+        TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
-            SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+        SSL_kEECDH,
-            SSL_NOT_EXP|SSL_HIGH,
+        SSL_aNULL,
-            0,
+        SSL_AES256,
-            256,
+        SSL_SHA1,
-            256,
+        SSL_TLSV1,
-            SSL_ALL_CIPHERS,
+        SSL_NOT_EXP|SSL_HIGH,
-            SSL_ALL_STRENGTHS,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-            },
+        256,
+        256,
+        },
 #endif  /* OPENSSL_NO_ECDH */
+#ifdef TEMP_GOST_TLS
+/* Cipher FF00 */
+        {
+        1,
+        "GOST-MD5",
+        0x0300ff00,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_eGOST2814789CNT,
+        SSL_MD5,
+        SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+        256,
+        256,
+        },
+        {
+        1,
+        "GOST-GOST94",
+        0x0300ff01,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_eGOST2814789CNT,
+        SSL_GOST94,
+        SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+        256,
+        256
+        },
+        {
+        1,
+        "GOST-GOST89MAC",
+        0x0300ff02,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_eGOST2814789CNT,
+        SSL_GOST89MAC,
+        SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+        256,
+        256
+        },
+        {
+        1,
+        "GOST-GOST89STREAM",
+        0x0300ff03,
+        SSL_kRSA,
+        SSL_aRSA,
+        SSL_eGOST2814789CNT,
+        SSL_GOST89MAC,
+        SSL_TLSV1,
+        SSL_NOT_EXP|SSL_HIGH,
+        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
+        256,
+        256
+        },
+#endif
 /* end of list */
        };
 SSL3_ENC_METHOD SSLv3_enc_data={
        ssl3_enc,
-        ssl3_mac,
+        n_ssl3_mac,
        ssl3_setup_key_block,
        ssl3_generate_master_secret,
        ssl3_change_cipher_state,
@@ -1628,17 +2096,12 @@ long ssl3_default_timeout(void)
        return(60*60*2);
        }
-IMPLEMENT_ssl3_meth_func(sslv3_base_method,
-                        ssl_undefined_function,
-                        ssl_undefined_function,
-                        ssl_bad_method)
 int ssl3_num_ciphers(void)
        {
        return(SSL3_NUM_CIPHERS);
        }
-SSL_CIPHER *ssl3_get_cipher(unsigned int u)
+const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
        {
        if (u < SSL3_NUM_CIPHERS)
                return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
@@ -1660,10 +2123,8 @@ int ssl3_new(SSL *s)
        if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
        memset(s3,0,sizeof *s3);
-        EVP_MD_CTX_init(&s3->finish_dgst1);
+        memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
-        EVP_MD_CTX_init(&s3->finish_dgst2);
+        memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
-        pq_64bit_init(&(s3->rrec.seq_num));
-        pq_64bit_init(&(s3->wrec.seq_num));
        s->s3=s3;
@@ -1678,11 +2139,18 @@ void ssl3_free(SSL *s)
        if(s == NULL)
            return;
+#ifdef TLSEXT_TYPE_opaque_prf_input
+        if (s->s3->client_opaque_prf_input != NULL)
+                OPENSSL_free(s->s3->client_opaque_prf_input);
+        if (s->s3->server_opaque_prf_input != NULL)
+                OPENSSL_free(s->s3->server_opaque_prf_input);
+#endif
        ssl3_cleanup_key_block(s);
        if (s->s3->rbuf.buf != NULL)
-                OPENSSL_free(s->s3->rbuf.buf);
+                ssl3_release_read_buffer(s);
        if (s->s3->wbuf.buf != NULL)
-                OPENSSL_free(s->s3->wbuf.buf);
+                ssl3_release_write_buffer(s);
        if (s->s3->rrec.comp != NULL)
                OPENSSL_free(s->s3->rrec.comp);
 #ifndef OPENSSL_NO_DH
@@ -1696,11 +2164,10 @@ void ssl3_free(SSL *s)
        if (s->s3->tmp.ca_names != NULL)
                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
-        EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+        if (s->s3->handshake_buffer) {
-        EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+                BIO_free(s->s3->handshake_buffer);
-        pq_64bit_free(&(s->s3->rrec.seq_num));
+        }
-        pq_64bit_free(&(s->s3->wrec.seq_num));
+        if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
        OPENSSL_cleanse(s->s3,sizeof *s->s3);
        OPENSSL_free(s->s3);
        s->s3=NULL;
@@ -1711,6 +2178,15 @@ void ssl3_clear(SSL *s)
        unsigned char *rp,*wp;
        size_t rlen, wlen;
+#ifdef TLSEXT_TYPE_opaque_prf_input
+        if (s->s3->client_opaque_prf_input != NULL)
+                OPENSSL_free(s->s3->client_opaque_prf_input);
+        s->s3->client_opaque_prf_input = NULL;
+        if (s->s3->server_opaque_prf_input != NULL)
+                OPENSSL_free(s->s3->server_opaque_prf_input);
+        s->s3->server_opaque_prf_input = NULL;
+#endif
        ssl3_cleanup_key_block(s);
        if (s->s3->tmp.ca_names != NULL)
                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
@@ -1733,10 +2209,13 @@ void ssl3_clear(SSL *s)
        wp = s->s3->wbuf.buf;
        rlen = s->s3->rbuf.len;
        wlen = s->s3->wbuf.len;
+        if (s->s3->handshake_buffer) {
-        EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+                BIO_free(s->s3->handshake_buffer);
-        EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+                s->s3->handshake_buffer = NULL;
+        }
+        if (s->s3->handshake_dgst) {
+                ssl3_free_digest_list(s);
+        }       
        memset(s->s3,0,sizeof *s->s3);
        s->s3->rbuf.buf = rp;
        s->s3->wbuf.buf = wp;
@@ -1936,7 +2415,31 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                s->tlsext_debug_arg=parg;
                ret = 1;
                break;
-  
+#ifdef TLSEXT_TYPE_opaque_prf_input
+        case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
+                if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
+                                   * (including the cert chain and everything) */
+                        {
+                        SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
+                        break;
+                        }
+                if (s->tlsext_opaque_prf_input != NULL)
+                        OPENSSL_free(s->tlsext_opaque_prf_input);
+                if ((size_t)larg == 0)
+                        s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+                else
+                        s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
+                if (s->tlsext_opaque_prf_input != NULL)
+                        {
+                        s->tlsext_opaque_prf_input_len = (size_t)larg;
+                        ret = 1;
+                        }
+                else
+                        s->tlsext_opaque_prf_input_len = 0;
+                break;
+#endif
        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
                s->tlsext_status_type=larg;
                ret = 1;
@@ -2194,13 +2697,20 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                        }
                return 1;
                }
-  
+#ifdef TLSEXT_TYPE_opaque_prf_input
+        case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
+                ctx->tlsext_opaque_prf_input_callback_arg = parg;
+                return 1;
+#endif
        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
                ctx->tlsext_status_arg=parg;
                return 1;
                break;
 #endif /* !OPENSSL_NO_TLSEXT */
        /* A Thawte special :-) */
        case SSL_CTRL_EXTRA_CHAIN_CERT:
                if (ctx->extra_certs == NULL)
@@ -2250,7 +2760,13 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
        case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
                ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
                break;
-  
+#ifdef TLSEXT_TYPE_opaque_prf_input
+        case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
+                ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
+                break;
+#endif
        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
                ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
                break;
@@ -2271,17 +2787,15 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
 /* This function needs to check if the ciphers required are actually
 * available */
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
        {
-        SSL_CIPHER c,*cp;
+        SSL_CIPHER c;
+        const SSL_CIPHER *cp;
        unsigned long id;
        id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
        c.id=id;
-        cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
+        cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
-                (char *)ssl3_ciphers,
-                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
-                FP_ICC ssl_cipher_id_cmp);
        if (cp == NULL || cp->valid == 0)
                return NULL;
        else
@@ -2307,10 +2821,14 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
        {
        SSL_CIPHER *c,*ret=NULL;
        STACK_OF(SSL_CIPHER) *prio, *allow;
-        int i,j,ok;
+        int i,ii,ok;
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
+        unsigned int j;
+        int ec_ok, ec_nid;
+        unsigned char ec_search1 = 0, ec_search2 = 0;
+#endif
        CERT *cert;
-        unsigned long alg,mask,emask;
+        unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
        /* Let's see which ciphers we can support */
        cert=s->cert;
@@ -2326,73 +2844,237 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 #endif
 #ifdef CIPHER_DEBUG
-        printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
+        printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
-        for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
+        for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
-            {
+                {
-            c=sk_SSL_CIPHER_value(srvr,i);
+                c=sk_SSL_CIPHER_value(srvr,i);
-            printf("%p:%s\n",c,c->name);
+                printf("%p:%s\n",(void *)c,c->name);
-            }
+                }
-        printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
+        printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
-        for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
+        for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
            {
            c=sk_SSL_CIPHER_value(clnt,i);
-            printf("%p:%s\n",c,c->name);
+            printf("%p:%s\n",(void *)c,c->name);
            }
 #endif
        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
-            {
+                {
-            prio = srvr;
+                prio = srvr;
-            allow = clnt;
+                allow = clnt;
-            }
+                }
        else
-            {
+                {
-            prio = clnt;
+                prio = clnt;
-            allow = srvr;
+                allow = srvr;
-            }
+                }
        for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
                {
                c=sk_SSL_CIPHER_value(prio,i);
                ssl_set_cert_masks(cert,c);
-                mask=cert->mask;
+                mask_k = cert->mask_k;
-                emask=cert->export_mask;
+                mask_a = cert->mask_a;
+                emask_k = cert->export_mask_k;
+                emask_a = cert->export_mask_a;
                        
 #ifdef KSSL_DEBUG
-                printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
+/*              printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
 #endif    /* KSSL_DEBUG */
-                alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+                alg_k=c->algorithm_mkey;
+                alg_a=c->algorithm_auth;
 #ifndef OPENSSL_NO_KRB5
-                if (alg & SSL_KRB5) 
+                if (alg_k & SSL_kKRB5)
-                        {
+                        {
-                        if ( !kssl_keytab_is_available(s->kssl_ctx) )
+                        if ( !kssl_keytab_is_available(s->kssl_ctx) )
-                            continue;
+                            continue;
-                        }
+                        }
 #endif /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_PSK
+                /* with PSK there must be server callback set */
+                if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
+                        continue;
+#endif /* OPENSSL_NO_PSK */
                if (SSL_C_IS_EXPORT(c))
                        {
-                        ok=((alg & emask) == alg)?1:0;
+                        ok = (alg_k & emask_k) && (alg_a & emask_a);
 #ifdef CIPHER_DEBUG
-                        printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
+                        printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
-                               c,c->name);
+                               (void *)c,c->name);
 #endif
                        }
                else
                        {
-                        ok=((alg & mask) == alg)?1:0;
+                        ok = (alg_k & mask_k) && (alg_a & mask_a);
 #ifdef CIPHER_DEBUG
-                        printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
+                        printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
                               c->name);
 #endif
                        }
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+                if (
+                        /* if we are considering an ECC cipher suite that uses our certificate */
+                        (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
+                        /* and we have an ECC certificate */
+                        && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
+                        /* and the client specified a Supported Point Formats extension */
+                        && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
+                        /* and our certificate's point is compressed */
+                        && (
+                                (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
+                                && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
+                                && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
+                                && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
+                                && (
+                                        (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
+                                        || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
+                                        )
+                                )
+                )
+                        {
+                        ec_ok = 0;
+                        /* if our certificate's curve is over a field type that the client does not support
+                         * then do not allow this cipher suite to be negotiated */
+                        if (
+                                (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
+                                && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
+                                && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
+                                && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
+                        )
+                                {
+                                for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
+                                        {
+                                        if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
+                                                {
+                                                ec_ok = 1;
+                                                break;
+                                                }
+                                        }
+                                }
+                        else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
+                                {
+                                for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
+                                        {
+                                        if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
+                                                {
+                                                ec_ok = 1;
+                                                break;
+                                                }
+                                        }
+                                }
+                        ok = ok && ec_ok;
+                        }
+                if (
+                        /* if we are considering an ECC cipher suite that uses our certificate */
+                        (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
+                        /* and we have an ECC certificate */
+                        && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
+                        /* and the client specified an EllipticCurves extension */
+                        && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
+                )
+                        {
+                        ec_ok = 0;
+                        if (
+                                (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
+                                && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
+                        )
+                                {
+                                ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
+                                if ((ec_nid == 0)
+                                        && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
+                                )
+                                        {
+                                        if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
+                                                {
+                                                ec_search1 = 0xFF;
+                                                ec_search2 = 0x01;
+                                                }
+                                        else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
+                                                {
+                                                ec_search1 = 0xFF;
+                                                ec_search2 = 0x02;
+                                                }
+                                        }
+                                else
+                                        {
+                                        ec_search1 = 0x00;
+                                        ec_search2 = tls1_ec_nid2curve_id(ec_nid);
+                                        }
+                                if ((ec_search1 != 0) || (ec_search2 != 0))
+                                        {
+                                        for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
+                                                {
+                                                if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
+                                                        {
+                                                        ec_ok = 1;
+                                                        break;
+                                                        }
+                                                }
+                                        }
+                                }
+                        ok = ok && ec_ok;
+                        }
+                if (
+                        /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
+                        (alg_k & SSL_kEECDH)
+                        /* and we have an ephemeral EC key */
+                        && (s->cert->ecdh_tmp != NULL)
+                        /* and the client specified an EllipticCurves extension */
+                        && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
+                )
+                        {
+                        ec_ok = 0;
+                        if (s->cert->ecdh_tmp->group != NULL)
+                                {
+                                ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
+                                if ((ec_nid == 0)
+                                        && (s->cert->ecdh_tmp->group->meth != NULL)
+                                )
+                                        {
+                                        if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
+                                                {
+                                                ec_search1 = 0xFF;
+                                                ec_search2 = 0x01;
+                                                }
+                                        else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
+                                                {
+                                                ec_search1 = 0xFF;
+                                                ec_search2 = 0x02;
+                                                }
+                                        }
+                                else
+                                        {
+                                        ec_search1 = 0x00;
+                                        ec_search2 = tls1_ec_nid2curve_id(ec_nid);
+                                        }
+                                if ((ec_search1 != 0) || (ec_search2 != 0))
+                                        {
+                                        for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
+                                                {
+                                                if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
+                                                        {
+                                                        ec_ok = 1;
+                                                        break;
+                                                        }
+                                                }
+                                        }
+                                }
+                        ok = ok && ec_ok;
+                        }
+#endif /* OPENSSL_NO_EC */
+#endif /* OPENSSL_NO_TLSEXT */
                if (!ok) continue;
-                j=sk_SSL_CIPHER_find(allow,c);
+                ii=sk_SSL_CIPHER_find(allow,c);
-                if (j >= 0)
+                if (ii >= 0)
                        {
-                        ret=sk_SSL_CIPHER_value(allow,j);
+                        ret=sk_SSL_CIPHER_value(allow,ii);
                        break;
                        }
                }
@@ -2402,12 +3084,24 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
        {
        int ret=0;
-        unsigned long alg;
+        unsigned long alg_k;
+        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-        alg=s->s3->tmp.new_cipher->algorithms;
+#ifndef OPENSSL_NO_GOST
+        if (s->version >= TLS1_VERSION)
+                {
+                if (alg_k & SSL_kGOST)
+                        {
+                        p[ret++]=TLS_CT_GOST94_SIGN;
+                        p[ret++]=TLS_CT_GOST01_SIGN;
+                        return(ret);
+                        }
+                }
+#endif
 #ifndef OPENSSL_NO_DH
-        if (alg & (SSL_kDHr|SSL_kEDH))
+        if (alg_k & (SSL_kDHr|SSL_kEDH))
                {
 #  ifndef OPENSSL_NO_RSA
                p[ret++]=SSL3_CT_RSA_FIXED_DH;
@@ -2417,7 +3111,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 #  endif
                }
        if ((s->version == SSL3_VERSION) &&
-                (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
+                (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
                {
 #  ifndef OPENSSL_NO_RSA
                p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
@@ -2434,10 +3128,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
        p[ret++]=SSL3_CT_DSS_SIGN;
 #endif
 #ifndef OPENSSL_NO_ECDH
-        /* We should ask for fixed ECDH certificates only
+        if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
-         * for SSL_kECDH (and not SSL_kECDHE)
-         */
-        if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
                {
                p[ret++]=TLS_CT_RSA_FIXED_ECDH;
                p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
@@ -2446,7 +3137,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 #ifndef OPENSSL_NO_ECDSA
        /* ECDSA certs can be used with RSA cipher suites as well 
-         * so we don't need to check for SSL_kECDH or SSL_kECDHE
+         * so we don't need to check for SSL_kECDH or SSL_kEECDH
         */
        if (s->version >= TLS1_VERSION)
                {
@@ -2458,6 +3149,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 int ssl3_shutdown(SSL *s)
        {
+        int ret;
        /* Don't do anything much if we have not done the handshake or
         * we don't want to send messages :-) */
@@ -2475,18 +3167,32 @@ int ssl3_shutdown(SSL *s)
 #endif
                /* our shutdown alert has been sent now, and if it still needs
                 * to be written, s->s3->alert_dispatch will be true */
+                if (s->s3->alert_dispatch)
+                        return(-1);     /* return WANT_WRITE */
                }
        else if (s->s3->alert_dispatch)
                {
                /* resend it if not sent */
 #if 1
-                s->method->ssl_dispatch_alert(s);
+                ret=s->method->ssl_dispatch_alert(s);
+                if(ret == -1)
+                        {
+                        /* we only get to return -1 here the 2nd/Nth
+                         * invocation, we must  have already signalled
+                         * return 0 upon a previous invoation,
+                         * return WANT_WRITE */
+                        return(ret);
+                        }
 #endif
                }
        else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
                {
                /* If we are waiting for a close from our peer, we are closed */
                s->method->ssl_read_bytes(s,0,NULL,0,0);
+                if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
+                        {
+                        return(-1);     /* return WANT_READ */
+                        }
                }
        if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
diff --git a/src/lib/libssl/src/ssl/s3_meth.c b/src/lib/libssl/src/ssl/s3_meth.c
index 6a6eb1c58f..cdddb17b62 100644
--- a/src/lib/libssl/src/ssl/s3_meth.c
+++ b/src/lib/libssl/src/ssl/s3_meth.c
@@ -60,8 +60,8 @@
 #include <openssl/objects.h>
 #include "ssl_locl.h"
-static SSL_METHOD *ssl3_get_method(int ver);
+static const SSL_METHOD *ssl3_get_method(int ver);
-static SSL_METHOD *ssl3_get_method(int ver)
+static const SSL_METHOD *ssl3_get_method(int ver)
        {
        if (ver == SSL3_VERSION)
                return(SSLv3_method());
@@ -70,8 +70,8 @@ static SSL_METHOD *ssl3_get_method(int ver)
        }
 IMPLEMENT_ssl3_meth_func(SSLv3_method,
-                        ssl3_accept,
+                         ssl3_accept,
-                        ssl3_connect,
+                         ssl3_connect,
-                        ssl3_get_method)
+                         ssl3_get_method)
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index 9476dcddf6..e3f6050a26 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -129,73 +129,113 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
         * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
         * [plus s->packet_length bytes if extend == 1].)
         */
-        int i,off,newb;
+        int i,len,left;
+        long align=0;
+        unsigned char *pkt;
+        SSL3_BUFFER *rb;
+        if (n <= 0) return n;
+        rb    = &(s->s3->rbuf);
+        if (rb->buf == NULL)
+                if (!ssl3_setup_read_buffer(s))
+                        return -1;
+        left  = rb->left;
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+        align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
+        align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
+#endif
        if (!extend)
                {
                /* start with empty packet ... */
-                if (s->s3->rbuf.left == 0)
+                if (left == 0)
-                        s->s3->rbuf.offset = 0;
+                        rb->offset = align;
-                s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;
+                else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH)
+                        {
+                        /* check if next packet length is large
+                         * enough to justify payload alignment... */
+                        pkt = rb->buf + rb->offset;
+                        if (pkt[0] == SSL3_RT_APPLICATION_DATA
+                            && (pkt[3]<<8|pkt[4]) >= 128)
+                                {
+                                /* Note that even if packet is corrupted
+                                 * and its length field is insane, we can
+                                 * only be led to wrong decision about
+                                 * whether memmove will occur or not.
+                                 * Header values has no effect on memmove
+                                 * arguments and therefore no buffer
+                                 * overrun can be triggered. */
+                                memmove (rb->buf+align,pkt,left);
+                                rb->offset = align;
+                                }
+                        }
+                s->packet = rb->buf + rb->offset;
                s->packet_length = 0;
                /* ... now we can act as if 'extend' was set */
                }
-        /* extend reads should not span multiple packets for DTLS */
+        /* For DTLS/UDP reads should not span multiple packets
-        if ( SSL_version(s) == DTLS1_VERSION &&
+         * because the read operation returns the whole packet
-                extend)
+         * at once (as long as it fits into the buffer). */
+        if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
                {
-                if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
+                if (left > 0 && n > left)
-                        n = s->s3->rbuf.left;
+                        n = left;
                }
        /* if there is enough in the buffer from a previous read, take some */
-        if (s->s3->rbuf.left >= (int)n)
+        if (left >= n)
                {
                s->packet_length+=n;
-                s->s3->rbuf.left-=n;
+                rb->left=left-n;
-                s->s3->rbuf.offset+=n;
+                rb->offset+=n;
                return(n);
                }
        /* else we need to read more data */
-        if (!s->read_ahead)
-                max=n;
-        {
+        len = s->packet_length;
-                /* avoid buffer overflow */
+        pkt = rb->buf+align;
-                int max_max = s->s3->rbuf.len - s->packet_length;
+        /* Move any available bytes to front of buffer:
-                if (max > max_max)
+         * 'len' bytes already pointed to by 'packet',
-                        max = max_max;
+         * 'left' extra ones at the end */
-        }
+        if (s->packet != pkt) /* len > 0 */
-        if (n > max) /* does not happen */
+                {
+                memmove(pkt, s->packet, len+left);
+                s->packet = pkt;
+                rb->offset = len + align;
+                }
+        if (n > (int)(rb->len - rb->offset)) /* does not happen */
                {
                SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
                return -1;
                }
-        off = s->packet_length;
+        if (!s->read_ahead)
-        newb = s->s3->rbuf.left;
+                /* ignore max parameter */
-        /* Move any available bytes to front of buffer:
+                max = n;
-         * 'off' bytes already pointed to by 'packet',
+        else
-         * 'newb' extra ones at the end */
-        if (s->packet != s->s3->rbuf.buf)
                {
-                /*  off > 0 */
+                if (max < n)
-                memmove(s->s3->rbuf.buf, s->packet, off+newb);
+                        max = n;
-                s->packet = s->s3->rbuf.buf;
+                if (max > (int)(rb->len - rb->offset))
+                        max = rb->len - rb->offset;
                }
-        while (newb < n)
+        while (left < n)
                {
-                /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need
+                /* Now we have len+left bytes at the front of s->s3->rbuf.buf
-                 * to read in more until we have off+n (up to off+max if possible) */
+                 * and need to read in more until we have len+n (up to
+                 * len+max if possible) */
                clear_sys_error();
                if (s->rbio != NULL)
                        {
                        s->rwstate=SSL_READING;
-                        i=BIO_read(s->rbio,     &(s->s3->rbuf.buf[off+newb]), max-newb);
+                        i=BIO_read(s->rbio,pkt+len+left, max-left);
                        }
                else
                        {
@@ -205,15 +245,26 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
                if (i <= 0)
                        {
-                        s->s3->rbuf.left = newb;
+                        rb->left = left;
+                        if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+                                if (len+left == 0)
+                                        ssl3_release_read_buffer(s);
                        return(i);
                        }
-                newb+=i;
+                left+=i;
+                /* reads should *never* span multiple packets for DTLS because
+                 * the underlying transport protocol is message oriented as opposed
+                 * to byte oriented as in the TLS case. */
+                if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+                        {
+                        if (n > left)
+                                n = left; /* makes the while condition false */
+                        }
                }
        /* done reading, now the book-keeping */
-        s->s3->rbuf.offset = off + n;
+        rb->offset += n;
-        s->s3->rbuf.left = newb - n;
+        rb->left = left - n;
        s->packet_length += n;
        s->rwstate=SSL_NOTHING;
        return(n);
@@ -237,7 +288,7 @@ static int ssl3_get_record(SSL *s)
        unsigned char *p;
        unsigned char md[EVP_MAX_MD_SIZE];
        short version;
-        unsigned int mac_size;
+        int mac_size;
        int clear=0;
        size_t extra;
        int decryption_failed_or_bad_record_mac = 0;
@@ -250,9 +301,9 @@ static int ssl3_get_record(SSL *s)
                extra=SSL3_RT_MAX_EXTRA;
        else
                extra=0;
-        if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE)
+        if (extra && !s->s3->init_extra)
                {
-                /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
+                /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
                 * set after ssl3_setup_buffers() was done */
                SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
                return -1;
@@ -275,6 +326,9 @@ again:
                ssl_minor= *(p++);
                version=(ssl_major<<8)|ssl_minor;
                n2s(p,rr->length);
+#if 0
+fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
+#endif
                /* Lets check version */
                if (!s->first_packet)
@@ -282,9 +336,9 @@ again:
                        if (version != s->version)
                                {
                                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-                                /* Send back error using their
+                                if ((s->version & 0xFF00) == (version & 0xFF00))
-                                 * version number :-) */
+                                        /* Send back error using their minor version number :-) */
-                                s->version=version;
+                                        s->version = (unsigned short)version;
                                al=SSL_AD_PROTOCOL_VERSION;
                                goto f_err;
                                }
@@ -296,7 +350,7 @@ again:
                        goto err;
                        }
-                if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+                if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH)
                        {
                        al=SSL_AD_RECORD_OVERFLOW;
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
@@ -369,12 +423,14 @@ printf("\n");
        /* r->length is now the compressed data plus mac */
        if (    (sess == NULL) ||
                (s->enc_read_ctx == NULL) ||
-                (s->read_hash == NULL))
+                (EVP_MD_CTX_md(s->read_hash) == NULL))
                clear=1;
        if (!clear)
                {
-                mac_size=EVP_MD_size(s->read_hash);
+                /* !clear => s->read_hash != NULL => mac_size != -1 */
+                mac_size=EVP_MD_CTX_size(s->read_hash);
+                OPENSSL_assert(mac_size >= 0);
                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
                        {
@@ -387,7 +443,7 @@ printf("\n");
 #endif                  
                        }
                /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
-                if (rr->length >= mac_size)
+                if (rr->length >= (unsigned int)mac_size)
                        {
                        rr->length -= mac_size;
                        mac = &rr->data[rr->length];
@@ -405,7 +461,7 @@ printf("\n");
 #endif
                        }
                i=s->method->ssl3_enc->mac(s,md,0);
-                if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+                if (i < 0 || mac == NULL || memcmp(md, mac, (size_t)mac_size) != 0)
                        {
                        decryption_failed_or_bad_record_mac = 1;
                        }
@@ -462,6 +518,10 @@ printf("\n");
        /* just read a 0 length packet */
        if (rr->length == 0) goto again;
+#if 0
+fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length);
+#endif
        return(1);
 f_err:
@@ -535,8 +595,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
        n=(len-tot);
        for (;;)
                {
-                if (n > SSL3_RT_MAX_PLAIN_LENGTH)
+                if (n > s->max_send_fragment)
-                        nw=SSL3_RT_MAX_PLAIN_LENGTH;
+                        nw=s->max_send_fragment;
                else
                        nw=n;
@@ -568,14 +628,19 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        {
        unsigned char *p,*plen;
        int i,mac_size,clear=0;
-        int prefix_len = 0;
+        int prefix_len=0;
+        long align=0;
        SSL3_RECORD *wr;
-        SSL3_BUFFER *wb;
+        SSL3_BUFFER *wb=&(s->s3->wbuf);
        SSL_SESSION *sess;
+        if (wb->buf == NULL)
+                if (!ssl3_setup_write_buffer(s))
+                        return -1;
        /* first check if there is a SSL3_BUFFER still being written
         * out.  This will happen with non blocking IO */
-        if (s->s3->wbuf.left != 0)
+        if (wb->left != 0)
                return(ssl3_write_pending(s,type,buf,len));
        /* If we have an alert to send, lets send it */
@@ -591,18 +656,21 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                return 0;
        wr= &(s->s3->wrec);
-        wb= &(s->s3->wbuf);
        sess=s->session;
        if (    (sess == NULL) ||
                (s->enc_write_ctx == NULL) ||
-                (s->write_hash == NULL))
+                (EVP_MD_CTX_md(s->write_hash) == NULL))
                clear=1;
        if (clear)
                mac_size=0;
        else
-                mac_size=EVP_MD_size(s->write_hash);
+                {
+                mac_size=EVP_MD_CTX_size(s->write_hash);
+                if (mac_size < 0)
+                        goto err;
+                }
        /* 'create_empty_fragment' is true only when this function calls itself */
        if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
@@ -620,7 +688,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                        if (prefix_len <= 0)
                                goto err;
-                        if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
+                        if (prefix_len >
+                (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD))
                                {
                                /* insufficient space */
                                SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
@@ -631,7 +700,32 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                s->s3->empty_fragment_done = 1;
                }
-        p = wb->buf + prefix_len;
+        if (create_empty_fragment)
+                {
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+                /* extra fragment would be couple of cipher blocks,
+                 * which would be multiple of SSL3_ALIGN_PAYLOAD, so
+                 * if we want to align the real payload, then we can
+                 * just pretent we simply have two headers. */
+                align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH;
+                align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
+#endif
+                p = wb->buf + align;
+                wb->offset  = align;
+                }
+        else if (prefix_len)
+                {
+                p = wb->buf + wb->offset + prefix_len;
+                }
+        else
+                {
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+                align = (long)wb->buf + SSL3_RT_HEADER_LENGTH;
+                align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
+#endif
+                p = wb->buf + align;
+                wb->offset  = align;
+                }
        /* write the header */
@@ -674,7 +768,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        if (mac_size != 0)
                {
-                s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
+                if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0)
+                        goto err;
                wr->length+=mac_size;
                wr->input=p;
                wr->data=p;
@@ -702,7 +797,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        /* now let's set up wb */
        wb->left = prefix_len + wr->length;
-        wb->offset = 0;
        /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
        s->s3->wpend_tot=len;
@@ -721,6 +815,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
        unsigned int len)
        {
        int i;
+        SSL3_BUFFER *wb=&(s->s3->wbuf);
 /* XXXX */
        if ((s->s3->wpend_tot > (int)len)
@@ -739,17 +834,20 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
                        {
                        s->rwstate=SSL_WRITING;
                        i=BIO_write(s->wbio,
-                                (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),
+                                (char *)&(wb->buf[wb->offset]),
-                                (unsigned int)s->s3->wbuf.left);
+                                (unsigned int)wb->left);
                        }
                else
                        {
                        SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
                        i= -1;
                        }
-                if (i == s->s3->wbuf.left)
+                if (i == wb->left)
                        {
-                        s->s3->wbuf.left=0;
+                        wb->left=0;
+                        wb->offset+=i;
+                        if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+                                ssl3_release_write_buffer(s);
                        s->rwstate=SSL_NOTHING;
                        return(s->s3->wpend_ret);
                        }
@@ -758,12 +856,12 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
                            s->version == DTLS1_BAD_VER) {
                                /* For DTLS, just drop it. That's kind of the whole
                                   point in using a datagram service */
-                                s->s3->wbuf.left = 0;
+                                wb->left = 0;
                        }
                        return(i);
                }
-                s->s3->wbuf.offset+=i;
+                wb->offset+=i;
-                s->s3->wbuf.left-=i;
+                wb->left-=i;
                }
        }
@@ -802,7 +900,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
        void (*cb)(const SSL *ssl,int type2,int val)=NULL;
        if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
-                if (!ssl3_setup_buffers(s))
+                if (!ssl3_setup_read_buffer(s))
                        return(-1);
        if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
@@ -911,6 +1009,8 @@ start:
                                {
                                s->rstate=SSL_ST_READ_HEADER;
                                rr->off=0;
+                                if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+                                        ssl3_release_read_buffer(s);
                                }
                        }
                return(n);
@@ -1020,7 +1120,25 @@ start:
                 * now try again to obtain the (application) data we were asked for */
                goto start;
                }
+        /* If we are a server and get a client hello when renegotiation isn't
+         * allowed send back a no renegotiation alert and carry on.
+         * WARNING: experimental code, needs reviewing (steve)
+         */
+        if (s->server &&
+                SSL_is_init_finished(s) &&
+                !s->s3->send_connection_binding &&
+                (s->version > SSL3_VERSION) &&
+                (s->s3->handshake_fragment_len >= 4) &&
+                (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
+                (s->session != NULL) && (s->session->cipher != NULL) &&
+                !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+                
+                {
+                /*s->s3->handshake_fragment_len = 0;*/
+                rr->length = 0;
+                ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+                goto start;
+                }
        if (s->s3->alert_fragment_len >= 2)
                {
                int alert_level = s->s3->alert_fragment[0];
@@ -1050,6 +1168,21 @@ start:
                                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
                                return(0);
                                }
+                        /* This is a warning but we receive it if we requested
+                         * renegotiation and the peer denied it. Terminate with
+                         * a fatal alert because if application tried to
+                         * renegotiatie it presumably had a good reason and
+                         * expects it to succeed.
+                         *
+                         * In future we might have a renegotiation where we
+                         * don't care if the peer refused it where we carry on.
+                         */
+                        else if (alert_descr == SSL_AD_NO_RENEGOTIATION)
+                                {
+                                al = SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
+                                goto f_err;
+                                }
                        }
                else if (alert_level == 2) /* fatal */
                        {
@@ -1261,20 +1394,18 @@ int ssl3_do_change_cipher_spec(SSL *s)
                }
        s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
-                &(s->s3->finish_dgst1),
-                &(s->s3->finish_dgst2),
                sender,slen,s->s3->tmp.peer_finish_md);
        return(1);
        }
-void ssl3_send_alert(SSL *s, int level, int desc)
+int ssl3_send_alert(SSL *s, int level, int desc)
        {
        /* Map tls/ssl alert value to correct one */
        desc=s->method->ssl3_enc->alert_value(desc);
        if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
                desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
-        if (desc < 0) return;
+        if (desc < 0) return -1;
        /* If a fatal one, remove from cache */
        if ((level == 2) && (s->session != NULL))
                SSL_CTX_remove_session(s->ctx,s->session);
@@ -1283,9 +1414,10 @@ void ssl3_send_alert(SSL *s, int level, int desc)
        s->s3->send_alert[0]=level;
        s->s3->send_alert[1]=desc;
        if (s->s3->wbuf.left == 0) /* data still being written out? */
-                s->method->ssl_dispatch_alert(s);
+                return s->method->ssl_dispatch_alert(s);
        /* else data is still being written out, we will get written
         * some time in the future */
+        return -1;
        }
 int ssl3_dispatch_alert(SSL *s)
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 80b45eb86f..92f73b6681 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* ssl/s3_srvr.c */
+/* ssl/s3_srvr.c -*- mode:C; c-file-style: "eay" -*- */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -121,6 +121,32 @@
 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
 *
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #define REUSE_CIPHER_BUG
 #define NETSCAPE_HANG_BUG
@@ -143,12 +169,9 @@
 #endif
 #include <openssl/md5.h>
-static SSL_METHOD *ssl3_get_server_method(int ver);
+static const SSL_METHOD *ssl3_get_server_method(int ver);
-#ifndef OPENSSL_NO_ECDH
-static int nid2curve_id(int nid);
-#endif
-static SSL_METHOD *ssl3_get_server_method(int ver)
+static const SSL_METHOD *ssl3_get_server_method(int ver)
        {
        if (ver == SSL3_VERSION)
                return(SSLv3_server_method());
@@ -164,9 +187,8 @@ IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
 int ssl3_accept(SSL *s)
        {
        BUF_MEM *buf;
-        unsigned long l,Time=(unsigned long)time(NULL);
+        unsigned long alg_k,Time=(unsigned long)time(NULL);
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
-        long num1;
        int ret= -1;
        int new_state,state,skip=0;
@@ -248,6 +270,18 @@ int ssl3_accept(SSL *s)
                                s->state=SSL3_ST_SR_CLNT_HELLO_A;
                                s->ctx->stats.sess_accept++;
                                }
+                        else if (!s->s3->send_connection_binding &&
+                                !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+                                {
+                                /* Server attempting to renegotiate with
+                                 * client that doesn't support secure
+                                 * renegotiation.
+                                 */
+                                SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+                                ret = -1;
+                                goto end;
+                                }
                        else
                                {
                                /* s->state == SSL_ST_RENEGOTIATE,
@@ -281,6 +315,7 @@ int ssl3_accept(SSL *s)
                        s->shutdown=0;
                        ret=ssl3_get_client_hello(s);
                        if (ret <= 0) goto end;
+                        
                        s->new_session = 2;
                        s->state=SSL3_ST_SW_SRVR_HELLO_A;
                        s->init_num=0;
@@ -309,9 +344,11 @@ int ssl3_accept(SSL *s)
                case SSL3_ST_SW_CERT_A:
                case SSL3_ST_SW_CERT_B:
-                        /* Check if it is anon DH or anon ECDH or KRB5 */
+                        /* Check if it is anon DH or anon ECDH, */
-                        if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)
+                        /* normal PSK or KRB5 */
-                                && !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
+                        if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
+                                && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
+                                && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
                                {
                                ret=ssl3_send_server_certificate(s);
                                if (ret <= 0) goto end;
@@ -338,13 +375,13 @@ int ssl3_accept(SSL *s)
                case SSL3_ST_SW_KEY_EXCH_A:
                case SSL3_ST_SW_KEY_EXCH_B:
-                        l=s->s3->tmp.new_cipher->algorithms;
+                        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
                        /* clear this, it may get reset by
                         * send_server_key_exchange */
                        if ((s->options & SSL_OP_EPHEMERAL_RSA)
 #ifndef OPENSSL_NO_KRB5
-                                && !(l & SSL_KRB5)
+                                && !(alg_k & SSL_kKRB5)
 #endif /* OPENSSL_NO_KRB5 */
                                )
                                /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
@@ -359,16 +396,23 @@ int ssl3_accept(SSL *s)
                        /* only send if a DH key exchange, fortezza or
                         * RSA but we have a sign only certificate
                         *
+                         * PSK: may send PSK identity hints
+                         *
                         * For ECC ciphersuites, we send a serverKeyExchange
                         * message only if the cipher suite is either
                         * ECDH-anon or ECDHE. In other cases, the
-                         * server certificate contains the server's 
+                         * server certificate contains the server's
                         * public key for key exchange.
                         */
                        if (s->s3->tmp.use_rsa_tmp
-                            || (l & SSL_kECDHE)
+                        /* PSK: send ServerKeyExchange if PSK identity
-                            || (l & (SSL_DH|SSL_kFZA))
+                         * hint if provided */
-                            || ((l & SSL_kRSA)
+#ifndef OPENSSL_NO_PSK
+                            || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
+#endif
+                            || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH))
+                            || (alg_k & SSL_kEECDH)
+                            || ((alg_k & SSL_kRSA)
                                && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
                                    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
                                        && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
@@ -398,12 +442,15 @@ int ssl3_accept(SSL *s)
                                /* never request cert in anonymous ciphersuites
                                 * (see section "Certificate request" in SSL 3 drafts
                                 * and in RFC 2246): */
-                                ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
+                                ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
                                 /* ... except when the application insists on verification
                                  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
                                 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
-                                 /* never request cert in Kerberos ciphersuites */
+                                 /* never request cert in Kerberos ciphersuites */
-                                (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
+                                (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
+                                /* With normal PSK Certificates and
+                                 * Certificate Requests are omitted */
+                                || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
                                {
                                /* no cert request */
                                skip=1;
@@ -435,15 +482,24 @@ int ssl3_accept(SSL *s)
                        break;
                
                case SSL3_ST_SW_FLUSH:
-                        /* number of bytes to be flushed */
-                        num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+                        /* This code originally checked to see if
-                        if (num1 > 0)
+                         * any data was pending using BIO_CTRL_INFO
+                         * and then flushed. This caused problems
+                         * as documented in PR#1939. The proposed
+                         * fix doesn't completely resolve this issue
+                         * as buggy implementations of BIO_CTRL_PENDING
+                         * still exist. So instead we just flush
+                         * unconditionally.
+                         */
+                        s->rwstate=SSL_WRITING;
+                        if (BIO_flush(s->wbio) <= 0)
                                {
-                                s->rwstate=SSL_WRITING;
+                                ret= -1;
-                                num1=BIO_flush(s->wbio);
+                                goto end;
-                                if (num1 <= 0) { ret= -1; goto end; }
-                                s->rwstate=SSL_NOTHING;
                                }
+                        s->rwstate=SSL_NOTHING;
                        s->state=s->s3->tmp.next_state;
                        break;
@@ -470,7 +526,7 @@ int ssl3_accept(SSL *s)
                case SSL3_ST_SR_KEY_EXCH_A:
                case SSL3_ST_SR_KEY_EXCH_B:
                        ret=ssl3_get_client_key_exchange(s);
-                        if (ret <= 0) 
+                        if (ret <= 0)
                                goto end;
                        if (ret == 2)
                                {
@@ -478,24 +534,43 @@ int ssl3_accept(SSL *s)
                                 * the client sends its ECDH pub key in
                                 * a certificate, the CertificateVerify
                                 * message is not sent.
+                                 * Also for GOST ciphersuites when
+                                 * the client uses its key from the certificate
+                                 * for key exchange.
                                 */
                                s->state=SSL3_ST_SR_FINISHED_A;
                                s->init_num = 0;
                                }
-                        else   
+                        else
                                {
+                                int offset=0;
+                                int dgst_num;
                                s->state=SSL3_ST_SR_CERT_VRFY_A;
                                s->init_num=0;
                                /* We need to get hashes here so if there is
                                 * a client cert, it can be verified
-                                 */ 
+                                 * FIXME - digest processing for CertificateVerify
-                                s->method->ssl3_enc->cert_verify_mac(s,
+                                 * should be generalized. But it is next step
-                                    &(s->s3->finish_dgst1),
+                                 */
-                                    &(s->s3->tmp.cert_verify_md[0]));
+                                if (s->s3->handshake_buffer)
-                                s->method->ssl3_enc->cert_verify_mac(s,
+                                        if (!ssl3_digest_cached_records(s))
-                                    &(s->s3->finish_dgst2),
+                                                return -1;
-                                    &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
+                                for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)    
+                                        if (s->s3->handshake_dgst[dgst_num]) 
+                                                {
+                                                int dgst_size;
+                                                s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset]));
+                                                dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
+                                                if (dgst_size < 0)
+                                                        {
+                                                        ret = -1;
+                                                        goto end;
+                                                        }
+                                                offset+=dgst_size;
+                                                }               
                                }
                        break;
@@ -515,11 +590,14 @@ int ssl3_accept(SSL *s)
                        ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
                                SSL3_ST_SR_FINISHED_B);
                        if (ret <= 0) goto end;
-                        if (s->hit)
-                                s->state=SSL_ST_OK;
 #ifndef OPENSSL_NO_TLSEXT
-                        else if (s->tlsext_ticket_expected)
+                        if (s->tlsext_ticket_expected)
                                s->state=SSL3_ST_SW_SESSION_TICKET_A;
+                        else if (s->hit)
+                                s->state=SSL_ST_OK;
+#else
+                        if (s->hit)
+                                s->state=SSL_ST_OK;
 #endif
                        else
                                s->state=SSL3_ST_SW_CHANGE_A;
@@ -749,7 +827,7 @@ int ssl3_get_client_hello(SSL *s)
            (s->version != DTLS1_VERSION && s->client_version < s->version))
                {
                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
-                if ((s->client_version>>8) == SSL3_VERSION_MAJOR) 
+                if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
                        {
                        /* similar to ssl3_get_record, send alert using remote version number */
                        s->version = s->client_version;
@@ -758,6 +836,21 @@ int ssl3_get_client_hello(SSL *s)
                goto f_err;
                }
+        /* If we require cookies and this ClientHello doesn't
+         * contain one, just return since we do not want to
+         * allocate any memory yet. So check cookie length...
+         */
+        if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)
+                {
+                unsigned int session_length, cookie_length;
+                
+                session_length = *(p + SSL3_RANDOM_SIZE);
+                cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
+                if (cookie_length == 0)
+                        return 1;
+                }
        /* load the client random */
        memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
        p+=SSL3_RANDOM_SIZE;
@@ -797,23 +890,11 @@ int ssl3_get_client_hello(SSL *s)
        p+=j;
-        if (s->version == DTLS1_VERSION)
+        if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
                {
                /* cookie stuff */
                cookie_len = *(p++);
-                if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
-                        s->d1->send_cookie == 0)
-                        {
-                        /* HelloVerifyMessage has already been sent */
-                        if ( cookie_len != s->d1->cookie_len)
-                                {
-                                al = SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
-                                goto f_err;
-                                }
-                        }
                /* 
                 * The ClientHello may contain a cookie even if the
                 * HelloVerify message has not been sent--make sure that it
@@ -828,7 +909,7 @@ int ssl3_get_client_hello(SSL *s)
                        }
                /* verify the cookie if appropriate option is set. */
-                if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
+                if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
                        cookie_len > 0)
                        {
                        memcpy(s->d1->rcvd_cookie, p, cookie_len);
@@ -853,6 +934,8 @@ int ssl3_get_client_hello(SSL *s)
                                                SSL_R_COOKIE_MISMATCH);
                                        goto f_err;
                                }
+                        ret = 2;
                        }
                p += cookie_len;
@@ -952,7 +1035,7 @@ int ssl3_get_client_hello(SSL *s)
 #ifndef OPENSSL_NO_TLSEXT
        /* TLS extensions*/
-        if (s->version > SSL3_VERSION)
+        if (s->version >= SSL3_VERSION)
                {
                if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
                        {
@@ -965,13 +1048,110 @@ int ssl3_get_client_hello(SSL *s)
                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
                        goto err;
                }
+        /* Check if we want to use external pre-shared secret for this
+         * handshake for not reused session only. We need to generate
+         * server_random before calling tls_session_secret_cb in order to allow
+         * SessionTicket processing to use it in key derivation. */
+        {
+                unsigned long Time;
+                unsigned char *pos;
+                Time=(unsigned long)time(NULL);                 /* Time */
+                pos=s->s3->server_random;
+                l2n(Time,pos);
+                if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
+                        {
+                        al=SSL_AD_INTERNAL_ERROR;
+                        goto f_err;
+                        }
+        }
+        if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
+                {
+                SSL_CIPHER *pref_cipher=NULL;
+                s->session->master_key_length=sizeof(s->session->master_key);
+                if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
+                        ciphers, &pref_cipher, s->tls_session_secret_cb_arg))
+                        {
+                        s->hit=1;
+                        s->session->ciphers=ciphers;
+                        s->session->verify_result=X509_V_OK;
+                        ciphers=NULL;
+                        /* check if some cipher was preferred by call back */
+                        pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
+                        if (pref_cipher == NULL)
+                                {
+                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
+                                goto f_err;
+                                }
+                        s->session->cipher=pref_cipher;
+                        if (s->cipher_list)
+                                sk_SSL_CIPHER_free(s->cipher_list);
+                        if (s->cipher_list_by_id)
+                                sk_SSL_CIPHER_free(s->cipher_list_by_id);
+                        s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
+                        s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
+                        }
+                }
 #endif
        /* Worst case, we will use the NULL compression, but if we have other
         * options, we will now look for them.  We have i-1 compression
         * algorithms from the client, starting at q. */
        s->s3->tmp.new_compression=NULL;
 #ifndef OPENSSL_NO_COMP
-        if (s->ctx->comp_methods != NULL)
+        /* This only happens if we have a cache hit */
+        if (s->session->compress_meth != 0)
+                {
+                int m, comp_id = s->session->compress_meth;
+                /* Perform sanity checks on resumed compression algorithm */
+                /* Can't disable compression */
+                if (s->options & SSL_OP_NO_COMPRESSION)
+                        {
+                        al=SSL_AD_INTERNAL_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
+                        goto f_err;
+                        }
+                /* Look for resumed compression method */
+                for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++)
+                        {
+                        comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
+                        if (comp_id == comp->id)
+                                {
+                                s->s3->tmp.new_compression=comp;
+                                break;
+                                }
+                        }
+                if (s->s3->tmp.new_compression == NULL)
+                        {
+                        al=SSL_AD_INTERNAL_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INVALID_COMPRESSION_ALGORITHM);
+                        goto f_err;
+                        }
+                /* Look for resumed method in compression list */
+                for (m = 0; m < i; m++)
+                        {
+                        if (q[m] == comp_id)
+                                break;
+                        }
+                if (m >= i)
+                        {
+                        al=SSL_AD_ILLEGAL_PARAMETER;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
+                        goto f_err;
+                        }
+                }
+        else if (s->hit)
+                comp = NULL;
+        else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
                { /* See if we have a match */
                int m,nn,o,v,done=0;
@@ -995,22 +1175,15 @@ int ssl3_get_client_hello(SSL *s)
                else
                        comp=NULL;
                }
-#endif
+#else
+        /* If compression is disabled we'd better not try to resume a session
-        /* TLS does not mind if there is extra stuff */
+         * using compression.
-#if 0   /* SSL 3.0 does not mind either, so we should disable this test
+         */
-         * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
+        if (s->session->compress_meth != 0)
-         * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
-        if (s->version == SSL3_VERSION)
                {
-                if (p < (d+n))
+                al=SSL_AD_INTERNAL_ERROR;
-                        {
+                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
-                        /* wrong number of bytes,
+                goto f_err;
-                         * there could be more to follow */
-                        al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
-                        goto f_err;
-                        }
                }
 #endif
@@ -1059,7 +1232,7 @@ int ssl3_get_client_hello(SSL *s)
                        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
                                {
                                c=sk_SSL_CIPHER_value(sk,i);
-                                if (c->algorithms & SSL_eNULL)
+                                if (c->algorithm_enc & SSL_eNULL)
                                        nc=c;
                                if (SSL_C_IS_EXPORT(c))
                                        ec=c;
@@ -1075,6 +1248,9 @@ int ssl3_get_client_hello(SSL *s)
 #endif
                s->s3->tmp.new_cipher=s->session->cipher;
                }
+        if (!ssl3_digest_cached_records(s))
+                goto f_err;
        
        /* we now have the following setup. 
         * client_random
@@ -1087,7 +1263,7 @@ int ssl3_get_client_hello(SSL *s)
         * s->tmp.new_cipher    - the new cipher to use.
         */
-        ret=1;
+        if (ret < 0) ret=1;
        if (0)
                {
 f_err:
@@ -1103,16 +1279,22 @@ int ssl3_send_server_hello(SSL *s)
        unsigned char *buf;
        unsigned char *p,*d;
        int i,sl;
-        unsigned long l,Time;
+        unsigned long l;
+#ifdef OPENSSL_NO_TLSEXT
+        unsigned long Time;
+#endif
        if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
                {
                buf=(unsigned char *)s->init_buf->data;
+#ifdef OPENSSL_NO_TLSEXT
                p=s->s3->server_random;
+                /* Generate server_random if it was not needed previously */
                Time=(unsigned long)time(NULL);                 /* Time */
                l2n(Time,p);
                if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
                        return -1;
+#endif
                /* Do the message type and length last */
                d=p= &(buf[4]);
@@ -1166,6 +1348,11 @@ int ssl3_send_server_hello(SSL *s)
                        *(p++)=s->s3->tmp.new_compression->id;
 #endif
 #ifndef OPENSSL_NO_TLSEXT
+                if (ssl_prepare_serverhello_tlsext(s) <= 0)
+                        {
+                        SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
+                        return -1;
+                        }
                if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
                        {
                        SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
@@ -1245,7 +1432,7 @@ int ssl3_send_server_key_exchange(SSL *s)
        EVP_MD_CTX_init(&md_ctx);
        if (s->state == SSL3_ST_SW_KEY_EXCH_A)
                {
-                type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
+                type=s->s3->tmp.new_cipher->algorithm_mkey;
                cert=s->cert;
                buf=s->init_buf;
@@ -1340,7 +1527,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                else 
 #endif
 #ifndef OPENSSL_NO_ECDH
-                        if (type & SSL_kECDHE)
+                        if (type & SSL_kEECDH)
                        {
                        const EC_GROUP *group;
@@ -1410,7 +1597,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                         * supported named curves, curve_id is non-zero.
                         */
                        if ((curve_id = 
-                            nid2curve_id(EC_GROUP_get_curve_name(group)))
+                            tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
                            == 0)
                                {
                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
@@ -1467,6 +1654,14 @@ int ssl3_send_server_key_exchange(SSL *s)
                        }
                else 
 #endif /* !OPENSSL_NO_ECDH */
+#ifndef OPENSSL_NO_PSK
+                        if (type & SSL_kPSK)
+                                {
+                                /* reserve size for record length and PSK identity hint*/
+                                n+=2+strlen(s->ctx->psk_identity_hint);
+                                }
+                        else
+#endif /* !OPENSSL_NO_PSK */
                        {
                        al=SSL_AD_HANDSHAKE_FAILURE;
                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
@@ -1478,7 +1673,8 @@ int ssl3_send_server_key_exchange(SSL *s)
                        n+=2+nr[i];
                        }
-                if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+                if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
+                        && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
                        {
                        if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
                                == NULL)
@@ -1510,7 +1706,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                        }
 #ifndef OPENSSL_NO_ECDH
-                if (type & SSL_kECDHE) 
+                if (type & SSL_kEECDH) 
                        {
                        /* XXX: For now, we only support named (not generic) curves.
                         * In this situation, the serverKeyExchange message has:
@@ -1534,6 +1730,16 @@ int ssl3_send_server_key_exchange(SSL *s)
                        }
 #endif
+#ifndef OPENSSL_NO_PSK
+                if (type & SSL_kPSK)
+                        {
+                        /* copy PSK identity hint */
+                        s2n(strlen(s->ctx->psk_identity_hint), p); 
+                        strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
+                        p+=strlen(s->ctx->psk_identity_hint);
+                        }
+#endif
                /* not anonymous */
                if (pkey != NULL)
                        {
@@ -1546,8 +1752,6 @@ int ssl3_send_server_key_exchange(SSL *s)
                                j=0;
                                for (num=2; num > 0; num--)
                                        {
-                                        EVP_MD_CTX_set_flags(&md_ctx,
-                                                EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
                                        EVP_DigestInit_ex(&md_ctx,(num == 2)
                                                ?s->ctx->md5:s->ctx->sha1, NULL);
                                        EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
@@ -1731,7 +1935,7 @@ int ssl3_get_client_key_exchange(SSL *s)
        {
        int i,al,ok;
        long n;
-        unsigned long l;
+        unsigned long alg_k;
        unsigned char *p;
 #ifndef OPENSSL_NO_RSA
        RSA *rsa=NULL;
@@ -1742,7 +1946,7 @@ int ssl3_get_client_key_exchange(SSL *s)
        DH *dh_srvr;
 #endif
 #ifndef OPENSSL_NO_KRB5
-        KSSL_ERR kssl_err;
+        KSSL_ERR kssl_err;
 #endif /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_ECDH
@@ -1762,10 +1966,10 @@ int ssl3_get_client_key_exchange(SSL *s)
        if (!ok) return((int)n);
        p=(unsigned char *)s->init_msg;
-        l=s->s3->tmp.new_cipher->algorithms;
+        alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
 #ifndef OPENSSL_NO_RSA
-        if (l & SSL_kRSA)
+        if (alg_k & SSL_kRSA)
                {
                /* FIX THIS UP EAY EAY EAY EAY */
                if (s->s3->tmp.use_rsa_tmp)
@@ -1796,9 +2000,8 @@ int ssl3_get_client_key_exchange(SSL *s)
                        rsa=pkey->pkey.rsa;
                        }
-                /* TLS and [incidentally] DTLS, including pre-0.9.8f */
+                /* TLS and [incidentally] DTLS{0xFEFF} */
-                if (s->version > SSL3_VERSION &&
+                if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER)
-                    s->client_version != DTLS1_BAD_VER)
                        {
                        n2s(p,i);
                        if (n != i+2)
@@ -1872,7 +2075,7 @@ int ssl3_get_client_key_exchange(SSL *s)
        else
 #endif
 #ifndef OPENSSL_NO_DH
-                if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+                if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
                {
                n2s(p,i);
                if (n != i+2)
@@ -1935,30 +2138,30 @@ int ssl3_get_client_key_exchange(SSL *s)
        else
 #endif
 #ifndef OPENSSL_NO_KRB5
-        if (l & SSL_kKRB5)
+        if (alg_k & SSL_kKRB5)
-                {
+                {
-                krb5_error_code         krb5rc;
+                krb5_error_code         krb5rc;
                krb5_data               enc_ticket;
                krb5_data               authenticator;
                krb5_data               enc_pms;
-                KSSL_CTX                *kssl_ctx = s->kssl_ctx;
+                KSSL_CTX                *kssl_ctx = s->kssl_ctx;
                EVP_CIPHER_CTX          ciph_ctx;
-                EVP_CIPHER              *enc = NULL;
+                const EVP_CIPHER        *enc = NULL;
                unsigned char           iv[EVP_MAX_IV_LENGTH];
                unsigned char           pms[SSL_MAX_MASTER_KEY_LENGTH
-                                               + EVP_MAX_BLOCK_LENGTH];
+                                               + EVP_MAX_BLOCK_LENGTH];
-                int                     padl, outl;
+                int                  padl, outl;
                krb5_timestamp          authtime = 0;
                krb5_ticket_times       ttimes;
                EVP_CIPHER_CTX_init(&ciph_ctx);
-                if (!kssl_ctx)  kssl_ctx = kssl_ctx_new();
+                if (!kssl_ctx)  kssl_ctx = kssl_ctx_new();
                n2s(p,i);
                enc_ticket.length = i;
-                if (n < (int)enc_ticket.length + 6)
+                if (n < (long)(enc_ticket.length + 6))
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                SSL_R_DATA_LENGTH_TOO_LONG);
@@ -1971,7 +2174,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                n2s(p,i);
                authenticator.length = i;
-                if (n < (int)(enc_ticket.length + authenticator.length) + 6)
+                if (n < (long)(enc_ticket.length + authenticator.length + 6))
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                SSL_R_DATA_LENGTH_TOO_LONG);
@@ -2004,19 +2207,19 @@ int ssl3_get_client_key_exchange(SSL *s)
                        goto err;
                        }
-                if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
+                if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
                                        &kssl_err)) != 0)
-                        {
+                        {
 #ifdef KSSL_DEBUG
-                        printf("kssl_sget_tkt rtn %d [%d]\n",
+                        printf("kssl_sget_tkt rtn %d [%d]\n",
-                                krb5rc, kssl_err.reason);
+                                krb5rc, kssl_err.reason);
-                        if (kssl_err.text)
+                        if (kssl_err.text)
-                                printf("kssl_err text= %s\n", kssl_err.text);
+                                printf("kssl_err text= %s\n", kssl_err.text);
 #endif  /* KSSL_DEBUG */
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                kssl_err.reason);
+                                kssl_err.reason);
-                        goto err;
+                        goto err;
-                        }
+                        }
                /*  Note: no authenticator is not considered an error,
                **  but will return authtime == 0.
@@ -2025,29 +2228,29 @@ int ssl3_get_client_key_exchange(SSL *s)
                                        &authtime, &kssl_err)) != 0)
                        {
 #ifdef KSSL_DEBUG
-                        printf("kssl_check_authent rtn %d [%d]\n",
+                        printf("kssl_check_authent rtn %d [%d]\n",
-                                krb5rc, kssl_err.reason);
+                                krb5rc, kssl_err.reason);
-                        if (kssl_err.text)
+                        if (kssl_err.text)
-                                printf("kssl_err text= %s\n", kssl_err.text);
+                                printf("kssl_err text= %s\n", kssl_err.text);
 #endif  /* KSSL_DEBUG */
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                kssl_err.reason);
+                                kssl_err.reason);
-                        goto err;
+                        goto err;
                        }
                if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
-                        goto err;
+                        goto err;
                        }
 #ifdef KSSL_DEBUG
-                kssl_ctx_show(kssl_ctx);
+                kssl_ctx_show(kssl_ctx);
 #endif  /* KSSL_DEBUG */
                enc = kssl_map_enc(kssl_ctx->enctype);
-                if (enc == NULL)
+                if (enc == NULL)
-                    goto err;
+                    goto err;
                memset(iv, 0, sizeof iv);       /* per RFC 1510 */
@@ -2094,7 +2297,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                     * (Perhaps we should have a separate BUG value for the Kerberos cipher)
                     */
                    if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG))
-                        {
+                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                               SSL_AD_DECODE_ERROR);
                        goto err;
@@ -2103,32 +2306,32 @@ int ssl3_get_client_key_exchange(SSL *s)
                EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-                s->session->master_key_length=
+                s->session->master_key_length=
-                        s->method->ssl3_enc->generate_master_secret(s,
+                        s->method->ssl3_enc->generate_master_secret(s,
-                                s->session->master_key, pms, outl);
+                                s->session->master_key, pms, outl);
-                if (kssl_ctx->client_princ)
+                if (kssl_ctx->client_princ)
-                        {
+                        {
-                        size_t len = strlen(kssl_ctx->client_princ);
+                        size_t len = strlen(kssl_ctx->client_princ);
-                        if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) 
+                        if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) 
-                                {
+                                {
-                                s->session->krb5_client_princ_len = len;
+                                s->session->krb5_client_princ_len = len;
-                                memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
+                                memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
-                                }
+                                }
-                        }
+                        }
-                /*  Was doing kssl_ctx_free() here,
+                /*  Was doing kssl_ctx_free() here,
                **  but it caused problems for apache.
-                **  kssl_ctx = kssl_ctx_free(kssl_ctx);
+                **  kssl_ctx = kssl_ctx_free(kssl_ctx);
-                **  if (s->kssl_ctx)  s->kssl_ctx = NULL;
+                **  if (s->kssl_ctx)  s->kssl_ctx = NULL;
-                */
+                */
-                }
+                }
        else
 #endif  /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_ECDH
-                if ((l & SSL_kECDH) || (l & SSL_kECDHE))
+                if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
                {
                int ret = 1;
                int field_size = 0;
@@ -2136,18 +2339,18 @@ int ssl3_get_client_key_exchange(SSL *s)
                const EC_GROUP *group;
                const BIGNUM *priv_key;
-                /* initialize structures for server's ECDH key pair */
+                /* initialize structures for server's ECDH key pair */
                if ((srvr_ecdh = EC_KEY_new()) == NULL) 
                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                            ERR_R_MALLOC_FAILURE);
-                        goto err;
+                        goto err;
                        }
                /* Let's get server private key and group information */
-                if (l & SSL_kECDH) 
+                if (alg_k & (SSL_kECDHr|SSL_kECDHe))
                        { 
-                        /* use the certificate */
+                        /* use the certificate */
                        tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
                        }
                else
@@ -2177,20 +2380,20 @@ int ssl3_get_client_key_exchange(SSL *s)
                        goto err;
                        }
-                if (n == 0L) 
+                if (n == 0L) 
-                        {
+                        {
                        /* Client Publickey was in Client Certificate */
-                         if (l & SSL_kECDHE) 
+                         if (alg_k & SSL_kEECDH)
                                 {
                                 al=SSL_AD_HANDSHAKE_FAILURE;
                                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
                                 goto f_err;
                                 }
-                        if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
+                        if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
                            == NULL) || 
                            (clnt_pub_pkey->type != EVP_PKEY_EC))
-                                {
+                                {
                                /* XXX: For now, we do not support client
                                 * authentication using ECDH certificates
                                 * so this branch (n == 0L) of the code is
@@ -2202,11 +2405,11 @@ int ssl3_get_client_key_exchange(SSL *s)
                                 * the two ECDH shares are for the same
                                 * group.
                                 */
-                                al=SSL_AD_HANDSHAKE_FAILURE;
+                                al=SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                    SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
-                                goto f_err;
+                                goto f_err;
-                                }
+                                }
                        if (EC_POINT_copy(clnt_ecpoint,
                            EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)
@@ -2215,10 +2418,10 @@ int ssl3_get_client_key_exchange(SSL *s)
                                        ERR_R_EC_LIB);
                                goto err;
                                }
-                        ret = 2; /* Skip certificate verify processing */
+                        ret = 2; /* Skip certificate verify processing */
-                        }
+                        }
-                else
+                else
-                        {
+                        {
                        /* Get client's public key from encoded point
                         * in the ClientKeyExchange message.
                         */
@@ -2229,21 +2432,21 @@ int ssl3_get_client_key_exchange(SSL *s)
                                goto err;
                                }
-                        /* Get encoded point length */
+                        /* Get encoded point length */
-                        i = *p; 
+                        i = *p; 
                        p += 1;
-                        if (EC_POINT_oct2point(group, 
+                        if (EC_POINT_oct2point(group, 
                            clnt_ecpoint, p, i, bn_ctx) == 0)
                                {
                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                    ERR_R_EC_LIB);
                                goto err;
                                }
-                        /* p is pointing to somewhere in the buffer
+                        /* p is pointing to somewhere in the buffer
-                         * currently, so set it to the start 
+                         * currently, so set it to the start 
-                         */ 
+                         */ 
-                        p=(unsigned char *)s->init_buf->data;
+                        p=(unsigned char *)s->init_buf->data;
-                        }
+                        }
                /* Compute the shared pre-master secret */
                field_size = EC_GROUP_get_degree(group);
@@ -2254,28 +2457,190 @@ int ssl3_get_client_key_exchange(SSL *s)
                        goto err;
                        }
                i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
-                if (i <= 0)
+                if (i <= 0)
-                        {
+                        {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                            ERR_R_ECDH_LIB);
-                        goto err;
+                        goto err;
-                        }
+                        }
                EVP_PKEY_free(clnt_pub_pkey);
                EC_POINT_free(clnt_ecpoint);
-                if (srvr_ecdh != NULL) 
+                EC_KEY_free(srvr_ecdh);
-                        EC_KEY_free(srvr_ecdh);
                BN_CTX_free(bn_ctx);
+                EC_KEY_free(s->s3->tmp.ecdh);
+                s->s3->tmp.ecdh = NULL; 
                /* Compute the master secret */
-                s->session->master_key_length = s->method->ssl3_enc-> \
+                s->session->master_key_length = s->method->ssl3_enc-> \
                    generate_master_secret(s, s->session->master_key, p, i);
                
-                OPENSSL_cleanse(p, i);
+                OPENSSL_cleanse(p, i);
-                return (ret);
+                return (ret);
                }
        else
 #endif
+#ifndef OPENSSL_NO_PSK
+                if (alg_k & SSL_kPSK)
+                        {
+                        unsigned char *t = NULL;
+                        unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
+                        unsigned int pre_ms_len = 0, psk_len = 0;
+                        int psk_err = 1;
+                        char tmp_id[PSK_MAX_IDENTITY_LEN+1];
+                        al=SSL_AD_HANDSHAKE_FAILURE;
+                        n2s(p,i);
+                        if (n != i+2)
+                                {
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                        SSL_R_LENGTH_MISMATCH);
+                                goto psk_err;
+                                }
+                        if (i > PSK_MAX_IDENTITY_LEN)
+                                {
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                        SSL_R_DATA_LENGTH_TOO_LONG);
+                                goto psk_err;
+                                }
+                        if (s->psk_server_callback == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                       SSL_R_PSK_NO_SERVER_CB);
+                                goto psk_err;
+                                }
+                        /* Create guaranteed NULL-terminated identity
+                         * string for the callback */
+                        memcpy(tmp_id, p, i);
+                        memset(tmp_id+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
+                        psk_len = s->psk_server_callback(s, tmp_id,
+                                psk_or_pre_ms, sizeof(psk_or_pre_ms));
+                        OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN+1);
+                        if (psk_len > PSK_MAX_PSK_LEN)
+                                {
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                        ERR_R_INTERNAL_ERROR);
+                                goto psk_err;
+                                }
+                        else if (psk_len == 0)
+                                {
+                                /* PSK related to the given identity not found */
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                       SSL_R_PSK_IDENTITY_NOT_FOUND);
+                                al=SSL_AD_UNKNOWN_PSK_IDENTITY;
+                                goto psk_err;
+                                }
+                        /* create PSK pre_master_secret */
+                        pre_ms_len=2+psk_len+2+psk_len;
+                        t = psk_or_pre_ms;
+                        memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
+                        s2n(psk_len, t);
+                        memset(t, 0, psk_len);
+                        t+=psk_len;
+                        s2n(psk_len, t);
+                        if (s->session->psk_identity != NULL)
+                                OPENSSL_free(s->session->psk_identity);
+                        s->session->psk_identity = BUF_strdup((char *)p);
+                        if (s->session->psk_identity == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                        ERR_R_MALLOC_FAILURE);
+                                goto psk_err;
+                                }
+                        if (s->session->psk_identity_hint != NULL)
+                                OPENSSL_free(s->session->psk_identity_hint);
+                        s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
+                        if (s->ctx->psk_identity_hint != NULL &&
+                                s->session->psk_identity_hint == NULL)
+                                {
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                        ERR_R_MALLOC_FAILURE);
+                                goto psk_err;
+                                }
+                        s->session->master_key_length=
+                                s->method->ssl3_enc->generate_master_secret(s,
+                                        s->session->master_key, psk_or_pre_ms, pre_ms_len);
+                        psk_err = 0;
+                psk_err:
+                        OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
+                        if (psk_err != 0)
+                                goto f_err;
+                        }
+                else
+#endif
+                if (alg_k & SSL_kGOST) 
+                        {
+                        int ret = 0;
+                        EVP_PKEY_CTX *pkey_ctx;
+                        EVP_PKEY *client_pub_pkey = NULL;
+                        unsigned char premaster_secret[32], *start;
+                        size_t outlen=32, inlen;                        
+                        /* Get our certificate private key*/
+                        pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL);     
+                        EVP_PKEY_decrypt_init(pkey_ctx);
+                        /* If client certificate is present and is of the same type, maybe
+                         * use it for key exchange.  Don't mind errors from
+                         * EVP_PKEY_derive_set_peer, because it is completely valid to use
+                         * a client certificate for authorization only. */
+                        client_pub_pkey = X509_get_pubkey(s->session->peer);
+                        if (client_pub_pkey)
+                                {
+                                if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
+                                        ERR_clear_error();
+                                }
+                        /* Decrypt session key */
+                        if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED))) 
+                                {
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
+                                goto gerr;
+                                }
+                        if (p[1] == 0x81)
+                                {
+                                start = p+3;
+                                inlen = p[2];
+                                }
+                        else if (p[1] < 0x80)
+                                {
+                                start = p+2;
+                                inlen = p[1];
+                                }
+                        else
+                                {
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
+                                goto gerr;
+                                }
+                        if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0) 
+                                {
+                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
+                                goto gerr;
+                                }
+                        /* Generate master secret */
+                        s->session->master_key_length=
+                                s->method->ssl3_enc->generate_master_secret(s,
+                                        s->session->master_key,premaster_secret,32);
+                        /* Check if pubkey from client certificate was used */
+                        if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
+                                ret = 2;
+                        else
+                                ret = 1;
+                gerr:
+                        EVP_PKEY_free(client_pub_pkey);
+                        EVP_PKEY_CTX_free(pkey_ctx);
+                        if (ret)
+                                return ret;
+                        else
+                                goto err;
+                        }
+                else
                {
                al=SSL_AD_HANDSHAKE_FAILURE;
                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -2365,15 +2730,25 @@ int ssl3_get_cert_verify(SSL *s)
        /* we now have a signature that we need to verify */
        p=(unsigned char *)s->init_msg;
-        n2s(p,i);
+        /* Check for broken implementations of GOST ciphersuites */
-        n-=2;
+        /* If key is GOST and n is exactly 64, it is bare
-        if (i > n)
+         * signature without length field */
+        if (n==64 && (pkey->type==NID_id_GostR3410_94 ||
+                pkey->type == NID_id_GostR3410_2001) )
                {
-                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
+                i=64;
-                al=SSL_AD_DECODE_ERROR;
+                } 
-                goto f_err;
+        else 
-                }
+                {       
+                n2s(p,i);
+                n-=2;
+                if (i > n)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
+                        al=SSL_AD_DECODE_ERROR;
+                        goto f_err;
+                        }
+        }
        j=EVP_PKEY_size(pkey);
        if ((i > j) || (n > j) || (n <= 0))
                {
@@ -2436,6 +2811,28 @@ int ssl3_get_cert_verify(SSL *s)
                }
        else
 #endif
+        if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
+                {   unsigned char signature[64];
+                        int idx;
+                        EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey,NULL);
+                        EVP_PKEY_verify_init(pctx);
+                        if (i!=64) {
+                                fprintf(stderr,"GOST signature length is %d",i);
+                        }       
+                        for (idx=0;idx<64;idx++) {
+                                signature[63-idx]=p[idx];
+                        }       
+                        j=EVP_PKEY_verify(pctx,signature,64,s->s3->tmp.cert_verify_md,32);
+                        EVP_PKEY_CTX_free(pctx);
+                        if (j<=0) 
+                                {
+                                al=SSL_AD_DECRYPT_ERROR;
+                                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+                                        SSL_R_BAD_ECDSA_SIGNATURE);
+                                goto f_err;
+                                }       
+                }
+        else    
                {
                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
                al=SSL_AD_UNSUPPORTED_CERTIFICATE;
@@ -2618,14 +3015,15 @@ int ssl3_send_server_certificate(SSL *s)
        if (s->state == SSL3_ST_SW_CERT_A)
                {
                x=ssl_get_server_send_cert(s);
-                if (x == NULL &&
+                if (x == NULL)
-                        /* VRS: allow null cert if auth == KRB5 */
-                        (s->s3->tmp.new_cipher->algorithms
-                                & (SSL_MKEY_MASK|SSL_AUTH_MASK))
-                        != (SSL_aKRB5|SSL_kKRB5))
                        {
-                        SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+                        /* VRS: allow null cert if auth == KRB5 */
-                        return(0);
+                        if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||
+                            (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5))
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+                                return(0);
+                                }
                        }
                l=ssl3_output_cert_chain(s,x);
@@ -2637,70 +3035,6 @@ int ssl3_send_server_certificate(SSL *s)
        /* SSL3_ST_SW_CERT_B */
        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
        }
-#ifndef OPENSSL_NO_ECDH
-/* This is the complement of curve_id2nid in s3_clnt.c. */
-static int nid2curve_id(int nid)
-{
-        /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
-         * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
-        switch (nid) {
-        case NID_sect163k1: /* sect163k1 (1) */
-                return 1;
-        case NID_sect163r1: /* sect163r1 (2) */
-                return 2;
-        case NID_sect163r2: /* sect163r2 (3) */
-                return 3;
-        case NID_sect193r1: /* sect193r1 (4) */ 
-                return 4;
-        case NID_sect193r2: /* sect193r2 (5) */ 
-                return 5;
-        case NID_sect233k1: /* sect233k1 (6) */
-                return 6;
-        case NID_sect233r1: /* sect233r1 (7) */ 
-                return 7;
-        case NID_sect239k1: /* sect239k1 (8) */ 
-                return 8;
-        case NID_sect283k1: /* sect283k1 (9) */
-                return 9;
-        case NID_sect283r1: /* sect283r1 (10) */ 
-                return 10;
-        case NID_sect409k1: /* sect409k1 (11) */ 
-                return 11;
-        case NID_sect409r1: /* sect409r1 (12) */
-                return 12;
-        case NID_sect571k1: /* sect571k1 (13) */ 
-                return 13;
-        case NID_sect571r1: /* sect571r1 (14) */ 
-                return 14;
-        case NID_secp160k1: /* secp160k1 (15) */
-                return 15;
-        case NID_secp160r1: /* secp160r1 (16) */ 
-                return 16;
-        case NID_secp160r2: /* secp160r2 (17) */ 
-                return 17;
-        case NID_secp192k1: /* secp192k1 (18) */
-                return 18;
-        case NID_X9_62_prime192v1: /* secp192r1 (19) */ 
-                return 19;
-        case NID_secp224k1: /* secp224k1 (20) */ 
-                return 20;
-        case NID_secp224r1: /* secp224r1 (21) */
-                return 21;
-        case NID_secp256k1: /* secp256k1 (22) */ 
-                return 22;
-        case NID_X9_62_prime256v1: /* secp256r1 (23) */ 
-                return 23;
-        case NID_secp384r1: /* secp384r1 (24) */
-                return 24;
-        case NID_secp521r1:  /* secp521r1 (25) */       
-                return 25;
-        default:
-                return 0;
-        }
-}
-#endif
 #ifndef OPENSSL_NO_TLSEXT
 int ssl3_send_newsession_ticket(SSL *s)
        {
@@ -2711,6 +3045,7 @@ int ssl3_send_newsession_ticket(SSL *s)
                unsigned int hlen;
                EVP_CIPHER_CTX ctx;
                HMAC_CTX hctx;
+                SSL_CTX *tctx = s->initial_ctx;
                unsigned char iv[EVP_MAX_IV_LENGTH];
                unsigned char key_name[16];
@@ -2749,9 +3084,9 @@ int ssl3_send_newsession_ticket(SSL *s)
                 * it does all the work otherwise use generated values
                 * from parent ctx.
                 */
-                if (s->ctx->tlsext_ticket_key_cb)
+                if (tctx->tlsext_ticket_key_cb)
                        {
-                        if (s->ctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
+                        if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
                                                         &hctx, 1) < 0)
                                {
                                OPENSSL_free(senc);
@@ -2762,10 +3097,10 @@ int ssl3_send_newsession_ticket(SSL *s)
                        {
                        RAND_pseudo_bytes(iv, 16);
                        EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-                                        s->ctx->tlsext_tick_aes_key, iv);
+                                        tctx->tlsext_tick_aes_key, iv);
-                        HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
+                        HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
                                        tlsext_tick_md(), NULL);
-                        memcpy(key_name, s->ctx->tlsext_tick_key_name, 16);
+                        memcpy(key_name, tctx->tlsext_tick_key_name, 16);
                        }
                l2n(s->session->tlsext_tick_lifetime_hint, p);
                /* Skip ticket length for now */
diff --git a/src/lib/libssl/src/ssl/ssl-lib.com b/src/lib/libssl/src/ssl/ssl-lib.com
index fcd7ff774c..c5ca9e1df7 100644
--- a/src/lib/libssl/src/ssl/ssl-lib.com
+++ b/src/lib/libssl/src/ssl/ssl-lib.com
@@ -8,11 +8,11 @@ $!
 $!  Changes by Richard Levitte <richard@levitte.org>
 $!
 $!  This command file compiles and creates the "[.xxx.EXE.SSL]LIBSSL.OLB" 
-$!  library for OpenSSL.  The "xxx" denotes the machine architecture of AXP 
+$!  library for OpenSSL.  The "xxx" denotes the machine architecture of
-$!  or VAX.
+$!  ALPHA, IA64 or VAX.
 $!
 $!  It is written to detect what type of machine you are compiling on
-$!  (i.e. AXP or VAX) and which "C" compiler you have (i.e. VAXC, DECC 
+$!  (i.e. ALPHA or VAX) and which "C" compiler you have (i.e. VAXC, DECC 
 $!  or GNU C) or you can specify which compiler to use.
 $!
 $!  Specify the following as P1 to build just that part or ALL to just
@@ -30,7 +30,7 @@ $!	   VAXC	 For VAX C.
 $!         DECC  For DEC C.
 $!         GNUC  For GNU C.
 $!
-$!  If you don't speficy a compiler, it will try to determine which
+$!  If you don't specify a compiler, it will try to determine which
 $!  "C" compiler to use.
 $!
 $!  P4, if defined, sets a TCP/IP library to use, through one of the following
@@ -48,27 +48,36 @@ $! (That Is, If We Need To Link To One.)
 $!
 $ TCPIP_LIB = ""
 $!
-$! Check Which Architecture We Are Using.
+$! Check What Architecture We Are Using.
 $!
-$ IF (F$GETSYI("CPU").GE.128)
+$ IF (F$GETSYI("CPU").LT.128)
 $ THEN
 $!
-$!  The Architecture Is AXP.
+$!  The Architecture Is VAX.
 $!
-$   ARCH := AXP
+$   ARCH = "VAX"
 $!
 $! Else...
 $!
 $ ELSE
 $!
-$!  The Architecture Is VAX.
+$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
 $!
-$   ARCH := VAX
+$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
 $!
 $! End The Architecture Check.
 $!
 $ ENDIF
 $!
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.SSL]
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.SSL]
+$!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
 $ GOSUB CHECK_OPTIONS
@@ -81,10 +90,6 @@ $! Tell The User What Kind of Machine We Run On.
 $!
 $ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
 $!
-$! Define The OBJ Directory.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.SSL]
-$!
 $! Check To See If The Architecture Specific OBJ Directory Exists.
 $!
 $ IF (F$PARSE(OBJ_DIR).EQS."")
@@ -98,10 +103,6 @@ $! End The Architecture Specific OBJ Directory Check.
 $!
 $ ENDIF
 $!
-$! Define The EXE Directory.
-$!
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.SSL]
-$!
 $! Check To See If The Architecture Specific Directory Exists.
 $!
 $ IF (F$PARSE(EXE_DIR).EQS."")
@@ -179,7 +180,7 @@ $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
            "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
            "ssl_ciph,ssl_stat,ssl_rsa,"+ -
            "ssl_asn1,ssl_txt,ssl_algs,"+ -
-            "bio_ssl,ssl_err,kssl"
+            "bio_ssl,ssl_err,kssl,t1_reneg"
 $!
 $! Tell The User That We Are Compiling The Library.
 $!
@@ -409,7 +410,7 @@ $!
 $   IF (F$SEARCH(OPT_FILE).EQS."")
 $   THEN
 $!
-$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!    Figure Out If We Need A non-VAX Or A VAX Linker Option File.
 $!
 $     IF (ARCH.EQS."VAX")
 $     THEN
@@ -429,19 +430,19 @@ $!    Else...
 $!
 $     ELSE
 $!
-$!      Create The AXP Linker Option File.
+$!      Create The non-VAX Linker Option File.
 $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For AXP To Link Agianst 
+! Default System Options File For non-VAX To Link Agianst 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
 SYS$SHARE:CMA$OPEN_RTL/SHARE
 $EOD
 $!
-$!    End The VAX/AXP DEC C Option File Check.
+$!    End The DEC C Option File Check.
 $!
 $     ENDIF
 $!
@@ -523,12 +524,12 @@ $! Else...
 $!
 $ ELSE
 $!
-$!  Else, Check To See If P1 Has A Valid Arguement.
+$!  Else, Check To See If P1 Has A Valid Argument.
 $!
 $   IF (P1.EQS."LIBRARY").OR.(P1.EQS."SSL_TASK")
 $   THEN
 $!
-$!    A Valid Arguement.
+$!    A Valid Argument.
 $!
 $     BUILDALL = P1
 $!
@@ -547,15 +548,16 @@ $     WRITE SYS$OUTPUT "    SSL_TASK :  To Compile Just The [.xxx.EXE.SSL]SSL_TA
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
+$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
 $     WRITE SYS$OUTPUT ""
 $!
 $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -609,7 +611,7 @@ $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -674,7 +676,7 @@ $   ELSE
 $!
 $!  Check To See If We Have VAXC Or DECC.
 $!
-$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
 $     THEN 
 $!
 $!      Looks Like DECC, Set To Use DECC.
@@ -784,7 +786,7 @@ $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -806,9 +808,9 @@ $!
 $!    Compile Using VAXC.
 $!
 $     CC = "CC"
-$     IF ARCH.EQS."AXP"
+$     IF ARCH.NES."VAX"
 $     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
 $       EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
@@ -822,7 +824,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -849,7 +851,7 @@ $     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -891,7 +893,7 @@ $!  Show user the result
 $!
 $   WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
@@ -992,7 +994,7 @@ $!  Print info
 $!
 $   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index ff8a128d3c..e4c3f65010 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -109,62 +109,35 @@
 *
 */
 /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * The portions of the attached software ("Contribution") is developed by
- * modification, are permitted provided that the following conditions
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * are met:
+ * license.
 *
- * 1. Redistributions of source code must retain the above copyright
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- *    notice, this list of conditions and the following disclaimer. 
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
 *
- * 2. Redistributions in binary form must reproduce the above copyright
+ * No patent licenses or other rights except those expressly stated in
- *    notice, this list of conditions and the following disclaimer in
+ * the OpenSSL open source license shall be deemed granted or received
- *    the documentation and/or other materials provided with the
+ * expressly, by implication, estoppel, or otherwise.
- *    distribution.
 *
- * 3. All advertising materials mentioning features or use of this
+ * No assurances are provided by Nokia that the Contribution does not
- *    software must display the following acknowledgment:
+ * infringe the patent or other intellectual property rights of any third
- *    "This product includes software developed by the OpenSSL Project
+ * party or that the license provides you with all the necessary rights
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ * to make use of the Contribution.
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
 *
- */
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
-/* ====================================================================
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * ECC cipher suite support in OpenSSL originally developed by 
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ * OTHERWISE.
 */
 #ifndef HEADER_SSL_H 
@@ -248,56 +221,88 @@ extern "C" {
 #define SSL_MAX_KEY_ARG_LENGTH                  8
 #define SSL_MAX_MASTER_KEY_LENGTH               48
 /* These are used to specify which ciphers to use and not to use */
+#define SSL_TXT_EXP40           "EXPORT40"
+#define SSL_TXT_EXP56           "EXPORT56"
 #define SSL_TXT_LOW             "LOW"
 #define SSL_TXT_MEDIUM          "MEDIUM"
 #define SSL_TXT_HIGH            "HIGH"
 #define SSL_TXT_FIPS            "FIPS"
-#define SSL_TXT_kFZA            "kFZA"
-#define SSL_TXT_aFZA            "aFZA"
+#define SSL_TXT_kFZA            "kFZA" /* unused! */
-#define SSL_TXT_eFZA            "eFZA"
+#define SSL_TXT_aFZA            "aFZA" /* unused! */
-#define SSL_TXT_FZA             "FZA"
+#define SSL_TXT_eFZA            "eFZA" /* unused! */
+#define SSL_TXT_FZA             "FZA"  /* unused! */
 #define SSL_TXT_aNULL           "aNULL"
 #define SSL_TXT_eNULL           "eNULL"
 #define SSL_TXT_NULL            "NULL"
-#define SSL_TXT_kKRB5           "kKRB5"
-#define SSL_TXT_aKRB5           "aKRB5"
-#define SSL_TXT_KRB5            "KRB5"
 #define SSL_TXT_kRSA            "kRSA"
-#define SSL_TXT_kDHr            "kDHr"
+#define SSL_TXT_kDHr            "kDHr" /* no such ciphersuites supported! */
-#define SSL_TXT_kDHd            "kDHd"
+#define SSL_TXT_kDHd            "kDHd" /* no such ciphersuites supported! */
+#define SSL_TXT_kDH             "kDH"  /* no such ciphersuites supported! */
 #define SSL_TXT_kEDH            "kEDH"
+#define SSL_TXT_kKRB5           "kKRB5"
+#define SSL_TXT_kECDHr          "kECDHr"
+#define SSL_TXT_kECDHe          "kECDHe"
+#define SSL_TXT_kECDH           "kECDH"
+#define SSL_TXT_kEECDH          "kEECDH"
+#define SSL_TXT_kPSK            "kPSK"
+#define SSL_TXT_kGOST           "kGOST"
 #define SSL_TXT_aRSA            "aRSA"
 #define SSL_TXT_aDSS            "aDSS"
-#define SSL_TXT_aDH             "aDH"
+#define SSL_TXT_aDH             "aDH" /* no such ciphersuites supported! */
+#define SSL_TXT_aECDH           "aECDH"
+#define SSL_TXT_aKRB5           "aKRB5"
+#define SSL_TXT_aECDSA          "aECDSA"
+#define SSL_TXT_aPSK            "aPSK"
+#define SSL_TXT_aGOST94 "aGOST94"
+#define SSL_TXT_aGOST01 "aGOST01"
+#define SSL_TXT_aGOST  "aGOST"
 #define SSL_TXT_DSS             "DSS"
 #define SSL_TXT_DH              "DH"
-#define SSL_TXT_EDH             "EDH"
+#define SSL_TXT_EDH             "EDH" /* same as "kEDH:-ADH" */
 #define SSL_TXT_ADH             "ADH"
 #define SSL_TXT_RSA             "RSA"
+#define SSL_TXT_ECDH            "ECDH"
+#define SSL_TXT_EECDH           "EECDH" /* same as "kEECDH:-AECDH" */
+#define SSL_TXT_AECDH           "AECDH"
+#define SSL_TXT_ECDSA           "ECDSA"
+#define SSL_TXT_KRB5            "KRB5"
+#define SSL_TXT_PSK             "PSK"
 #define SSL_TXT_DES             "DES"
 #define SSL_TXT_3DES            "3DES"
 #define SSL_TXT_RC4             "RC4"
 #define SSL_TXT_RC2             "RC2"
 #define SSL_TXT_IDEA            "IDEA"
 #define SSL_TXT_SEED            "SEED"
+#define SSL_TXT_AES128          "AES128"
+#define SSL_TXT_AES256          "AES256"
 #define SSL_TXT_AES             "AES"
+#define SSL_TXT_CAMELLIA128     "CAMELLIA128"
+#define SSL_TXT_CAMELLIA256     "CAMELLIA256"
 #define SSL_TXT_CAMELLIA        "CAMELLIA"
 #define SSL_TXT_MD5             "MD5"
 #define SSL_TXT_SHA1            "SHA1"
-#define SSL_TXT_SHA             "SHA"
+#define SSL_TXT_SHA             "SHA" /* same as "SHA1" */
-#define SSL_TXT_EXP             "EXP"
+#define SSL_TXT_GOST94          "GOST94" 
-#define SSL_TXT_EXPORT          "EXPORT"
+#define SSL_TXT_GOST89MAC               "GOST89MAC" 
-#define SSL_TXT_EXP40           "EXPORT40"
-#define SSL_TXT_EXP56           "EXPORT56"
 #define SSL_TXT_SSLV2           "SSLv2"
 #define SSL_TXT_SSLV3           "SSLv3"
 #define SSL_TXT_TLSV1           "TLSv1"
+#define SSL_TXT_EXP             "EXP"
+#define SSL_TXT_EXPORT          "EXPORT"
 #define SSL_TXT_ALL             "ALL"
-#define SSL_TXT_ECC             "ECCdraft" /* ECC ciphersuites are not yet official */
 /*
 * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
@@ -319,7 +324,13 @@ extern "C" {
 /* The following cipher list is used by default.
 * It also is substituted when an application-defined cipher list string
 * starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */
+#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
+/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+ * starts with a reasonable order, and all we have to do for DEFAULT is
+ * throwing out anonymous and unencrypted ciphersuites!
+ * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
+ * some of them.)
+ */
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
 #define SSL_SENT_SHUTDOWN       1
@@ -344,6 +355,7 @@ extern "C" {
 * 'struct ssl_st *' function parameters used to prototype callbacks
 * in SSL_CTX. */
 typedef struct ssl_st *ssl_crock_st;
+typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
 /* used to hold info on the particular ciphers used */
 typedef struct ssl_cipher_st
@@ -351,17 +363,25 @@ typedef struct ssl_cipher_st
        int valid;
        const char *name;               /* text name */
        unsigned long id;               /* id, 4 bytes, first is version */
-        unsigned long algorithms;       /* what ciphers are used */
+        /* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */
+        unsigned long algorithm_mkey;   /* key exchange algorithm */
+        unsigned long algorithm_auth;   /* server authentication */
+        unsigned long algorithm_enc;    /* symmetric encryption */
+        unsigned long algorithm_mac;    /* symmetric authentication */
+        unsigned long algorithm_ssl;    /* (major) protocol version */
        unsigned long algo_strength;    /* strength and export flags */
        unsigned long algorithm2;       /* Extra flags */
        int strength_bits;              /* Number of bits really used */
        int alg_bits;                   /* Number of bits for algorithm */
-        unsigned long mask;             /* used for matching */
-        unsigned long mask_strength;    /* also used for matching */
        } SSL_CIPHER;
 DECLARE_STACK_OF(SSL_CIPHER)
+typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
 typedef struct ssl_method_st
        {
@@ -385,12 +405,12 @@ typedef struct ssl_method_st
        int (*ssl_dispatch_alert)(SSL *s);
        long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
        long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
-        SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
+        const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
        int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
        int (*ssl_pending)(const SSL *s);
        int (*num_ciphers)(void);
-        SSL_CIPHER *(*get_cipher)(unsigned ncipher);
+        const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
-        struct ssl_method_st *(*get_ssl_method)(int version);
+        const struct ssl_method_st *(*get_ssl_method)(int version);
        long (*get_timeout)(void);
        struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
        int (*ssl_version)(void);
@@ -402,17 +422,20 @@ typedef struct ssl_method_st
 * SSL_SESSION_ID ::= SEQUENCE {
 *      version                 INTEGER,        -- structure version number
 *      SSLversion              INTEGER,        -- SSL version number
- *      Cipher                  OCTET_STRING,   -- the 3 byte cipher ID
+ *      Cipher                  OCTET STRING,   -- the 3 byte cipher ID
- *      Session_ID              OCTET_STRING,   -- the Session ID
+ *      Session_ID              OCTET STRING,   -- the Session ID
- *      Master_key              OCTET_STRING,   -- the master key
+ *      Master_key              OCTET STRING,   -- the master key
- *      KRB5_principal          OCTET_STRING    -- optional Kerberos principal
+ *      KRB5_principal          OCTET STRING    -- optional Kerberos principal
- *      Key_Arg [ 0 ] IMPLICIT  OCTET_STRING,   -- the optional Key argument
+ *      Key_Arg [ 0 ] IMPLICIT  OCTET STRING,   -- the optional Key argument
 *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
 *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
 *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
- *      Session_ID_context [ 4 ] EXPLICIT OCTET_STRING,   -- the Session ID context
+ *      Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
- *      Verify_result [ 5 ] EXPLICIT INTEGER    -- X509_V_... code for `Peer'
+ *      Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
- *      Compression [6] IMPLICIT ASN1_OBJECT    -- compression OID XXXXX
+ *      HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension 
+ *      ECPointFormatList [ 7 ] OCTET STRING,     -- optional EC point format list from TLS extension
+ *      PSK_identity_hint [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
+ *      PSK_identity [ 9 ] EXPLICIT OCTET STRING -- optional PSK identity
 *      }
 * Look in ssl/ssl_asn1.c for more details
 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
@@ -440,7 +463,10 @@ typedef struct ssl_session_st
        unsigned int krb5_client_princ_len;
        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
 #endif /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_PSK
+        char *psk_identity_hint;
+        char *psk_identity;
+#endif
        int not_resumable;
        /* The cert is the certificate used to establish this connection */
@@ -459,9 +485,9 @@ typedef struct ssl_session_st
        long timeout;
        long time;
-        int compress_meth;              /* Need to lookup the method */
+        unsigned int compress_meth;     /* Need to lookup the method */
-        SSL_CIPHER *cipher;
+        const SSL_CIPHER *cipher;
        unsigned long cipher_id;        /* when ASN.1 loaded, this
                                         * needs to be used to load
                                         * the 'cipher' structure */
@@ -475,6 +501,12 @@ typedef struct ssl_session_st
        struct ssl_session_st *prev,*next;
 #ifndef OPENSSL_NO_TLSEXT
        char *tlsext_hostname;
+#ifndef OPENSSL_NO_EC
+        size_t tlsext_ecpointformatlist_length;
+        unsigned char *tlsext_ecpointformatlist; /* peer's list */
+        size_t tlsext_ellipticcurvelist_length;
+        unsigned char *tlsext_ellipticcurvelist; /* peer's list */
+#endif /* OPENSSL_NO_EC */
        /* RFC4507 info */
        unsigned char *tlsext_tick;     /* Session ticket */
        size_t  tlsext_ticklen;         /* Session ticket length */     
@@ -485,6 +517,8 @@ typedef struct ssl_session_st
 #define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x00000001L
 #define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x00000002L
+/* Allow initial connection to servers that don't support RI */
+#define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004L
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020L
@@ -502,7 +536,7 @@ typedef struct ssl_session_st
 /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
 *             This used to be 0x000FFFFFL before 0.9.7. */
-#define SSL_OP_ALL                                      0x00000FFFL
+#define SSL_OP_ALL                                      0x80000FFFL
 /* DTLS options */
 #define SSL_OP_NO_QUERY_MTU                 0x00001000L
@@ -510,9 +544,15 @@ typedef struct ssl_session_st
 #define SSL_OP_COOKIE_EXCHANGE              0x00002000L
 /* Don't use RFC4507 ticket extension */
 #define SSL_OP_NO_TICKET                    0x00004000L
+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
+#define SSL_OP_CISCO_ANYCONNECT             0x00008000L
 /* As server, disallow session resumption on renegotiation */
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000L
+/* Don't use compression even if supported */
+#define SSL_OP_NO_COMPRESSION                           0x00020000L
+/* Permit unsafe legacy renegotiation */
+#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000L
 /* If set, always create a new key when using tmp_ecdh parameters */
 #define SSL_OP_SINGLE_ECDH_USE                          0x00080000L
 /* If set, always create a new key when using tmp_dh parameters */
@@ -539,7 +579,11 @@ typedef struct ssl_session_st
 #define SSL_OP_PKCS1_CHECK_2                            0x10000000L
 #define SSL_OP_NETSCAPE_CA_DN_BUG                       0x20000000L
 #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x40000000L
+/* Make server add server-hello extension from early version of
+ * cryptopro draft, when GOST ciphersuite is negotiated. 
+ * Required for interoperability with CryptoPro CSP 3.x 
+ */
+#define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     0x80000000L
 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
 * when just a single record has been written): */
@@ -554,24 +598,35 @@ typedef struct ssl_session_st
 #define SSL_MODE_AUTO_RETRY 0x00000004L
 /* Don't attempt to automatically build certificate chain */
 #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
+/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
+ * TLS only.)  "Released" buffers are put onto a free-list in the context
+ * or just freed (depending on the context's setting for freelist_max_len). */
+#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
 * they cannot be used to clear bits. */
 #define SSL_CTX_set_options(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_CTX_clear_options(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
 #define SSL_CTX_get_options(ctx) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
 #define SSL_set_options(ssl,op) \
        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_clear_options(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
 #define SSL_get_options(ssl) \
        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
 #define SSL_CTX_set_mode(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+#define SSL_CTX_clear_mode(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
 #define SSL_CTX_get_mode(ctx) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+#define SSL_clear_mode(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
 #define SSL_set_mode(ssl,op) \
        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
 #define SSL_get_mode(ssl) \
@@ -579,6 +634,8 @@ typedef struct ssl_session_st
 #define SSL_set_mtu(ssl, mtu) \
        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
+#define SSL_get_secure_renegotiation_support(ssl) \
+        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
 void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
@@ -623,17 +680,18 @@ typedef struct ssl_comp_st
        } SSL_COMP;
 DECLARE_STACK_OF(SSL_COMP)
+DECLARE_LHASH_OF(SSL_SESSION);
 struct ssl_ctx_st
        {
-        SSL_METHOD *method;
+        const SSL_METHOD *method;
        STACK_OF(SSL_CIPHER) *cipher_list;
        /* same as above but sorted for lookup */
        STACK_OF(SSL_CIPHER) *cipher_list_by_id;
        struct x509_store_st /* X509_STORE */ *cert_store;
-        struct lhash_st /* LHASH */ *sessions;  /* a set of SSL_SESSIONs */
+        LHASH_OF(SSL_SESSION) *sessions;
        /* Most session-ids that will be cached, default is
         * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
        unsigned long session_cache_size;
@@ -758,6 +816,12 @@ struct ssl_ctx_st
        int quiet_shutdown;
+        /* Maximum amount of data to send in one fragment.
+         * actual record size can be more than this due to
+         * padding and MAC overheads.
+         */
+        unsigned int max_send_fragment;
 #ifndef OPENSSL_ENGINE
        /* Engine to pass requests for client certs to
         */
@@ -776,14 +840,33 @@ struct ssl_ctx_st
        int (*tlsext_ticket_key_cb)(SSL *ssl,
                                        unsigned char *name, unsigned char *iv,
                                        EVP_CIPHER_CTX *ectx,
-                                        HMAC_CTX *hctx, int enc);
+                                        HMAC_CTX *hctx, int enc);
        /* certificate status request info */
        /* Callback for status request */
        int (*tlsext_status_cb)(SSL *ssl, void *arg);
        void *tlsext_status_arg;
+        /* draft-rescorla-tls-opaque-prf-input-00.txt information */
+        int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
+        void *tlsext_opaque_prf_input_callback_arg;
+#endif
+#ifndef OPENSSL_NO_PSK
+        char *psk_identity_hint;
+        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
+                unsigned int max_identity_len, unsigned char *psk,
+                unsigned int max_psk_len);
+        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+                unsigned char *psk, unsigned int max_psk_len);
 #endif
+#ifndef OPENSSL_NO_BUF_FREELISTS
+#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
+        unsigned int freelist_max_len;
+        struct ssl3_buf_freelist_st *wbuf_freelist;
+        struct ssl3_buf_freelist_st *rbuf_freelist;
+#endif
        };
 #define SSL_SESS_CACHE_OFF                      0x0000
@@ -797,7 +880,7 @@ struct ssl_ctx_st
 #define SSL_SESS_CACHE_NO_INTERNAL \
        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
-  struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
 #define SSL_CTX_sess_number(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
 #define SSL_CTX_sess_connect(ctx) \
@@ -839,6 +922,31 @@ int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
+#ifndef OPENSSL_NO_PSK
+/* the maximum length of the buffer given to callbacks containing the
+ * resulting identity/psk */
+#define PSK_MAX_IDENTITY_LEN 128
+#define PSK_MAX_PSK_LEN 256
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 
+        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
+                char *identity, unsigned int max_identity_len, unsigned char *psk,
+                unsigned int max_psk_len));
+void SSL_set_psk_client_callback(SSL *ssl, 
+        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
+                char *identity, unsigned int max_identity_len, unsigned char *psk,
+                unsigned int max_psk_len));
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 
+        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+                unsigned char *psk, unsigned int max_psk_len));
+void SSL_set_psk_server_callback(SSL *ssl,
+        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+                unsigned char *psk, unsigned int max_psk_len));
+int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
+int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
+const char *SSL_get_psk_identity_hint(const SSL *s);
+const char *SSL_get_psk_identity(const SSL *s);
+#endif
 #define SSL_NOTHING     1
 #define SSL_WRITING     2
 #define SSL_READING     3
@@ -850,6 +958,9 @@ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL
 #define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
+#define SSL_MAC_FLAG_READ_MAC_STREAM 1
+#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
 struct ssl_st
        {
        /* protocol version
@@ -858,7 +969,7 @@ struct ssl_st
        int version;
        int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
-        SSL_METHOD *method; /* SSLv3 */
+        const SSL_METHOD *method; /* SSLv3 */
        /* There are 2 BIO's even though they are normally both the
         * same.  This is so data can be read and written to different
@@ -941,9 +1052,9 @@ struct ssl_st
        /* These are the ones being used, the ones in SSL_SESSION are
         * the ones to be 'copied' into these ones */
+        int mac_flags; 
        EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
-        const EVP_MD *read_hash;                /* used for mac generation */
+        EVP_MD_CTX *read_hash;          /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
        COMP_CTX *expand;                       /* uncompress */
 #else
@@ -951,7 +1062,7 @@ struct ssl_st
 #endif
        EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
-        const EVP_MD *write_hash;               /* used for mac generation */
+        EVP_MD_CTX *write_hash;         /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
        COMP_CTX *compress;                     /* compression */
 #else
@@ -989,6 +1100,14 @@ struct ssl_st
        KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
 #endif  /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_PSK
+        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
+                unsigned int max_identity_len, unsigned char *psk,
+                unsigned int max_psk_len);
+        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+                unsigned char *psk, unsigned int max_psk_len);
+#endif
        SSL_CTX *ctx;
        /* set this flag to 1 and a sleep(1) is put into all SSL_read()
         * and SSL_write() calls, good for nbio debuging :-) */
@@ -1008,6 +1127,7 @@ struct ssl_st
        int first_packet;
        int client_version;     /* what was passed, used for
                                 * SSLv3/TLS rollback check */
+        unsigned int max_send_fragment;
 #ifndef OPENSSL_NO_TLSEXT
        /* TLS extension debug callback */
        void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
@@ -1034,11 +1154,33 @@ struct ssl_st
        /* RFC4507 session ticket expected to be received or sent */
        int tlsext_ticket_expected;
+#ifndef OPENSSL_NO_EC
+        size_t tlsext_ecpointformatlist_length;
+        unsigned char *tlsext_ecpointformatlist; /* our list */
+        size_t tlsext_ellipticcurvelist_length;
+        unsigned char *tlsext_ellipticcurvelist; /* our list */
+#endif /* OPENSSL_NO_EC */
+        /* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */
+        void *tlsext_opaque_prf_input;
+        size_t tlsext_opaque_prf_input_len;
+        /* TLS Session Ticket extension override */
+        TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
+        /* TLS Session Ticket extension callback */
+        tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
+        void *tls_session_ticket_ext_cb_arg;
+        /* TLS pre-shared secret session resumption */
+        tls_session_secret_cb_fn tls_session_secret_cb;
+        void *tls_session_secret_cb_arg;
        SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
 #define session_ctx initial_ctx
 #else
 #define session_ctx ctx
-#endif
+#endif /* OPENSSL_NO_TLSEXT */
        };
 #ifdef __cplusplus
@@ -1145,20 +1287,13 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
 #define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
-#if 1 /*SSLEAY_MACROS*/
 #define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
 #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
-#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
-        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
-#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u)
-#define PEM_write_SSL_SESSION(fp,x) \
-        PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
-                PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_SSL_SESSION(bp,x) \
-        PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL)
-#endif
-#define SSL_AD_REASON_OFFSET            1000
+DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+#define SSL_AD_REASON_OFFSET            1000 /* offset to get SSL_R_... value from SSL_AD_... */
 /* These alert types are for SSLv3 and TLSv1 */
 #define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
 #define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
@@ -1188,6 +1323,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
 #define SSL_AD_UNRECOGNIZED_NAME        TLS1_AD_UNRECOGNIZED_NAME
 #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
+#define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
 #define SSL_ERROR_NONE                  0
 #define SSL_ERROR_SSL                   1
@@ -1246,6 +1383,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define SSL_CTRL_GET_MAX_CERT_LIST              50
 #define SSL_CTRL_SET_MAX_CERT_LIST              51
+#define SSL_CTRL_SET_MAX_SEND_FRAGMENT          52
 /* see tls1.h for macros based on these */
 #ifndef OPENSSL_NO_TLSEXT
 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB       53
@@ -1255,7 +1394,9 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define SSL_CTRL_SET_TLSEXT_DEBUG_ARG           57
 #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS         58
 #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS         59
+#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT    60
+#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61
+#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB       63
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE     65
@@ -1269,6 +1410,21 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB       72
 #endif
+#define DTLS_CTRL_GET_TIMEOUT           73
+#define DTLS_CTRL_HANDLE_TIMEOUT        74
+#define DTLS_CTRL_LISTEN                        75
+#define SSL_CTRL_GET_RI_SUPPORT                 76
+#define SSL_CTRL_CLEAR_OPTIONS                  77
+#define SSL_CTRL_CLEAR_MODE                     78
+#define DTLSv1_get_timeout(ssl, arg) \
+        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
+#define DTLSv1_handle_timeout(ssl) \
+        SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
+#define DTLSv1_listen(ssl, peer) \
+        SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
 #define SSL_session_reused(ssl) \
        SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
 #define SSL_num_renegotiations(ssl) \
@@ -1310,7 +1466,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio);
 #endif
 int     SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
-SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
+SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
 void    SSL_CTX_free(SSL_CTX *);
 long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
 long SSL_CTX_get_timeout(const SSL_CTX *ctx);
@@ -1321,7 +1477,7 @@ int	SSL_clear(SSL *s);
 void    SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
 int     SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
 char *  SSL_CIPHER_get_version(const SSL_CIPHER *c);
 const char *    SSL_CIPHER_get_name(const SSL_CIPHER *c);
@@ -1392,9 +1548,8 @@ long	SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
 void    SSL_copy_session_id(SSL *to,const SSL *from);
 SSL_SESSION *SSL_SESSION_new(void);
-unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
-int     SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);
+                                        unsigned int *len);
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
 #ifndef OPENSSL_NO_FP_API
 int     SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
 #endif
@@ -1454,6 +1609,9 @@ int SSL_set_purpose(SSL *s, int purpose);
 int SSL_CTX_set_trust(SSL_CTX *s, int trust);
 int SSL_set_trust(SSL *s, int trust);
+int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
+int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
 void    SSL_free(SSL *ssl);
 int     SSL_accept(SSL *ssl);
 int     SSL_connect(SSL *ssl);
@@ -1469,27 +1627,29 @@ int	SSL_get_error(const SSL *s,int ret_code);
 const char *SSL_get_version(const SSL *s);
 /* This sets the 'default' SSL version that SSL_new() will create */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
-SSL_METHOD *SSLv2_method(void);         /* SSLv2 */
+#ifndef OPENSSL_NO_SSL2
-SSL_METHOD *SSLv2_server_method(void);  /* SSLv2 */
+const SSL_METHOD *SSLv2_method(void);           /* SSLv2 */
-SSL_METHOD *SSLv2_client_method(void);  /* SSLv2 */
+const SSL_METHOD *SSLv2_server_method(void);    /* SSLv2 */
+const SSL_METHOD *SSLv2_client_method(void);    /* SSLv2 */
+#endif
-SSL_METHOD *SSLv3_method(void);         /* SSLv3 */
+const SSL_METHOD *SSLv3_method(void);           /* SSLv3 */
-SSL_METHOD *SSLv3_server_method(void);  /* SSLv3 */
+const SSL_METHOD *SSLv3_server_method(void);    /* SSLv3 */
-SSL_METHOD *SSLv3_client_method(void);  /* SSLv3 */
+const SSL_METHOD *SSLv3_client_method(void);    /* SSLv3 */
-SSL_METHOD *SSLv23_method(void);        /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_method(void);  /* SSLv3 but can rollback to v2 */
-SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_server_method(void);   /* SSLv3 but can rollback to v2 */
-SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_client_method(void);   /* SSLv3 but can rollback to v2 */
-SSL_METHOD *TLSv1_method(void);         /* TLSv1.0 */
+const SSL_METHOD *TLSv1_method(void);           /* TLSv1.0 */
-SSL_METHOD *TLSv1_server_method(void);  /* TLSv1.0 */
+const SSL_METHOD *TLSv1_server_method(void);    /* TLSv1.0 */
-SSL_METHOD *TLSv1_client_method(void);  /* TLSv1.0 */
+const SSL_METHOD *TLSv1_client_method(void);    /* TLSv1.0 */
-SSL_METHOD *DTLSv1_method(void);                /* DTLSv1.0 */
+const SSL_METHOD *DTLSv1_method(void);          /* DTLSv1.0 */
-SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
+const SSL_METHOD *DTLSv1_server_method(void);   /* DTLSv1.0 */
-SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
+const SSL_METHOD *DTLSv1_client_method(void);   /* DTLSv1.0 */
 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
@@ -1498,8 +1658,8 @@ int SSL_renegotiate(SSL *s);
 int SSL_renegotiate_pending(SSL *s);
 int SSL_shutdown(SSL *s);
-SSL_METHOD *SSL_get_ssl_method(SSL *s);
+const SSL_METHOD *SSL_get_ssl_method(SSL *s);
-int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
+int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
 const char *SSL_alert_type_string_long(int value);
 const char *SSL_alert_type_string(int value);
 const char *SSL_alert_desc_string_long(int value);
@@ -1519,7 +1679,7 @@ long SSL_get_default_timeout(const SSL *s);
 int SSL_library_init(void );
-char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
+char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
 SSL *SSL_dup(SSL *ssl);
@@ -1591,6 +1751,11 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
 #define SSL_set_max_cert_list(ssl,m) \
        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+#define SSL_CTX_set_max_send_fragment(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+#define SSL_set_max_send_fragment(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
     /* NB: the keylength is only applicable when is_export is true */
 #ifndef OPENSSL_NO_RSA
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
@@ -1632,6 +1797,15 @@ void *SSL_COMP_get_compression_methods(void);
 int SSL_COMP_add_compression_method(int id,void *cm);
 #endif
+/* TLS extensions functions */
+int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
+int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
+                                  void *arg);
+/* Pre-shared secret session resumption functions */
+int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -1649,6 +1823,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_DO_DTLS1_WRITE                             245
 #define SSL_F_DO_SSL3_WRITE                              104
 #define SSL_F_DTLS1_ACCEPT                               246
+#define SSL_F_DTLS1_ADD_CERT_TO_BUF                      295
 #define SSL_F_DTLS1_BUFFER_RECORD                        247
 #define SSL_F_DTLS1_CLIENT_HELLO                         248
 #define SSL_F_DTLS1_CONNECT                              249
@@ -1657,8 +1832,9 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_DTLS1_GET_MESSAGE                          252
 #define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT                 253
 #define SSL_F_DTLS1_GET_RECORD                           254
+#define SSL_F_DTLS1_HANDLE_TIMEOUT                       297
 #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN                    255
-#define SSL_F_DTLS1_PREPROCESS_FRAGMENT                  277
+#define SSL_F_DTLS1_PREPROCESS_FRAGMENT                  288
 #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE           256
 #define SSL_F_DTLS1_PROCESS_RECORD                       257
 #define SSL_F_DTLS1_READ_BYTES                           258
@@ -1702,6 +1878,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL2_SET_CERTIFICATE                       126
 #define SSL_F_SSL2_WRITE                                 127
 #define SSL_F_SSL3_ACCEPT                                128
+#define SSL_F_SSL3_ADD_CERT_TO_BUF                       296
 #define SSL_F_SSL3_CALLBACK_CTRL                         233
 #define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
@@ -1709,11 +1886,12 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_CONNECT                               132
 #define SSL_F_SSL3_CTRL                                  213
 #define SSL_F_SSL3_CTX_CTRL                              133
-#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                 279
+#define SSL_F_SSL3_DIGEST_CACHED_RECORDS                 293
+#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                 292
 #define SSL_F_SSL3_ENC                                   134
 #define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST               135
-#define SSL_F_SSL3_GET_CERT_STATUS                       288
+#define SSL_F_SSL3_GET_CERT_STATUS                       289
 #define SSL_F_SSL3_GET_CERT_VERIFY                       136
 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE                137
 #define SSL_F_SSL3_GET_CLIENT_HELLO                      138
@@ -1726,7 +1904,8 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE                144
 #define SSL_F_SSL3_GET_SERVER_DONE                       145
 #define SSL_F_SSL3_GET_SERVER_HELLO                      146
-#define SSL_F_SSL3_NEW_SESSION_TICKET                    284
+#define SSL_F_SSL3_HANDSHAKE_MAC                         285
+#define SSL_F_SSL3_NEW_SESSION_TICKET                    287
 #define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
 #define SSL_F_SSL3_PEEK                                  235
 #define SSL_F_SSL3_READ_BYTES                            148
@@ -1738,14 +1917,17 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE               154
 #define SSL_F_SSL3_SEND_SERVER_HELLO                     242
 #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE              155
-#define SSL_F_SSL3_SETUP_BUFFERS                         156
 #define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
+#define SSL_F_SSL3_SETUP_READ_BUFFER                     156
+#define SSL_F_SSL3_SETUP_WRITE_BUFFER                    291
 #define SSL_F_SSL3_WRITE_BYTES                           158
 #define SSL_F_SSL3_WRITE_PENDING                         159
-#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                 272
+#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT        298
+#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                 277
 #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
 #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
-#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                 273
+#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT        299
+#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                 278
 #define SSL_F_SSL_BAD_METHOD                             160
 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
 #define SSL_F_SSL_CERT_DUP                               221
@@ -1753,7 +1935,8 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_CERT_INSTANTIATE                       214
 #define SSL_F_SSL_CERT_NEW                               162
 #define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
-#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               274
+#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               280
+#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG            279
 #define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
 #define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
 #define SSL_F_SSL_CLEAR                                  164
@@ -1763,7 +1946,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
 #define SSL_F_SSL_CTX_NEW                                169
 #define SSL_F_SSL_CTX_SET_CIPHER_LIST                    269
-#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE             278
+#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE             290
 #define SSL_F_SSL_CTX_SET_PURPOSE                        226
 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
 #define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
@@ -1775,6 +1958,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
 #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
 #define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
+#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT              272
 #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
 #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
 #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
@@ -1786,9 +1970,13 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_INIT_WBIO_BUFFER                       184
 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
 #define SSL_F_SSL_NEW                                    186
+#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT      300
+#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT               302
+#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT      301
+#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT               303
 #define SSL_F_SSL_PEEK                                   270
-#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT             275
+#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT             281
-#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT             276
+#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT             282
 #define SSL_F_SSL_READ                                   223
 #define SSL_F_SSL_RSA_PRIVATE_DECRYPT                    187
 #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                     188
@@ -1803,6 +1991,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_SET_RFD                                194
 #define SSL_F_SSL_SET_SESSION                            195
 #define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
+#define SSL_F_SSL_SET_SESSION_TICKET_EXT                 294
 #define SSL_F_SSL_SET_TRUST                              228
 #define SSL_F_SSL_SET_WFD                                196
 #define SSL_F_SSL_SHUTDOWN                               224
@@ -1815,13 +2004,19 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_USE_PRIVATEKEY                         201
 #define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
 #define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
+#define SSL_F_SSL_USE_PSK_IDENTITY_HINT                  273
 #define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
 #define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
 #define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
 #define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
 #define SSL_F_SSL_WRITE                                  208
+#define SSL_F_TLS1_CERT_VERIFY_MAC                       286
 #define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
+#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT              274
 #define SSL_F_TLS1_ENC                                   210
+#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT            275
+#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT            276
+#define SSL_F_TLS1_PRF                                   284
 #define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
 #define SSL_F_WRITE_PENDING                              212
@@ -1842,12 +2037,15 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_BAD_ECC_CERT                               304
 #define SSL_R_BAD_ECDSA_SIGNATURE                        305
 #define SSL_R_BAD_ECPOINT                                306
+#define SSL_R_BAD_HANDSHAKE_LENGTH                       332
 #define SSL_R_BAD_HELLO_REQUEST                          105
 #define SSL_R_BAD_LENGTH                                 271
 #define SSL_R_BAD_MAC_DECODE                             113
+#define SSL_R_BAD_MAC_LENGTH                             333
 #define SSL_R_BAD_MESSAGE_TYPE                           114
 #define SSL_R_BAD_PACKET_LENGTH                          115
 #define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
+#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH               316
 #define SSL_R_BAD_RESPONSE_ARGUMENT                      117
 #define SSL_R_BAD_RSA_DECRYPT                            118
 #define SSL_R_BAD_RSA_ENCRYPT                            119
@@ -1871,8 +2069,9 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
 #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
 #define SSL_R_CIPHER_TABLE_SRC_ERROR                     139
-#define SSL_R_CLIENTHELLO_TLSEXT                         157
+#define SSL_R_CLIENTHELLO_TLSEXT                         226
 #define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
+#define SSL_R_COMPRESSION_DISABLED                       343
 #define SSL_R_COMPRESSION_FAILURE                        141
 #define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
 #define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
@@ -1885,7 +2084,12 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
 #define SSL_R_DIGEST_CHECK_FAILED                        149
+#define SSL_R_DTLS_MESSAGE_TOO_BIG                       334
 #define SSL_R_DUPLICATE_COMPRESSION_ID                   309
+#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT             317
+#define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
+#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE         322
+#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE        323
 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER               310
 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY               282
@@ -1896,11 +2100,13 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_HTTPS_PROXY_REQUEST                        155
 #define SSL_R_HTTP_REQUEST                               156
 #define SSL_R_ILLEGAL_PADDING                            283
+#define SSL_R_INCONSISTENT_COMPRESSION                   340
 #define SSL_R_INVALID_CHALLENGE_LENGTH                   158
 #define SSL_R_INVALID_COMMAND                            280
+#define SSL_R_INVALID_COMPRESSION_ALGORITHM              341
 #define SSL_R_INVALID_PURPOSE                            278
-#define SSL_R_INVALID_STATUS_RESPONSE                    316
+#define SSL_R_INVALID_STATUS_RESPONSE                    328
-#define SSL_R_INVALID_TICKET_KEYS_LENGTH                 275
+#define SSL_R_INVALID_TICKET_KEYS_LENGTH                 325
 #define SSL_R_INVALID_TRUST                              279
 #define SSL_R_KEY_ARG_TOO_LONG                           284
 #define SSL_R_KRB5                                       285
@@ -1944,22 +2150,27 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_CIPHERS_SPECIFIED                       183
 #define SSL_R_NO_CIPHER_LIST                             184
 #define SSL_R_NO_CIPHER_MATCH                            185
-#define SSL_R_NO_CLIENT_CERT_METHOD                      317
+#define SSL_R_NO_CLIENT_CERT_METHOD                      331
 #define SSL_R_NO_CLIENT_CERT_RECEIVED                    186
 #define SSL_R_NO_COMPRESSION_SPECIFIED                   187
+#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER           330
 #define SSL_R_NO_METHOD_SPECIFIED                        188
 #define SSL_R_NO_PRIVATEKEY                              189
 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
 #define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
 #define SSL_R_NO_PUBLICKEY                               192
+#define SSL_R_NO_RENEGOTIATION                           339
+#define SSL_R_NO_REQUIRED_DIGEST                         324
 #define SSL_R_NO_SHARED_CIPHER                           193
 #define SSL_R_NO_VERIFY_CALLBACK                         194
 #define SSL_R_NULL_SSL_CTX                               195
 #define SSL_R_NULL_SSL_METHOD_PASSED                     196
 #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
+#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
 #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE              297
+#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG                  327
 #define SSL_R_PACKET_LENGTH_TOO_LONG                     198
-#define SSL_R_PARSE_TLSEXT                               223
+#define SSL_R_PARSE_TLSEXT                               227
 #define SSL_R_PATH_TOO_LONG                              270
 #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
 #define SSL_R_PEER_ERROR                                 200
@@ -1970,6 +2181,9 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_PRE_MAC_LENGTH_TOO_LONG                    205
 #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS          206
 #define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
+#define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
+#define SSL_R_PSK_NO_CLIENT_CB                           224
+#define SSL_R_PSK_NO_SERVER_CB                           225
 #define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR                   208
 #define SSL_R_PUBLIC_KEY_IS_NOT_RSA                      209
 #define SSL_R_PUBLIC_KEY_NOT_RSA                         210
@@ -1979,18 +2193,24 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_RECORD_LENGTH_MISMATCH                     213
 #define SSL_R_RECORD_TOO_LARGE                           214
 #define SSL_R_RECORD_TOO_SMALL                           298
+#define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
+#define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
+#define SSL_R_RENEGOTIATION_MISMATCH                     337
 #define SSL_R_REQUIRED_CIPHER_MISSING                    215
+#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING    342
 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                 216
 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                   217
 #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO                 218
-#define SSL_R_SERVERHELLO_TLSEXT                         224
+#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
+#define SSL_R_SERVERHELLO_TLSEXT                         275
 #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 #define SSL_R_SHORT_READ                                 219
 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE               221
 #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG                299
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME                225
+#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT             321
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           226
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME                319
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           320
 #define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT                  222
 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
@@ -2024,8 +2244,13 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
 #define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
 #define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
+#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114
+#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113
+#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE             1111
+#define SSL_R_TLSV1_UNRECOGNIZED_NAME                    1112
+#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION                1110
 #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER       232
-#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             227
+#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
 #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
 #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
 #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235
@@ -2052,8 +2277,10 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE                  253
 #define SSL_R_UNKNOWN_SSL_VERSION                        254
 #define SSL_R_UNKNOWN_STATE                              255
+#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED       338
 #define SSL_R_UNSUPPORTED_CIPHER                         256
 #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
+#define SSL_R_UNSUPPORTED_DIGEST_TYPE                    326
 #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
 #define SSL_R_UNSUPPORTED_PROTOCOL                       258
 #define SSL_R_UNSUPPORTED_SSL_VERSION                    259
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h
index 4b1e2e9834..baaa89e717 100644
--- a/src/lib/libssl/src/ssl/ssl3.h
+++ b/src/lib/libssl/src/ssl/ssl3.h
@@ -123,12 +123,14 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 #include <openssl/ssl.h>
-#include <openssl/pq_compat.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
+/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
+#define SSL3_CK_SCSV                            0x030000FF
 #define SSL3_CK_RSA_NULL_MD5                    0x03000001
 #define SSL3_CK_RSA_NULL_SHA                    0x03000002
 #define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
@@ -160,12 +162,14 @@ extern "C" {
 #define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
 #define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
-#define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
+#if 0
-#define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
+        #define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
-#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
+        #define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
-         to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
+        #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
-         of the ietf-tls list */
+                 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
-#define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
+                 of the ietf-tls list */
+        #define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
+        #endif
 #endif
 /*    VRS Additional Kerberos5 entries
@@ -217,9 +221,11 @@ extern "C" {
 #define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
 #define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
-#define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
+#if 0
-#define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
+        #define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
-#define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
+        #define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
+        #define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
+#endif
 #define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
 #define SSL3_TXT_KRB5_DES_192_CBC3_SHA          "KRB5-DES-CBC3-SHA"
@@ -245,23 +251,65 @@ extern "C" {
 #define SSL3_SESSION_ID_SIZE                    32
 #define SSL3_RT_HEADER_LENGTH                   5
-/* Due to MS stuffing up, this can change.... */
+#ifndef SSL3_ALIGN_PAYLOAD
-#if defined(OPENSSL_SYS_WIN16) || \
+ /* Some will argue that this increases memory footprint, but it's
-        (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
+  * not actually true. Point is that malloc has to return at least
-#define SSL3_RT_MAX_EXTRA                       (14000)
+  * 64-bit aligned pointers, meaning that allocating 5 bytes wastes
+  * 3 bytes in either case. Suggested pre-gaping simply moves these
+  * wasted bytes from the end of allocated region to its front,
+  * but makes data payload aligned, which improves performance:-) */
+# define SSL3_ALIGN_PAYLOAD                     8
 #else
-#define SSL3_RT_MAX_EXTRA                       (16384)
+# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
+#  error "insane SSL3_ALIGN_PAYLOAD"
+#  undef SSL3_ALIGN_PAYLOAD
+# endif
 #endif
+/* This is the maximum MAC (digest) size used by the SSL library.
+ * Currently maximum of 20 is used by SHA1, but we reserve for
+ * future extension for 512-bit hashes.
+ */
+#define SSL3_RT_MAX_MD_SIZE                     64
+/* Maximum block size used in all ciphersuites. Currently 16 for AES.
+ */
+#define SSL_RT_MAX_CIPHER_BLOCK_SIZE            16
+#define SSL3_RT_MAX_EXTRA                       (16384)
+/* Maximum plaintext length: defined by SSL/TLS standards */
 #define SSL3_RT_MAX_PLAIN_LENGTH                16384
+/* Maximum compression overhead: defined by SSL/TLS standards */
+#define SSL3_RT_MAX_COMPRESSED_OVERHEAD         1024
+/* The standards give a maximum encryption overhead of 1024 bytes.
+ * In practice the value is lower than this. The overhead is the maximum
+ * number of padding bytes (256) plus the mac size.
+ */
+#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD  (256 + SSL3_RT_MAX_MD_SIZE)
+/* OpenSSL currently only uses a padding length of at most one block so
+ * the send overhead is smaller.
+ */
+#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
+                        (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
+/* If compression isn't used don't include the compression overhead */
 #ifdef OPENSSL_NO_COMP
-#define SSL3_RT_MAX_COMPRESSED_LENGTH   SSL3_RT_MAX_PLAIN_LENGTH
+#define SSL3_RT_MAX_COMPRESSED_LENGTH           SSL3_RT_MAX_PLAIN_LENGTH
 #else
-#define SSL3_RT_MAX_COMPRESSED_LENGTH   (1024+SSL3_RT_MAX_PLAIN_LENGTH)
+#define SSL3_RT_MAX_COMPRESSED_LENGTH   \
+                (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
 #endif
-#define SSL3_RT_MAX_ENCRYPTED_LENGTH    (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
+#define SSL3_RT_MAX_ENCRYPTED_LENGTH    \
-#define SSL3_RT_MAX_PACKET_SIZE         (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
+                (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
-#define SSL3_RT_MAX_DATA_SIZE                   (1024*1024)
+#define SSL3_RT_MAX_PACKET_SIZE         \
+                (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
 #define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
 #define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
@@ -300,7 +348,7 @@ typedef struct ssl3_record_st
 /*rw*/  unsigned char *input;   /* where the decode bytes are */
 /*r */  unsigned char *comp;    /* only used with decompression - malloc()ed */
 /*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
-/*r */  PQ_64BIT seq_num;       /* sequence number, needed by DTLS1 */
+/*r */  unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
        } SSL3_RECORD;
 typedef struct ssl3_buffer_st
@@ -323,13 +371,14 @@ typedef struct ssl3_buffer_st
 * enough to contain all of the cert types defined either for
 * SSLv3 and TLSv1.
 */
-#define SSL3_CT_NUMBER                  7
+#define SSL3_CT_NUMBER                  9
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED        0x0002
 #define SSL3_FLAGS_POP_BUFFER                   0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG              0x0008
+#define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
 typedef struct ssl3_state_st
        {
@@ -337,8 +386,10 @@ typedef struct ssl3_state_st
        int delay_buf_pop_ret;
        unsigned char read_sequence[8];
+        int read_mac_secret_size;
        unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
        unsigned char write_sequence[8];
+        int write_mac_secret_size;
        unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
        unsigned char server_random[SSL3_RANDOM_SIZE];
@@ -348,6 +399,9 @@ typedef struct ssl3_state_st
        int need_empty_fragments;
        int empty_fragment_done;
+        /* The value of 'extra' when the buffers were initialized */
+        int init_extra;
        SSL3_BUFFER rbuf;       /* read IO goes into here */
        SSL3_BUFFER wbuf;       /* write IO goes into here */
@@ -369,9 +423,11 @@ typedef struct ssl3_state_st
        const unsigned char *wpend_buf;
        /* used during startup, digest all incoming/outgoing packets */
-        EVP_MD_CTX finish_dgst1;
+        BIO *handshake_buffer;
-        EVP_MD_CTX finish_dgst2;
+        /* When set of handshake digests is determined, buffer is hashed
+         * and freed and MD_CTX-es for all required digests are stored in
+         * this array */
+        EVP_MD_CTX **handshake_dgst;
        /* this is set whenerver we see a change_cipher_spec message
         * come in when we are not looking for one */
        int change_cipher_spec;
@@ -391,6 +447,14 @@ typedef struct ssl3_state_st
        int in_read_app_data;
+        /* Opaque PRF input as used for the current handshake.
+         * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
+         * (otherwise, they are merely present to improve binary compatibility) */
+        void *client_opaque_prf_input;
+        size_t client_opaque_prf_input_len;
+        void *server_opaque_prf_input;
+        size_t server_opaque_prf_input_len;
        struct  {
                /* actually only needs to be 16+20 */
                unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
@@ -405,7 +469,7 @@ typedef struct ssl3_state_st
                int message_type;
                /* used to hold the new cipher we are going to use */
-                SSL_CIPHER *new_cipher;
+                const SSL_CIPHER *new_cipher;
 #ifndef OPENSSL_NO_DH
                DH *dh;
 #endif
@@ -432,6 +496,8 @@ typedef struct ssl3_state_st
                const EVP_CIPHER *new_sym_enc;
                const EVP_MD *new_hash;
+                int new_mac_pkey_type;
+                int new_mac_secret_size;
 #ifndef OPENSSL_NO_COMP
                const SSL_COMP *new_compression;
 #else
@@ -440,6 +506,12 @@ typedef struct ssl3_state_st
                int cert_request;
                } tmp;
+        /* Connection binding to prevent renegotiation attacks */
+        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_client_finished_len;
+        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_server_finished_len;
+        int send_connection_binding; /* TODOEKR */
        } SSL3_STATE;
diff --git a/src/lib/libssl/src/ssl/ssl_algs.c b/src/lib/libssl/src/ssl/ssl_algs.c
index 4717c0e6e1..0967b2dfe4 100644
--- a/src/lib/libssl/src/ssl/ssl_algs.c
+++ b/src/lib/libssl/src/ssl/ssl_algs.c
@@ -76,13 +76,16 @@ int SSL_library_init(void)
 #endif  
 #ifndef OPENSSL_NO_RC2
        EVP_add_cipher(EVP_rc2_cbc());
+        /* Not actually used for SSL/TLS but this makes PKCS#12 work
+         * if an application only calls SSL_library_init().
+         */
+        EVP_add_cipher(EVP_rc2_40_cbc());
 #endif
 #ifndef OPENSSL_NO_AES
        EVP_add_cipher(EVP_aes_128_cbc());
        EVP_add_cipher(EVP_aes_192_cbc());
        EVP_add_cipher(EVP_aes_256_cbc());
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
        EVP_add_cipher(EVP_camellia_128_cbc());
        EVP_add_cipher(EVP_camellia_256_cbc());
@@ -91,10 +94,7 @@ int SSL_library_init(void)
 #ifndef OPENSSL_NO_SEED
        EVP_add_cipher(EVP_seed_cbc());
 #endif
+  
-#ifndef OPENSSL_NO_MD2
-        EVP_add_digest(EVP_md2());
-#endif
 #ifndef OPENSSL_NO_MD5
        EVP_add_digest(EVP_md5());
        EVP_add_digest_alias(SN_md5,"ssl2-md5");
@@ -105,6 +105,14 @@ int SSL_library_init(void)
        EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
        EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
 #endif
+#ifndef OPENSSL_NO_SHA256
+        EVP_add_digest(EVP_sha224());
+        EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+        EVP_add_digest(EVP_sha384());
+        EVP_add_digest(EVP_sha512());
+#endif
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
        EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
        EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index 0f9a3489dd..28709978b5 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -55,6 +55,32 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #include <stdio.h>
 #include <stdlib.h>
@@ -68,6 +94,7 @@ typedef struct ssl_session_asn1_st
        ASN1_INTEGER version;
        ASN1_INTEGER ssl_version;
        ASN1_OCTET_STRING cipher;
+        ASN1_OCTET_STRING comp_id;
        ASN1_OCTET_STRING master_key;
        ASN1_OCTET_STRING session_id;
        ASN1_OCTET_STRING session_id_context;
@@ -83,18 +110,26 @@ typedef struct ssl_session_asn1_st
        ASN1_INTEGER tlsext_tick_lifetime;
        ASN1_OCTET_STRING tlsext_tick;
 #endif /* OPENSSL_NO_TLSEXT */
+#ifndef OPENSSL_NO_PSK
+        ASN1_OCTET_STRING psk_identity_hint;
+        ASN1_OCTET_STRING psk_identity;
+#endif /* OPENSSL_NO_PSK */
        } SSL_SESSION_ASN1;
 int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
        {
 #define LSIZE2 (sizeof(long)*2)
-        int v1=0,v2=0,v3=0,v4=0,v5=0;
+        int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0;
        unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
        unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
 #ifndef OPENSSL_NO_TLSEXT
        int v6=0,v9=0,v10=0;
        unsigned char ibuf6[LSIZE2];
 #endif
+#ifndef OPENSSL_NO_COMP
+        unsigned char cbuf;
+        int v11=0;
+#endif
        long l;
        SSL_SESSION_ASN1 a;
        M_ASN1_I2D_vars(in);
@@ -138,6 +173,16 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
                buf[1]=((unsigned char)(l    ))&0xff;
                }
+#ifndef OPENSSL_NO_COMP
+        if (in->compress_meth)
+                {
+                cbuf = (unsigned char)in->compress_meth;
+                a.comp_id.length = 1;
+                a.comp_id.type = V_ASN1_OCTET_STRING;
+                a.comp_id.data = &cbuf;
+                }
+#endif
        a.master_key.length=in->master_key_length;
        a.master_key.type=V_ASN1_OCTET_STRING;
        a.master_key.data=in->master_key;
@@ -162,7 +207,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
                a.krb5_princ.data=in->krb5_client_princ;
                }
 #endif /* OPENSSL_NO_KRB5 */
- 
        if (in->time != 0L)
                {
                a.time.length=LSIZE2;
@@ -199,12 +244,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
                a.tlsext_tick.length= in->tlsext_ticklen;
                a.tlsext_tick.type=V_ASN1_OCTET_STRING;
                a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;
-                /* If we have a ticket set session ID to empty because
-                 * it will be bogus. If liftime hint is -1 treat as a special
-                 * case because the session is being used as a container
-                 */
-                if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1))
-                        a.session_id.length=0;
                }
        if (in->tlsext_tick_lifetime_hint > 0)
                {
@@ -214,6 +253,21 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
                ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);
                }
 #endif /* OPENSSL_NO_TLSEXT */
+#ifndef OPENSSL_NO_PSK
+        if (in->psk_identity_hint)
+                {
+                a.psk_identity_hint.length=strlen(in->psk_identity_hint);
+                a.psk_identity_hint.type=V_ASN1_OCTET_STRING;
+                a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint);
+                }
+        if (in->psk_identity)
+                {
+                a.psk_identity.length=strlen(in->psk_identity);
+                a.psk_identity.type=V_ASN1_OCTET_STRING;
+                a.psk_identity.data=(unsigned char *)(in->psk_identity);
+                }
+#endif /* OPENSSL_NO_PSK */
        M_ASN1_I2D_len(&(a.version),            i2d_ASN1_INTEGER);
        M_ASN1_I2D_len(&(a.ssl_version),        i2d_ASN1_INTEGER);
        M_ASN1_I2D_len(&(a.cipher),             i2d_ASN1_OCTET_STRING);
@@ -242,7 +296,18 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
                M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
        if (in->tlsext_hostname)
                M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
+#ifndef OPENSSL_NO_COMP
+        if (in->compress_meth)
+                M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
+#endif
 #endif /* OPENSSL_NO_TLSEXT */
+#ifndef OPENSSL_NO_PSK
+        if (in->psk_identity_hint)
+                M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
+        if (in->psk_identity)
+                M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
+#endif /* OPENSSL_NO_PSK */
        M_ASN1_I2D_seq_total();
        M_ASN1_I2D_put(&(a.version),            i2d_ASN1_INTEGER);
@@ -269,16 +334,28 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 #ifndef OPENSSL_NO_TLSEXT
        if (in->tlsext_hostname)
                M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
+#endif /* OPENSSL_NO_TLSEXT */
+#ifndef OPENSSL_NO_PSK
+        if (in->psk_identity_hint)
+                M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
+        if (in->psk_identity)
+                M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
+#endif /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_TLSEXT
        if (in->tlsext_tick_lifetime_hint > 0)
                M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
        if (in->tlsext_tick)
                M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
 #endif /* OPENSSL_NO_TLSEXT */
+#ifndef OPENSSL_NO_COMP
+        if (in->compress_meth)
+                M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
+#endif
        M_ASN1_I2D_finish();
        }
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
-             long length)
+                             long length)
        {
        int version,ssl_version=0,i;
        long id;
@@ -317,7 +394,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                        ((unsigned long)os.data[1]<< 8L)|
                         (unsigned long)os.data[2];
                }
-        else if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
+        else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
                {
                if (os.length != 2)
                        {
@@ -330,15 +407,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                }
        else
                {
-                SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
+                c.error=SSL_R_UNKNOWN_SSL_VERSION;
-                return(NULL);
+                goto err;
                }
        
        ret->cipher=NULL;
        ret->cipher_id=id;
        M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
-        if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
+        if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
                i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
        else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
                i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
@@ -422,8 +499,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
            {
            if (os.length > SSL_MAX_SID_CTX_LENGTH)
                {
-                ret->sid_ctx_length=os.length;
+                c.error=SSL_R_BAD_LENGTH;
-                SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
+                goto err;
                }
            else
                {
@@ -458,6 +535,24 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                }
        else
                ret->tlsext_hostname=NULL;
+#endif /* OPENSSL_NO_TLSEXT */
+#ifndef OPENSSL_NO_PSK
+        os.length=0;
+        os.data=NULL;
+        M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7);
+        if (os.data)
+                {
+                ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length);
+                OPENSSL_free(os.data);
+                os.data = NULL;
+                os.length = 0;
+                }
+        else
+                ret->psk_identity_hint=NULL;
+#endif /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_TLSEXT
        ai.length=0;
        M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);
        if (ai.data != NULL)
@@ -468,33 +563,31 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
        else if (ret->tlsext_ticklen && ret->session_id_length)
                ret->tlsext_tick_lifetime_hint = -1;
        else
-                ret->tlsext_tick_lifetime_hint = 0;
+                ret->tlsext_tick_lifetime_hint=0;
-        os.length=0;
+        os.length=0;
-        os.data=NULL;
+        os.data=NULL;
-        M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
+        M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
-        if (os.data)
+        if (os.data)
-                {
+                {
                ret->tlsext_tick = os.data;
                ret->tlsext_ticklen = os.length;
-                os.data = NULL;
+                os.data = NULL;
-                os.length = 0;
+                os.length = 0;
-#if 0
+                }
-                /* There are two ways to detect a resumed ticket sesion.
-                 * One is to set a random session ID and then the server
-                 * must return a match in ServerHello. This allows the normal
-                 * client session ID matching to work.
-                 */ 
-                if (ret->session_id_length == 0)
-                        {
-                        ret->session_id_length=SSL3_MAX_SSL_SESSION_ID_LENGTH;
-                        RAND_pseudo_bytes(ret->session_id,
-                                                ret->session_id_length);
-                        }
-#endif
-                }
        else
                ret->tlsext_tick=NULL;
 #endif /* OPENSSL_NO_TLSEXT */
+#ifndef OPENSSL_NO_COMP
+        os.length=0;
+        os.data=NULL;
+        M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11);
+        if (os.data)
+                {
+                ret->compress_meth = os.data[0];
+                OPENSSL_free(os.data);
+                os.data = NULL;
+                }
+#endif
        M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
        }
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c
index a32b2d4446..27256eea81 100644
--- a/src/lib/libssl/src/ssl/ssl_cert.c
+++ b/src/lib/libssl/src/ssl/ssl_cert.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -197,8 +197,10 @@ CERT *ssl_cert_dup(CERT *cert)
         * if you find that more readable */
        ret->valid = cert->valid;
-        ret->mask = cert->mask;
+        ret->mask_k = cert->mask_k;
-        ret->export_mask = cert->export_mask;
+        ret->mask_a = cert->mask_a;
+        ret->export_mask_k = cert->export_mask_k;
+        ret->export_mask_a = cert->export_mask_a;
 #ifndef OPENSSL_NO_RSA
        if (cert->rsa_tmp != NULL)
@@ -500,9 +502,6 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
                SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
                return(0);
                }
-        if (s->param)
-                X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx),
-                                                s->param);
 #if 0
        if (SSL_get_verify_depth(s) >= 0)
                X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
@@ -516,6 +515,10 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
        X509_STORE_CTX_set_default(&ctx,
                                s->server ? "ssl_client" : "ssl_server");
+        /* Anything non-default in "param" should overwrite anything in the
+         * ctx.
+         */
+        X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
        if (s->verify_callback)
                X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
@@ -752,6 +755,8 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                        sk_X509_NAME_push(stack,xn);
                }
+        ERR_clear_error();
        if (0)
                {
 err:
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 52f91cfe60..bee3507ea1 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -113,12 +113,41 @@
 * ECC cipher suite support in OpenSSL originally developed by 
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #include <stdio.h>
 #include <openssl/objects.h>
 #ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
 #endif
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
 #include "ssl_locl.h"
 #define SSL_ENC_DES_IDX         0
@@ -126,18 +155,18 @@
 #define SSL_ENC_RC4_IDX         2
 #define SSL_ENC_RC2_IDX         3
 #define SSL_ENC_IDEA_IDX        4
-#define SSL_ENC_eFZA_IDX        5
+#define SSL_ENC_NULL_IDX        5
-#define SSL_ENC_NULL_IDX        6
+#define SSL_ENC_AES128_IDX      6
-#define SSL_ENC_AES128_IDX      7
+#define SSL_ENC_AES256_IDX      7
-#define SSL_ENC_AES256_IDX      8
+#define SSL_ENC_CAMELLIA128_IDX 8
-#define SSL_ENC_CAMELLIA128_IDX 9
+#define SSL_ENC_CAMELLIA256_IDX 9
-#define SSL_ENC_CAMELLIA256_IDX 10
+#define SSL_ENC_GOST89_IDX      10
 #define SSL_ENC_SEED_IDX        11
 #define SSL_ENC_NUM_IDX         12
 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
-        NULL,NULL,NULL,NULL,NULL,NULL,
+        NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
        };
 #define SSL_COMP_NULL_IDX       0
@@ -148,9 +177,30 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
 #define SSL_MD_MD5_IDX  0
 #define SSL_MD_SHA1_IDX 1
-#define SSL_MD_NUM_IDX  2
+#define SSL_MD_GOST94_IDX 2
+#define SSL_MD_GOST89MAC_IDX 3
+/*Constant SSL_MAX_DIGEST equal to size of digests array should be 
+ * defined in the
+ * ssl_locl.h */
+#define SSL_MD_NUM_IDX  SSL_MAX_DIGEST 
 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
-        NULL,NULL,
+        NULL,NULL,NULL,NULL
+        };
+/* PKEY_TYPE for GOST89MAC is known in advance, but, because
+ * implementation is engine-provided, we'll fill it only if
+ * corresponding EVP_PKEY_METHOD is found 
+ */
+static int  ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
+        EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef
+        };
+static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
+        0,0,0,0
+        };
+static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
+        SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
+        SSL_HANDSHAKE_MAC_GOST94,0
        };
 #define CIPHER_ADD      1
@@ -161,72 +211,144 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
 typedef struct cipher_order_st
        {
-        SSL_CIPHER *cipher;
+        const SSL_CIPHER *cipher;
        int active;
        int dead;
        struct cipher_order_st *next,*prev;
        } CIPHER_ORDER;
 static const SSL_CIPHER cipher_aliases[]={
-        /* Don't include eNULL unless specifically enabled. */
+        /* "ALL" doesn't include eNULL (must be specifically enabled) */
-        /* Don't include ECC in ALL because these ciphers are not yet official. */
+        {0,SSL_TXT_ALL,0,     0,0,~SSL_eNULL,0,0,0,0,0,0},
-        {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+        /* "COMPLEMENTOFALL" */
-        /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
+        {0,SSL_TXT_CMPALL,0,  0,0,SSL_eNULL,0,0,0,0,0,0},
-        {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},  /* COMPLEMENT OF ALL */
-        {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
+        /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
-        {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},  /* VRS Kerberos5 */
+        {0,SSL_TXT_CMPDEF,0,  SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
-        {0,SSL_TXT_kRSA,0,SSL_kRSA,  0,0,0,0,SSL_MKEY_MASK,0},
-        {0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0},
+        /* key exchange aliases
-        {0,SSL_TXT_kDHd,0,SSL_kDHd,  0,0,0,0,SSL_MKEY_MASK,0},
+         * (some of those using only a single bit here combine
-        {0,SSL_TXT_kEDH,0,SSL_kEDH,  0,0,0,0,SSL_MKEY_MASK,0},
+         * multiple key exchange algs according to the RFCs,
-        {0,SSL_TXT_kFZA,0,SSL_kFZA,  0,0,0,0,SSL_MKEY_MASK,0},
+         * e.g. kEDH combines DHE_DSS and DHE_RSA) */
-        {0,SSL_TXT_DH,  0,SSL_DH,    0,0,0,0,SSL_MKEY_MASK,0},
+        {0,SSL_TXT_kRSA,0,    SSL_kRSA,  0,0,0,0,0,0,0,0},
-        {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},
-        {0,SSL_TXT_EDH, 0,SSL_EDH,   0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
+        {0,SSL_TXT_kDHr,0,    SSL_kDHr,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
-        {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0},  /* VRS Kerberos5 */
+        {0,SSL_TXT_kDHd,0,    SSL_kDHd,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
-        {0,SSL_TXT_aRSA,0,SSL_aRSA,  0,0,0,0,SSL_AUTH_MASK,0},
+        {0,SSL_TXT_kDH,0,     SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
-        {0,SSL_TXT_aDSS,0,SSL_aDSS,  0,0,0,0,SSL_AUTH_MASK,0},
+        {0,SSL_TXT_kEDH,0,    SSL_kEDH,  0,0,0,0,0,0,0,0},
-        {0,SSL_TXT_aFZA,0,SSL_aFZA,  0,0,0,0,SSL_AUTH_MASK,0},
+        {0,SSL_TXT_DH,0,      SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
-        {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},
-        {0,SSL_TXT_aDH, 0,SSL_aDH,   0,0,0,0,SSL_AUTH_MASK,0},
+        {0,SSL_TXT_kKRB5,0,   SSL_kKRB5, 0,0,0,0,0,0,0,0},
-        {0,SSL_TXT_DSS, 0,SSL_DSS,   0,0,0,0,SSL_AUTH_MASK,0},
+        {0,SSL_TXT_kECDHr,0,  SSL_kECDHr,0,0,0,0,0,0,0,0},
-        {0,SSL_TXT_DES, 0,SSL_DES,   0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_kECDHe,0,  SSL_kECDHe,0,0,0,0,0,0,0,0},
-        {0,SSL_TXT_3DES,0,SSL_3DES,  0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_kECDH,0,   SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
-        {0,SSL_TXT_RC4, 0,SSL_RC4,   0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_kEECDH,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},
-        {0,SSL_TXT_RC2, 0,SSL_RC2,   0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
-#ifndef OPENSSL_NO_IDEA
-        {0,SSL_TXT_IDEA,0,SSL_IDEA,  0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_kPSK,0,    SSL_kPSK,  0,0,0,0,0,0,0,0},
-#endif
+        {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
-        {0,SSL_TXT_SEED,0,SSL_SEED,  0,0,0,0,SSL_ENC_MASK,0},
-        {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
+        /* server authentication aliases */
-        {0,SSL_TXT_eFZA,0,SSL_eFZA,  0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_aRSA,0,    0,SSL_aRSA,  0,0,0,0,0,0,0},
-        {0,SSL_TXT_AES, 0,SSL_AES,   0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_aDSS,0,    0,SSL_aDSS,  0,0,0,0,0,0,0},
-        {0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_DSS,0,     0,SSL_aDSS,   0,0,0,0,0,0,0},
+        {0,SSL_TXT_aKRB5,0,   0,SSL_aKRB5, 0,0,0,0,0,0,0},
-        {0,SSL_TXT_MD5, 0,SSL_MD5,   0,0,0,0,SSL_MAC_MASK,0},
+        {0,SSL_TXT_aNULL,0,   0,SSL_aNULL, 0,0,0,0,0,0,0},
-        {0,SSL_TXT_SHA1,0,SSL_SHA1,  0,0,0,0,SSL_MAC_MASK,0},
+        {0,SSL_TXT_aDH,0,     0,SSL_aDH,   0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
-        {0,SSL_TXT_SHA, 0,SSL_SHA,   0,0,0,0,SSL_MAC_MASK,0},
+        {0,SSL_TXT_aECDH,0,   0,SSL_aECDH, 0,0,0,0,0,0,0},
+        {0,SSL_TXT_aECDSA,0,  0,SSL_aECDSA,0,0,0,0,0,0,0},
-        {0,SSL_TXT_NULL,0,SSL_NULL,  0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_ECDSA,0,   0,SSL_aECDSA, 0,0,0,0,0,0,0},
-        {0,SSL_TXT_KRB5,0,SSL_KRB5,  0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
+        {0,SSL_TXT_aPSK,0,    0,SSL_aPSK,  0,0,0,0,0,0,0},
-        {0,SSL_TXT_RSA, 0,SSL_RSA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
+        {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
-        {0,SSL_TXT_ADH, 0,SSL_ADH,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
+        {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
-        {0,SSL_TXT_FZA, 0,SSL_FZA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
+        {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
-        {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},
+        /* aliases combining key exchange and server authentication */
-        {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0},
+        {0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
-        {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0},
+        {0,SSL_TXT_EECDH,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
+        {0,SSL_TXT_NULL,0,    0,0,SSL_eNULL, 0,0,0,0,0,0},
-        {0,SSL_TXT_EXP   ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
+        {0,SSL_TXT_KRB5,0,    SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
-        {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
+        {0,SSL_TXT_RSA,0,     SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
-        {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK},
+        {0,SSL_TXT_ADH,0,     SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
-        {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK},
+        {0,SSL_TXT_AECDH,0,   SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
-        {0,SSL_TXT_LOW,   0, 0,   SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
+        {0,SSL_TXT_PSK,0,     SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
-        {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
-        {0,SSL_TXT_HIGH,  0, 0,  SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
-        {0,SSL_TXT_FIPS,  0, 0,  SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE},
+        /* symmetric encryption aliases */
+        {0,SSL_TXT_DES,0,     0,0,SSL_DES,   0,0,0,0,0,0},
+        {0,SSL_TXT_3DES,0,    0,0,SSL_3DES,  0,0,0,0,0,0},
+        {0,SSL_TXT_RC4,0,     0,0,SSL_RC4,   0,0,0,0,0,0},
+        {0,SSL_TXT_RC2,0,     0,0,SSL_RC2,   0,0,0,0,0,0},
+        {0,SSL_TXT_IDEA,0,    0,0,SSL_IDEA,  0,0,0,0,0,0},
+        {0,SSL_TXT_SEED,0,    0,0,SSL_SEED,  0,0,0,0,0,0},
+        {0,SSL_TXT_eNULL,0,   0,0,SSL_eNULL, 0,0,0,0,0,0},
+        {0,SSL_TXT_AES128,0,  0,0,SSL_AES128,0,0,0,0,0,0},
+        {0,SSL_TXT_AES256,0,  0,0,SSL_AES256,0,0,0,0,0,0},
+        {0,SSL_TXT_AES,0,     0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0},
+        {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
+        {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
+        {0,SSL_TXT_CAMELLIA   ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
+        /* MAC aliases */       
+        {0,SSL_TXT_MD5,0,     0,0,0,SSL_MD5,   0,0,0,0,0},
+        {0,SSL_TXT_SHA1,0,    0,0,0,SSL_SHA1,  0,0,0,0,0},
+        {0,SSL_TXT_SHA,0,     0,0,0,SSL_SHA1,  0,0,0,0,0},
+        {0,SSL_TXT_GOST94,0,     0,0,0,SSL_GOST94,  0,0,0,0,0},
+        {0,SSL_TXT_GOST89MAC,0,     0,0,0,SSL_GOST89MAC,  0,0,0,0,0},
+        /* protocol version aliases */
+        {0,SSL_TXT_SSLV2,0,   0,0,0,0,SSL_SSLV2, 0,0,0,0},
+        {0,SSL_TXT_SSLV3,0,   0,0,0,0,SSL_SSLV3, 0,0,0,0},
+        {0,SSL_TXT_TLSV1,0,   0,0,0,0,SSL_TLSV1, 0,0,0,0},
+        /* export flag */
+        {0,SSL_TXT_EXP,0,     0,0,0,0,0,SSL_EXPORT,0,0,0},
+        {0,SSL_TXT_EXPORT,0,  0,0,0,0,0,SSL_EXPORT,0,0,0},
+        /* strength classes */
+        {0,SSL_TXT_EXP40,0,   0,0,0,0,0,SSL_EXP40, 0,0,0},
+        {0,SSL_TXT_EXP56,0,   0,0,0,0,0,SSL_EXP56, 0,0,0},
+        {0,SSL_TXT_LOW,0,     0,0,0,0,0,SSL_LOW,   0,0,0},
+        {0,SSL_TXT_MEDIUM,0,  0,0,0,0,0,SSL_MEDIUM,0,0,0},
+        {0,SSL_TXT_HIGH,0,    0,0,0,0,0,SSL_HIGH,  0,0,0},
+        /* FIPS 140-2 approved ciphersuite */
+        {0,SSL_TXT_FIPS,0,    0,0,~SSL_eNULL,0,0,SSL_FIPS,  0,0,0},
        };
+/* Search for public key algorithm with given name and 
+ * return its pkey_id if it is available. Otherwise return 0
+ */
+#ifdef OPENSSL_NO_ENGINE
+static int get_optional_pkey_id(const char *pkey_name)
+        {
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        int pkey_id=0;
+        ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1);
+        if (ameth) 
+                {
+                EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
+                }               
+        return pkey_id;
+        }
+#else
+static int get_optional_pkey_id(const char *pkey_name)
+        {
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        ENGINE *tmpeng = NULL;
+        int pkey_id=0;
+        ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
+        if (ameth)
+                {
+                EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
+                }
+        if (tmpeng) ENGINE_finish(tmpeng);
+        return pkey_id;
+        }
+#endif
 void ssl_load_ciphers(void)
        {
@@ -252,16 +374,37 @@ void ssl_load_ciphers(void)
          EVP_get_cipherbyname(SN_camellia_128_cbc);
        ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
          EVP_get_cipherbyname(SN_camellia_256_cbc);
+        ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
+          EVP_get_cipherbyname(SN_gost89_cnt);
        ssl_cipher_methods[SSL_ENC_SEED_IDX]=
          EVP_get_cipherbyname(SN_seed_cbc);
        ssl_digest_methods[SSL_MD_MD5_IDX]=
                EVP_get_digestbyname(SN_md5);
+        ssl_mac_secret_size[SSL_MD_MD5_IDX]=
+                EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
+        OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
        ssl_digest_methods[SSL_MD_SHA1_IDX]=
                EVP_get_digestbyname(SN_sha1);
-        }
+        ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
+                EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
+        OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
+        ssl_digest_methods[SSL_MD_GOST94_IDX]=
+                EVP_get_digestbyname(SN_id_GostR3411_94);
+        if (ssl_digest_methods[SSL_MD_GOST94_IDX])
+                {       
+                ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
+                        EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
+                OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
+                }
+        ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
+                EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
+                ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
+                if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
+                        ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
+                }               
+        }
 #ifndef OPENSSL_NO_COMP
 static int sk_comp_cmp(const SSL_COMP * const *a,
@@ -316,10 +459,10 @@ static void load_builtin_compressions(void)
 #endif
 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-             const EVP_MD **md, SSL_COMP **comp)
+             const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
        {
        int i;
-        SSL_CIPHER *c;
+        const SSL_CIPHER *c;
        c=s->cipher;
        if (c == NULL) return(0);
@@ -344,7 +487,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
        if ((enc == NULL) || (md == NULL)) return(0);
-        switch (c->algorithms & SSL_ENC_MASK)
+        switch (c->algorithm_enc)
                {
        case SSL_DES:
                i=SSL_ENC_DES_IDX;
@@ -364,26 +507,24 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
        case SSL_eNULL:
                i=SSL_ENC_NULL_IDX;
                break;
-        case SSL_AES:
+        case SSL_AES128:
-                switch(c->alg_bits)
+                i=SSL_ENC_AES128_IDX;
-                        {
-                case 128: i=SSL_ENC_AES128_IDX; break;
-                case 256: i=SSL_ENC_AES256_IDX; break;
-                default: i=-1; break;
-                        }
                break;
-        case SSL_CAMELLIA:
+        case SSL_AES256:
-                switch(c->alg_bits)
+                i=SSL_ENC_AES256_IDX;
-                        {
+                break;
-                case 128: i=SSL_ENC_CAMELLIA128_IDX; break;
+        case SSL_CAMELLIA128:
-                case 256: i=SSL_ENC_CAMELLIA256_IDX; break;
+                i=SSL_ENC_CAMELLIA128_IDX;
-                default: i=-1; break;
+                break;
-                        }
+        case SSL_CAMELLIA256:
+                i=SSL_ENC_CAMELLIA256_IDX;
+                break;
+        case SSL_eGOST2814789CNT:
+                i=SSL_ENC_GOST89_IDX;
                break;
        case SSL_SEED:
                i=SSL_ENC_SEED_IDX;
                break;
        default:
                i= -1;
                break;
@@ -399,7 +540,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                        *enc=ssl_cipher_methods[i];
                }
-        switch (c->algorithms & SSL_MAC_MASK)
+        switch (c->algorithm_mac)
                {
        case SSL_MD5:
                i=SSL_MD_MD5_IDX;
@@ -407,21 +548,48 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
        case SSL_SHA1:
                i=SSL_MD_SHA1_IDX;
                break;
+        case SSL_GOST94:
+                i = SSL_MD_GOST94_IDX;
+                break;
+        case SSL_GOST89MAC:
+                i = SSL_MD_GOST89MAC_IDX;
+                break;
        default:
                i= -1;
                break;
                }
        if ((i < 0) || (i > SSL_MD_NUM_IDX))
-                *md=NULL;
+        {
+                *md=NULL; 
+                if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
+                if (mac_secret_size!=NULL) *mac_secret_size = 0;
+        }
        else
+        {
                *md=ssl_digest_methods[i];
+                if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
+                if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
+        }       
-        if ((*enc != NULL) && (*md != NULL))
+        if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef))
                return(1);
        else
                return(0);
        }
+int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) 
+{
+        if (idx <0||idx>=SSL_MD_NUM_IDX) 
+                {
+                return 0;
+                }
+        if (ssl_handshake_digest_flag[idx]==0) return 0;
+        *mask = ssl_handshake_digest_flag[idx];
+        *md = ssl_digest_methods[idx];
+        return 1;
+}
 #define ITEM_SEP(a) \
        (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
@@ -433,7 +601,7 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
                *head=curr->next;
        if (curr->prev != NULL)
                curr->prev->next=curr->next;
-        if (curr->next != NULL) /* should always be true */
+        if (curr->next != NULL)
                curr->next->prev=curr->prev;
        (*tail)->next=curr;
        curr->prev= *tail;
@@ -441,69 +609,105 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
        *tail=curr;
        }
-struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9,
+static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
-                         * where 128-bit and 256-bit algorithms simply will get
+             CIPHER_ORDER **tail)
-                         * separate bits. */
+        {
-  unsigned long mask; /* everything except m256 */
+        if (curr == *head) return;
-  unsigned long m256; /* applies to 256-bit algorithms only */
+        if (curr == *tail)
-};
+                *tail=curr->prev;
+        if (curr->next != NULL)
+                curr->next->prev=curr->prev;
+        if (curr->prev != NULL)
+                curr->prev->next=curr->next;
+        (*head)->prev=curr;
+        curr->next= *head;
+        curr->prev=NULL;
+        *head=curr;
+        }
-static struct disabled_masks ssl_cipher_get_disabled(void)
+static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
        {
-        unsigned long mask;
+        *mkey = 0;
-        unsigned long m256;
+        *auth = 0;
-        struct disabled_masks ret;
+        *enc = 0;
+        *mac = 0;
+        *ssl = 0;
-        mask = SSL_kFZA;
 #ifdef OPENSSL_NO_RSA
-        mask |= SSL_aRSA|SSL_kRSA;
+        *mkey |= SSL_kRSA;
+        *auth |= SSL_aRSA;
 #endif
 #ifdef OPENSSL_NO_DSA
-        mask |= SSL_aDSS;
+        *auth |= SSL_aDSS;
 #endif
+        *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
+        *auth |= SSL_aDH;
 #ifdef OPENSSL_NO_DH
-        mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
+        *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
+        *auth |= SSL_aDH;
 #endif
 #ifdef OPENSSL_NO_KRB5
-        mask |= SSL_kKRB5|SSL_aKRB5;
+        *mkey |= SSL_kKRB5;
+        *auth |= SSL_aKRB5;
+#endif
+#ifdef OPENSSL_NO_ECDSA
+        *auth |= SSL_aECDSA;
 #endif
 #ifdef OPENSSL_NO_ECDH
-        mask |= SSL_kECDH|SSL_kECDHE;
+        *mkey |= SSL_kECDHe|SSL_kECDHr;
+        *auth |= SSL_aECDH;
 #endif
+#ifdef OPENSSL_NO_PSK
+        *mkey |= SSL_kPSK;
+        *auth |= SSL_aPSK;
+#endif
+        /* Check for presence of GOST 34.10 algorithms, and if they
+         * do not present, disable  appropriate auth and key exchange */
+        if (!get_optional_pkey_id("gost94")) {
+                *auth |= SSL_aGOST94;
+        }
+        if (!get_optional_pkey_id("gost2001")) {
+                *auth |= SSL_aGOST01;
+        }
+        /* Disable GOST key exchange if no GOST signature algs are available * */
+        if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
+                *mkey |= SSL_kGOST;
+        }       
 #ifdef SSL_FORBID_ENULL
-        mask |= SSL_eNULL;
+        *enc |= SSL_eNULL;
 #endif
+                
+        *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
+        *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
+        *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
+        *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
+        *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
+        *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
+        *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
+        *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
+        *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
+        *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
+        *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
+        *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
+        *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
+        *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
+        *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
-        mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
-        mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
-        mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
-        mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
-        mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
-        mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
-        mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
-        mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
-        mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
-        /* finally consider algorithms where mask and m256 differ */
-        m256 = mask;
-        mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
-        mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
-        m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;
-        m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0;
-        ret.mask = mask;
-        ret.m256 = m256;
-        return ret;
        }
 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
-                int num_of_ciphers, unsigned long mask, unsigned long m256,
+                int num_of_ciphers,
-                CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
+                unsigned long disabled_mkey, unsigned long disabled_auth,
-                CIPHER_ORDER **tail_p)
+                unsigned long disabled_enc, unsigned long disabled_mac,
+                unsigned long disabled_ssl,
+                CIPHER_ORDER *co_list,
+                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
        {
        int i, co_list_num;
-        SSL_CIPHER *c;
+        const SSL_CIPHER *c;
        /*
         * We have num_of_ciphers descriptions compiled in, depending on the
@@ -517,14 +721,13 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
        for (i = 0; i < num_of_ciphers; i++)
                {
                c = ssl_method->get_cipher(i);
-#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
                /* drop those that use any of that is not available */
-#ifdef OPENSSL_FIPS
+                if ((c != NULL) && c->valid &&
-                if ((c != NULL) && c->valid && !IS_MASKED(c)
+                    !(c->algorithm_mkey & disabled_mkey) &&
-                        && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
+                    !(c->algorithm_auth & disabled_auth) &&
-#else
+                    !(c->algorithm_enc & disabled_enc) &&
-                if ((c != NULL) && c->valid && !IS_MASKED(c))
+                    !(c->algorithm_mac & disabled_mac) &&
-#endif
+                    !(c->algorithm_ssl & disabled_ssl))
                        {
                        co_list[co_list_num].cipher = c;
                        co_list[co_list_num].next = NULL;
@@ -532,7 +735,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                        co_list[co_list_num].active = 0;
                        co_list_num++;
 #ifdef KSSL_DEBUG
-                        printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
+                        printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
 #endif  /* KSSL_DEBUG */
                        /*
                        if (!sk_push(ca_list,(char *)c)) goto err;
@@ -543,29 +746,45 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
        /*
         * Prepare linked list from list entries
         */     
-        for (i = 1; i < co_list_num - 1; i++)
-                {
-                co_list[i].prev = &(co_list[i-1]);
-                co_list[i].next = &(co_list[i+1]);
-                }
        if (co_list_num > 0)
                {
-                (*head_p) = &(co_list[0]);
+                co_list[0].prev = NULL;
-                (*head_p)->prev = NULL;
-                (*head_p)->next = &(co_list[1]);
+                if (co_list_num > 1)
-                (*tail_p) = &(co_list[co_list_num - 1]);
+                        {
-                (*tail_p)->prev = &(co_list[co_list_num - 2]);
+                        co_list[0].next = &co_list[1];
-                (*tail_p)->next = NULL;
+                        
+                        for (i = 1; i < co_list_num - 1; i++)
+                                {
+                                co_list[i].prev = &co_list[i - 1];
+                                co_list[i].next = &co_list[i + 1];
+                                }
+                        co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
+                        }
+                
+                co_list[co_list_num - 1].next = NULL;
+                *head_p = &co_list[0];
+                *tail_p = &co_list[co_list_num - 1];
                }
        }
-static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
+static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
-                        int num_of_group_aliases, unsigned long mask,
+                        int num_of_group_aliases,
+                        unsigned long disabled_mkey, unsigned long disabled_auth,
+                        unsigned long disabled_enc, unsigned long disabled_mac,
+                        unsigned long disabled_ssl,
                        CIPHER_ORDER *head)
        {
        CIPHER_ORDER *ciph_curr;
-        SSL_CIPHER **ca_curr;
+        const SSL_CIPHER **ca_curr;
        int i;
+        unsigned long mask_mkey = ~disabled_mkey;
+        unsigned long mask_auth = ~disabled_auth;
+        unsigned long mask_enc = ~disabled_enc;
+        unsigned long mask_mac = ~disabled_mac;
+        unsigned long mask_ssl = ~disabled_ssl;
        /*
         * First, add the real ciphers as already collected
@@ -581,84 +800,118 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
        /*
         * Now we add the available ones from the cipher_aliases[] table.
-         * They represent either an algorithm, that must be fully
+         * They represent either one or more algorithms, some of which
-         * supported (not match any bit in mask) or represent a cipher
+         * in any affected category must be supported (set in enabled_mask),
-         * strength value (will be added in any case because algorithms=0).
+         * or represent a cipher strength value (will be added in any case because algorithms=0).
         */
        for (i = 0; i < num_of_group_aliases; i++)
                {
-                if ((i == 0) ||         /* always fetch "ALL" */
+                unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
-                    !(cipher_aliases[i].algorithms & mask))
+                unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
-                        {
+                unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
-                        *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
+                unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
-                        ca_curr++;
+                unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
-                        }
+                if (algorithm_mkey)
+                        if ((algorithm_mkey & mask_mkey) == 0)
+                                continue;
+        
+                if (algorithm_auth)
+                        if ((algorithm_auth & mask_auth) == 0)
+                                continue;
+                
+                if (algorithm_enc)
+                        if ((algorithm_enc & mask_enc) == 0)
+                                continue;
+                
+                if (algorithm_mac)
+                        if ((algorithm_mac & mask_mac) == 0)
+                                continue;
+                
+                if (algorithm_ssl)
+                        if ((algorithm_ssl & mask_ssl) == 0)
+                                continue;
+                
+                *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
+                ca_curr++;
                }
        *ca_curr = NULL;        /* end of list */
        }
-static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version,
+static void ssl_cipher_apply_rule(unsigned long cipher_id,
-                unsigned long algorithms, unsigned long mask,
+                unsigned long alg_mkey, unsigned long alg_auth,
-                unsigned long algo_strength, unsigned long mask_strength,
+                unsigned long alg_enc, unsigned long alg_mac,
-                int rule, int strength_bits, CIPHER_ORDER *co_list,
+                unsigned long alg_ssl,
+                unsigned long algo_strength,
+                int rule, int strength_bits,
                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
        {
-        CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
+        CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
-        SSL_CIPHER *cp;
+        const SSL_CIPHER *cp;
-        unsigned long ma, ma_s;
+        int reverse = 0;
 #ifdef CIPHER_DEBUG
-        printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n",
+        printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
-                rule, algorithms, mask, algo_strength, mask_strength,
+                rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
-                strength_bits);
 #endif
-        curr = head = *head_p;
+        if (rule == CIPHER_DEL)
-        curr2 = head;
+                reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
-        tail2 = tail = *tail_p;
+        head = *head_p;
+        tail = *tail_p;
+        if (reverse)
+                {
+                curr = tail;
+                last = head;
+                }
+        else
+                {
+                curr = head;
+                last = tail;
+                }
+        curr2 = curr;
        for (;;)
                {
-                if ((curr == NULL) || (curr == tail2)) break;
+                if ((curr == NULL) || (curr == last)) break;
                curr = curr2;
-                curr2 = curr->next;
+                curr2 = reverse ? curr->prev : curr->next;
                cp = curr->cipher;
-                /* If explicit cipher suite, match only that one for its own protocol version.
+                /*
-                 * Usual selection criteria will be used for similar ciphersuites from other version! */
+                 * Selection criteria is either the value of strength_bits
+                 * or the algorithms used.
-                if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version)
+                 */
+                if (strength_bits >= 0)
                        {
-                        if (cp->id != cipher_id)
+                        if (strength_bits != cp->strength_bits)
                                continue;
                        }
+                else
-                /*
-                 * Selection criteria is either the number of strength_bits
-                 * or the algorithm used.
-                 */
-                else if (strength_bits == -1)
                        {
-                        ma = mask & cp->algorithms;
-                        ma_s = mask_strength & cp->algo_strength;
 #ifdef CIPHER_DEBUG
-                        printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength);
+                        printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
-                        printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);
 #endif
-                        /*
-                         * Select: if none of the mask bit was met from the
+                        if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
-                         * cipher or not all of the bits were met, the
+                                continue;
-                         * selection does not apply.
+                        if (alg_auth && !(alg_auth & cp->algorithm_auth))
-                         */
+                                continue;
-                        if (((ma == 0) && (ma_s == 0)) ||
+                        if (alg_enc && !(alg_enc & cp->algorithm_enc))
-                            ((ma & algorithms) != ma) ||
+                                continue;
-                            ((ma_s & algo_strength) != ma_s))
+                        if (alg_mac && !(alg_mac & cp->algorithm_mac))
-                                continue; /* does not apply */
+                                continue;
+                        if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
+                                continue;
+                        if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
+                                continue;
+                        if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
+                                continue;
                        }
-                else if (strength_bits != cp->strength_bits)
-                        continue;       /* does not apply */
 #ifdef CIPHER_DEBUG
                printf("Action = %d\n", rule);
@@ -667,38 +920,37 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_ver
                /* add the cipher if it has not been added yet. */
                if (rule == CIPHER_ADD)
                        {
+                        /* reverse == 0 */
                        if (!curr->active)
                                {
-                                int add_this_cipher = 1;
+                                ll_append_tail(&head, curr, &tail);
+                                curr->active = 1;
-                                if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0))
-                                        {
-                                        /* Make sure "ECCdraft" ciphersuites are activated only if
-                                         * *explicitly* requested, but not implicitly (such as
-                                         * as part of the "AES" alias). */
-                                        add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0;
-                                        }
-                                
-                                if (add_this_cipher)
-                                        {
-                                        ll_append_tail(&head, curr, &tail);
-                                        curr->active = 1;
-                                        }
                                }
                        }
                /* Move the added cipher to this location */
                else if (rule == CIPHER_ORD)
                        {
+                        /* reverse == 0 */
                        if (curr->active)
                                {
                                ll_append_tail(&head, curr, &tail);
                                }
                        }
                else if (rule == CIPHER_DEL)
-                        curr->active = 0;
+                        {
+                        /* reverse == 1 */
+                        if (curr->active)
+                                {
+                                /* most recently deleted ciphersuites get best positions
+                                 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
+                                 * works in reverse to maintain the order) */
+                                ll_append_head(&head, curr, &tail);
+                                curr->active = 0;
+                                }
+                        }
                else if (rule == CIPHER_KILL)
                        {
+                        /* reverse == 0 */
                        if (head == curr)
                                head = curr->next;
                        else
@@ -719,8 +971,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_ver
        *tail_p = tail;
        }
-static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
+static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
-                                    CIPHER_ORDER **head_p,
                                    CIPHER_ORDER **tail_p)
        {
        int max_strength_bits, i, *number_uses;
@@ -743,10 +994,10 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
        number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
        if (!number_uses)
-        {
+                {
                SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
                return(0);
-        }
+                }
        memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
        /*
@@ -765,21 +1016,20 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
         */
        for (i = max_strength_bits; i >= 0; i--)
                if (number_uses[i] > 0)
-                        ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i,
+                        ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
-                                        co_list, head_p, tail_p);
        OPENSSL_free(number_uses);
        return(1);
        }
 static int ssl_cipher_process_rulestr(const char *rule_str,
-                CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
+                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
-                CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
+                const SSL_CIPHER **ca_list)
        {
-        unsigned long algorithms, mask, algo_strength, mask_strength;
+        unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
        const char *l, *start, *buf;
        int j, multi, found, rule, retval, ok, buflen;
-        unsigned long cipher_id = 0, ssl_version = 0;
+        unsigned long cipher_id = 0;
        char ch;
        retval = 1;
@@ -807,7 +1057,12 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                        continue;
                        }
-                algorithms = mask = algo_strength = mask_strength = 0;
+                alg_mkey = 0;
+                alg_auth = 0;
+                alg_enc = 0;
+                alg_mac = 0;
+                alg_ssl = 0;
+                algo_strength = 0;
                start=l;
                for (;;)
@@ -868,10 +1123,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         * sufficient, we have to strncmp() anyway. (We cannot
                         * use strcmp(), because buf is not '\0' terminated.)
                         */
-                         j = found = 0;
+                        j = found = 0;
-                         cipher_id = 0;
+                        cipher_id = 0;
-                         ssl_version = 0;
+                        while (ca_list[j])
-                         while (ca_list[j])
                                {
                                if (!strncmp(buf, ca_list[j]->name, buflen) &&
                                    (ca_list[j]->name[buflen] == '\0'))
@@ -882,31 +1136,100 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                                else
                                        j++;
                                }
                        if (!found)
                                break;  /* ignore this entry */
-                        /* New algorithms:
+                        if (ca_list[j]->algorithm_mkey)
-                         *  1 - any old restrictions apply outside new mask
+                                {
-                         *  2 - any new restrictions apply outside old mask
+                                if (alg_mkey)
-                         *  3 - enforce old & new where masks intersect
+                                        {
-                         */
+                                        alg_mkey &= ca_list[j]->algorithm_mkey;
-                        algorithms = (algorithms & ~ca_list[j]->mask) |         /* 1 */
+                                        if (!alg_mkey) { found = 0; break; }
-                                     (ca_list[j]->algorithms & ~mask) |         /* 2 */
+                                        }
-                                     (algorithms & ca_list[j]->algorithms);     /* 3 */
+                                else
-                        mask |= ca_list[j]->mask;
+                                        alg_mkey = ca_list[j]->algorithm_mkey;
-                        algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |
+                                }
-                                        (ca_list[j]->algo_strength & ~mask_strength) |
-                                        (algo_strength & ca_list[j]->algo_strength);
+                        if (ca_list[j]->algorithm_auth)
-                        mask_strength |= ca_list[j]->mask_strength;
+                                {
+                                if (alg_auth)
-                        /* explicit ciphersuite found */
+                                        {
+                                        alg_auth &= ca_list[j]->algorithm_auth;
+                                        if (!alg_auth) { found = 0; break; }
+                                        }
+                                else
+                                        alg_auth = ca_list[j]->algorithm_auth;
+                                }
+                        
+                        if (ca_list[j]->algorithm_enc)
+                                {
+                                if (alg_enc)
+                                        {
+                                        alg_enc &= ca_list[j]->algorithm_enc;
+                                        if (!alg_enc) { found = 0; break; }
+                                        }
+                                else
+                                        alg_enc = ca_list[j]->algorithm_enc;
+                                }
+                                                
+                        if (ca_list[j]->algorithm_mac)
+                                {
+                                if (alg_mac)
+                                        {
+                                        alg_mac &= ca_list[j]->algorithm_mac;
+                                        if (!alg_mac) { found = 0; break; }
+                                        }
+                                else
+                                        alg_mac = ca_list[j]->algorithm_mac;
+                                }
+                        
+                        if (ca_list[j]->algo_strength & SSL_EXP_MASK)
+                                {
+                                if (algo_strength & SSL_EXP_MASK)
+                                        {
+                                        algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
+                                        if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
+                                        }
+                                else
+                                        algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
+                                }
+                        if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
+                                {
+                                if (algo_strength & SSL_STRONG_MASK)
+                                        {
+                                        algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
+                                        if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
+                                        }
+                                else
+                                        algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
+                                }
+                        
                        if (ca_list[j]->valid)
                                {
+                                /* explicit ciphersuite found; its protocol version
+                                 * does not become part of the search pattern!*/
                                cipher_id = ca_list[j]->id;
-                                ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;
-                                break;
                                }
+                        else
+                                {
+                                /* not an explicit ciphersuite; only in this case, the
+                                 * protocol version is considered part of the search pattern */
+                                if (ca_list[j]->algorithm_ssl)
+                                        {
+                                        if (alg_ssl)
+                                                {
+                                                alg_ssl &= ca_list[j]->algorithm_ssl;
+                                                if (!alg_ssl) { found = 0; break; }
+                                                }
+                                        else
+                                                alg_ssl = ca_list[j]->algorithm_ssl;
+                                        }
+                                }
+                        
                        if (!multi) break;
                        }
@@ -918,8 +1241,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                        ok = 0;
                        if ((buflen == 8) &&
                                !strncmp(buf, "STRENGTH", 8))
-                                ok = ssl_cipher_strength_sort(co_list,
+                                ok = ssl_cipher_strength_sort(head_p, tail_p);
-                                        head_p, tail_p);
                        else
                                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
                                        SSL_R_INVALID_COMMAND);
@@ -936,9 +1258,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                        }
                else if (found)
                        {
-                        ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask,
+                        ssl_cipher_apply_rule(cipher_id,
-                                algo_strength, mask_strength, rule, -1,
+                                alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
-                                co_list, head_p, tail_p);
+                                rule, -1, head_p, tail_p);
                        }
                else
                        {
@@ -957,12 +1279,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                const char *rule_str)
        {
        int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
-        unsigned long disabled_mask;
+        unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
-        unsigned long disabled_m256;
        STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
        const char *rule_p;
        CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
-        SSL_CIPHER **ca_list = NULL;
+        const SSL_CIPHER **ca_list = NULL;
        /*
         * Return with error if nothing to do.
@@ -974,12 +1295,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         * To reduce the work to do we only want to process the compiled
         * in algorithms, so we first get the mask of disabled ciphers.
         */
-        {
+        ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
-                struct disabled_masks d;
-                d = ssl_cipher_get_disabled();
-                disabled_mask = d.mask;
-                disabled_m256 = d.m256;
-        }
        /*
         * Now we have to collect the available ciphers from the compiled
@@ -997,8 +1313,52 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                return(NULL);   /* Failure */
                }
-        ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
+        ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
-                                   disabled_m256, co_list, &head, &tail);
+                                   disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
+                                   co_list, &head, &tail);
+        /* Now arrange all ciphers by preference: */
+        /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
+        ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+        ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+        /* AES is our preferred symmetric cipher */
+        ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+        /* Temporarily enable everything else for sorting */
+        ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+        /* Low priority for MD5 */
+        ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
+        /* Move anonymous ciphers to the end.  Usually, these will remain disabled.
+         * (For applications that allow them, they aren't too bad, but we prefer
+         * authenticated ciphers.) */
+        ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
+        /* Move ciphers without forward secrecy to the end */
+        ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
+        /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
+        ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
+        ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
+        ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
+        /* RC4 is sort-of broken -- move the the end */
+        ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
+        /* Now sort by symmetric encryption strength.  The above ordering remains
+         * in force within each class */
+        if (!ssl_cipher_strength_sort(&head, &tail))
+                {
+                OPENSSL_free(co_list);
+                return NULL;
+                }
+        /* Now disable everything (maintaining the ordering!) */
+        ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
        /*
         * We also need cipher aliases for selecting based on the rule_str.
@@ -1010,8 +1370,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         */
        num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
        num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
-        ca_list =
+        ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
-                (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
        if (ca_list == NULL)
                {
                OPENSSL_free(co_list);
@@ -1019,7 +1378,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                return(NULL);   /* Failure */
                }
        ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
-                                   (disabled_mask & disabled_m256), head);
+                                   disabled_mkey, disabled_auth, disabled_enc,
+                                   disabled_mac, disabled_ssl, head);
        /*
         * If the rule_string begins with DEFAULT, apply the default rule
@@ -1030,23 +1390,23 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        if (strncmp(rule_str,"DEFAULT",7) == 0)
                {
                ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
-                        co_list, &head, &tail, ca_list);
+                        &head, &tail, ca_list);
                rule_p += 7;
                if (*rule_p == ':')
                        rule_p++;
                }
        if (ok && (strlen(rule_p) > 0))
-                ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
+                ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
-                                                ca_list);
-        OPENSSL_free(ca_list);  /* Not needed anymore */
+        OPENSSL_free((void *)ca_list);  /* Not needed anymore */
        if (!ok)
                {       /* Rule processing failure */
                OPENSSL_free(co_list);
                return(NULL);
                }
+        
        /*
         * Allocate new "cipherstack" for the result, return with error
         * if we cannot get one.
@@ -1063,11 +1423,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         */
        for (curr = head; curr != NULL; curr = curr->next)
                {
-#ifdef OPENSSL_FIPS
-                if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
-#else
                if (curr->active)
-#endif
                        {
                        sk_SSL_CIPHER_push(cipherstack, curr->cipher);
 #ifdef CIPHER_DEBUG
@@ -1091,22 +1447,28 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        *cipher_list_by_id = tmp_cipher_list;
        (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
+        sk_SSL_CIPHER_sort(*cipher_list_by_id);
        return(cipherstack);
        }
-char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
+char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        {
        int is_export,pkl,kl;
        const char *ver,*exp_str;
        const char *kx,*au,*enc,*mac;
-        unsigned long alg,alg2,alg_s;
+        unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2,alg_s;
 #ifdef KSSL_DEBUG
-        static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
+        static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
 #else
        static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
 #endif /* KSSL_DEBUG */
-        alg=cipher->algorithms;
+        alg_mkey = cipher->algorithm_mkey;
+        alg_auth = cipher->algorithm_auth;
+        alg_enc = cipher->algorithm_enc;
+        alg_mac = cipher->algorithm_mac;
+        alg_ssl = cipher->algorithm_ssl;
        alg_s=cipher->algo_strength;
        alg2=cipher->algorithm2;
@@ -1115,14 +1477,14 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        kl=SSL_C_EXPORT_KEYLENGTH(cipher);
        exp_str=is_export?" export":"";
        
-        if (alg & SSL_SSLV2)
+        if (alg_ssl & SSL_SSLV2)
                ver="SSLv2";
-        else if (alg & SSL_SSLV3)
+        else if (alg_ssl & SSL_SSLV3)
                ver="SSLv3";
        else
                ver="unknown";
-        switch (alg&SSL_MKEY_MASK)
+        switch (alg_mkey)
                {
        case SSL_kRSA:
                kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
@@ -1133,25 +1495,29 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        case SSL_kDHd:
                kx="DH/DSS";
                break;
-        case SSL_kKRB5:         /* VRS */
+        case SSL_kKRB5:
-        case SSL_KRB5:          /* VRS */
+                kx="KRB5";
-            kx="KRB5";
-            break;
-        case SSL_kFZA:
-                kx="Fortezza";
                break;
        case SSL_kEDH:
                kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
                break;
-        case SSL_kECDH:
+        case SSL_kECDHr:
-        case SSL_kECDHE:
+                kx="ECDH/RSA";
-                kx=is_export?"ECDH(<=163)":"ECDH";
+                break;
+        case SSL_kECDHe:
+                kx="ECDH/ECDSA";
+                break;
+        case SSL_kEECDH:
+                kx="ECDH";
+                break;
+        case SSL_kPSK:
+                kx="PSK";
                break;
        default:
                kx="unknown";
                }
-        switch (alg&SSL_AUTH_MASK)
+        switch (alg_auth)
                {
        case SSL_aRSA:
                au="RSA";
@@ -1162,23 +1528,27 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        case SSL_aDH:
                au="DH";
                break;
-        case SSL_aKRB5:         /* VRS */
+        case SSL_aKRB5:
-        case SSL_KRB5:          /* VRS */
+                au="KRB5";
-            au="KRB5";
+                break;
-            break;
+        case SSL_aECDH:
-        case SSL_aFZA:
+                au="ECDH";
+                break;
        case SSL_aNULL:
                au="None";
                break;
        case SSL_aECDSA:
                au="ECDSA";
                break;
+        case SSL_aPSK:
+                au="PSK";
+                break;
        default:
                au="unknown";
                break;
                }
-        switch (alg&SSL_ENC_MASK)
+        switch (alg_enc)
                {
        case SSL_DES:
                enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
@@ -1196,39 +1566,30 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        case SSL_IDEA:
                enc="IDEA(128)";
                break;
-        case SSL_eFZA:
-                enc="Fortezza";
-                break;
        case SSL_eNULL:
                enc="None";
                break;
-        case SSL_AES:
+        case SSL_AES128:
-                switch(cipher->strength_bits)
+                enc="AES(128)";
-                        {
-                case 128: enc="AES(128)"; break;
-                case 192: enc="AES(192)"; break;
-                case 256: enc="AES(256)"; break;
-                default: enc="AES(?""?""?)"; break;
-                        }
                break;
-        case SSL_CAMELLIA:
+        case SSL_AES256:
-                switch(cipher->strength_bits)
+                enc="AES(256)";
-                        {
+                break;
-                case 128: enc="Camellia(128)"; break;
+        case SSL_CAMELLIA128:
-                case 256: enc="Camellia(256)"; break;
+                enc="Camellia(128)";
-                default: enc="Camellia(?""?""?)"; break;
+                break;
-                        }
+        case SSL_CAMELLIA256:
+                enc="Camellia(256)";
                break;
        case SSL_SEED:
                enc="SEED(128)";
                break;
        default:
                enc="unknown";
                break;
                }
-        switch (alg&SSL_MAC_MASK)
+        switch (alg_mac)
                {
        case SSL_MD5:
                mac="MD5";
@@ -1251,7 +1612,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
                return("Buffer too small");
 #ifdef KSSL_DEBUG
-        BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
+        BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
 #else
        BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
 #endif /* KSSL_DEBUG */
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c
index 24a994fe01..0eed464749 100644
--- a/src/lib/libssl/src/ssl/ssl_err.c
+++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -1,6 +1,6 @@
 /* ssl/ssl_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -78,6 +78,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_DO_DTLS1_WRITE),        "DO_DTLS1_WRITE"},
 {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
 {ERR_FUNC(SSL_F_DTLS1_ACCEPT),  "DTLS1_ACCEPT"},
+{ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
 {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD),   "DTLS1_BUFFER_RECORD"},
 {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO),    "DTLS1_CLIENT_HELLO"},
 {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
@@ -86,6 +87,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE),     "DTLS1_GET_MESSAGE"},
 {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT),    "DTLS1_GET_MESSAGE_FRAGMENT"},
 {ERR_FUNC(SSL_F_DTLS1_GET_RECORD),      "DTLS1_GET_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT),  "DTLS1_HANDLE_TIMEOUT"},
 {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN),       "DTLS1_OUTPUT_CERT_CHAIN"},
 {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT),     "DTLS1_PREPROCESS_FRAGMENT"},
 {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),      "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
@@ -131,6 +133,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE),  "SSL2_SET_CERTIFICATE"},
 {ERR_FUNC(SSL_F_SSL2_WRITE),    "SSL2_WRITE"},
 {ERR_FUNC(SSL_F_SSL3_ACCEPT),   "SSL3_ACCEPT"},
+{ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF),  "SSL3_ADD_CERT_TO_BUF"},
 {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL),    "SSL3_CALLBACK_CTRL"},
 {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE),      "SSL3_CHANGE_CIPHER_STATE"},
 {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
@@ -138,6 +141,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL3_CONNECT),  "SSL3_CONNECT"},
 {ERR_FUNC(SSL_F_SSL3_CTRL),     "SSL3_CTRL"},
 {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
+{ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS),    "SSL3_DIGEST_CACHED_RECORDS"},
 {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC),    "SSL3_DO_CHANGE_CIPHER_SPEC"},
 {ERR_FUNC(SSL_F_SSL3_ENC),      "SSL3_ENC"},
 {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK),       "SSL3_GENERATE_KEY_BLOCK"},
@@ -155,6 +159,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE),   "SSL3_GET_SERVER_CERTIFICATE"},
 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE),  "SSL3_GET_SERVER_DONE"},
 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
+{ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC),    "ssl3_handshake_mac"},
 {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET),       "SSL3_NEW_SESSION_TICKET"},
 {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN),        "SSL3_OUTPUT_CERT_CHAIN"},
 {ERR_FUNC(SSL_F_SSL3_PEEK),     "SSL3_PEEK"},
@@ -167,13 +172,16 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE),  "SSL3_SEND_SERVER_CERTIFICATE"},
 {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO),        "SSL3_SEND_SERVER_HELLO"},
 {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_SETUP_BUFFERS),    "SSL3_SETUP_BUFFERS"},
 {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK),  "SSL3_SETUP_KEY_BLOCK"},
+{ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER),        "SSL3_SETUP_READ_BUFFER"},
+{ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER),       "SSL3_SETUP_WRITE_BUFFER"},
 {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES),      "SSL3_WRITE_BYTES"},
 {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING),    "SSL3_WRITE_PENDING"},
+{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT),   "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
 {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),    "SSL_ADD_CLIENTHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),    "SSL_add_dir_cert_subjects_to_stack"},
 {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK),   "SSL_add_file_cert_subjects_to_stack"},
+{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),   "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
 {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),    "SSL_ADD_SERVERHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_SSL_BAD_METHOD),        "SSL_BAD_METHOD"},
 {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST),      "SSL_BYTES_TO_CIPHER_LIST"},
@@ -183,6 +191,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_CERT_NEW),  "SSL_CERT_NEW"},
 {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
 {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT),  "SSL_CHECK_SERVERHELLO_TLSEXT"},
+{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG),       "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"},
 {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),    "SSL_CIPHER_PROCESS_RULESTR"},
 {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT),      "SSL_CIPHER_STRENGTH_SORT"},
 {ERR_FUNC(SSL_F_SSL_CLEAR),     "SSL_clear"},
@@ -204,6 +213,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY),        "SSL_CTX_use_PrivateKey"},
 {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1),   "SSL_CTX_use_PrivateKey_ASN1"},
 {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE),   "SSL_CTX_use_PrivateKey_file"},
+{ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"},
 {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY),     "SSL_CTX_use_RSAPrivateKey"},
 {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1),        "SSL_CTX_use_RSAPrivateKey_ASN1"},
 {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE),        "SSL_CTX_use_RSAPrivateKey_file"},
@@ -215,6 +225,10 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER),  "SSL_INIT_WBIO_BUFFER"},
 {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE),       "SSL_load_client_CA_file"},
 {ERR_FUNC(SSL_F_SSL_NEW),       "SSL_new"},
+{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
+{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT),  "SSL_PARSE_CLIENTHELLO_TLSEXT"},
+{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
+{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT),  "SSL_PARSE_SERVERHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_SSL_PEEK),      "SSL_peek"},
 {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT),        "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT),        "SSL_PREPARE_SERVERHELLO_TLSEXT"},
@@ -232,6 +246,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_SET_RFD),   "SSL_set_rfd"},
 {ERR_FUNC(SSL_F_SSL_SET_SESSION),       "SSL_set_session"},
 {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),    "SSL_set_session_id_context"},
+{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT),    "SSL_set_session_ticket_ext"},
 {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
 {ERR_FUNC(SSL_F_SSL_SET_WFD),   "SSL_set_wfd"},
 {ERR_FUNC(SSL_F_SSL_SHUTDOWN),  "SSL_shutdown"},
@@ -244,13 +259,19 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY),    "SSL_use_PrivateKey"},
 {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1),       "SSL_use_PrivateKey_ASN1"},
 {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE),       "SSL_use_PrivateKey_file"},
+{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT),     "SSL_use_psk_identity_hint"},
 {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
 {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1),    "SSL_use_RSAPrivateKey_ASN1"},
 {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE),    "SSL_use_RSAPrivateKey_file"},
 {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
 {ERR_FUNC(SSL_F_SSL_WRITE),     "SSL_write"},
+{ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC),  "tls1_cert_verify_mac"},
 {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE),      "TLS1_CHANGE_CIPHER_STATE"},
+{ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_TLS1_ENC),      "TLS1_ENC"},
+{ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT),       "TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
+{ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT),       "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
+{ERR_FUNC(SSL_F_TLS1_PRF),      "tls1_prf"},
 {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK),  "TLS1_SETUP_KEY_BLOCK"},
 {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
 {0,NULL}
@@ -274,12 +295,15 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_BAD_ECC_CERT)          ,"bad ecc cert"},
 {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE)   ,"bad ecdsa signature"},
 {ERR_REASON(SSL_R_BAD_ECPOINT)           ,"bad ecpoint"},
+{ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH)  ,"bad handshake length"},
 {ERR_REASON(SSL_R_BAD_HELLO_REQUEST)     ,"bad hello request"},
 {ERR_REASON(SSL_R_BAD_LENGTH)            ,"bad length"},
 {ERR_REASON(SSL_R_BAD_MAC_DECODE)        ,"bad mac decode"},
+{ERR_REASON(SSL_R_BAD_MAC_LENGTH)        ,"bad mac length"},
 {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE)      ,"bad message type"},
 {ERR_REASON(SSL_R_BAD_PACKET_LENGTH)     ,"bad packet length"},
 {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
+{ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),"bad psk identity hint length"},
 {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},
 {ERR_REASON(SSL_R_BAD_RSA_DECRYPT)       ,"bad rsa decrypt"},
 {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT)       ,"bad rsa encrypt"},
@@ -305,6 +329,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
 {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT)    ,"clienthello tlsext"},
 {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
+{ERR_REASON(SSL_R_COMPRESSION_DISABLED)  ,"compression disabled"},
 {ERR_REASON(SSL_R_COMPRESSION_FAILURE)   ,"compression failure"},
 {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},
 {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
@@ -317,7 +342,12 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
 {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
 {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED)   ,"digest check failed"},
+{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG)  ,"dtls message too big"},
 {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},
+{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"},
+{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"},
+{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"},
+{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"},
 {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
 {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
 {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
@@ -328,8 +358,10 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST)   ,"https proxy request"},
 {ERR_REASON(SSL_R_HTTP_REQUEST)          ,"http request"},
 {ERR_REASON(SSL_R_ILLEGAL_PADDING)       ,"illegal padding"},
+{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"},
 {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
 {ERR_REASON(SSL_R_INVALID_COMMAND)       ,"invalid command"},
+{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"},
 {ERR_REASON(SSL_R_INVALID_PURPOSE)       ,"invalid purpose"},
 {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
 {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},
@@ -379,17 +411,22 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"},
 {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
 {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
+{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"},
 {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   ,"no method specified"},
 {ERR_REASON(SSL_R_NO_PRIVATEKEY)         ,"no privatekey"},
 {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
 {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
 {ERR_REASON(SSL_R_NO_PUBLICKEY)          ,"no publickey"},
+{ERR_REASON(SSL_R_NO_RENEGOTIATION)      ,"no renegotiation"},
+{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST)    ,"digest requred for handshake isn't computed"},
 {ERR_REASON(SSL_R_NO_SHARED_CIPHER)      ,"no shared cipher"},
 {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK)    ,"no verify callback"},
 {ERR_REASON(SSL_R_NULL_SSL_CTX)          ,"null ssl ctx"},
 {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
 {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
+{ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"},
 {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
+{ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"},
 {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
 {ERR_REASON(SSL_R_PARSE_TLSEXT)          ,"parse tlsext"},
 {ERR_REASON(SSL_R_PATH_TOO_LONG)         ,"path too long"},
@@ -402,6 +439,9 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
 {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
 {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN)  ,"protocol is shutdown"},
+{ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND),"psk identity not found"},
+{ERR_REASON(SSL_R_PSK_NO_CLIENT_CB)      ,"psk no client cb"},
+{ERR_REASON(SSL_R_PSK_NO_SERVER_CB)      ,"psk no server cb"},
 {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},
 {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
 {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
@@ -411,16 +451,22 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
 {ERR_REASON(SSL_R_RECORD_TOO_LARGE)      ,"record too large"},
 {ERR_REASON(SSL_R_RECORD_TOO_SMALL)      ,"record too small"},
+{ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"},
+{ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"},
+{ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"},
 {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
+{ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"},
 {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
 {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
 {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
+{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
 {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT)    ,"serverhello tlsext"},
 {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
 {ERR_REASON(SSL_R_SHORT_READ)            ,"short read"},
 {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
 {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
 {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
+{ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"},
 {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"},
 {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"},
 {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
@@ -456,6 +502,11 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
 {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
 {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
+{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"},
+{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"},
+{ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"},
+{ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"},
+{ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"},
 {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
 {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
 {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
@@ -484,8 +535,10 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
 {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION)   ,"unknown ssl version"},
 {ERR_REASON(SSL_R_UNKNOWN_STATE)         ,"unknown state"},
+{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"},
 {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
 {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
+{ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"},
 {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"},
 {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL)  ,"unsupported protocol"},
 {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 893abff1f4..3157f20eac 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -58,7 +58,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -115,6 +115,32 @@
 * ECC cipher suite support in OpenSSL originally developed by 
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #ifdef REF_CHECK
 #  include <assert.h>
@@ -143,9 +169,9 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
        ssl_undefined_function,
        (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
        (int (*)(SSL*, int))ssl_undefined_function,
-        (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function,
+        (int (*)(SSL *,  const char*, int, unsigned char *))ssl_undefined_function,
        0,      /* finish_mac_length */
-        (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function,
+        (int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
        NULL,   /* client_finished_label */
        0,      /* client_finished_label_len */
        NULL,   /* server_finished_label */
@@ -204,6 +230,8 @@ int SSL_clear(SSL *s)
                }
        ssl_clear_cipher_ctx(s);
+        ssl_clear_hash_ctx(&s->read_hash);
+        ssl_clear_hash_ctx(&s->write_hash);
        s->first_packet=0;
@@ -224,14 +252,15 @@ int SSL_clear(SSL *s)
        }
 /** Used to change an SSL_CTXs default SSL method type */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
        {
        STACK_OF(SSL_CIPHER) *sk;
        ctx->method=meth;
        sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
-                &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
+                &(ctx->cipher_list_by_id),
+                meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
        if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
                {
                SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
@@ -308,6 +337,7 @@ SSL *SSL_new(SSL_CTX *ctx)
        s->trust = ctx->trust;
 #endif
        s->quiet_shutdown=ctx->quiet_shutdown;
+        s->max_send_fragment = ctx->max_send_fragment;
        CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
        s->ctx=ctx;
@@ -324,6 +354,7 @@ SSL *SSL_new(SSL_CTX *ctx)
        CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
        s->initial_ctx=ctx;
 #endif
        s->verify_result=X509_V_OK;
        s->method=ctx->method;
@@ -338,6 +369,11 @@ SSL *SSL_new(SSL_CTX *ctx)
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+#ifndef OPENSSL_NO_PSK
+        s->psk_client_callback=ctx->psk_client_callback;
+        s->psk_server_callback=ctx->psk_server_callback;
+#endif
        return(s);
 err:
        if (s != NULL)
@@ -425,7 +461,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
                }
        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-        p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);
+        p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
        return (p != NULL);
        }
@@ -450,6 +486,16 @@ int SSL_set_trust(SSL *s, int trust)
        return X509_VERIFY_PARAM_set_trust(s->param, trust);
        }
+int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+        {
+        return X509_VERIFY_PARAM_set1(ctx->param, vpm);
+        }
+int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
+        {
+        return X509_VERIFY_PARAM_set1(ssl->param, vpm);
+        }
 void SSL_free(SSL *s)
        {
        int i;
@@ -504,15 +550,21 @@ void SSL_free(SSL *s)
                }
        ssl_clear_cipher_ctx(s);
+        ssl_clear_hash_ctx(&s->read_hash);
+        ssl_clear_hash_ctx(&s->write_hash);
        if (s->cert != NULL) ssl_cert_free(s->cert);
        /* Free up if allocated */
-        if (s->ctx) SSL_CTX_free(s->ctx);
 #ifndef OPENSSL_NO_TLSEXT
        if (s->tlsext_hostname)
                OPENSSL_free(s->tlsext_hostname);
        if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
+#ifndef OPENSSL_NO_EC
+        if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist);
+        if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist);
+#endif /* OPENSSL_NO_EC */
+        if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input);
        if (s->tlsext_ocsp_exts)
                sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
                                                X509_EXTENSION_free);
@@ -521,11 +573,14 @@ void SSL_free(SSL *s)
        if (s->tlsext_ocsp_resp)
                OPENSSL_free(s->tlsext_ocsp_resp);
 #endif
        if (s->client_CA != NULL)
                sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
        if (s->method != NULL) s->method->ssl_free(s);
+        if (s->ctx) SSL_CTX_free(s->ctx);
 #ifndef OPENSSL_NO_KRB5
        if (s->kssl_ctx != NULL)
                kssl_ctx_free(s->kssl_ctx);
@@ -843,7 +898,7 @@ int SSL_check_private_key(const SSL *ssl)
                }
        if (ssl->cert == NULL)
                {
-                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
+                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
                return 0;
                }
        if (ssl->cert->key->x509 == NULL)
@@ -986,8 +1041,12 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
        case SSL_CTRL_OPTIONS:
                return(s->options|=larg);
+        case SSL_CTRL_CLEAR_OPTIONS:
+                return(s->options&=~larg);
        case SSL_CTRL_MODE:
                return(s->mode|=larg);
+        case SSL_CTRL_CLEAR_MODE:
+                return(s->mode &=~larg);
        case SSL_CTRL_GET_MAX_CERT_LIST:
                return(s->max_cert_list);
        case SSL_CTRL_SET_MAX_CERT_LIST:
@@ -995,12 +1054,22 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
                s->max_cert_list=larg;
                return(l);
        case SSL_CTRL_SET_MTU:
-                if (SSL_version(s) == DTLS1_VERSION)
+                if (SSL_version(s) == DTLS1_VERSION ||
+                    SSL_version(s) == DTLS1_BAD_VER)
                        {
                        s->d1->mtu = larg;
                        return larg;
                        }
                return 0;
+        case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
+                if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
+                        return 0;
+                s->max_send_fragment = larg;
+                return 1;
+        case SSL_CTRL_GET_RI_SUPPORT:
+                if (s->s3)
+                        return s->s3->send_connection_binding;
+                else return 0;
        default:
                return(s->method->ssl_ctrl(s,cmd,larg,parg));
                }
@@ -1019,7 +1088,7 @@ long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
                }
        }
-struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
        {
        return ctx->sessions;
        }
@@ -1062,7 +1131,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
                return(ctx->session_cache_mode);
        case SSL_CTRL_SESS_NUMBER:
-                return(ctx->sessions->num_items);
+                return(lh_SSL_SESSION_num_items(ctx->sessions));
        case SSL_CTRL_SESS_CONNECT:
                return(ctx->stats.sess_connect);
        case SSL_CTRL_SESS_CONNECT_GOOD:
@@ -1087,8 +1156,17 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
                return(ctx->stats.sess_cache_full);
        case SSL_CTRL_OPTIONS:
                return(ctx->options|=larg);
+        case SSL_CTRL_CLEAR_OPTIONS:
+                return(ctx->options&=~larg);
        case SSL_CTRL_MODE:
                return(ctx->mode|=larg);
+        case SSL_CTRL_CLEAR_MODE:
+                return(ctx->mode&=~larg);
+        case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
+                if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
+                        return 0;
+                ctx->max_send_fragment = larg;
+                return 1;
        default:
                return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
                }
@@ -1193,8 +1271,8 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
        /* ssl_create_cipher_list may return an empty stack if it
         * was unable to find a cipher matching the given rule string
         * (for example if the rule string specifies a cipher which
-         * has been disabled). This is not an error as far as 
+         * has been disabled). This is not an error as far as
-         * ssl_create_cipher_list is concerned, and hence 
+         * ssl_create_cipher_list is concerned, and hence
         * ctx->cipher_list and ctx->cipher_list_by_id has been
         * updated. */
        if (sk == NULL)
@@ -1262,13 +1340,13 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
        }
 int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
-                             int (*put_cb)(const SSL_CIPHER *, unsigned char *))
+                             int (*put_cb)(const SSL_CIPHER *, unsigned char *))
        {
        int i,j=0;
        SSL_CIPHER *c;
        unsigned char *q;
 #ifndef OPENSSL_NO_KRB5
-        int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
+        int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
 #endif /* OPENSSL_NO_KRB5 */
        if (sk == NULL) return(0);
@@ -1278,22 +1356,46 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
                {
                c=sk_SSL_CIPHER_value(sk,i);
 #ifndef OPENSSL_NO_KRB5
-                if ((c->algorithms & SSL_KRB5) && nokrb5)
+                if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
-                    continue;
+                    nokrb5)
-#endif /* OPENSSL_NO_KRB5 */                    
+                    continue;
+#endif /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_PSK
+                /* with PSK there must be client callback set */
+                if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) &&
+                    s->psk_client_callback == NULL)
+                        continue;
+#endif /* OPENSSL_NO_PSK */
                j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
                p+=j;
                }
+        /* If p == q, no ciphers and caller indicates an error. Otherwise
+         * add SCSV if not renegotiating.
+         */
+        if (p != q && !s->new_session)
+                {
+                static SSL_CIPHER scsv =
+                        {
+                        0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+                        };
+                j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p);
+                p+=j;
+#ifdef OPENSSL_RI_DEBUG
+                fprintf(stderr, "SCSV sent by client\n");
+#endif
+                }
        return(p-q);
        }
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
                                               STACK_OF(SSL_CIPHER) **skp)
        {
-        SSL_CIPHER *c;
+        const SSL_CIPHER *c;
        STACK_OF(SSL_CIPHER) *sk;
        int i,n;
+        if (s->s3)
+                s->s3->send_connection_binding = 0;
        n=ssl_put_cipher_by_char(s,NULL,NULL);
        if ((num%n) != 0)
@@ -1311,6 +1413,26 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
        for (i=0; i<num; i+=n)
                {
+                /* Check for SCSV */
+                if (s->s3 && (n != 3 || !p[0]) &&
+                        (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
+                        (p[n-1] == (SSL3_CK_SCSV & 0xff)))
+                        {
+                        /* SCSV fatal if renegotiating */
+                        if (s->new_session)
+                                {
+                                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 
+                                goto err;
+                                }
+                        s->s3->send_connection_binding = 1;
+                        p += n;
+#ifdef OPENSSL_RI_DEBUG
+                        fprintf(stderr, "SCSV received by server\n");
+#endif
+                        continue;
+                        }
                c=ssl_get_cipher_by_char(s,p);
                p+=n;
                if (c != NULL)
@@ -1332,6 +1454,7 @@ err:
        return(NULL);
        }
 #ifndef OPENSSL_NO_TLSEXT
 /** return a servername extension value if provided in Client Hello, or NULL.
 * So far, only host_name types are defined (RFC 3546).
@@ -1355,7 +1478,7 @@ int SSL_get_servername_type(const SSL *s)
        }
 #endif
-unsigned long SSL_SESSION_hash(const SSL_SESSION *a)
+static unsigned long ssl_session_hash(const SSL_SESSION *a)
        {
        unsigned long l;
@@ -1372,7 +1495,7 @@ unsigned long SSL_SESSION_hash(const SSL_SESSION *a)
 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
 * able to construct an SSL_SESSION that will collide with any existing session
 * with a matching session ID. */
-int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
+static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
        {
        if (a->ssl_version != b->ssl_version)
                return(1);
@@ -1385,27 +1508,19 @@ int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
 * variable. The reason is that the functions aren't static, they're exposed via
 * ssl.h. */
-static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *)
+static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
-static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *)
+static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
-SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
+SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
        {
        SSL_CTX *ret=NULL;
-        
        if (meth == NULL)
                {
                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
                return(NULL);
                }
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && (meth->version < TLS1_VERSION))      
-                {
-                SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                return NULL;
-                }
-#endif
        if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
                {
                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
@@ -1468,15 +1583,14 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
        ret->app_gen_cookie_cb=0;
        ret->app_verify_cookie_cb=0;
-        ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
+        ret->sessions=lh_SSL_SESSION_new();
-                        LHASH_COMP_FN(SSL_SESSION_cmp));
        if (ret->sessions == NULL) goto err;
        ret->cert_store=X509_STORE_new();
        if (ret->cert_store == NULL) goto err;
        ssl_create_cipher_list(ret->method,
                &ret->cipher_list,&ret->cipher_list_by_id,
-                SSL_DEFAULT_CIPHER_LIST);
+                meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
        if (ret->cipher_list == NULL
            || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
                {
@@ -1512,6 +1626,8 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
        ret->extra_certs=NULL;
        ret->comp_methods=SSL_COMP_get_compression_methods();
+        ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
 #ifndef OPENSSL_NO_TLSEXT
        ret->tlsext_servername_callback = 0;
        ret->tlsext_servername_arg = NULL;
@@ -1525,7 +1641,29 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
        ret->tlsext_status_arg = NULL;
 #endif
+#ifndef OPENSSL_NO_PSK
+        ret->psk_identity_hint=NULL;
+        ret->psk_client_callback=NULL;
+        ret->psk_server_callback=NULL;
+#endif
+#ifndef OPENSSL_NO_BUF_FREELISTS
+        ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
+        ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
+        if (!ret->rbuf_freelist)
+                goto err;
+        ret->rbuf_freelist->chunklen = 0;
+        ret->rbuf_freelist->len = 0;
+        ret->rbuf_freelist->head = NULL;
+        ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
+        if (!ret->wbuf_freelist)
+                {
+                OPENSSL_free(ret->rbuf_freelist);
+                goto err;
+                }
+        ret->wbuf_freelist->chunklen = 0;
+        ret->wbuf_freelist->len = 0;
+        ret->wbuf_freelist->head = NULL;
+#endif
 #ifndef OPENSSL_NO_ENGINE
        ret->client_cert_engine = NULL;
 #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
@@ -1546,6 +1684,10 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
        }
 #endif
 #endif
+        /* Default is to connect to non-RI servers. When RI is more widely
+         * deployed might change this.
+         */
+        ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
        return(ret);
 err:
@@ -1560,6 +1702,20 @@ static void SSL_COMP_free(SSL_COMP *comp)
    { OPENSSL_free(comp); }
 #endif
+#ifndef OPENSSL_NO_BUF_FREELISTS
+static void
+ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
+        {
+        SSL3_BUF_FREELIST_ENTRY *ent, *next;
+        for (ent = list->head; ent; ent = next)
+                {
+                next = ent->next;
+                OPENSSL_free(ent);
+                }
+        OPENSSL_free(list);
+        }
+#endif
 void SSL_CTX_free(SSL_CTX *a)
        {
        int i;
@@ -1597,7 +1753,7 @@ void SSL_CTX_free(SSL_CTX *a)
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
        if (a->sessions != NULL)
-                lh_free(a->sessions);
+                lh_SSL_SESSION_free(a->sessions);
        if (a->cert_store != NULL)
                X509_STORE_free(a->cert_store);
@@ -1617,10 +1773,23 @@ void SSL_CTX_free(SSL_CTX *a)
 #else
        a->comp_methods = NULL;
 #endif
+#ifndef OPENSSL_NO_PSK
+        if (a->psk_identity_hint)
+                OPENSSL_free(a->psk_identity_hint);
+#endif
 #ifndef OPENSSL_NO_ENGINE
        if (a->client_cert_engine)
                ENGINE_finish(a->client_cert_engine);
 #endif
+#ifndef OPENSSL_NO_BUF_FREELISTS
+        if (a->wbuf_freelist)
+                ssl_buf_freelist_free(a->wbuf_freelist);
+        if (a->rbuf_freelist)
+                ssl_buf_freelist_free(a->rbuf_freelist);
+#endif
        OPENSSL_free(a);
        }
@@ -1651,13 +1820,13 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
        X509_VERIFY_PARAM_set_depth(ctx->param, depth);
        }
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
+void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
        {
        CERT_PKEY *cpk;
        int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
        int rsa_enc_export,dh_rsa_export,dh_dsa_export;
        int rsa_tmp_export,dh_tmp_export,kl;
-        unsigned long mask,emask;
+        unsigned long mask_k,mask_a,emask_k,emask_a;
        int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
 #ifndef OPENSSL_NO_ECDH
        int have_ecdh_tmp;
@@ -1704,60 +1873,77 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
        dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
        cpk= &(c->pkeys[SSL_PKEY_ECC]);
        have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
-        mask=0;
+        mask_k=0;
-        emask=0;
+        mask_a=0;
+        emask_k=0;
+        emask_a=0;
+        
 #ifdef CIPHER_DEBUG
-        printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+        printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
-                rsa_tmp,rsa_tmp_export,dh_tmp,
+                rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp,
                rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
 #endif
+        
+        cpk = &(c->pkeys[SSL_PKEY_GOST01]);
+        if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
+                mask_k |= SSL_kGOST;
+                mask_a |= SSL_aGOST01;
+        }
+        cpk = &(c->pkeys[SSL_PKEY_GOST94]);
+        if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
+                mask_k |= SSL_kGOST;
+                mask_a |= SSL_aGOST94;
+        }
        if (rsa_enc || (rsa_tmp && rsa_sign))
-                mask|=SSL_kRSA;
+                mask_k|=SSL_kRSA;
        if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
-                emask|=SSL_kRSA;
+                emask_k|=SSL_kRSA;
 #if 0
        /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
-        if (    (dh_tmp || dh_rsa || dh_dsa) && 
+        if (    (dh_tmp || dh_rsa || dh_dsa) &&
                (rsa_enc || rsa_sign || dsa_sign))
-                mask|=SSL_kEDH;
+                mask_k|=SSL_kEDH;
        if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
                (rsa_enc || rsa_sign || dsa_sign))
-                emask|=SSL_kEDH;
+                emask_k|=SSL_kEDH;
 #endif
-        if (dh_tmp_export) 
+        if (dh_tmp_export)
-                emask|=SSL_kEDH;
+                emask_k|=SSL_kEDH;
        if (dh_tmp)
-                mask|=SSL_kEDH;
+                mask_k|=SSL_kEDH;
-        if (dh_rsa) mask|=SSL_kDHr;
+        if (dh_rsa) mask_k|=SSL_kDHr;
-        if (dh_rsa_export) emask|=SSL_kDHr;
+        if (dh_rsa_export) emask_k|=SSL_kDHr;
-        if (dh_dsa) mask|=SSL_kDHd;
+        if (dh_dsa) mask_k|=SSL_kDHd;
-        if (dh_dsa_export) emask|=SSL_kDHd;
+        if (dh_dsa_export) emask_k|=SSL_kDHd;
        if (rsa_enc || rsa_sign)
                {
-                mask|=SSL_aRSA;
+                mask_a|=SSL_aRSA;
-                emask|=SSL_aRSA;
+                emask_a|=SSL_aRSA;
                }
        if (dsa_sign)
                {
-                mask|=SSL_aDSS;
+                mask_a|=SSL_aDSS;
-                emask|=SSL_aDSS;
+                emask_a|=SSL_aDSS;
                }
-        mask|=SSL_aNULL;
+        mask_a|=SSL_aNULL;
-        emask|=SSL_aNULL;
+        emask_a|=SSL_aNULL;
 #ifndef OPENSSL_NO_KRB5
-        mask|=SSL_kKRB5|SSL_aKRB5;
+        mask_k|=SSL_kKRB5;
-        emask|=SSL_kKRB5|SSL_aKRB5;
+        mask_a|=SSL_aKRB5;
+        emask_k|=SSL_kKRB5;
+        emask_a|=SSL_aKRB5;
 #endif
        /* An ECC certificate may be usable for ECDH and/or
@@ -1765,7 +1951,7 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
         */
        if (have_ecc_cert)
                {
-                /* This call populates extension flags (ex_flags) */
+                /* This call populates extension flags (ex_flags) */
                x = (c->pkeys[SSL_PKEY_ECC]).x509;
                X509_check_purpose(x, -1, 0);
                ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
@@ -1773,7 +1959,7 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
                ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
                    (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
                ecc_pkey = X509_get_pubkey(x);
-                ecc_pkey_size = (ecc_pkey != NULL) ? 
+                ecc_pkey_size = (ecc_pkey != NULL) ?
                    EVP_PKEY_bits(ecc_pkey) : 0;
                EVP_PKEY_free(ecc_pkey);
                if ((x->sig_alg) && (x->sig_alg->algorithm))
@@ -1781,27 +1967,41 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
 #ifndef OPENSSL_NO_ECDH
                if (ecdh_ok)
                        {
-                        if ((signature_nid == NID_md5WithRSAEncryption) ||
+                        const char *sig = OBJ_nid2ln(signature_nid);
-                            (signature_nid == NID_md4WithRSAEncryption) ||
+                        if (sig == NULL)
-                            (signature_nid == NID_md2WithRSAEncryption))
+                                {
+                                ERR_clear_error();
+                                sig = "unknown";
+                                }
+                                
+                        if (strstr(sig, "WithRSA"))
                                {
-                                mask|=SSL_kECDH|SSL_aRSA;
+                                mask_k|=SSL_kECDHr;
+                                mask_a|=SSL_aECDH;
                                if (ecc_pkey_size <= 163)
-                                        emask|=SSL_kECDH|SSL_aRSA;
+                                        {
+                                        emask_k|=SSL_kECDHr;
+                                        emask_a|=SSL_aECDH;
+                                        }
                                }
                        if (signature_nid == NID_ecdsa_with_SHA1)
                                {
-                                mask|=SSL_kECDH|SSL_aECDSA;
+                                mask_k|=SSL_kECDHe;
+                                mask_a|=SSL_aECDH;
                                if (ecc_pkey_size <= 163)
-                                        emask|=SSL_kECDH|SSL_aECDSA;
+                                        {
+                                        emask_k|=SSL_kECDHe;
+                                        emask_a|=SSL_aECDH;
+                                        }
                                }
                        }
 #endif
 #ifndef OPENSSL_NO_ECDSA
                if (ecdsa_ok)
                        {
-                        mask|=SSL_aECDSA;
+                        mask_a|=SSL_aECDSA;
-                        emask|=SSL_aECDSA;
+                        emask_a|=SSL_aECDSA;
                        }
 #endif
                }
@@ -1809,12 +2009,22 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
 #ifndef OPENSSL_NO_ECDH
        if (have_ecdh_tmp)
                {
-                mask|=SSL_kECDHE;
+                mask_k|=SSL_kEECDH;
-                emask|=SSL_kECDHE;
+                emask_k|=SSL_kEECDH;
                }
 #endif
-        c->mask=mask;
-        c->export_mask=emask;
+#ifndef OPENSSL_NO_PSK
+        mask_k |= SSL_kPSK;
+        mask_a |= SSL_aPSK;
+        emask_k |= SSL_kPSK;
+        emask_a |= SSL_aPSK;
+#endif
+        c->mask_k=mask_k;
+        c->mask_a=mask_a;
+        c->export_mask_k=emask_k;
+        c->export_mask_a=emask_a;
        c->valid=1;
        }
@@ -1822,13 +2032,18 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
 #define ku_reject(x, usage) \
        (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
+#ifndef OPENSSL_NO_EC
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
        {
-        unsigned long alg = cs->algorithms;
+        unsigned long alg_k, alg_a;
        EVP_PKEY *pkey = NULL;
        int keysize = 0;
        int signature_nid = 0;
+        alg_k = cs->algorithm_mkey;
+        alg_a = cs->algorithm_auth;
        if (SSL_C_IS_EXPORT(cs))
                {
                /* ECDH key length in export ciphers must be <= 163 bits */
@@ -1843,37 +2058,46 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
        X509_check_purpose(x, -1, 0);
        if ((x->sig_alg) && (x->sig_alg->algorithm))
                signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
-        if (alg & SSL_kECDH) 
+        if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
                {
                /* key usage, if present, must allow key agreement */
                if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
                        {
+                        SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
                        return 0;
                        }
-                if (alg & SSL_aECDSA) 
+                if (alg_k & SSL_kECDHe)
                        {
                        /* signature alg must be ECDSA */
                        if (signature_nid != NID_ecdsa_with_SHA1)
                                {
+                                SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
                                return 0;
                                }
                        }
-                if (alg & SSL_aRSA)
+                if (alg_k & SSL_kECDHr)
                        {
                        /* signature alg must be RSA */
-                        if ((signature_nid != NID_md5WithRSAEncryption) &&
-                            (signature_nid != NID_md4WithRSAEncryption) &&
+                        const char *sig = OBJ_nid2ln(signature_nid);
-                            (signature_nid != NID_md2WithRSAEncryption))
+                        if (sig == NULL)
                                {
+                                ERR_clear_error();
+                                sig = "unknown";
+                                }
+                        if (strstr(sig, "WithRSA") == NULL)
+                                {
+                                SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
                                return 0;
                                }
                        }
-                } 
+                }
-        else if (alg & SSL_aECDSA)
+        if (alg_a & SSL_aECDSA)
                {
                /* key usage, if present, must allow signing */
                if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
                        {
+                        SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
                        return 0;
                        }
                }
@@ -1881,58 +2105,74 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
        return 1;  /* all checks are ok */
        }
+#endif
 /* THIS NEEDS CLEANING UP */
 X509 *ssl_get_server_send_cert(SSL *s)
        {
-        unsigned long alg,mask,kalg;
+        unsigned long alg_k,alg_a,mask_k,mask_a;
        CERT *c;
        int i,is_export;
        c=s->cert;
        ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
-        alg=s->s3->tmp.new_cipher->algorithms;
        is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
-        mask=is_export?c->export_mask:c->mask;
+        if (is_export)
-        kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+                {
+                mask_k = c->export_mask_k;
+                mask_a = c->export_mask_a;
+                }
+        else
+                {
+                mask_k = c->mask_k;
+                mask_a = c->mask_a;
+                }
+        
+        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+        alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-        if (kalg & SSL_kECDH)
+        if (alg_k & (SSL_kECDHr|SSL_kECDHe))
                {
-                /* we don't need to look at SSL_kECDHE 
+                /* we don't need to look at SSL_kEECDH
                 * since no certificate is needed for
                 * anon ECDH and for authenticated
-                 * ECDHE, the check for the auth 
+                 * EECDH, the check for the auth
                 * algorithm will set i correctly
                 * NOTE: For ECDH-RSA, we need an ECC
-                 * not an RSA cert but for ECDHE-RSA
+                 * not an RSA cert but for EECDH-RSA
                 * we need an RSA cert. Placing the
                 * checks for SSL_kECDH before RSA
                 * checks ensures the correct cert is chosen.
                 */
                i=SSL_PKEY_ECC;
                }
-        else if (kalg & SSL_aECDSA)
+        else if (alg_a & SSL_aECDSA)
                {
                i=SSL_PKEY_ECC;
                }
-        else if (kalg & SSL_kDHr)
+        else if (alg_k & SSL_kDHr)
                i=SSL_PKEY_DH_RSA;
-        else if (kalg & SSL_kDHd)
+        else if (alg_k & SSL_kDHd)
                i=SSL_PKEY_DH_DSA;
-        else if (kalg & SSL_aDSS)
+        else if (alg_a & SSL_aDSS)
                i=SSL_PKEY_DSA_SIGN;
-        else if (kalg & SSL_aRSA)
+        else if (alg_a & SSL_aRSA)
                {
                if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
                        i=SSL_PKEY_RSA_SIGN;
                else
                        i=SSL_PKEY_RSA_ENC;
                }
-        else if (kalg & SSL_aKRB5)
+        else if (alg_a & SSL_aKRB5)
                {
                /* VRS something else here? */
                return(NULL);
                }
-        else /* if (kalg & SSL_aNULL) */
+        else if (alg_a & SSL_aGOST94) 
+                i=SSL_PKEY_GOST94;
+        else if (alg_a & SSL_aGOST01)
+                i=SSL_PKEY_GOST01;
+        else /* if (alg_a & SSL_aNULL) */
                {
                SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
                return(NULL);
@@ -1942,18 +2182,18 @@ X509 *ssl_get_server_send_cert(SSL *s)
        return(c->pkeys[i].x509);
        }
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
+EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher)
        {
-        unsigned long alg;
+        unsigned long alg_a;
        CERT *c;
-        alg=cipher->algorithms;
+        alg_a = cipher->algorithm_auth;
        c=s->cert;
-        if ((alg & SSL_aDSS) &&
+        if ((alg_a & SSL_aDSS) &&
                (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
                return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
-        else if (alg & SSL_aRSA)
+        else if (alg_a & SSL_aRSA)
                {
                if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
                        return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
@@ -1962,10 +2202,10 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
                else
                        return(NULL);
                }
-        else if ((alg & SSL_aECDSA) &&
+        else if ((alg_a & SSL_aECDSA) &&
                 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
                return(c->pkeys[SSL_PKEY_ECC].privatekey);
-        else /* if (alg & SSL_aNULL) */
+        else /* if (alg_a & SSL_aNULL) */
                {
                SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
                return(NULL);
@@ -1980,14 +2220,14 @@ void ssl_update_cache(SSL *s,int mode)
         * and it would be rather hard to do anyway :-) */
        if (s->session->session_id_length == 0) return;
-        i=s->ctx->session_cache_mode;
+        i=s->session_ctx->session_cache_mode;
        if ((i & mode) && (!s->hit)
                && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
-                    || SSL_CTX_add_session(s->ctx,s->session))
+                    || SSL_CTX_add_session(s->session_ctx,s->session))
-                && (s->ctx->new_session_cb != NULL))
+                && (s->session_ctx->new_session_cb != NULL))
                {
                CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
-                if (!s->ctx->new_session_cb(s,s->session))
+                if (!s->session_ctx->new_session_cb(s,s->session))
                        SSL_SESSION_free(s->session);
                }
@@ -1996,20 +2236,20 @@ void ssl_update_cache(SSL *s,int mode)
                ((i & mode) == mode))
                {
                if (  (((mode & SSL_SESS_CACHE_CLIENT)
-                        ?s->ctx->stats.sess_connect_good
+                        ?s->session_ctx->stats.sess_connect_good
-                        :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
+                        :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff)
                        {
-                        SSL_CTX_flush_sessions(s->ctx,(unsigned long)time(NULL));
+                        SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
                        }
                }
        }
-SSL_METHOD *SSL_get_ssl_method(SSL *s)
+const SSL_METHOD *SSL_get_ssl_method(SSL *s)
        {
        return(s->method);
        }
-int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)
+int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
        {
        int conn= -1;
        int ret=1;
@@ -2152,6 +2392,8 @@ void SSL_set_accept_state(SSL *s)
        s->handshake_func=s->method->ssl_accept;
        /* clear the current cipher */
        ssl_clear_cipher_ctx(s);
+        ssl_clear_hash_ctx(&s->read_hash);
+        ssl_clear_hash_ctx(&s->write_hash);
        }
 void SSL_set_connect_state(SSL *s)
@@ -2162,6 +2404,8 @@ void SSL_set_connect_state(SSL *s)
        s->handshake_func=s->method->ssl_connect;
        /* clear the current cipher */
        ssl_clear_cipher_ctx(s);
+        ssl_clear_hash_ctx(&s->read_hash);
+        ssl_clear_hash_ctx(&s->write_hash);
        }
 int ssl_undefined_function(SSL *s)
@@ -2206,7 +2450,7 @@ SSL *SSL_dup(SSL *s)
        X509_NAME *xn;
        SSL *ret;
        int i;
-                 
+        
        if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
            return(NULL);
@@ -2376,7 +2620,7 @@ EVP_PKEY *SSL_get_privatekey(SSL *s)
                return(NULL);
        }
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
        {
        if ((s->session != NULL) && (s->session->cipher != NULL))
                return(s->session->cipher);
@@ -2454,7 +2698,7 @@ void ssl_free_wbio_buffer(SSL *s)
                s->wbio=BIO_pop(s->wbio);
 #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
                assert(s->wbio != NULL);
-#endif  
+#endif
        }
        BIO_free(s->bbio);
        s->bbio=NULL;
@@ -2539,7 +2783,7 @@ void SSL_set_info_callback(SSL *ssl,
 /* One compiler (Diab DCC) doesn't like argument names in returned
   function pointer.  */
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) 
+void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
        {
        return ssl->info_callback;
        }
@@ -2660,13 +2904,13 @@ RSA *cb(SSL *ssl,int is_export,int keylength)
 #ifndef OPENSSL_NO_DH
 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
-                                                        int keylength))
+                                                        int keylength))
        {
        SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
        }
 void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
-                                                int keylength))
+                                                int keylength))
        {
        SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
        }
@@ -2674,18 +2918,109 @@ void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
 #ifndef OPENSSL_NO_ECDH
 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
-                                                        int keylength))
+                                                                int keylength))
        {
        SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
        }
 void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
-                                                int keylength))
+                                                        int keylength))
        {
        SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
        }
 #endif
+#ifndef OPENSSL_NO_PSK
+int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
+        {
+        if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
+                return 0;
+                }
+        if (ctx->psk_identity_hint != NULL)
+                OPENSSL_free(ctx->psk_identity_hint);
+        if (identity_hint != NULL)
+                {
+                ctx->psk_identity_hint = BUF_strdup(identity_hint);
+                if (ctx->psk_identity_hint == NULL)
+                        return 0;
+                }
+        else
+                ctx->psk_identity_hint = NULL;
+        return 1;
+        }
+int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
+        {
+        if (s == NULL)
+                return 0;
+        if (s->session == NULL)
+                return 1; /* session not created yet, ignored */
+        if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
+                {
+                SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
+                return 0;
+                }
+        if (s->session->psk_identity_hint != NULL)
+                OPENSSL_free(s->session->psk_identity_hint);
+        if (identity_hint != NULL)
+                {
+                s->session->psk_identity_hint = BUF_strdup(identity_hint);
+                if (s->session->psk_identity_hint == NULL)
+                        return 0;
+                }
+        else
+                s->session->psk_identity_hint = NULL;
+        return 1;
+        }
+const char *SSL_get_psk_identity_hint(const SSL *s)
+        {
+        if (s == NULL || s->session == NULL)
+                return NULL;
+        return(s->session->psk_identity_hint);
+        }
+const char *SSL_get_psk_identity(const SSL *s)
+        {
+        if (s == NULL || s->session == NULL)
+                return NULL;
+        return(s->session->psk_identity);
+        }
+void SSL_set_psk_client_callback(SSL *s,
+    unsigned int (*cb)(SSL *ssl, const char *hint,
+                       char *identity, unsigned int max_identity_len, unsigned char *psk,
+                       unsigned int max_psk_len))
+        {
+        s->psk_client_callback = cb;
+        }
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
+    unsigned int (*cb)(SSL *ssl, const char *hint,
+                       char *identity, unsigned int max_identity_len, unsigned char *psk,
+                       unsigned int max_psk_len))
+        {
+        ctx->psk_client_callback = cb;
+        }
+void SSL_set_psk_server_callback(SSL *s,
+    unsigned int (*cb)(SSL *ssl, const char *identity,
+                       unsigned char *psk, unsigned int max_psk_len))
+        {
+        s->psk_server_callback = cb;
+        }
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
+    unsigned int (*cb)(SSL *ssl, const char *identity,
+                       unsigned char *psk, unsigned int max_psk_len))
+        {
+        ctx->psk_server_callback = cb;
+        }
+#endif
 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
        {
@@ -2696,7 +3031,25 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
        SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
        }
+/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
+ * vairable, freeing  EVP_MD_CTX previously stored in that variable, if
+ * any. If EVP_MD pointer is passed, initializes ctx with this md
+ * Returns newly allocated ctx;
+ */
+EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) 
+{
+        ssl_clear_hash_ctx(hash);
+        *hash = EVP_MD_CTX_create();
+        if (md) EVP_DigestInit_ex(*hash,md,NULL);
+        return *hash;
+}
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash) 
+{
+        if (*hash) EVP_MD_CTX_destroy(*hash);
+        *hash=NULL;
+}
 #if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
 #include "../crypto/bio/bss_file.c"
@@ -2704,3 +3057,6 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
 IMPLEMENT_STACK_OF(SSL_CIPHER)
 IMPLEMENT_STACK_OF(SSL_COMP)
+IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
+                                    ssl_cipher_id);
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index ed4ddbbae6..4c78393f3f 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -113,6 +113,32 @@
 * ECC cipher suite support in OpenSSL originally developed by 
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #ifndef HEADER_SSL_LOCL_H
 #define HEADER_SSL_LOCL_H
@@ -251,58 +277,84 @@
 * that the different entities within are mutually exclusive:
 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
 */
-#define SSL_MKEY_MASK           0x000000FFL
+/* Bits for algorithm_mkey (key exchange algorithm) */
 #define SSL_kRSA                0x00000001L /* RSA key exchange */
-#define SSL_kDHr                0x00000002L /* DH cert RSA CA cert */
+#define SSL_kDHr                0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */
-#define SSL_kDHd                0x00000004L /* DH cert DSA CA cert */
+#define SSL_kDHd                0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */
-#define SSL_kFZA                0x00000008L
+#define SSL_kEDH                0x00000008L /* tmp DH key no DH cert */
-#define SSL_kEDH                0x00000010L /* tmp DH key no DH cert */
+#define SSL_kKRB5               0x00000010L /* Kerberos5 key exchange */
-#define SSL_kKRB5               0x00000020L /* Kerberos5 key exchange */
+#define SSL_kECDHr              0x00000020L /* ECDH cert, RSA CA cert */
-#define SSL_kECDH               0x00000040L /* ECDH w/ long-term keys */
+#define SSL_kECDHe              0x00000040L /* ECDH cert, ECDSA CA cert */
-#define SSL_kECDHE              0x00000080L /* ephemeral ECDH */
+#define SSL_kEECDH              0x00000080L /* ephemeral ECDH */
-#define SSL_EDH                 (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
+#define SSL_kPSK                0x00000100L /* PSK */
+#define SSL_kGOST       0x00000200L /* GOST key exchange */
-#define SSL_AUTH_MASK           0x00007F00L
-#define SSL_aRSA                0x00000100L /* Authenticate with RSA */
+/* Bits for algorithm_auth (server authentication) */
-#define SSL_aDSS                0x00000200L /* Authenticate with DSS */
+#define SSL_aRSA                0x00000001L /* RSA auth */
-#define SSL_DSS                 SSL_aDSS
+#define SSL_aDSS                0x00000002L /* DSS auth */
-#define SSL_aFZA                0x00000400L
+#define SSL_aNULL               0x00000004L /* no auth (i.e. use ADH or AECDH) */
-#define SSL_aNULL               0x00000800L /* no Authenticate, ADH */
+#define SSL_aDH                 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */
-#define SSL_aDH                 0x00001000L /* no Authenticate, ADH */
+#define SSL_aECDH               0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
-#define SSL_aKRB5               0x00002000L /* Authenticate with KRB5 */
+#define SSL_aKRB5               0x00000020L /* KRB5 auth */
-#define SSL_aECDSA              0x00004000L /* Authenticate with ECDSA */
+#define SSL_aECDSA              0x00000040L /* ECDSA auth*/
+#define SSL_aPSK                0x00000080L /* PSK auth */
-#define SSL_NULL                (SSL_eNULL)
+#define SSL_aGOST94                             0x00000100L /* GOST R 34.10-94 signature auth */
-#define SSL_ADH                 (SSL_kEDH|SSL_aNULL)
+#define SSL_aGOST01                     0x00000200L /* GOST R 34.10-2001 signature auth */
-#define SSL_RSA                 (SSL_kRSA|SSL_aRSA)
-#define SSL_DH                  (SSL_kDHr|SSL_kDHd|SSL_kEDH)
-#define SSL_ECDH                (SSL_kECDH|SSL_kECDHE)
+/* Bits for algorithm_enc (symmetric encryption) */
-#define SSL_FZA                 (SSL_aFZA|SSL_kFZA|SSL_eFZA)
+#define SSL_DES                 0x00000001L
-#define SSL_KRB5                (SSL_kKRB5|SSL_aKRB5)
+#define SSL_3DES                0x00000002L
+#define SSL_RC4                 0x00000004L
-#define SSL_ENC_MASK            0x1C3F8000L
+#define SSL_RC2                 0x00000008L
-#define SSL_DES                 0x00008000L
+#define SSL_IDEA                0x00000010L
-#define SSL_3DES                0x00010000L
+#define SSL_eNULL               0x00000020L
-#define SSL_RC4                 0x00020000L
+#define SSL_AES128              0x00000040L
-#define SSL_RC2                 0x00040000L
+#define SSL_AES256              0x00000080L
-#define SSL_IDEA                0x00080000L
+#define SSL_CAMELLIA128         0x00000100L
-#define SSL_eFZA                0x00100000L
+#define SSL_CAMELLIA256         0x00000200L
-#define SSL_eNULL               0x00200000L
+#define SSL_eGOST2814789CNT     0x00000400L
-#define SSL_AES                 0x04000000L
+#define SSL_SEED                0x00000800L
-#define SSL_CAMELLIA            0x08000000L
-#define SSL_SEED                0x10000000L
+#define SSL_AES                 (SSL_AES128|SSL_AES256)
+#define SSL_CAMELLIA            (SSL_CAMELLIA128|SSL_CAMELLIA256)
-#define SSL_MAC_MASK            0x00c00000L
-#define SSL_MD5                 0x00400000L
-#define SSL_SHA1                0x00800000L
+/* Bits for algorithm_mac (symmetric authentication) */
-#define SSL_SHA                 (SSL_SHA1)
+#define SSL_MD5                 0x00000001L
+#define SSL_SHA1                0x00000002L
-#define SSL_SSL_MASK            0x03000000L
+#define SSL_GOST94      0x00000004L
-#define SSL_SSLV2               0x01000000L
+#define SSL_GOST89MAC   0x00000008L
-#define SSL_SSLV3               0x02000000L
+/* Bits for algorithm_ssl (protocol version) */
+#define SSL_SSLV2               0x00000001L
+#define SSL_SSLV3               0x00000002L
 #define SSL_TLSV1               SSL_SSLV3       /* for now */
-/* we have used 1fffffff - 3 bits left to go. */
+/* Bits for algorithm2 (handshake digests and other extra flags) */
+#define SSL_HANDSHAKE_MAC_MD5 0x10
+#define SSL_HANDSHAKE_MAC_SHA 0x20
+#define SSL_HANDSHAKE_MAC_GOST94 0x40
+#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
+/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
+ * make sure to update this constant too */
+#define SSL_MAX_DIGEST 4
+#define TLS1_PRF_DGST_SHIFT 8
+#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
+#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
+#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
+#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
+/* Stream MAC for GOST ciphersuites from cryptopro draft
+ * (currently this also goes into algorithm2) */
+#define TLS1_STREAM_MAC 0x04
 /*
 * Export and cipher strength information. For each cipher we have to decide
@@ -320,10 +372,11 @@
 * be possible.
 */
 #define SSL_EXP_MASK            0x00000003L
+#define SSL_STRONG_MASK         0x000001fcL
 #define SSL_NOT_EXP             0x00000001L
 #define SSL_EXPORT              0x00000002L
-#define SSL_STRONG_MASK         0x000000fcL
 #define SSL_STRONG_NONE         0x00000004L
 #define SSL_EXP40               0x00000008L
 #define SSL_MICRO               (SSL_EXP40)
@@ -357,17 +410,14 @@
 #define SSL_C_IS_EXPORT40(c)    SSL_IS_EXPORT40((c)->algo_strength)
 #define SSL_EXPORT_KEYLENGTH(a,s)       (SSL_IS_EXPORT40(s) ? 5 : \
-                                 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
+                                 (a) == SSL_DES ? 8 : 7)
 #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
-#define SSL_C_EXPORT_KEYLENGTH(c)       SSL_EXPORT_KEYLENGTH((c)->algorithms, \
+#define SSL_C_EXPORT_KEYLENGTH(c)       SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
                                (c)->algo_strength)
 #define SSL_C_EXPORT_PKEYLENGTH(c)      SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
-#define SSL_ALL                 0xffffffffL
-#define SSL_ALL_CIPHERS         (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
-                                SSL_MAC_MASK)
-#define SSL_ALL_STRENGTHS       (SSL_EXP_MASK|SSL_STRONG_MASK)
 /* Mostly for SSLv3 */
 #define SSL_PKEY_RSA_ENC        0
@@ -376,7 +426,9 @@
 #define SSL_PKEY_DH_RSA         3
 #define SSL_PKEY_DH_DSA         4
 #define SSL_PKEY_ECC            5
-#define SSL_PKEY_NUM            6
+#define SSL_PKEY_GOST94         6
+#define SSL_PKEY_GOST01         7
+#define SSL_PKEY_NUM            8
 /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
 *          <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
@@ -417,8 +469,10 @@ typedef struct cert_st
        /* The following masks are for the key and auth
         * algorithms that are supported by the certs below */
        int valid;
-        unsigned long mask;
+        unsigned long mask_k;
-        unsigned long export_mask;
+        unsigned long mask_a;
+        unsigned long export_mask_k;
+        unsigned long export_mask_a;
 #ifndef OPENSSL_NO_RSA
        RSA *rsa_tmp;
        RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
@@ -492,9 +546,9 @@ typedef struct ssl3_enc_method
        int (*setup_key_block)(SSL *);
        int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
        int (*change_cipher_state)(SSL *, int);
-        int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
+        int (*final_finish_mac)(SSL *,  const char *, int, unsigned char *);
        int finish_mac_length;
-        int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
+        int (*cert_verify_mac)(SSL *, int, unsigned char *);
        const char *client_finished_label;
        int client_finished_label_len;
        const char *server_finished_label;
@@ -512,24 +566,35 @@ typedef struct ssl3_comp_st
        } SSL3_COMP;
 #endif
+#ifndef OPENSSL_NO_BUF_FREELISTS
+typedef struct ssl3_buf_freelist_st
+        {
+        size_t chunklen;
+        unsigned int len;
+        struct ssl3_buf_freelist_entry_st *head;
+        } SSL3_BUF_FREELIST;
+typedef struct ssl3_buf_freelist_entry_st
+        {
+        struct ssl3_buf_freelist_entry_st *next;
+        } SSL3_BUF_FREELIST_ENTRY;
+#endif
 extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
+OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
 OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
 SSL_METHOD *ssl_bad_method(int ver);
-SSL_METHOD *sslv2_base_method(void);
-SSL_METHOD *sslv23_base_method(void);
-SSL_METHOD *sslv3_base_method(void);
 extern SSL3_ENC_METHOD TLSv1_enc_data;
 extern SSL3_ENC_METHOD SSLv3_enc_data;
 extern SSL3_ENC_METHOD DTLSv1_enc_data;
 #define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void)  \
+const SSL_METHOD *func_name(void)  \
        { \
-        static SSL_METHOD func_name##_data= { \
+        static const SSL_METHOD func_name##_data= { \
                TLS1_VERSION, \
                tls1_new, \
                tls1_clear, \
@@ -564,9 +629,9 @@ SSL_METHOD *func_name(void)  \
        }
 #define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void)  \
+const SSL_METHOD *func_name(void)  \
        { \
-        static SSL_METHOD func_name##_data= { \
+        static const SSL_METHOD func_name##_data= { \
                SSL3_VERSION, \
                ssl3_new, \
                ssl3_clear, \
@@ -601,9 +666,9 @@ SSL_METHOD *func_name(void)  \
        }
 #define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void)  \
+const SSL_METHOD *func_name(void)  \
        { \
-        static SSL_METHOD func_name##_data= { \
+        static const SSL_METHOD func_name##_data= { \
        TLS1_VERSION, \
        tls1_new, \
        tls1_clear, \
@@ -638,9 +703,9 @@ SSL_METHOD *func_name(void)  \
        }
 #define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void)  \
+const SSL_METHOD *func_name(void)  \
        { \
-        static SSL_METHOD func_name##_data= { \
+        static const SSL_METHOD func_name##_data= { \
                SSL2_VERSION, \
                ssl2_new,       /* local */ \
                ssl2_clear,     /* local */ \
@@ -675,9 +740,9 @@ SSL_METHOD *func_name(void)  \
        }
 #define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void)  \
+const SSL_METHOD *func_name(void)  \
        { \
-        static SSL_METHOD func_name##_data= { \
+        static const SSL_METHOD func_name##_data= { \
                DTLS1_VERSION, \
                dtls1_new, \
                dtls1_clear, \
@@ -694,7 +759,7 @@ SSL_METHOD *func_name(void)  \
                dtls1_read_bytes, \
                dtls1_write_app_data_bytes, \
                dtls1_dispatch_alert, \
-                ssl3_ctrl, \
+                dtls1_ctrl, \
                ssl3_ctx_ctrl, \
                ssl3_get_cipher_by_char, \
                ssl3_put_cipher_by_char, \
@@ -723,6 +788,8 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type);
 int ssl_get_new_session(SSL *s, int session);
 int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
 int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
+                                  ssl_cipher_id);
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
                        const SSL_CIPHER * const *bp);
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
@@ -735,15 +802,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
                                             const char *rule_str);
 void ssl_update_cache(SSL *s, int mode);
 int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
-                       const EVP_MD **md,SSL_COMP **comp);
+                       const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
+int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);                          
 int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
 int ssl_undefined_function(SSL *s);
 int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
 X509 *ssl_get_server_send_cert(SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
+EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *);
 int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
+void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 void ssl_load_ciphers(void);
@@ -752,7 +820,7 @@ int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);
 void ssl2_enc(SSL *s,int send_data);
 void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
+const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
 int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
 int ssl2_part_read(SSL *s, unsigned long f, int i);
 int ssl2_do_write(SSL *s);
@@ -760,7 +828,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
 void ssl2_return_error(SSL *s,int reason);
 void ssl2_write_error(SSL *s);
 int ssl2_num_ciphers(void);
-SSL_CIPHER *ssl2_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
 int     ssl2_new(SSL *s);
 void    ssl2_free(SSL *s);
 int     ssl2_accept(SSL *s);
@@ -777,7 +845,7 @@ long	ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
 int     ssl2_pending(const SSL *s);
 long    ssl2_default_timeout(void );
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
 int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
 void ssl3_init_finished_mac(SSL *s);
 int ssl3_send_server_certificate(SSL *s);
@@ -789,29 +857,34 @@ int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
 int ssl3_change_cipher_state(SSL *s,int which);
 void ssl3_cleanup_key_block(SSL *s);
 int ssl3_do_write(SSL *s,int type);
-void ssl3_send_alert(SSL *s,int level, int desc);
+int ssl3_send_alert(SSL *s,int level, int desc);
 int ssl3_generate_master_secret(SSL *s, unsigned char *out,
        unsigned char *p, int len);
 int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
 long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
 int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
 int ssl3_num_ciphers(void);
-SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
 int ssl3_renegotiate(SSL *ssl); 
 int ssl3_renegotiate_check(SSL *ssl); 
 int ssl3_dispatch_alert(SSL *s);
 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
+int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p);
-        const char *sender, int slen,unsigned char *p);
+int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
-int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
 int ssl3_enc(SSL *s, int send_data);
-int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
+int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
+void ssl3_free_digest_list(SSL *s);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
 SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
                               STACK_OF(SSL_CIPHER) *srvr);
 int     ssl3_setup_buffers(SSL *s);
+int     ssl3_setup_read_buffer(SSL *s);
+int     ssl3_setup_write_buffer(SSL *s);
+int     ssl3_release_read_buffer(SSL *s);
+int     ssl3_release_write_buffer(SSL *s);
+int     ssl3_digest_cached_records(SSL *s);
 int     ssl3_new(SSL *s);
 void    ssl3_free(SSL *s);
 int     ssl3_accept(SSL *s);
@@ -832,12 +905,12 @@ int ssl3_do_change_cipher_spec(SSL *ssl);
 long ssl3_default_timeout(void );
 int ssl23_num_ciphers(void );
-SSL_CIPHER *ssl23_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
 int ssl23_read(SSL *s, void *buf, int len);
 int ssl23_peek(SSL *s, void *buf, int len);
 int ssl23_write(SSL *s, const void *buf, int len);
 int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
+const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
 long ssl23_default_timeout(void );
 long tls1_default_timeout(void);
@@ -862,14 +935,21 @@ int dtls1_read_failed(SSL *s, int code);
 int dtls1_buffer_message(SSL *s, int ccs);
 int dtls1_retransmit_message(SSL *s, unsigned short seq, 
        unsigned long frag_off, int *found);
+int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
+int dtls1_retransmit_buffered_messages(SSL *s);
 void dtls1_clear_record_buffer(SSL *s);
 void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
 void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
 void dtls1_reset_seq_numbers(SSL *s, int rw);
 long dtls1_default_timeout(void);
-SSL_CIPHER *dtls1_get_cipher(unsigned int u);
+struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
+int dtls1_handle_timeout(SSL *s);
+const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
+void dtls1_start_timer(SSL *s);
+void dtls1_stop_timer(SSL *s);
+int dtls1_is_timer_expired(SSL *s);
+void dtls1_double_timeout(SSL *s);
+int dtls1_send_newsession_ticket(SSL *s);
 /* some client-only functions */
 int ssl3_client_hello(SSL *s);
@@ -879,12 +959,15 @@ int ssl3_get_new_session_ticket(SSL *s);
 int ssl3_get_cert_status(SSL *s);
 int ssl3_get_server_done(SSL *s);
 int ssl3_send_client_verify(SSL *s);
-int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
 int ssl3_send_client_certificate(SSL *s);
+int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
 int ssl3_send_client_key_exchange(SSL *s);
 int ssl3_get_key_exchange(SSL *s);
 int ssl3_get_server_certificate(SSL *s);
 int ssl3_check_cert_and_algorithm(SSL *s);
+#ifndef OPENSSL_NO_TLSEXT
+int ssl3_check_finished(SSL *s);
+#endif
 int dtls1_client_hello(SSL *s);
 int dtls1_send_client_certificate(SSL *s);
@@ -922,7 +1005,6 @@ void tls1_free(SSL *s);
 void tls1_clear(SSL *s);
 long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
 long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
-SSL_METHOD *tlsv1_base_method(void );
 int dtls1_new(SSL *s);
 int     dtls1_accept(SSL *s);
@@ -930,7 +1012,6 @@ int	dtls1_connect(SSL *s);
 void dtls1_free(SSL *s);
 void dtls1_clear(SSL *s);
 long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
-SSL_METHOD *dtlsv1_base_method(void );
 long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
 int dtls1_get_record(SSL *s);
@@ -945,9 +1026,9 @@ void ssl_free_wbio_buffer(SSL *s);
 int tls1_change_cipher_state(SSL *s, int which);
 int tls1_setup_key_block(SSL *s);
 int tls1_enc(SSL *s, int snd);
-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
+int tls1_final_finish_mac(SSL *s,
        const char *str, int slen, unsigned char *p);
-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
+int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 int tls1_mac(SSL *ssl, unsigned char *md, int snd);
 int tls1_generate_master_secret(SSL *s, unsigned char *out,
        unsigned char *p, int len);
@@ -955,10 +1036,17 @@ int tls1_alert_code(int code);
 int ssl3_alert_code(int code);
 int ssl_ok(SSL *s);
-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
+#ifndef OPENSSL_NO_ECDH
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs);
+#endif
 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
+#ifndef OPENSSL_NO_EC
+int tls1_ec_curve_id2nid(int curve_id);
+int tls1_ec_nid2curve_id(int nid);
+#endif /* OPENSSL_NO_EC */
 #ifndef OPENSSL_NO_TLSEXT
 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
@@ -968,6 +1056,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s);
 int ssl_prepare_serverhello_tlsext(SSL *s);
 int ssl_check_clienthello_tlsext(SSL *s);
 int ssl_check_serverhello_tlsext(SSL *s);
 #ifdef OPENSSL_NO_SHA256
 #define tlsext_tick_md  EVP_sha1
 #else
@@ -975,8 +1064,15 @@ int ssl_check_serverhello_tlsext(SSL *s);
 #endif
 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                                const unsigned char *limit, SSL_SESSION **ret);
+#endif
 EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
-#endif
+int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+                                        int maxlen);
+int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+                                          int *al);
+int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+                                        int maxlen);
+int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+                                          int *al);
 #endif
diff --git a/src/lib/libssl/src/ssl/ssl_rsa.c b/src/lib/libssl/src/ssl/ssl_rsa.c
index 27113eba50..c0960b5712 100644
--- a/src/lib/libssl/src/ssl/ssl_rsa.c
+++ b/src/lib/libssl/src/ssl/ssl_rsa.c
@@ -723,7 +723,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
                goto end;
                }
-        x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+        x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
        if (x == NULL)
                {
                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 8391d62212..8e5d8a0972 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -55,6 +55,85 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #include <stdio.h>
 #include <openssl/lhash.h>
@@ -127,8 +206,18 @@ SSL_SESSION *SSL_SESSION_new(void)
        ss->compress_meth=0;
 #ifndef OPENSSL_NO_TLSEXT
        ss->tlsext_hostname = NULL; 
+#ifndef OPENSSL_NO_EC
+        ss->tlsext_ecpointformatlist_length = 0;
+        ss->tlsext_ecpointformatlist = NULL;
+        ss->tlsext_ellipticcurvelist_length = 0;
+        ss->tlsext_ellipticcurvelist = NULL;
+#endif
 #endif
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
+#ifndef OPENSSL_NO_PSK
+        ss->psk_identity_hint=NULL;
+        ss->psk_identity=NULL;
+#endif
        return(ss);
        }
@@ -183,10 +272,10 @@ int ssl_get_new_session(SSL *s, int session)
        if ((ss=SSL_SESSION_new()) == NULL) return(0);
        /* If the context has a default timeout, use it */
-        if (s->ctx->session_timeout == 0)
+        if (s->session_ctx->session_timeout == 0)
                ss->timeout=SSL_get_default_timeout(s);
        else
-                ss->timeout=s->ctx->session_timeout;
+                ss->timeout=s->session_ctx->session_timeout;
        if (s->session != NULL)
                {
@@ -211,6 +300,11 @@ int ssl_get_new_session(SSL *s, int session)
                        ss->ssl_version=TLS1_VERSION;
                        ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
                        }
+                else if (s->version == DTLS1_BAD_VER)
+                        {
+                        ss->ssl_version=DTLS1_BAD_VER;
+                        ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+                        }
                else if (s->version == DTLS1_VERSION)
                        {
                        ss->ssl_version=DTLS1_VERSION;
@@ -234,8 +328,8 @@ int ssl_get_new_session(SSL *s, int session)
                CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
                if(s->generate_session_id)
                        cb = s->generate_session_id;
-                else if(s->ctx->generate_session_id)
+                else if(s->session_ctx->generate_session_id)
-                        cb = s->ctx->generate_session_id;
+                        cb = s->session_ctx->generate_session_id;
                CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
                /* Choose a session ID */
                tmp = ss->session_id_length;
@@ -281,6 +375,32 @@ int ssl_get_new_session(SSL *s, int session)
                                return 0;
                                }
                        }
+#ifndef OPENSSL_NO_EC
+                if (s->tlsext_ecpointformatlist)
+                        {
+                        if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
+                        if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL)
+                                {
+                                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
+                                SSL_SESSION_free(ss);
+                                return 0;
+                                }
+                        ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length;
+                        memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
+                        }
+                if (s->tlsext_ellipticcurvelist)
+                        {
+                        if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
+                        if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
+                                {
+                                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
+                                SSL_SESSION_free(ss);
+                                return 0;
+                                }
+                        ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length;
+                        memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
+                        }
+#endif
 #endif
                }
        else
@@ -313,15 +433,15 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 #ifndef OPENSSL_NO_TLSEXT
        int r;
 #endif
-  
        if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
                goto err;
 #ifndef OPENSSL_NO_TLSEXT
-        r = tls1_process_ticket(s, session_id, len, limit, &ret);
+        r = tls1_process_ticket(s, session_id, len, limit, &ret);
        if (r == -1)
                {
                fatal = 1;
-                goto err;
+                goto err;
                }
        else if (r == 0 || (!ret && !len))
                goto err;
@@ -329,7 +449,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 #else
        if (len == 0)
                goto err;
-        if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
+        if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 #endif
                {
                SSL_SESSION data;
@@ -337,9 +457,9 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                data.session_id_length=len;
                if (len == 0)
                        return 0;
-                memcpy(data.session_id,session_id,len);
+                memcpy(data.session_id,session_id,len);
                CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-                ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);
+                ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data);
                if (ret != NULL)
                    /* don't allow other threads to steal it: */
                    CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
@@ -350,13 +470,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                {
                int copy=1;
        
-                s->ctx->stats.sess_miss++;
+                s->session_ctx->stats.sess_miss++;
                ret=NULL;
-                if (s->ctx->get_session_cb != NULL
+                if (s->session_ctx->get_session_cb != NULL
-                    && (ret=s->ctx->get_session_cb(s,session_id,len,&copy))
+                    && (ret=s->session_ctx->get_session_cb(s,session_id,len,&copy))
                       != NULL)
                        {
-                        s->ctx->stats.sess_cb_hit++;
+                        s->session_ctx->stats.sess_cb_hit++;
                        /* Increment reference count now if the session callback
                         * asks us to do so (note that if the session structures
@@ -368,10 +488,10 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                        /* Add the externally cached session to the internal
                         * cache as well if and only if we are supposed to. */
-                        if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+                        if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
                                /* The following should not return 1, otherwise,
                                 * things are very strange */
-                                SSL_CTX_add_session(s->ctx,ret);
+                                SSL_CTX_add_session(s->session_ctx,ret);
                        }
                if (ret == NULL)
                        goto err;
@@ -418,7 +538,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                p=buf;
                l=ret->cipher_id;
                l2n(l,p);
-                if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
+                if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR)
                        ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
                else 
                        ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
@@ -438,13 +558,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
        if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
                {
-                s->ctx->stats.sess_timeout++;
+                s->session_ctx->stats.sess_timeout++;
                /* remove it from the cache */
-                SSL_CTX_remove_session(s->ctx,ret);
+                SSL_CTX_remove_session(s->session_ctx,ret);
                goto err;
                }
-        s->ctx->stats.sess_hit++;
+        s->session_ctx->stats.sess_hit++;
        /* ret->time=time(NULL); */ /* rezero timeout? */
        /* again, just leave the session 
@@ -477,7 +597,7 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
        /* if session c is in already in cache, we take back the increment later */
        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        s=(SSL_SESSION *)lh_insert(ctx->sessions,c);
+        s=lh_SSL_SESSION_insert(ctx->sessions,c);
        
        /* s != NULL iff we already had a session with the given PID.
         * In this case, s == c should hold (then we did not really modify
@@ -543,10 +663,10 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
        if ((c != NULL) && (c->session_id_length != 0))
                {
                if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-                if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)
+                if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c)
                        {
                        ret=1;
-                        r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
+                        r=lh_SSL_SESSION_delete(ctx->sessions,c);
                        SSL_SESSION_list_remove(ctx,c);
                        }
@@ -596,6 +716,18 @@ void SSL_SESSION_free(SSL_SESSION *ss)
 #ifndef OPENSSL_NO_TLSEXT
        if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);
        if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick);
+#ifndef OPENSSL_NO_EC
+        ss->tlsext_ecpointformatlist_length = 0;
+        if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
+        ss->tlsext_ellipticcurvelist_length = 0;
+        if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
+#endif /* OPENSSL_NO_EC */
+#endif
+#ifndef OPENSSL_NO_PSK
+        if (ss->psk_identity_hint != NULL)
+                OPENSSL_free(ss->psk_identity_hint);
+        if (ss->psk_identity != NULL)
+                OPENSSL_free(ss->psk_identity);
 #endif
        OPENSSL_cleanse(ss,sizeof(*ss));
        OPENSSL_free(ss);
@@ -604,7 +736,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
 int SSL_set_session(SSL *s, SSL_SESSION *session)
        {
        int ret=0;
-        SSL_METHOD *meth;
+        const SSL_METHOD *meth;
        if (session != NULL)
                {
@@ -707,20 +839,75 @@ long SSL_CTX_get_timeout(const SSL_CTX *s)
        return(s->session_timeout);
        }
+#ifndef OPENSSL_NO_TLSEXT
+int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
+        STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
+        {
+        if (s == NULL) return(0);
+        s->tls_session_secret_cb = tls_session_secret_cb;
+        s->tls_session_secret_cb_arg = arg;
+        return(1);
+        }
+int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
+                                  void *arg)
+        {
+        if (s == NULL) return(0);
+        s->tls_session_ticket_ext_cb = cb;
+        s->tls_session_ticket_ext_cb_arg = arg;
+        return(1);
+        }
+int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
+        {
+        if (s->version >= TLS1_VERSION)
+                {
+                if (s->tlsext_session_ticket)
+                        {
+                        OPENSSL_free(s->tlsext_session_ticket);
+                        s->tlsext_session_ticket = NULL;
+                        }
+                s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
+                if (!s->tlsext_session_ticket)
+                        {
+                        SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                if (ext_data)
+                        {
+                        s->tlsext_session_ticket->length = ext_len;
+                        s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1;
+                        memcpy(s->tlsext_session_ticket->data, ext_data, ext_len);
+                        }
+                else
+                        {
+                        s->tlsext_session_ticket->length = 0;
+                        s->tlsext_session_ticket->data = NULL;
+                        }
+                return 1;
+                }
+        return 0;
+        }
+#endif /* OPENSSL_NO_TLSEXT */
 typedef struct timeout_param_st
        {
        SSL_CTX *ctx;
        long time;
-        LHASH *cache;
+        LHASH_OF(SSL_SESSION) *cache;
        } TIMEOUT_PARAM;
-static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
+static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
        {
        if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
                {
                /* The reason we don't call SSL_CTX_remove_session() is to
                 * save on locking overhead */
-                lh_delete(p->cache,s);
+                (void)lh_SSL_SESSION_delete(p->cache,s);
                SSL_SESSION_list_remove(p->ctx,s);
                s->not_resumable=1;
                if (p->ctx->remove_session_cb != NULL)
@@ -729,7 +916,7 @@ static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
                }
        }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION *, TIMEOUT_PARAM *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
 void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
        {
@@ -741,10 +928,11 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
        if (tp.cache == NULL) return;
        tp.time=t;
        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        i=tp.cache->down_load;
+        i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
-        tp.cache->down_load=0;
+        CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0;
-        lh_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), &tp);
+        lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
-        tp.cache->down_load=i;
+                                 TIMEOUT_PARAM, &tp);
+        CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i;
        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
        }
@@ -904,3 +1092,4 @@ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
        ctx->app_verify_cookie_cb=cb;
        }
+IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
diff --git a/src/lib/libssl/src/ssl/ssl_stat.c b/src/lib/libssl/src/ssl/ssl_stat.c
index 73b02509d4..144b81e55f 100644
--- a/src/lib/libssl/src/ssl/ssl_stat.c
+++ b/src/lib/libssl/src/ssl/ssl_stat.c
@@ -55,6 +55,32 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #include <stdio.h>
 #include "ssl_locl.h"
@@ -198,6 +224,12 @@ case SSL23_ST_SR_CLNT_HELLO_A:	str="SSLv2/v3 read client hello A"; break;
 case SSL23_ST_SR_CLNT_HELLO_B:  str="SSLv2/v3 read client hello B"; break;
 #endif
+/* DTLS */
+case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break;
+case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break;
+case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break;
+case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break;
 default:        str="unknown state"; break;
                }
        return(str);
@@ -345,6 +377,11 @@ case SSL23_ST_CR_SRVR_HELLO_B:			str="23RSHA"; break;
 case SSL23_ST_SR_CLNT_HELLO_A:                  str="23RCHA"; break;
 case SSL23_ST_SR_CLNT_HELLO_B:                  str="23RCHB"; break;
 #endif
+/* DTLS */
+case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break;
+case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break;
+case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break;
+case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break;
 default:                                        str="UNKWN "; break;
                }
@@ -403,6 +440,12 @@ const char *SSL_alert_desc_string(int value)
        case TLS1_AD_INTERNAL_ERROR:            str="IE"; break;
        case TLS1_AD_USER_CANCELLED:            str="US"; break;
        case TLS1_AD_NO_RENEGOTIATION:          str="NR"; break;
+        case TLS1_AD_UNSUPPORTED_EXTENSION:     str="UE"; break;
+        case TLS1_AD_CERTIFICATE_UNOBTAINABLE:  str="CO"; break;
+        case TLS1_AD_UNRECOGNIZED_NAME:         str="UN"; break;
+        case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break;
+        case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break;
+        case TLS1_AD_UNKNOWN_PSK_IDENTITY:      str="UP"; break;
        default:                                str="UK"; break;
                }
        return(str);
@@ -486,6 +529,24 @@ const char *SSL_alert_desc_string_long(int value)
        case TLS1_AD_NO_RENEGOTIATION:
                str="no renegotiation";
                break;
+        case TLS1_AD_UNSUPPORTED_EXTENSION:
+                str="unsupported extension";
+                break;
+        case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+                str="certificate unobtainable";
+                break;
+        case TLS1_AD_UNRECOGNIZED_NAME:
+                str="unrecognized name";
+                break;
+        case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+                str="bad certificate status response";
+                break;
+        case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+                str="bad certificate hash value";
+                break;
+        case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+                str="unknown PSK identity";
+                break;
        default: str="unknown"; break;
                }
        return(str);
diff --git a/src/lib/libssl/src/ssl/ssl_txt.c b/src/lib/libssl/src/ssl/ssl_txt.c
index 06b86750fd..3122440e26 100644
--- a/src/lib/libssl/src/ssl/ssl_txt.c
+++ b/src/lib/libssl/src/ssl/ssl_txt.c
@@ -55,6 +55,32 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #include <stdio.h>
 #include <openssl/buffer.h>
@@ -91,6 +117,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
                s="SSLv3";
        else if (x->ssl_version == TLS1_VERSION)
                s="TLSv1";
+        else if (x->ssl_version == DTLS1_VERSION)
+                s="DTLSv1";
+        else if (x->ssl_version == DTLS1_BAD_VER)
+                s="DTLSv1-bad";
        else
                s="unknown";
        if (BIO_printf(bp,"    Protocol  : %s\n",s) <= 0) goto err;
@@ -151,6 +181,12 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
                        if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
                        }
 #endif /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_PSK
+        if (BIO_puts(bp,"\n    PSK identity: ") <= 0) goto err;
+        if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err;
+        if (BIO_puts(bp,"\n    PSK identity hint: ") <= 0) goto err;
+        if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err;
+#endif
 #ifndef OPENSSL_NO_TLSEXT
        if (x->tlsext_tick_lifetime_hint)
                {
@@ -166,19 +202,20 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
                        goto err;
                }
 #endif
 #ifndef OPENSSL_NO_COMP
        if (x->compress_meth != 0)
                {
                SSL_COMP *comp = NULL;
-                ssl_cipher_get_evp(x,NULL,NULL,&comp);
+                ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp);
                if (comp == NULL)
                        {
-                        if (BIO_printf(bp,"\n   Compression: %d",x->compress_meth) <= 0) goto err;
+                        if (BIO_printf(bp,"\n    Compression: %d",x->compress_meth) <= 0) goto err;
                        }
                else
                        {
-                        if (BIO_printf(bp,"\n   Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
+                        if (BIO_printf(bp,"\n    Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
                        }
                }       
 #endif
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index b09c542087..abf214ad7f 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -113,6 +113,32 @@
 * ECC cipher suite support in OpenSSL originally developed by 
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #define _BSD_SOURCE 1           /* Or gethostname won't be declared properly
                                   on Linux and GNU platforms. */
@@ -128,8 +154,11 @@
 #define USE_SOCKETS
 #include "e_os.h"
+#ifdef OPENSSL_SYS_VMS
 #define _XOPEN_SOURCE 500       /* Or isascii won't be declared properly on
                                   VMS (at least with DECompHP C).  */
+#endif
 #include <ctype.h>
 #include <openssl/bio.h>
@@ -207,6 +236,16 @@ static DH *get_dh1024(void);
 static DH *get_dh1024dsa(void);
 #endif
+static char *psk_key=NULL; /* by default PSK is not used */
+#ifndef OPENSSL_NO_PSK
+static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity,
+        unsigned int max_identity_len, unsigned char *psk,
+        unsigned int max_psk_len);
+static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk,
+        unsigned int max_psk_len);
+#endif
 static BIO *bio_err=NULL;
 static BIO *bio_stdout=NULL;
@@ -229,9 +268,6 @@ static void sv_usage(void)
        {
        fprintf(stderr,"usage: ssltest [args ...]\n");
        fprintf(stderr,"\n");
-#ifdef OPENSSL_FIPS
-        fprintf(stderr,"-F             - run test in FIPS mode\n");
-#endif
        fprintf(stderr," -server_auth  - check server certificate\n");
        fprintf(stderr," -client_auth  - do client authentication\n");
        fprintf(stderr," -proxy        - allow proxy certificates\n");
@@ -250,6 +286,9 @@ static void sv_usage(void)
 #ifndef OPENSSL_NO_ECDH
        fprintf(stderr," -no_ecdhe     - disable ECDHE\n");
 #endif
+#ifndef OPENSSL_NO_PSK
+        fprintf(stderr," -psk arg      - PSK in hex (without 0x)\n");
+#endif
 #ifndef OPENSSL_NO_SSL2
        fprintf(stderr," -ssl2         - use SSLv2\n");
 #endif
@@ -281,7 +320,7 @@ static void sv_usage(void)
 static void print_details(SSL *c_ssl, const char *prefix)
        {
-        SSL_CIPHER *ciph;
+        const SSL_CIPHER *ciph;
        X509 *cert;
                
        ciph=SSL_get_current_cipher(c_ssl);
@@ -386,6 +425,25 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
                }
        }
+#ifdef TLSEXT_TYPE_opaque_prf_input
+struct cb_info_st { void *input; size_t len; int ret; };
+struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */
+struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */
+struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */
+struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */
+int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
+        {
+        struct cb_info_st *arg = arg_;
+        if (arg == NULL)
+                return 1;
+        
+        if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len))
+                return 0;
+        return arg->ret;
+        }
+#endif
 int main(int argc, char *argv[])
        {
@@ -407,19 +465,20 @@ int main(int argc, char *argv[])
 #endif
        SSL_CTX *s_ctx=NULL;
        SSL_CTX *c_ctx=NULL;
-        SSL_METHOD *meth=NULL;
+        const SSL_METHOD *meth=NULL;
        SSL *c_ssl,*s_ssl;
        int number=1,reuse=0;
        long bytes=256L;
 #ifndef OPENSSL_NO_DH
        DH *dh;
-        int dhe1024 = 1, dhe1024dsa = 0;
+        int dhe1024 = 0, dhe1024dsa = 0;
 #endif
 #ifndef OPENSSL_NO_ECDH
        EC_KEY *ecdh = NULL;
 #endif
        int no_dhe = 0;
        int no_ecdhe = 0;
+        int no_psk = 0;
        int print_time = 0;
        clock_t s_time = 0, c_time = 0;
        int comp = 0;
@@ -428,15 +487,12 @@ int main(int argc, char *argv[])
 #endif
        STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
        int test_cipherlist = 0;
-#ifdef OPENSSL_FIPS
-        int fips_mode=0;
-#endif
        verbose = 0;
        debug = 0;
        cipher = 0;
-        bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 
+        bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT);     
        CRYPTO_set_locking_callback(lock_dbg_cb);
@@ -455,23 +511,14 @@ int main(int argc, char *argv[])
        RAND_seed(rnd_seed, sizeof rnd_seed);
-        bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+        bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT);
        argc--;
        argv++;
        while (argc >= 1)
                {
-                if(!strcmp(*argv,"-F"))
+                if      (strcmp(*argv,"-server_auth") == 0)
-                        {
-#ifdef OPENSSL_FIPS
-                        fips_mode=1;
-#else
-                        fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
-                        EXIT(0);
-#endif
-                        }
-                else if (strcmp(*argv,"-server_auth") == 0)
                        server_auth=1;
                else if (strcmp(*argv,"-client_auth") == 0)
                        client_auth=1;
@@ -511,6 +558,20 @@ int main(int argc, char *argv[])
                        no_dhe=1;
                else if (strcmp(*argv,"-no_ecdhe") == 0)
                        no_ecdhe=1;
+                else if (strcmp(*argv,"-psk") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        psk_key=*(++argv);
+#ifndef OPENSSL_NO_PSK
+                        if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key))
+                                {
+                                BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
+                                goto bad;
+                                }
+#else
+                        no_psk=1;
+#endif
+                        }
                else if (strcmp(*argv,"-ssl2") == 0)
                        ssl2=1;
                else if (strcmp(*argv,"-tls1") == 0)
@@ -653,20 +714,6 @@ bad:
                EXIT(1);
                }
-#ifdef OPENSSL_FIPS
-        if(fips_mode)
-                {
-                if(!FIPS_mode_set(1))
-                        {
-                        ERR_load_crypto_strings();
-                        ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-                        EXIT(1);
-                        }
-                else
-                        fprintf(stderr,"*** IN FIPS MODE ***\n");
-                }
-#endif
        if (print_time)
                {
                if (!bio_pair)
@@ -811,6 +858,13 @@ bad:
        SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
 #endif
+#ifdef TLSEXT_TYPE_opaque_prf_input
+        SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
+        SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
+        SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */
+        SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */
+#endif
        if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
                {
                ERR_print_errors(bio_err);
@@ -862,6 +916,31 @@ bad:
                SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
        }
+        /* Use PSK only if PSK key is given */
+        if (psk_key != NULL)
+                {
+                /* no_psk is used to avoid putting psk command to openssl tool */
+                if (no_psk)
+                        {
+                        /* if PSK is not compiled in and psk key is
+                         * given, do nothing and exit successfully */
+                        ret=0;
+                        goto end;
+                        }
+#ifndef OPENSSL_NO_PSK
+                SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
+                SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
+                if (debug)
+                        BIO_printf(bio_err,"setting PSK identity hint to s_ctx\n");
+                if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint"))
+                        {
+                        BIO_printf(bio_err,"error setting PSK identity hint to s_ctx\n");
+                        ERR_print_errors(bio_err);
+                        goto end;
+                        }
+#endif
+                }
        c_ssl=SSL_new(c_ctx);
        s_ssl=SSL_new(s_ctx);
@@ -938,7 +1017,7 @@ end:
 #endif
        CRYPTO_cleanup_all_ex_data();
        ERR_free_strings();
-        ERR_remove_state(0);
+        ERR_remove_thread_state(NULL);
        EVP_cleanup();
        CRYPTO_mem_leaks(bio_err);
        if (bio_err != NULL) BIO_free(bio_err);
@@ -2088,7 +2167,15 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
                }
 #ifndef OPENSSL_NO_X509_VERIFY
+# ifdef OPENSSL_FIPS
+        if(s->version == TLS1_VERSION)
+                FIPS_allow_md5(1);
+# endif
        ok = X509_verify_cert(ctx);
+# ifdef OPENSSL_FIPS
+        if(s->version == TLS1_VERSION)
+                FIPS_allow_md5(0);
+# endif
 #endif
        if (cb_arg->proxy_auth)
@@ -2257,11 +2344,74 @@ static DH *get_dh1024dsa()
        }
 #endif
+#ifndef OPENSSL_NO_PSK
+/* convert the PSK key (psk_key) in ascii to binary (psk) */
+static int psk_key2bn(const char *pskkey, unsigned char *psk,
+        unsigned int max_psk_len)
+        {
+        int ret;
+        BIGNUM *bn = NULL;
+        ret = BN_hex2bn(&bn, pskkey);
+        if (!ret)
+                {
+                BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", pskkey); 
+                if (bn)
+                        BN_free(bn);
+                return 0;
+                }
+        if (BN_num_bytes(bn) > (int)max_psk_len)
+                {
+                BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
+                        max_psk_len, BN_num_bytes(bn));
+                BN_free(bn);
+                return 0;
+                }
+        ret = BN_bn2bin(bn, psk);
+        BN_free(bn);
+        return ret;
+        }
+static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity,
+        unsigned int max_identity_len, unsigned char *psk,
+        unsigned int max_psk_len)
+        {
+        int ret;
+        unsigned int psk_len = 0;
+        ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
+        if (ret < 0)
+                goto out_err;
+        if (debug)
+                fprintf(stderr, "client: created identity '%s' len=%d\n", identity, ret);
+        ret = psk_key2bn(psk_key, psk, max_psk_len);
+        if (ret < 0)
+                goto out_err;
+        psk_len = ret;
+out_err:
+        return psk_len;
+        }
+static unsigned int psk_server_callback(SSL *ssl, const char *identity,
+        unsigned char *psk, unsigned int max_psk_len)
+        {
+        unsigned int psk_len=0;
+        if (strcmp(identity, "Client_identity") != 0)
+                {
+                BIO_printf(bio_err, "server: PSK error: client identity not found\n");
+                return 0;
+                }
+        psk_len=psk_key2bn(psk_key, psk, max_psk_len);
+        return psk_len;
+        }
+#endif
 static int do_test_cipherlist(void)
        {
        int i = 0;
        const SSL_METHOD *meth;
-        SSL_CIPHER *ci, *tci = NULL;
+        const SSL_CIPHER *ci, *tci = NULL;
 #ifndef OPENSSL_NO_SSL2
        fprintf(stderr, "testing SSLv2 cipher list order: ");
diff --git a/src/lib/libssl/src/ssl/t1_clnt.c b/src/lib/libssl/src/ssl/t1_clnt.c
index 4d1e198cdc..c87af17712 100644
--- a/src/lib/libssl/src/ssl/t1_clnt.c
+++ b/src/lib/libssl/src/ssl/t1_clnt.c
@@ -63,8 +63,8 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-static SSL_METHOD *tls1_get_client_method(int ver);
+static const SSL_METHOD *tls1_get_client_method(int ver);
-static SSL_METHOD *tls1_get_client_method(int ver)
+static const SSL_METHOD *tls1_get_client_method(int ver)
        {
        if (ver == TLS1_VERSION)
                return(TLSv1_client_method());
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 7cb3e29a41..9719541f2b 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -108,6 +108,32 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #include <stdio.h>
 #include "ssl_locl.h"
@@ -121,8 +147,14 @@
 #include <openssl/des.h>
 #endif
-static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
+/* seed1 through seed5 are virtually concatenated */
-                        int sec_len, unsigned char *seed, int seed_len,
+static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
+                        int sec_len,
+                        const void *seed1, int seed1_len,
+                        const void *seed2, int seed2_len,
+                        const void *seed3, int seed3_len,
+                        const void *seed4, int seed4_len,
+                        const void *seed5, int seed5_len,
                        unsigned char *out, int olen)
        {
        int chunk,n;
@@ -131,84 +163,133 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
        HMAC_CTX ctx_tmp;
        unsigned char A1[EVP_MAX_MD_SIZE];
        unsigned int A1_len;
+        int ret = 0;
        
        chunk=EVP_MD_size(md);
+        OPENSSL_assert(chunk >= 0);
        HMAC_CTX_init(&ctx);
        HMAC_CTX_init(&ctx_tmp);
-        HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+        if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL))
-        HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+                goto err;
-        HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
+        if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL))
-        HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
+                goto err;
-        HMAC_Update(&ctx,seed,seed_len);
+        if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
-        HMAC_Final(&ctx,A1,&A1_len);
+                goto err;
+        if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
+                goto err;
+        if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
+                goto err;
+        if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
+                goto err;
+        if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
+                goto err;
+        if (!HMAC_Final(&ctx,A1,&A1_len))
+                goto err;
        n=0;
        for (;;)
                {
-                HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
+                if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */
-                HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
+                        goto err;
-                HMAC_Update(&ctx,A1,A1_len);
+                if (!HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL)) /* re-init */
-                HMAC_Update(&ctx_tmp,A1,A1_len);
+                        goto err;
-                HMAC_Update(&ctx,seed,seed_len);
+                if (!HMAC_Update(&ctx,A1,A1_len))
+                        goto err;
+                if (!HMAC_Update(&ctx_tmp,A1,A1_len))
+                        goto err;
+                if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
+                        goto err;
+                if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
+                        goto err;
+                if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
+                        goto err;
+                if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
+                        goto err;
+                if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
+                        goto err;
                if (olen > chunk)
                        {
-                        HMAC_Final(&ctx,out,&j);
+                        if (!HMAC_Final(&ctx,out,&j))
+                                goto err;
                        out+=j;
                        olen-=j;
-                        HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
+                        if (!HMAC_Final(&ctx_tmp,A1,&A1_len)) /* calc the next A1 value */
+                                goto err;
                        }
                else    /* last one */
                        {
-                        HMAC_Final(&ctx,A1,&A1_len);
+                        if (!HMAC_Final(&ctx,A1,&A1_len))
+                                goto err;
                        memcpy(out,A1,olen);
                        break;
                        }
                }
+        ret = 1;
+err:
        HMAC_CTX_cleanup(&ctx);
        HMAC_CTX_cleanup(&ctx_tmp);
        OPENSSL_cleanse(A1,sizeof(A1));
+        return ret;
        }
-static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+/* seed1 through seed5 are virtually concatenated */
-                     unsigned char *label, int label_len,
+static int tls1_PRF(long digest_mask,
-                     const unsigned char *sec, int slen, unsigned char *out1,
+                     const void *seed1, int seed1_len,
+                     const void *seed2, int seed2_len,
+                     const void *seed3, int seed3_len,
+                     const void *seed4, int seed4_len,
+                     const void *seed5, int seed5_len,
+                     const unsigned char *sec, int slen,
+                     unsigned char *out1,
                     unsigned char *out2, int olen)
        {
-        int len,i;
+        int len,i,idx,count;
-        const unsigned char *S1,*S2;
+        const unsigned char *S1;
+        long m;
-        len=slen/2;
+        const EVP_MD *md;
+        int ret = 0;
+        /* Count number of digests and partition sec evenly */
+        count=0;
+        for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
+                if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) count++;
+        }       
+        len=slen/count;
        S1=sec;
-        S2= &(sec[len]);
+        memset(out1,0,olen);
-        len+=(slen&1); /* add for odd, make longer */
+        for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
+                if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) {
-        
+                        if (!md) {
-        tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
+                                SSLerr(SSL_F_TLS1_PRF,
-        tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
+                                SSL_R_UNSUPPORTED_DIGEST_TYPE);
+                                goto err;                               
-        for (i=0; i<olen; i++)
+                        }
-                out1[i]^=out2[i];
+                        if (!tls1_P_hash(md ,S1,len+(slen&1),
+                                        seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len,
+                                        out2,olen))
+                                goto err;
+                        S1+=len;
+                        for (i=0; i<olen; i++)
+                        {
+                                out1[i]^=out2[i];
+                        }
+                }
        }
+        ret = 1;
-static void tls1_generate_key_block(SSL *s, unsigned char *km,
+err:
+        return ret;
+}
+static int tls1_generate_key_block(SSL *s, unsigned char *km,
             unsigned char *tmp, int num)
        {
-        unsigned char *p;
+        int ret;
-        unsigned char buf[SSL3_RANDOM_SIZE*2+
+        ret = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
-                TLS_MD_MAX_CONST_SIZE];
+                 TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE,
-        p=buf;
+                 s->s3->server_random,SSL3_RANDOM_SIZE,
+                 s->s3->client_random,SSL3_RANDOM_SIZE,
-        memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
+                 NULL,0,NULL,0,
-                TLS_MD_KEY_EXPANSION_CONST_SIZE);
-        p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
-        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
-        p+=SSL3_RANDOM_SIZE;
-        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
-        p+=SSL3_RANDOM_SIZE;
-        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
                 s->session->master_key,s->session->master_key_length,
                 km,tmp,num);
 #ifdef KSSL_DEBUG
@@ -222,14 +303,14 @@ static void tls1_generate_key_block(SSL *s, unsigned char *km,
                }
        printf("\n");  }
 #endif    /* KSSL_DEBUG */
+        return ret;
        }
 int tls1_change_cipher_state(SSL *s, int which)
        {
        static const unsigned char empty[]="";
        unsigned char *p,*key_block,*mac_secret;
-        unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
+        unsigned char *exp_label;
-                SSL3_RANDOM_SIZE*2];
        unsigned char tmp1[EVP_MAX_KEY_LENGTH];
        unsigned char tmp2[EVP_MAX_KEY_LENGTH];
        unsigned char iv1[EVP_MAX_IV_LENGTH*2];
@@ -242,12 +323,17 @@ int tls1_change_cipher_state(SSL *s, int which)
        const SSL_COMP *comp;
 #endif
        const EVP_MD *m;
+        int mac_type;
+        int *mac_secret_size;
+        EVP_MD_CTX *mac_ctx;
+        EVP_PKEY *mac_key;
        int is_export,n,i,j,k,exp_label_len,cl;
        int reuse_dd = 0;
        is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
        c=s->s3->tmp.new_sym_enc;
        m=s->s3->tmp.new_hash;
+        mac_type = s->s3->tmp.new_mac_pkey_type;
 #ifndef OPENSSL_NO_COMP
        comp=s->s3->tmp.new_compression;
 #endif
@@ -255,21 +341,28 @@ int tls1_change_cipher_state(SSL *s, int which)
 #ifdef KSSL_DEBUG
        printf("tls1_change_cipher_state(which= %d) w/\n", which);
-        printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
+        printf("\talg= %ld/%ld, comp= %p\n",
-                (void *)comp);
+               s->s3->tmp.new_cipher->algorithm_mkey,
-        printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", (void *)c);
+               s->s3->tmp.new_cipher->algorithm_auth,
+               comp);
+        printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
        printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
                c->nid,c->block_size,c->key_len,c->iv_len);
        printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
        {
-        int ki;
+        int i;
-        for (ki=0; ki<s->s3->tmp.key_block_length; ki++)
+        for (i=0; i<s->s3->tmp.key_block_length; i++)
-                printf("%02x", key_block[ki]);  printf("\n");
+                printf("%02x", key_block[i]);  printf("\n");
        }
 #endif  /* KSSL_DEBUG */
        if (which & SSL3_CC_READ)
                {
+                if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+                        s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
+                        else
+                        s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
                if (s->enc_read_ctx != NULL)
                        reuse_dd = 1;
                else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
@@ -278,7 +371,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                        /* make sure it's intialized in case we exit later with an error */
                        EVP_CIPHER_CTX_init(s->enc_read_ctx);
                dd= s->enc_read_ctx;
-                s->read_hash=m;
+                mac_ctx=ssl_replace_hash(&s->read_hash,NULL);
 #ifndef OPENSSL_NO_COMP
                if (s->expand != NULL)
                        {
@@ -304,9 +397,14 @@ int tls1_change_cipher_state(SSL *s, int which)
                if (s->version != DTLS1_VERSION)
                        memset(&(s->s3->read_sequence[0]),0,8);
                mac_secret= &(s->s3->read_mac_secret[0]);
+                mac_secret_size=&(s->s3->read_mac_secret_size);
                }
        else
                {
+                if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+                        s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+                        else
+                        s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
                if (s->enc_write_ctx != NULL)
                        reuse_dd = 1;
                else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
@@ -315,7 +413,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                        /* make sure it's intialized in case we exit later with an error */
                        EVP_CIPHER_CTX_init(s->enc_write_ctx);
                dd= s->enc_write_ctx;
-                s->write_hash=m;
+                mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
 #ifndef OPENSSL_NO_COMP
                if (s->compress != NULL)
                        {
@@ -336,13 +434,15 @@ int tls1_change_cipher_state(SSL *s, int which)
                if (s->version != DTLS1_VERSION)
                        memset(&(s->s3->write_sequence[0]),0,8);
                mac_secret= &(s->s3->write_mac_secret[0]);
+                mac_secret_size = &(s->s3->write_mac_secret_size);
                }
        if (reuse_dd)
                EVP_CIPHER_CTX_cleanup(dd);
        p=s->s3->tmp.key_block;
-        i=EVP_MD_size(m);
+        i=*mac_secret_size=s->s3->tmp.new_mac_secret_size;
        cl=EVP_CIPHER_key_length(c);
        j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
                       cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
@@ -378,6 +478,10 @@ int tls1_change_cipher_state(SSL *s, int which)
                }
        memcpy(mac_secret,ms,i);
+        mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
+                        mac_secret,*mac_secret_size);
+        EVP_DigestSignInit(mac_ctx,NULL,m,NULL,mac_key);
+        EVP_PKEY_free(mac_key);
 #ifdef TLS_DEBUG
 printf("which = %04X\nmac key=",which);
 { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
@@ -387,29 +491,24 @@ printf("which = %04X\nmac key=",which);
                /* In here I set both the read and write key/iv to the
                 * same value since only the correct one will be used :-).
                 */
-                p=buf;
+                if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
-                memcpy(p,exp_label,exp_label_len);
+                                exp_label,exp_label_len,
-                p+=exp_label_len;
+                                s->s3->client_random,SSL3_RANDOM_SIZE,
-                memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+                                s->s3->server_random,SSL3_RANDOM_SIZE,
-                p+=SSL3_RANDOM_SIZE;
+                                NULL,0,NULL,0,
-                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+                                key,j,tmp1,tmp2,EVP_CIPHER_key_length(c)))
-                p+=SSL3_RANDOM_SIZE;
+                        goto err2;
-                tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
-                         tmp1,tmp2,EVP_CIPHER_key_length(c));
                key=tmp1;
                if (k > 0)
                        {
-                        p=buf;
+                        if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
-                        memcpy(p,TLS_MD_IV_BLOCK_CONST,
+                                        TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
-                                TLS_MD_IV_BLOCK_CONST_SIZE);
+                                        s->s3->client_random,SSL3_RANDOM_SIZE,
-                        p+=TLS_MD_IV_BLOCK_CONST_SIZE;
+                                        s->s3->server_random,SSL3_RANDOM_SIZE,
-                        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+                                        NULL,0,NULL,0,
-                        p+=SSL3_RANDOM_SIZE;
+                                        empty,0,iv1,iv2,k*2))
-                        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+                                goto err2;
-                        p+=SSL3_RANDOM_SIZE;
-                        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
-                                 iv1,iv2,k*2);
                        if (client_write)
                                iv=iv1;
                        else
@@ -420,13 +519,11 @@ printf("which = %04X\nmac key=",which);
        s->session->key_arg_length=0;
 #ifdef KSSL_DEBUG
        {
-        int ki;
+        int i;
        printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
-        printf("\tkey= ");
+        printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
-        for (ki=0; ki<c->key_len; ki++) printf("%02x", key[ki]);
        printf("\n");
-        printf("\t iv= ");
+        printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
-        for (ki=0; ki<c->iv_len; ki++) printf("%02x", iv[ki]);
        printf("\n");
        }
 #endif  /* KSSL_DEBUG */
@@ -453,11 +550,13 @@ err2:
 int tls1_setup_key_block(SSL *s)
        {
-        unsigned char *p1,*p2;
+        unsigned char *p1,*p2=NULL;
        const EVP_CIPHER *c;
        const EVP_MD *hash;
        int num;
        SSL_COMP *comp;
+        int mac_type= NID_undef,mac_secret_size=0;
+        int ret=0;
 #ifdef KSSL_DEBUG
        printf ("tls1_setup_key_block()\n");
@@ -466,7 +565,7 @@ int tls1_setup_key_block(SSL *s)
        if (s->s3->tmp.key_block_length != 0)
                return(1);
-        if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
+        if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size,&comp))
                {
                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
                return(0);
@@ -474,20 +573,27 @@ int tls1_setup_key_block(SSL *s)
        s->s3->tmp.new_sym_enc=c;
        s->s3->tmp.new_hash=hash;
+        s->s3->tmp.new_mac_pkey_type = mac_type;
-        num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
+        s->s3->tmp.new_mac_secret_size = mac_secret_size;
+        num=EVP_CIPHER_key_length(c)+mac_secret_size+EVP_CIPHER_iv_length(c);
        num*=2;
        ssl3_cleanup_key_block(s);
        if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+                {
+                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
                goto err;
-        if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+                }
-                goto err;
        s->s3->tmp.key_block_length=num;
        s->s3->tmp.key_block=p1;
+        if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+                {
+                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
 #ifdef TLS_DEBUG
 printf("client random\n");
@@ -497,9 +603,8 @@ printf("server random\n");
 printf("pre-master\n");
 { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
 #endif
-        tls1_generate_key_block(s,p1,p2,num);
+        if (!tls1_generate_key_block(s,p1,p2,num))
-        OPENSSL_cleanse(p2,num);
+                goto err;
-        OPENSSL_free(p2);
 #ifdef TLS_DEBUG
 printf("\nkey block\n");
 { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
@@ -514,20 +619,24 @@ printf("\nkey block\n");
                if (s->session->cipher != NULL)
                        {
-                        if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
+                        if (s->session->cipher->algorithm_enc == SSL_eNULL)
                                s->s3->need_empty_fragments = 0;
                        
 #ifndef OPENSSL_NO_RC4
-                        if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
+                        if (s->session->cipher->algorithm_enc == SSL_RC4)
                                s->s3->need_empty_fragments = 0;
 #endif
                        }
                }
                
-        return(1);
+        ret = 1;
 err:
-        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+        if (p2)
-        return(0);
+                {
+                OPENSSL_cleanse(p2,num);
+                OPENSSL_free(p2);
+                }
+        return(ret);
        }
 int tls1_enc(SSL *s, int send)
@@ -540,8 +649,11 @@ int tls1_enc(SSL *s, int send)
        if (send)
                {
-                if (s->write_hash != NULL)
+                if (EVP_MD_CTX_md(s->write_hash))
-                        n=EVP_MD_size(s->write_hash);
+                        {
+                        n=EVP_MD_CTX_size(s->write_hash);
+                        OPENSSL_assert(n >= 0);
+                        }
                ds=s->enc_write_ctx;
                rec= &(s->s3->wrec);
                if (s->enc_write_ctx == NULL)
@@ -551,8 +663,11 @@ int tls1_enc(SSL *s, int send)
                }
        else
                {
-                if (s->read_hash != NULL)
+                if (EVP_MD_CTX_md(s->read_hash))
-                        n=EVP_MD_size(s->read_hash);
+                        {
+                        n=EVP_MD_CTX_size(s->read_hash);
+                        OPENSSL_assert(n >= 0);
+                        }
                ds=s->enc_read_ctx;
                rec= &(s->s3->rrec);
                if (s->enc_read_ctx == NULL)
@@ -599,11 +714,10 @@ int tls1_enc(SSL *s, int send)
                {
                unsigned long ui;
                printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
-                        (void *)ds,rec->data,rec->input,l);
+                        ds,rec->data,rec->input,l);
-                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n",
+                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
                        ds->buf_len, ds->cipher->key_len,
-                        (unsigned long)DES_KEY_SZ,
+                        DES_KEY_SZ, DES_SCHEDULE_SZ,
-                        (unsigned long)DES_SCHEDULE_SZ,
                        ds->cipher->iv_len);
                printf("\t\tIV: ");
                for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
@@ -628,10 +742,10 @@ int tls1_enc(SSL *s, int send)
 #ifdef KSSL_DEBUG
                {
-                unsigned long ki;
+                unsigned long i;
                printf("\trec->data=");
-                for (ki=0; ki<l; i++)
+                for (i=0; i<l; i++)
-                        printf(" %02x", rec->data[ki]);  printf("\n");
+                        printf(" %02x", rec->data[i]);  printf("\n");
                }
 #endif  /* KSSL_DEBUG */
@@ -679,56 +793,101 @@ int tls1_enc(SSL *s, int send)
                }
        return(1);
        }
+int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
        {
        unsigned int ret;
-        EVP_MD_CTX ctx;
+        EVP_MD_CTX ctx, *d=NULL;
+        int i;
+        if (s->s3->handshake_buffer) 
+                if (!ssl3_digest_cached_records(s))
+                        return 0;
+        for (i=0;i<SSL_MAX_DIGEST;i++) 
+                {
+                  if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) 
+                        {
+                        d=s->s3->handshake_dgst[i];
+                        break;
+                        }
+                }
+        if (!d) {
+                SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST);
+                return 0;
+        }       
        EVP_MD_CTX_init(&ctx);
-        EVP_MD_CTX_copy_ex(&ctx,in_ctx);
+        EVP_MD_CTX_copy_ex(&ctx,d);
        EVP_DigestFinal_ex(&ctx,out,&ret);
        EVP_MD_CTX_cleanup(&ctx);
        return((int)ret);
        }
-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
+int tls1_final_finish_mac(SSL *s,
             const char *str, int slen, unsigned char *out)
        {
        unsigned int i;
        EVP_MD_CTX ctx;
-        unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+        unsigned char buf[2*EVP_MAX_MD_SIZE];
        unsigned char *q,buf2[12];
+        int idx;
+        long mask;
+        int err=0;
+        const EVP_MD *md; 
        q=buf;
-        memcpy(q,str,slen);
-        q+=slen;
+        if (s->s3->handshake_buffer) 
+                if (!ssl3_digest_cached_records(s))
+                        return 0;
        EVP_MD_CTX_init(&ctx);
-        EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
-        EVP_DigestFinal_ex(&ctx,q,&i);
+        for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
-        q+=i;
+                {
-        EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
+                if (mask & s->s3->tmp.new_cipher->algorithm2)
-        EVP_DigestFinal_ex(&ctx,q,&i);
+                        {
-        q+=i;
+                        int hashsize = EVP_MD_size(md);
+                        if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
-        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
+                                {
-                s->session->master_key,s->session->master_key_length,
+                                /* internal error: 'buf' is too small for this cipersuite! */
-                out,buf2,sizeof buf2);
+                                err = 1;
+                                }
+                        else
+                                {
+                                EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
+                                EVP_DigestFinal_ex(&ctx,q,&i);
+                                if (i != (unsigned int)hashsize) /* can't really happen */
+                                        err = 1;
+                                q+=i;
+                                }
+                        }
+                }
+                
+        if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+                        str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
+                        s->session->master_key,s->session->master_key_length,
+                        out,buf2,sizeof buf2))
+                err = 1;
        EVP_MD_CTX_cleanup(&ctx);
-        return sizeof buf2;
+        if (err)
+                return 0;
+        else
+                return sizeof buf2;
        }
 int tls1_mac(SSL *ssl, unsigned char *md, int send)
        {
        SSL3_RECORD *rec;
        unsigned char *mac_sec,*seq;
-        const EVP_MD *hash;
+        EVP_MD_CTX *hash;
-        unsigned int md_size;
+        size_t md_size;
        int i;
-        HMAC_CTX hmac;
+        EVP_MD_CTX hmac, *mac_ctx;
        unsigned char buf[5]; 
+        int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
+        int t;
        if (send)
                {
@@ -745,43 +904,45 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
                hash=ssl->read_hash;
                }
-        md_size=EVP_MD_size(hash);
+        t=EVP_MD_CTX_size(hash);
+        OPENSSL_assert(t >= 0);
+        md_size=t;
        buf[0]=rec->type;
-        if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER)
+        buf[1]=(unsigned char)(ssl->version>>8);
-                {
+        buf[2]=(unsigned char)(ssl->version);
-                buf[1]=TLS1_VERSION_MAJOR;
-                buf[2]=TLS1_VERSION_MINOR;
-                }
-        else    {
-                buf[1]=(unsigned char)(ssl->version>>8);
-                buf[2]=(unsigned char)(ssl->version);
-                }
        buf[3]=rec->length>>8;
        buf[4]=rec->length&0xff;
        /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
-        HMAC_CTX_init(&hmac);
+        if (stream_mac) 
-        HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
+                {
+                        mac_ctx = hash;
+                }
+                else
+                {
+                        EVP_MD_CTX_copy(&hmac,hash);
+                        mac_ctx = &hmac;
+                }
-        if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
+        if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
                {
                unsigned char dtlsseq[8],*p=dtlsseq;
                s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
                memcpy (p,&seq[2],6);
-                HMAC_Update(&hmac,dtlsseq,8);
+                EVP_DigestSignUpdate(mac_ctx,dtlsseq,8);
                }
        else
-                HMAC_Update(&hmac,seq,8);
+                EVP_DigestSignUpdate(mac_ctx,seq,8);
-        HMAC_Update(&hmac,buf,5);
-        HMAC_Update(&hmac,rec->input,rec->length);
-        HMAC_Final(&hmac,md,&md_size);
-        HMAC_CTX_cleanup(&hmac);
+        EVP_DigestSignUpdate(mac_ctx,buf,5);
+        EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
+        t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
+        OPENSSL_assert(t > 0);
+                
+        if (!stream_mac) EVP_MD_CTX_cleanup(&hmac);
 #ifdef TLS_DEBUG
 printf("sec=");
 {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
@@ -793,7 +954,7 @@ printf("rec=");
 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
 #endif
-        if ( SSL_version(ssl) != DTLS1_VERSION)
+        if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
                {
                for (i=7; i>=0; i--)
                        {
@@ -811,23 +972,35 @@ printf("rec=");
 int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
             int len)
        {
-        unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
        unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
+        const void *co = NULL, *so = NULL;
+        int col = 0, sol = 0;
 #ifdef KSSL_DEBUG
-        printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", (void *)s,out, p,len);
+        printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
 #endif  /* KSSL_DEBUG */
-        /* Setup the stuff to munge */
+#ifdef TLSEXT_TYPE_opaque_prf_input
-        memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
+        if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL &&
-                TLS_MD_MASTER_SECRET_CONST_SIZE);
+            s->s3->client_opaque_prf_input_len > 0 &&
-        memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
+            s->s3->client_opaque_prf_input_len == s->s3->server_opaque_prf_input_len)
-                s->s3->client_random,SSL3_RANDOM_SIZE);
+                {
-        memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
+                co = s->s3->client_opaque_prf_input;
-                s->s3->server_random,SSL3_RANDOM_SIZE);
+                col = s->s3->server_opaque_prf_input_len;
-        tls1_PRF(s->ctx->md5,s->ctx->sha1,
+                so = s->s3->server_opaque_prf_input;
-                buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
+                sol = s->s3->client_opaque_prf_input_len; /* must be same as col (see draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1) */
+                }
+#endif
+        tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+                TLS_MD_MASTER_SECRET_CONST,TLS_MD_MASTER_SECRET_CONST_SIZE,
+                s->s3->client_random,SSL3_RANDOM_SIZE,
+                co, col,
+                s->s3->server_random,SSL3_RANDOM_SIZE,
+                so, sol,
+                p,len,
                s->session->master_key,buff,sizeof buff);
 #ifdef KSSL_DEBUG
        printf ("tls1_generate_master_secret() complete\n");
 #endif  /* KSSL_DEBUG */
@@ -862,7 +1035,13 @@ int tls1_alert_code(int code)
        case SSL_AD_INTERNAL_ERROR:     return(TLS1_AD_INTERNAL_ERROR);
        case SSL_AD_USER_CANCELLED:     return(TLS1_AD_USER_CANCELLED);
        case SSL_AD_NO_RENEGOTIATION:   return(TLS1_AD_NO_RENEGOTIATION);
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+        case SSL_AD_UNSUPPORTED_EXTENSION: return(TLS1_AD_UNSUPPORTED_EXTENSION);
+        case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(TLS1_AD_CERTIFICATE_UNOBTAINABLE);
+        case SSL_AD_UNRECOGNIZED_NAME:  return(TLS1_AD_UNRECOGNIZED_NAME);
+        case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
+        case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
+        case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
+#if 0 /* not appropriate for TLS, not used for DTLS */
        case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return 
                                          (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
 #endif
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 9ce726996d..e8bc34c111 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 #include <stdio.h>
 #include <openssl/objects.h>
@@ -92,11 +145,6 @@ long tls1_default_timeout(void)
        return(60*60*2);
        }
-IMPLEMENT_tls1_meth_func(tlsv1_base_method,
-                        ssl_undefined_function,
-                        ssl_undefined_function,
-                        ssl_bad_method)
 int tls1_new(SSL *s)
        {
        if (!ssl3_new(s)) return(0);
@@ -106,6 +154,12 @@ int tls1_new(SSL *s)
 void tls1_free(SSL *s)
        {
+#ifndef OPENSSL_NO_TLSEXT
+        if (s->tlsext_session_ticket)
+                {
+                OPENSSL_free(s->tlsext_session_ticket);
+                }
+#endif /* OPENSSL_NO_TLSEXT */
        ssl3_free(s);
        }
@@ -115,17 +169,105 @@ void tls1_clear(SSL *s)
        s->version=TLS1_VERSION;
        }
-#if 0
+#ifndef OPENSSL_NO_EC
-long tls1_ctrl(SSL *s, int cmd, long larg, char *parg)
+static int nid_list[] =
        {
-        return(0);
+                NID_sect163k1, /* sect163k1 (1) */
+                NID_sect163r1, /* sect163r1 (2) */
+                NID_sect163r2, /* sect163r2 (3) */
+                NID_sect193r1, /* sect193r1 (4) */ 
+                NID_sect193r2, /* sect193r2 (5) */ 
+                NID_sect233k1, /* sect233k1 (6) */
+                NID_sect233r1, /* sect233r1 (7) */ 
+                NID_sect239k1, /* sect239k1 (8) */ 
+                NID_sect283k1, /* sect283k1 (9) */
+                NID_sect283r1, /* sect283r1 (10) */ 
+                NID_sect409k1, /* sect409k1 (11) */ 
+                NID_sect409r1, /* sect409r1 (12) */
+                NID_sect571k1, /* sect571k1 (13) */ 
+                NID_sect571r1, /* sect571r1 (14) */ 
+                NID_secp160k1, /* secp160k1 (15) */
+                NID_secp160r1, /* secp160r1 (16) */ 
+                NID_secp160r2, /* secp160r2 (17) */ 
+                NID_secp192k1, /* secp192k1 (18) */
+                NID_X9_62_prime192v1, /* secp192r1 (19) */ 
+                NID_secp224k1, /* secp224k1 (20) */ 
+                NID_secp224r1, /* secp224r1 (21) */
+                NID_secp256k1, /* secp256k1 (22) */ 
+                NID_X9_62_prime256v1, /* secp256r1 (23) */ 
+                NID_secp384r1, /* secp384r1 (24) */
+                NID_secp521r1  /* secp521r1 (25) */     
+        };
+        
+int tls1_ec_curve_id2nid(int curve_id)
+        {
+        /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
+        if ((curve_id < 1) || ((unsigned int)curve_id >
+                                sizeof(nid_list)/sizeof(nid_list[0])))
+                return 0;
+        return nid_list[curve_id-1];
        }
-long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)())
+int tls1_ec_nid2curve_id(int nid)
        {
-        return(0);
+        /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
+        switch (nid)
+                {
+        case NID_sect163k1: /* sect163k1 (1) */
+                return 1;
+        case NID_sect163r1: /* sect163r1 (2) */
+                return 2;
+        case NID_sect163r2: /* sect163r2 (3) */
+                return 3;
+        case NID_sect193r1: /* sect193r1 (4) */ 
+                return 4;
+        case NID_sect193r2: /* sect193r2 (5) */ 
+                return 5;
+        case NID_sect233k1: /* sect233k1 (6) */
+                return 6;
+        case NID_sect233r1: /* sect233r1 (7) */ 
+                return 7;
+        case NID_sect239k1: /* sect239k1 (8) */ 
+                return 8;
+        case NID_sect283k1: /* sect283k1 (9) */
+                return 9;
+        case NID_sect283r1: /* sect283r1 (10) */ 
+                return 10;
+        case NID_sect409k1: /* sect409k1 (11) */ 
+                return 11;
+        case NID_sect409r1: /* sect409r1 (12) */
+                return 12;
+        case NID_sect571k1: /* sect571k1 (13) */ 
+                return 13;
+        case NID_sect571r1: /* sect571r1 (14) */ 
+                return 14;
+        case NID_secp160k1: /* secp160k1 (15) */
+                return 15;
+        case NID_secp160r1: /* secp160r1 (16) */ 
+                return 16;
+        case NID_secp160r2: /* secp160r2 (17) */ 
+                return 17;
+        case NID_secp192k1: /* secp192k1 (18) */
+                return 18;
+        case NID_X9_62_prime192v1: /* secp192r1 (19) */ 
+                return 19;
+        case NID_secp224k1: /* secp224k1 (20) */ 
+                return 20;
+        case NID_secp224r1: /* secp224r1 (21) */
+                return 21;
+        case NID_secp256k1: /* secp256k1 (22) */ 
+                return 22;
+        case NID_X9_62_prime256v1: /* secp256r1 (23) */ 
+                return 23;
+        case NID_secp384r1: /* secp384r1 (24) */
+                return 24;
+        case NID_secp521r1:  /* secp521r1 (25) */       
+                return 25;
+        default:
+                return 0;
+                }
        }
-#endif
+#endif /* OPENSSL_NO_EC */
 #ifndef OPENSSL_NO_TLSEXT
 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
@@ -133,6 +275,11 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
        int extdatalen=0;
        unsigned char *ret = p;
+        /* don't add extensions for SSLv3 unless doing secure renegotiation */
+        if (s->client_version == SSL3_VERSION
+                                        && !s->s3->send_connection_binding)
+                return p;
        ret+=2;
        if (ret>=limit) return NULL; /* this really never occurs, but ... */
@@ -152,7 +299,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                */
                   
                if ((lenmax = limit - ret - 9) < 0 
-                || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) 
+                    || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) 
                        return NULL;
                        
                /* extension type and length */
@@ -167,21 +314,108 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                s2n(size_str,ret);
                memcpy(ret, s->tlsext_hostname, size_str);
                ret+=size_str;
+                }
+        /* Add RI if renegotiating */
+        if (s->new_session)
+          {
+          int el;
+          
+          if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
+              {
+              SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+              return NULL;
+              }
+          if((limit - p - 4 - el) < 0) return NULL;
+          
+          s2n(TLSEXT_TYPE_renegotiate,ret);
+          s2n(el,ret);
+          if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
+              {
+              SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+              return NULL;
+              }
+          ret += el;
+        }
+#ifndef OPENSSL_NO_EC
+        if (s->tlsext_ecpointformatlist != NULL &&
+            s->version != DTLS1_VERSION)
+                {
+                /* Add TLS extension ECPointFormats to the ClientHello message */
+                long lenmax; 
+                if ((lenmax = limit - ret - 5) < 0) return NULL; 
+                if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
+                if (s->tlsext_ecpointformatlist_length > 255)
+                        {
+                        SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+                        return NULL;
+                        }
+                
+                s2n(TLSEXT_TYPE_ec_point_formats,ret);
+                s2n(s->tlsext_ecpointformatlist_length + 1,ret);
+                *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length;
+                memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
+                ret+=s->tlsext_ecpointformatlist_length;
+                }
+        if (s->tlsext_ellipticcurvelist != NULL &&
+            s->version != DTLS1_VERSION)
+                {
+                /* Add TLS extension EllipticCurves to the ClientHello message */
+                long lenmax; 
+                if ((lenmax = limit - ret - 6) < 0) return NULL; 
+                if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL;
+                if (s->tlsext_ellipticcurvelist_length > 65532)
+                        {
+                        SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+                        return NULL;
+                        }
+                
+                s2n(TLSEXT_TYPE_elliptic_curves,ret);
+                s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
+                /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
+                 * elliptic_curve_list, but the examples use two bytes.
+                 * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
+                 * resolves this to two bytes.
+                 */
+                s2n(s->tlsext_ellipticcurvelist_length, ret);
+                memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
+                ret+=s->tlsext_ellipticcurvelist_length;
                }
+#endif /* OPENSSL_NO_EC */
        if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
                {
                int ticklen;
-                if (s->session && s->session->tlsext_tick)
+                if (!s->new_session && s->session && s->session->tlsext_tick)
                        ticklen = s->session->tlsext_ticklen;
+                else if (s->session && s->tlsext_session_ticket &&
+                         s->tlsext_session_ticket->data)
+                        {
+                        ticklen = s->tlsext_session_ticket->length;
+                        s->session->tlsext_tick = OPENSSL_malloc(ticklen);
+                        if (!s->session->tlsext_tick)
+                                return NULL;
+                        memcpy(s->session->tlsext_tick,
+                               s->tlsext_session_ticket->data,
+                               ticklen);
+                        s->session->tlsext_ticklen = ticklen;
+                        }
                else
                        ticklen = 0;
+                if (ticklen == 0 && s->tlsext_session_ticket &&
+                    s->tlsext_session_ticket->data == NULL)
+                        goto skip_ext;
                /* Check for enough room 2 for extension type, 2 for len
                 * rest for ticket
                 */
-                if (limit - ret - 4 - ticklen < 0)
+                if ((long)(limit - ret - 4 - ticklen) < 0) return NULL;
-                        return NULL;
                s2n(TLSEXT_TYPE_session_ticket,ret); 
                s2n(ticklen,ret);
                if (ticklen)
@@ -190,8 +424,29 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                        ret += ticklen;
                        }
                }
+                skip_ext:
-        if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
+#ifdef TLSEXT_TYPE_opaque_prf_input
+        if (s->s3->client_opaque_prf_input != NULL &&
+            s->version != DTLS1_VERSION)
+                {
+                size_t col = s->s3->client_opaque_prf_input_len;
+                
+                if ((long)(limit - ret - 6 - col < 0))
+                        return NULL;
+                if (col > 0xFFFD) /* can't happen */
+                        return NULL;
+                s2n(TLSEXT_TYPE_opaque_prf_input, ret); 
+                s2n(col + 2, ret);
+                s2n(col, ret);
+                memcpy(ret, s->s3->client_opaque_prf_input, col);
+                ret += col;
+                }
+#endif
+        if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
+            s->version != DTLS1_VERSION)
                {
                int i;
                long extlen, idlen, itmp;
@@ -251,21 +506,74 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
        int extdatalen=0;
        unsigned char *ret = p;
+        /* don't add extensions for SSLv3, unless doing secure renegotiation */
+        if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
+                return p;
+        
        ret+=2;
        if (ret>=limit) return NULL; /* this really never occurs, but ... */
        if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
                { 
-                if (limit - ret - 4 < 0) return NULL; 
+                if ((long)(limit - ret - 4) < 0) return NULL; 
                s2n(TLSEXT_TYPE_server_name,ret);
                s2n(0,ret);
                }
-        
+        if(s->s3->send_connection_binding)
+        {
+          int el;
+          
+          if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0))
+              {
+              SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+              return NULL;
+              }
+          if((limit - p - 4 - el) < 0) return NULL;
+          
+          s2n(TLSEXT_TYPE_renegotiate,ret);
+          s2n(el,ret);
+          if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el))
+              {
+              SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+              return NULL;
+              }
+          ret += el;
+        }
+#ifndef OPENSSL_NO_EC
+        if (s->tlsext_ecpointformatlist != NULL &&
+            s->version != DTLS1_VERSION)
+                {
+                /* Add TLS extension ECPointFormats to the ServerHello message */
+                long lenmax; 
+                if ((lenmax = limit - ret - 5) < 0) return NULL; 
+                if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
+                if (s->tlsext_ecpointformatlist_length > 255)
+                        {
+                        SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+                        return NULL;
+                        }
+                
+                s2n(TLSEXT_TYPE_ec_point_formats,ret);
+                s2n(s->tlsext_ecpointformatlist_length + 1,ret);
+                *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length;
+                memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
+                ret+=s->tlsext_ecpointformatlist_length;
+                }
+        /* Currently the server should not respond with a SupportedCurves extension */
+#endif /* OPENSSL_NO_EC */
        if (s->tlsext_ticket_expected
                && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) 
                { 
-                if (limit - ret - 4 < 0) return NULL; 
+                if ((long)(limit - ret - 4) < 0) return NULL; 
                s2n(TLSEXT_TYPE_session_ticket,ret);
                s2n(0,ret);
                }
@@ -277,6 +585,39 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
                s2n(0,ret);
                }
+#ifdef TLSEXT_TYPE_opaque_prf_input
+        if (s->s3->server_opaque_prf_input != NULL &&
+            s->version != DTLS1_VERSION)
+                {
+                size_t sol = s->s3->server_opaque_prf_input_len;
+                
+                if ((long)(limit - ret - 6 - sol) < 0)
+                        return NULL;
+                if (sol > 0xFFFD) /* can't happen */
+                        return NULL;
+                s2n(TLSEXT_TYPE_opaque_prf_input, ret); 
+                s2n(sol + 2, ret);
+                s2n(sol, ret);
+                memcpy(ret, s->s3->server_opaque_prf_input, sol);
+                ret += sol;
+                }
+#endif
+        if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) 
+                && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
+                { const unsigned char cryptopro_ext[36] = {
+                        0xfd, 0xe8, /*65000*/
+                        0x00, 0x20, /*32 bytes length*/
+                        0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, 
+                        0x03,   0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, 
+                        0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, 
+                        0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17};
+                        if (limit-ret<36) return NULL;
+                        memcpy(ret,cryptopro_ext,36);
+                        ret+=36;
+                }
        if ((extdatalen = ret-p-2)== 0) 
                return p;
@@ -290,15 +631,17 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
        unsigned short size;
        unsigned short len;
        unsigned char *data = *p;
+        int renegotiate_seen = 0;
        s->servername_done = 0;
        s->tlsext_status_type = -1;
        if (data >= (d+n-2))
-                return 1;
+                goto ri_check;
        n2s(data,len);
        if (data > (d+n-len)) 
-                return 1;
+                goto ri_check;
        while (data <= (d+n-4))
                {
@@ -306,8 +649,10 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                n2s(data,size);
                if (data+size > (d+n))
-                        return 1;
+                        goto ri_check;
+#if 0
+                fprintf(stderr,"Received extension type %d size %d\n",type,size);
+#endif
                if (s->tlsext_debug_cb)
                        s->tlsext_debug_cb(s, 0, type, data, size,
                                                s->tlsext_debug_arg);
@@ -407,8 +752,114 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                }
                        }
-                else if (type == TLSEXT_TYPE_status_request
-                                                && s->ctx->tlsext_status_cb)
+#ifndef OPENSSL_NO_EC
+                else if (type == TLSEXT_TYPE_ec_point_formats &&
+                     s->version != DTLS1_VERSION)
+                        {
+                        unsigned char *sdata = data;
+                        int ecpointformatlist_length = *(sdata++);
+                        if (ecpointformatlist_length != size - 1)
+                                {
+                                *al = TLS1_AD_DECODE_ERROR;
+                                return 0;
+                                }
+                        s->session->tlsext_ecpointformatlist_length = 0;
+                        if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
+                        if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
+                                {
+                                *al = TLS1_AD_INTERNAL_ERROR;
+                                return 0;
+                                }
+                        s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
+                        memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
+#if 0
+                        fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length);
+                        sdata = s->session->tlsext_ecpointformatlist;
+                        for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
+                                fprintf(stderr,"%i ",*(sdata++));
+                        fprintf(stderr,"\n");
+#endif
+                        }
+                else if (type == TLSEXT_TYPE_elliptic_curves &&
+                     s->version != DTLS1_VERSION)
+                        {
+                        unsigned char *sdata = data;
+                        int ellipticcurvelist_length = (*(sdata++) << 8);
+                        ellipticcurvelist_length += (*(sdata++));
+                        if (ellipticcurvelist_length != size - 2)
+                                {
+                                *al = TLS1_AD_DECODE_ERROR;
+                                return 0;
+                                }
+                        s->session->tlsext_ellipticcurvelist_length = 0;
+                        if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->session->tlsext_ellipticcurvelist);
+                        if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
+                                {
+                                *al = TLS1_AD_INTERNAL_ERROR;
+                                return 0;
+                                }
+                        s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
+                        memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
+#if 0
+                        fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length);
+                        sdata = s->session->tlsext_ellipticcurvelist;
+                        for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++)
+                                fprintf(stderr,"%i ",*(sdata++));
+                        fprintf(stderr,"\n");
+#endif
+                        }
+#endif /* OPENSSL_NO_EC */
+#ifdef TLSEXT_TYPE_opaque_prf_input
+                else if (type == TLSEXT_TYPE_opaque_prf_input &&
+                     s->version != DTLS1_VERSION)
+                        {
+                        unsigned char *sdata = data;
+                        if (size < 2)
+                                {
+                                *al = SSL_AD_DECODE_ERROR;
+                                return 0;
+                                }
+                        n2s(sdata, s->s3->client_opaque_prf_input_len);
+                        if (s->s3->client_opaque_prf_input_len != size - 2)
+                                {
+                                *al = SSL_AD_DECODE_ERROR;
+                                return 0;
+                                }
+                        if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
+                                OPENSSL_free(s->s3->client_opaque_prf_input);
+                        if (s->s3->client_opaque_prf_input_len == 0)
+                                s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+                        else
+                                s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
+                        if (s->s3->client_opaque_prf_input == NULL)
+                                {
+                                *al = TLS1_AD_INTERNAL_ERROR;
+                                return 0;
+                                }
+                        }
+#endif
+                else if (type == TLSEXT_TYPE_session_ticket)
+                        {
+                        if (s->tls_session_ticket_ext_cb &&
+                            !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
+                                {
+                                *al = TLS1_AD_INTERNAL_ERROR;
+                                return 0;
+                                }
+                        }
+                else if (type == TLSEXT_TYPE_renegotiate)
+                        {
+                        if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
+                                return 0;
+                        renegotiate_seen = 1;
+                        }
+                else if (type == TLSEXT_TYPE_status_request &&
+                         s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
                        {
                
                        if (size < 5) 
@@ -507,12 +958,26 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                else
                                        s->tlsext_status_type = -1;
                        }
                /* session ticket processed earlier */
+                data+=size;
+                }
+                                
+        *p = data;
-                data+=size;             
+        ri_check:
+        /* Need RI if renegotiating */
+        if (!renegotiate_seen && s->new_session &&
+                !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+                {
+                *al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
+                                SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+                return 0;
                }
-        *p = data;
        return 1;
        }
@@ -522,11 +987,11 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
        unsigned short size;
        unsigned short len;  
        unsigned char *data = *p;
        int tlsext_servername = 0;
+        int renegotiate_seen = 0;
        if (data >= (d+n-2))
-                return 1;
+                goto ri_check;
        n2s(data,len);
@@ -536,7 +1001,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                n2s(data,size);
                if (data+size > (d+n))
-                        return 1;
+                        goto ri_check;
                if (s->tlsext_debug_cb)
                        s->tlsext_debug_cb(s, 1, type, data, size,
@@ -551,8 +1016,46 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                }
                        tlsext_servername = 1;   
                        }
+#ifndef OPENSSL_NO_EC
+                else if (type == TLSEXT_TYPE_ec_point_formats &&
+                     s->version != DTLS1_VERSION)
+                        {
+                        unsigned char *sdata = data;
+                        int ecpointformatlist_length = *(sdata++);
+                        if (ecpointformatlist_length != size - 1)
+                                {
+                                *al = TLS1_AD_DECODE_ERROR;
+                                return 0;
+                                }
+                        s->session->tlsext_ecpointformatlist_length = 0;
+                        if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
+                        if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
+                                {
+                                *al = TLS1_AD_INTERNAL_ERROR;
+                                return 0;
+                                }
+                        s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
+                        memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
+#if 0
+                        fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist ");
+                        sdata = s->session->tlsext_ecpointformatlist;
+                        for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
+                                fprintf(stderr,"%i ",*(sdata++));
+                        fprintf(stderr,"\n");
+#endif
+                        }
+#endif /* OPENSSL_NO_EC */
                else if (type == TLSEXT_TYPE_session_ticket)
                        {
+                        if (s->tls_session_ticket_ext_cb &&
+                            !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
+                                {
+                                *al = TLS1_AD_INTERNAL_ERROR;
+                                return 0;
+                                }
                        if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
                                || (size > 0))
                                {
@@ -561,7 +1064,40 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                }
                        s->tlsext_ticket_expected = 1;
                        }
-                else if (type == TLSEXT_TYPE_status_request)
+#ifdef TLSEXT_TYPE_opaque_prf_input
+                else if (type == TLSEXT_TYPE_opaque_prf_input &&
+                     s->version != DTLS1_VERSION)
+                        {
+                        unsigned char *sdata = data;
+                        if (size < 2)
+                                {
+                                *al = SSL_AD_DECODE_ERROR;
+                                return 0;
+                                }
+                        n2s(sdata, s->s3->server_opaque_prf_input_len);
+                        if (s->s3->server_opaque_prf_input_len != size - 2)
+                                {
+                                *al = SSL_AD_DECODE_ERROR;
+                                return 0;
+                                }
+                        
+                        if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
+                                OPENSSL_free(s->s3->server_opaque_prf_input);
+                        if (s->s3->server_opaque_prf_input_len == 0)
+                                s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+                        else
+                                s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
+                        if (s->s3->server_opaque_prf_input == NULL)
+                                {
+                                *al = TLS1_AD_INTERNAL_ERROR;
+                                return 0;
+                                }
+                        }
+#endif
+                else if (type == TLSEXT_TYPE_status_request &&
+                         s->version != DTLS1_VERSION)
                        {
                        /* MUST be empty and only sent if we've requested
                         * a status request message.
@@ -574,7 +1110,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                        /* Set flag to expect CertificateStatus message */
                        s->tlsext_status_expected = 1;
                        }
+                else if (type == TLSEXT_TYPE_renegotiate)
+                        {
+                        if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
+                                return 0;
+                        renegotiate_seen = 1;
+                        }
                data+=size;             
                }
@@ -606,6 +1147,148 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                }
        *p = data;
+        ri_check:
+        /* Determine if we need to see RI. Strictly speaking if we want to
+         * avoid an attack we should *always* see RI even on initial server
+         * hello because the client doesn't see any renegotiation during an
+         * attack. However this would mean we could not connect to any server
+         * which doesn't support RI so for the immediate future tolerate RI
+         * absence on initial connect only.
+         */
+        if (!renegotiate_seen
+                && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
+                && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+                {
+                *al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
+                                SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+                return 0;
+                }
+        return 1;
+        }
+int ssl_prepare_clienthello_tlsext(SSL *s)
+        {
+#ifndef OPENSSL_NO_EC
+        /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats 
+         * and elliptic curves we support.
+         */
+        int using_ecc = 0;
+        int i;
+        unsigned char *j;
+        unsigned long alg_k, alg_a;
+        STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
+        for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++)
+                {
+                SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
+                alg_k = c->algorithm_mkey;
+                alg_a = c->algorithm_auth;
+                if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA)))
+                        {
+                        using_ecc = 1;
+                        break;
+                        }
+                }
+        using_ecc = using_ecc && (s->version == TLS1_VERSION);
+        if (using_ecc)
+                {
+                if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
+                if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
+                        return -1;
+                        }
+                s->tlsext_ecpointformatlist_length = 3;
+                s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
+                s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+                s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
+                /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
+                if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
+                s->tlsext_ellipticcurvelist_length = sizeof(nid_list)/sizeof(nid_list[0]) * 2;
+                if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
+                        {
+                        s->tlsext_ellipticcurvelist_length = 0;
+                        SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
+                        return -1;
+                        }
+                for (i = 1, j = s->tlsext_ellipticcurvelist; (unsigned int)i <=
+                                sizeof(nid_list)/sizeof(nid_list[0]); i++)
+                        s2n(i,j);
+                }
+#endif /* OPENSSL_NO_EC */
+#ifdef TLSEXT_TYPE_opaque_prf_input
+        {
+                int r = 1;
+        
+                if (s->ctx->tlsext_opaque_prf_input_callback != 0)
+                        {
+                        r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
+                        if (!r)
+                                return -1;
+                        }
+                if (s->tlsext_opaque_prf_input != NULL)
+                        {
+                        if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
+                                OPENSSL_free(s->s3->client_opaque_prf_input);
+                        if (s->tlsext_opaque_prf_input_len == 0)
+                                s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+                        else
+                                s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
+                        if (s->s3->client_opaque_prf_input == NULL)
+                                {
+                                SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
+                                return -1;
+                                }
+                        s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
+                        }
+                if (r == 2)
+                        /* at callback's request, insist on receiving an appropriate server opaque PRF input */
+                        s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
+        }
+#endif
+        return 1;
+        }
+int ssl_prepare_serverhello_tlsext(SSL *s)
+        {
+#ifndef OPENSSL_NO_EC
+        /* If we are server and using an ECC cipher suite, send the point formats we support 
+         * if the client sent us an ECPointsFormat extension.  Note that the server is not
+         * supposed to send an EllipticCurves extension.
+         */
+        unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+        unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+        int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
+        using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
+        
+        if (using_ecc)
+                {
+                if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
+                if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
+                        {
+                        SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
+                        return -1;
+                        }
+                s->tlsext_ecpointformatlist_length = 3;
+                s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
+                s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+                s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
+                }
+#endif /* OPENSSL_NO_EC */
        return 1;
        }
@@ -614,6 +1297,15 @@ int ssl_check_clienthello_tlsext(SSL *s)
        int ret=SSL_TLSEXT_ERR_NOACK;
        int al = SSL_AD_UNRECOGNIZED_NAME;
+#ifndef OPENSSL_NO_EC
+        /* The handling of the ECPointFormats extension is done elsewhere, namely in 
+         * ssl3_choose_cipher in s3_lib.c.
+         */
+        /* The handling of the EllipticCurves extension is done elsewhere, namely in 
+         * ssl3_choose_cipher in s3_lib.c.
+         */
+#endif
        if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 
                ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
        else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)             
@@ -623,7 +1315,7 @@ int ssl_check_clienthello_tlsext(SSL *s)
         * Note: this must be called after servername callbacks in case 
         * the certificate has changed.
         */
-        if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb)
+        if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
                {
                int r;
                r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
@@ -649,7 +1341,65 @@ int ssl_check_clienthello_tlsext(SSL *s)
                }
        else
                s->tlsext_status_expected = 0;
-        err:
+#ifdef TLSEXT_TYPE_opaque_prf_input
+        {
+                /* This sort of belongs into ssl_prepare_serverhello_tlsext(),
+                 * but we might be sending an alert in response to the client hello,
+                 * so this has to happen here in ssl_check_clienthello_tlsext(). */
+                int r = 1;
+        
+                if (s->ctx->tlsext_opaque_prf_input_callback != 0)
+                        {
+                        r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
+                        if (!r)
+                                {
+                                ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                                al = SSL_AD_INTERNAL_ERROR;
+                                goto err;
+                                }
+                        }
+                if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
+                        OPENSSL_free(s->s3->server_opaque_prf_input);
+                s->s3->server_opaque_prf_input = NULL;
+                if (s->tlsext_opaque_prf_input != NULL)
+                        {
+                        if (s->s3->client_opaque_prf_input != NULL &&
+                                s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len)
+                                {
+                                /* can only use this extension if we have a server opaque PRF input
+                                 * of the same length as the client opaque PRF input! */
+                                if (s->tlsext_opaque_prf_input_len == 0)
+                                        s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+                                else
+                                        s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
+                                if (s->s3->server_opaque_prf_input == NULL)
+                                        {
+                                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                                        al = SSL_AD_INTERNAL_ERROR;
+                                        goto err;
+                                        }
+                                s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
+                                }
+                        }
+                if (r == 2 && s->s3->server_opaque_prf_input == NULL)
+                        {
+                        /* The callback wants to enforce use of the extension,
+                         * but we can't do that with the client opaque PRF input;
+                         * abort the handshake.
+                         */
+                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                        al = SSL_AD_HANDSHAKE_FAILURE;
+                        }
+        }
+#endif
+ err:
        switch (ret)
                {
                case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -672,16 +1422,75 @@ int ssl_check_serverhello_tlsext(SSL *s)
        int ret=SSL_TLSEXT_ERR_NOACK;
        int al = SSL_AD_UNRECOGNIZED_NAME;
+#ifndef OPENSSL_NO_EC
+        /* If we are client and using an elliptic curve cryptography cipher suite, then server
+         * must return a an EC point formats lists containing uncompressed.
+         */
+        unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+        unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+        if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && 
+            ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
+                {
+                /* we are using an ECC cipher */
+                size_t i;
+                unsigned char *list;
+                int found_uncompressed = 0;
+                if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length == 0))
+                        {
+                        SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
+                        return -1;
+                        }
+                list = s->session->tlsext_ecpointformatlist;
+                for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
+                        {
+                        if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed)
+                                {
+                                found_uncompressed = 1;
+                                break;
+                                }
+                        }
+                if (!found_uncompressed)
+                        {
+                        SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
+                        return -1;
+                        }
+                }
+        ret = SSL_TLSEXT_ERR_OK;
+#endif /* OPENSSL_NO_EC */
        if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 
                ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
        else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)             
                ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
+#ifdef TLSEXT_TYPE_opaque_prf_input
+        if (s->s3->server_opaque_prf_input_len > 0)
+                {
+                /* This case may indicate that we, as a client, want to insist on using opaque PRF inputs.
+                 * So first verify that we really have a value from the server too. */
+                if (s->s3->server_opaque_prf_input == NULL)
+                        {
+                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                        al = SSL_AD_HANDSHAKE_FAILURE;
+                        }
+                
+                /* Anytime the server *has* sent an opaque PRF input, we need to check
+                 * that we have a client opaque PRF input of the same size. */
+                if (s->s3->client_opaque_prf_input == NULL ||
+                    s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len)
+                        {
+                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                        al = SSL_AD_ILLEGAL_PARAMETER;
+                        }
+                }
+#endif
        /* If we've requested certificate status and we wont get one
         * tell the callback
         */
        if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
-                        && s->ctx->tlsext_status_cb)
+                        && s->ctx && s->ctx->tlsext_status_cb)
                {
                int r;
                /* Set resp to NULL, resplen to -1 so callback knows
@@ -745,6 +1554,14 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                return 1;
        if (p >= limit)
                return -1;
+        /* Skip past DTLS cookie */
+        if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
+                {
+                i = *(p++);
+                p+= i;
+                if (p >= limit)
+                        return -1;
+                }
        /* Skip past cipher list */
        n2s(p, i);
        p+= i;
@@ -768,6 +1585,11 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                        return 1;
                if (type == TLSEXT_TYPE_session_ticket)
                        {
+                        /* If tickets disabled indicate cache miss which will
+                         * trigger a full handshake
+                         */
+                        if (SSL_get_options(s) & SSL_OP_NO_TICKET)
+                                return 1;
                        /* If zero length note client will accept a ticket
                         * and indicate cache miss to trigger full handshake
                         */
@@ -776,6 +1598,15 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                                s->tlsext_ticket_expected = 1;
                                return 0;       /* Cache miss */
                                }
+                        if (s->tls_session_secret_cb)
+                                {
+                                /* Indicate cache miss here and instead of
+                                 * generating the session from ticket now,
+                                 * trigger abbreviated handshake based on
+                                 * external mechanism to calculate the master
+                                 * secret later. */
+                                return 0;
+                                }
                        return tls_decrypt_ticket(s, p, size, session_id, len,
                                                                        ret);
                        }
@@ -795,16 +1626,17 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
        unsigned char tick_hmac[EVP_MAX_MD_SIZE];
        HMAC_CTX hctx;
        EVP_CIPHER_CTX ctx;
+        SSL_CTX *tctx = s->initial_ctx;
        /* Need at least keyname + iv + some encrypted data */
        if (eticklen < 48)
                goto tickerr;
        /* Initialize session ticket encryption and HMAC contexts */
        HMAC_CTX_init(&hctx);
        EVP_CIPHER_CTX_init(&ctx);
-        if (s->ctx->tlsext_ticket_key_cb)
+        if (tctx->tlsext_ticket_key_cb)
                {
                unsigned char *nctick = (unsigned char *)etick;
-                int rv = s->ctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
+                int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
                                                        &ctx, &hctx, 0);
                if (rv < 0)
                        return -1;
@@ -816,17 +1648,22 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
        else
                {
                /* Check key name matches */
-                if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16))
+                if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
                        goto tickerr;
-                HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
+                HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
                                        tlsext_tick_md(), NULL);
                EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-                                s->ctx->tlsext_tick_aes_key, etick + 16);
+                                tctx->tlsext_tick_aes_key, etick + 16);
                }
        /* Attempt to process session ticket, first conduct sanity and
         * integrity checks on ticket.
         */
        mlen = HMAC_size(&hctx);
+        if (mlen < 0)
+                {
+                EVP_CIPHER_CTX_cleanup(&ctx);
+                return -1;
+                }
        eticklen -= mlen;
        /* Check HMAC of encrypted ticket */
        HMAC_Update(&hctx, etick, eticklen);
diff --git a/src/lib/libssl/src/ssl/t1_meth.c b/src/lib/libssl/src/ssl/t1_meth.c
index f5d8df634e..6ce7c0bbf5 100644
--- a/src/lib/libssl/src/ssl/t1_meth.c
+++ b/src/lib/libssl/src/ssl/t1_meth.c
@@ -60,8 +60,8 @@
 #include <openssl/objects.h>
 #include "ssl_locl.h"
-static SSL_METHOD *tls1_get_method(int ver);
+static const SSL_METHOD *tls1_get_method(int ver);
-static SSL_METHOD *tls1_get_method(int ver)
+static const SSL_METHOD *tls1_get_method(int ver)
        {
        if (ver == TLS1_VERSION)
                return(TLSv1_method());
diff --git a/src/lib/libssl/src/ssl/t1_srvr.c b/src/lib/libssl/src/ssl/t1_srvr.c
index b75636abba..42525e9e89 100644
--- a/src/lib/libssl/src/ssl/t1_srvr.c
+++ b/src/lib/libssl/src/ssl/t1_srvr.c
@@ -64,8 +64,8 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-static SSL_METHOD *tls1_get_server_method(int ver);
+static const SSL_METHOD *tls1_get_server_method(int ver);
-static SSL_METHOD *tls1_get_server_method(int ver)
+static const SSL_METHOD *tls1_get_server_method(int ver)
        {
        if (ver == TLS1_VERSION)
                return(TLSv1_server_method());
diff --git a/src/lib/libssl/src/ssl/tls1.h b/src/lib/libssl/src/ssl/tls1.h
index 2d1d293e1a..b3cc8f098b 100644
--- a/src/lib/libssl/src/ssl/tls1.h
+++ b/src/lib/libssl/src/ssl/tls1.h
@@ -56,6 +56,59 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * Portions of the attached software ("Contribution") are developed by 
@@ -68,6 +121,32 @@
 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
 *
 */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
 #ifndef HEADER_TLS1_H 
 #define HEADER_TLS1_H 
@@ -104,22 +183,39 @@ extern "C" {
 #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
 #define TLS1_AD_UNKNOWN_PSK_IDENTITY    115     /* fatal */
-/* ExtensionType values from RFC 3546 */
+/* ExtensionType values from RFC3546 / RFC4366 */
 #define TLSEXT_TYPE_server_name                 0
 #define TLSEXT_TYPE_max_fragment_length         1
 #define TLSEXT_TYPE_client_certificate_url      2
 #define TLSEXT_TYPE_trusted_ca_keys             3
 #define TLSEXT_TYPE_truncated_hmac              4
 #define TLSEXT_TYPE_status_request              5
+/* ExtensionType values from RFC4492 */
 #define TLSEXT_TYPE_elliptic_curves             10
 #define TLSEXT_TYPE_ec_point_formats            11
 #define TLSEXT_TYPE_session_ticket              35
+/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
+#if 0 /* will have to be provided externally for now ,
+       * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
+       * using whatever extension number you'd like to try */
+# define TLSEXT_TYPE_opaque_prf_input           ?? */
+#endif
+/* Temporary extension type */
+#define TLSEXT_TYPE_renegotiate                 0xff01
 /* NameType value from RFC 3546 */
 #define TLSEXT_NAMETYPE_host_name 0
 /* status request value from RFC 3546 */
 #define TLSEXT_STATUSTYPE_ocsp 1
+/* ECPointFormat values from draft-ietf-tls-ecc-12 */
+#define TLSEXT_ECPOINTFORMAT_first                      0
+#define TLSEXT_ECPOINTFORMAT_uncompressed               0
+#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime  1
+#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2  2
+#define TLSEXT_ECPOINTFORMAT_last                       2
 #ifndef OPENSSL_NO_TLSEXT
 #define TLSEXT_MAXLEN_host_name 255
@@ -169,9 +265,9 @@ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
 #define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys))
+        SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
 #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys))
+        SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
 #define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
 SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
@@ -179,17 +275,31 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
 #define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
 SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
+#define SSL_set_tlsext_opaque_prf_input(s, src, len) \
+SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
+#define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
+SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
+#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
+SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
 #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
 SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #endif
-/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
+/* PSK ciphersuites from 4279 */
+#define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
+#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B
+#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA                0x0300008C
+#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA                0x0300008D
+/* Additional TLS ciphersuites from expired Internet Draft
+ * draft-ietf-tls-56-bit-ciphersuites-01.txt
 * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
 * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
- * shouldn't. */
+ * shouldn't.  Note that the first two are actually not in the IDs. */
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5          0x03000060
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5          0x03000060 /* not in ID */
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5      0x03000061
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5      0x03000061 /* not in ID */
 #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA         0x03000062
 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA     0x03000063
 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA          0x03000064
@@ -327,6 +437,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"
 #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"
+/* PSK ciphersuites from RFC 4279 */
+#define TLS1_TXT_PSK_WITH_RC4_128_SHA                   "PSK-RC4-SHA"
+#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA              "PSK-3DES-EDE-CBC-SHA"
+#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA               "PSK-AES128-CBC-SHA"
+#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA               "PSK-AES256-CBC-SHA"
 /* Camellia ciphersuites from RFC4132 */
 #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA          "CAMELLIA128-SHA"
 #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       "DH-DSS-CAMELLIA128-SHA"
@@ -350,6 +466,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
 #define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
 #define TLS_CT_RSA_SIGN                 1
 #define TLS_CT_DSS_SIGN                 2
 #define TLS_CT_RSA_FIXED_DH             3
@@ -357,7 +474,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS_CT_ECDSA_SIGN               64
 #define TLS_CT_RSA_FIXED_ECDH           65
 #define TLS_CT_ECDSA_FIXED_ECDH         66
-#define TLS_CT_NUMBER                   7
+#define TLS_CT_GOST94_SIGN              21
+#define TLS_CT_GOST01_SIGN              22
+/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
+ * comment there) */
+#define TLS_CT_NUMBER                   9
 #define TLS1_FINISH_MAC_LENGTH          12
@@ -398,10 +519,14 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"  /*master secret*/
 #endif
+/* TLS Session Ticket extension struct */
+struct tls_session_ticket_ext_st
+        {
+        unsigned short length;
+        void *data;
+        };
 #ifdef  __cplusplus
 }
 #endif
 #endif
diff --git a/src/lib/libssl/src/test/CAss.cnf b/src/lib/libssl/src/test/CAss.cnf
index 546e660626..20f8f05e3d 100644
--- a/src/lib/libssl/src/test/CAss.cnf
+++ b/src/lib/libssl/src/test/CAss.cnf
@@ -7,7 +7,7 @@ RANDFILE		= ./.rnd
 ####################################################################
 [ req ]
-default_bits            = 1024
+default_bits            = 512
 default_keyfile         = keySS.pem
 distinguished_name      = req_distinguished_name
 encrypt_rsa_key         = no
diff --git a/src/lib/libssl/src/test/Makefile b/src/lib/libssl/src/test/Makefile
index 228ee368cd..3912f82427 100644
--- a/src/lib/libssl/src/test/Makefile
+++ b/src/lib/libssl/src/test/Makefile
@@ -5,7 +5,7 @@
 DIR=            test
 TOP=            ..
 CC=             cc
-INCLUDES=       -I$(TOP) -I../include $(KRB5_INCLUDES) -I$(TOP)/fips
+INCLUDES=       -I$(TOP) -I../include $(KRB5_INCLUDES)
 CFLAG=          -g
 MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 PERL=           perl
@@ -27,7 +27,6 @@ DLIBCRYPTO= ../libcrypto.a
 DLIBSSL= ../libssl.a
 LIBCRYPTO= -L.. -lcrypto
 LIBSSL= -L.. -lssl
-LIBFIPS= -L.. -lfips
 BNTEST=         bntest
 ECTEST=         ectest
@@ -45,6 +44,7 @@ MD2TEST=	md2test
 MD4TEST=        md4test
 MD5TEST=        md5test
 HMACTEST=       hmactest
+WPTEST=         wp_test
 RC2TEST=        rc2test
 RC4TEST=        rc4test
 RC5TEST=        rc5test
@@ -60,66 +60,40 @@ RSATEST=	rsa_test
 ENGINETEST=     enginetest
 EVPTEST=        evp_test
 IGETEST=        igetest
-FIPS_SHATEST=   fips_shatest
+JPAKETEST=      jpaketest
-FIPS_DESTEST=   fips_desmovs
+ASN1TEST=       asn1test
-FIPS_RANDTEST=  fips_randtest
-FIPS_AESTEST=   fips_aesavs
-FIPS_HMACTEST=  fips_hmactest
-FIPS_RSAVTEST=  fips_rsavtest
-FIPS_RSASTEST=  fips_rsastest
-FIPS_RSAGTEST=  fips_rsagtest
-FIPS_DSATEST=   fips_dsatest
-FIPS_DSSVS=     fips_dssvs
-FIPS_RNGVS=     fips_rngvs
-FIPS_TEST_SUITE=fips_test_suite
 TESTS=          alltests
 EXE=    $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT)  $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \
-        $(MD2TEST)$(EXE_EXT)  $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) \
+        $(MD2TEST)$(EXE_EXT)  $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) $(WPTEST)$(EXE_EXT) \
        $(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \
        $(DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \
        $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
        $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
        $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
-        $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) \
+        $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) \
-        $(FIPS_SHATEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) \
+        $(ASN1TEST)$(EXE_EXT)
-        $(FIPS_RANDTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) \
-        $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \
-        $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \
-        $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) \
-        $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) jpaketest$(EXE_EXT)
 # $(METHTEST)$(EXE_EXT)
 OBJ=    $(BNTEST).o $(ECTEST).o  $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
        $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
-        $(HMACTEST).o \
+        $(HMACTEST).o $(WPTEST).o \
        $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
        $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(SHA256TEST).o $(SHA512TEST).o \
        $(MDC2TEST).o $(RMDTEST).o \
        $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
        $(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o \
-        $(EVPTEST).o $(IGETEST).o \
+        $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o
-        $(FIPS_SHATEST).o $(FIPS_DESTEST).o $(FIPS_RANDTEST).o \
-        $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \
-        $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o \
-        $(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_TEST_SUITE).o \
-        jpaketest.o
 SRC=    $(BNTEST).c $(ECTEST).c  $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
        $(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \
-        $(HMACTEST).c \
+        $(HMACTEST).c $(WPTEST).c \
        $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
        $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
        $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
        $(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c \
-        $(EVPTEST).c $(IGETEST).c \
+        $(EVPTEST).c $(IGETEST).c $(JPAKETEST).c $(ASN1TEST).c
-        $(FIPS_SHATEST).c $(FIPS_DESTEST).c $(FIPS_RANDTEST).c \
-        $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \
-        $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c \
-        $(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_TEST_SUITE).c \
-        jpaketest.c
 EXHEADER= 
 HEADER= $(EXHEADER)
@@ -156,12 +130,13 @@ apps:
 alltests: \
        test_des test_idea test_sha test_md4 test_md5 test_hmac \
-        test_md2 test_mdc2 \
+        test_md2 test_mdc2 test_wp \
        test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
        test_rand test_bn test_ec test_ecdsa test_ecdh \
        test_enc test_x509 test_rsa test_crl test_sid \
        test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
-        test_ss test_ca test_engine test_evp test_ssl test_ige test_jpake
+        test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \
+        test_jpake test_cms
 test_evp:
        ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
@@ -177,9 +152,6 @@ test_sha:
        ../util/shlib_wrap.sh ./$(SHA1TEST)
        ../util/shlib_wrap.sh ./$(SHA256TEST)
        ../util/shlib_wrap.sh ./$(SHA512TEST)
-        if [ -n "$(FIPSCANLIB)" ]; then \
-          ../util/shlib_wrap.sh ./$(FIPS_SHATEST) < SHAmix.r | diff -w SHAmix.x - ; \
-        fi
 test_mdc2:
        ../util/shlib_wrap.sh ./$(MDC2TEST)
@@ -193,6 +165,9 @@ test_md4:
 test_hmac:
        ../util/shlib_wrap.sh ./$(HMACTEST)
+test_wp:
+        ../util/shlib_wrap.sh ./$(WPTEST)
 test_md2:
        ../util/shlib_wrap.sh ./$(MD2TEST)
@@ -216,12 +191,9 @@ test_rc5:
 test_rand:
        ../util/shlib_wrap.sh ./$(RANDTEST)
-        if [ -n "$(FIPSCANLIB)" ]; then \
-          ../util/shlib_wrap.sh ./$(FIPS_RANDTEST); \
-        fi
 test_enc:
-        sh ./testenc
+        @sh ./testenc
 test_x509:
        echo test normal x509v1 certificate
@@ -283,9 +255,6 @@ test_dsa:
        @echo "Generate a set of DSA parameters"
        ../util/shlib_wrap.sh ./$(DSATEST)
        ../util/shlib_wrap.sh ./$(DSATEST) -app2_1
-        if [ -n "$(FIPSCANLIB)" ]; then \
-          ../util/shlib_wrap.sh ./$(FIPS_DSATEST); \
-        fi
 test_gen:
        @echo "Generate and verify a certificate request"
@@ -305,9 +274,6 @@ test_engine:
 test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
                intP1.ss intP2.ss
        @echo "test SSL protocol"
-        @if [ -n "$(FIPSCANLIB)" ]; then \
-          sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
-        fi
        ../util/shlib_wrap.sh ./$(SSLTEST) -test_cipherlist
        @sh ./testssl keyU.ss certU.ss certCA.ss
        @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
@@ -325,13 +291,24 @@ test_aes: #$(AESTEST)
 #       @echo "test Rijndael"
 #       ../util/shlib_wrap.sh ./$(AESTEST)
+test_tsa:
+        @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
+          echo "skipping testtsa test -- requires RSA"; \
+        else \
+          sh ./testtsa; \
+        fi
 test_ige: $(IGETEST)$(EXE_EXT)
        @echo "Test IGE mode"
        ../util/shlib_wrap.sh ./$(IGETEST)
-test_jpake: jpaketest$(EXE_EXT)
+test_jpake: $(JPAKETEST)$(EXE_EXT)
        @echo "Test JPAKE"
-        ../util/shlib_wrap.sh ./jpaketest
+        ../util/shlib_wrap.sh ./$(JPAKETEST)
+test_cms:
+        @echo "CMS consistency test"
+        $(PERL) cms-test.pl
 lint:
        lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -346,9 +323,11 @@ depend:
 dclean:
        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
        mv -f Makefile.new $(MAKEFILE)
+        rm -f $(SRC) $(SHA256TEST).c $(SHA512TEST).c evptests.txt newkey.pem testkey.pem \
+                        testreq.pem
 clean:
-        rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log dummytest
+        rm -f .rnd tmp.bntest tmp.bctest *.o *.obj *.dll lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log dummytest
 $(DLIBSSL):
        (cd ..; $(MAKE) DIRS=ssl all)
@@ -360,7 +339,6 @@ BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
                shlib_target="$(SHLIB_TARGET)"; \
        fi; \
        LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
-        [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
        $(MAKE) -f $(TOP)/Makefile.shared -e \
                APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
                LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
@@ -396,71 +374,6 @@ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
 $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
        @target=$(SHA512TEST); $(BUILD_CMD)
-FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
-                shlib_target="$(SHLIB_TARGET)"; \
-        fi; \
-        if [ "$(FIPSCANLIB)" = "libfips" ]; then \
-                LIBRARIES="-L$(TOP) -lfips"; \
-        elif [ -n "$(FIPSCANLIB)" ]; then \
-                FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
-                LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \
-        else \
-                LIBRARIES="$(LIBCRYPTO)"; \
-        fi; \
-        $(MAKE) -f $(TOP)/Makefile.shared -e \
-                CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
-                LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
-                link_app.$${shlib_target}
-FIPS_CRYPTO_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
-                shlib_target="$(SHLIB_TARGET)"; \
-        fi; \
-        LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
-        if [ -z "$(SHARED_LIBS)" -a -n "$(FIPSCANLIB)" ] ; then \
-                FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
-        fi; \
-        [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
-        $(MAKE) -f $(TOP)/Makefile.shared -e \
-                CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
-                LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
-                link_app.$${shlib_target}
-$(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_SHATEST); $(FIPS_BUILD_CMD)
-$(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD)
-$(FIPS_DESTEST)$(EXE_EXT): $(FIPS_DESTEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_DESTEST); $(FIPS_BUILD_CMD)
-$(FIPS_HMACTEST)$(EXE_EXT): $(FIPS_HMACTEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_HMACTEST); $(FIPS_BUILD_CMD)
-$(FIPS_RANDTEST)$(EXE_EXT): $(FIPS_RANDTEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_RANDTEST); $(FIPS_BUILD_CMD)
-$(FIPS_RSAVTEST)$(EXE_EXT): $(FIPS_RSAVTEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_RSAVTEST); $(FIPS_BUILD_CMD)
-$(FIPS_RSASTEST)$(EXE_EXT): $(FIPS_RSASTEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_RSASTEST); $(FIPS_BUILD_CMD)
-$(FIPS_RSAGTEST)$(EXE_EXT): $(FIPS_RSAGTEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_RSAGTEST); $(FIPS_BUILD_CMD)
-$(FIPS_DSATEST)$(EXE_EXT): $(FIPS_DSATEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_DSATEST); $(FIPS_BUILD_CMD)
-$(FIPS_DSSVS)$(EXE_EXT): $(FIPS_DSSVS).o $(DLIBCRYPTO)
-        @target=$(FIPS_DSSVS); $(FIPS_BUILD_CMD)
-$(FIPS_RNGVS)$(EXE_EXT): $(FIPS_RNGVS).o $(DLIBCRYPTO)
-        @target=$(FIPS_RNGVS); $(FIPS_BUILD_CMD)
-$(FIPS_TEST_SUITE)$(EXE_EXT): $(FIPS_TEST_SUITE).o $(DLIBCRYPTO)
-        @target=$(FIPS_TEST_SUITE); $(FIPS_BUILD_CMD)
 $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
        @target=$(RMDTEST); $(BUILD_CMD)
@@ -476,6 +389,9 @@ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
 $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
        @target=$(HMACTEST); $(BUILD_CMD)
+$(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+        @target=$(WPTEST); $(BUILD_CMD)
 $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
        @target=$(RC2TEST); $(BUILD_CMD)
@@ -507,7 +423,7 @@ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
        @target=$(METHTEST); $(BUILD_CMD)
 $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
-        @target=$(SSLTEST); $(FIPS_CRYPTO_BUILD_CMD)
+        @target=$(SSLTEST); $(BUILD_CMD)
 $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
        @target=$(ENGINETEST); $(BUILD_CMD)
@@ -524,8 +440,11 @@ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
 $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
        @target=$(IGETEST); $(BUILD_CMD)
-jpaketest$(EXE_EXT): jpaketest.o $(DLIBCRYPTO)
+$(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
-        @target=jpaketest; $(BUILD_CMD)
+        @target=$(JPAKETEST); $(BUILD_CMD)
+$(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+        @target=$(ASN1TEST); $(BUILD_CMD)
 #$(AESTEST).o: $(AESTEST).c
 #       $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
@@ -538,10 +457,22 @@ jpaketest$(EXE_EXT): jpaketest.o $(DLIBCRYPTO)
 #       fi
 dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
-        @target=dummytest$; $(BUILD_CMD)
+        @target=dummytest; $(BUILD_CMD)
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+asn1test.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
+asn1test.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+asn1test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+asn1test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+asn1test.o: ../include/openssl/ecdsa.h ../include/openssl/evp.h
+asn1test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+asn1test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+asn1test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+asn1test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+asn1test.o: ../include/openssl/sha.h ../include/openssl/stack.h
+asn1test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+asn1test.o: ../include/openssl/x509_vfy.h asn1test.c
 bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h
 bftest.o: ../include/openssl/opensslconf.h bftest.c
 bntest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
@@ -550,15 +481,14 @@ bntest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 bntest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 bntest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-bntest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+bntest.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-bntest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-bntest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-bntest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+bntest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+bntest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+bntest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c
-bntest.o: ../include/openssl/x509_vfy.h bntest.c
 casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
 casttest.o: ../include/openssl/opensslconf.h casttest.c
 destest.o: ../include/openssl/des.h ../include/openssl/des_old.h
@@ -597,54 +527,53 @@ ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h
-ecdsatest.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ecdsatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ecdsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ecdsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ecdsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+ecdsatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ecdsatest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ecdsatest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+ecdsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ecdsatest.o: ../include/openssl/x509_vfy.h ecdsatest.c
+ecdsatest.o: ecdsatest.c
 ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ectest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 ectest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 ectest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ectest.o: ../include/openssl/err.h ../include/openssl/evp.h
-ectest.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ectest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ectest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ectest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+ectest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ectest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+ectest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ectest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ectest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+ectest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ectest.c
-ectest.o: ../include/openssl/x509_vfy.h ectest.c
 enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 enginetest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
 enginetest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 enginetest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h
-enginetest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+enginetest.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-enginetest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+enginetest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-enginetest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+enginetest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-enginetest.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+enginetest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-enginetest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-enginetest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+enginetest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-enginetest.o: ../include/openssl/x509_vfy.h enginetest.c
+enginetest.o: enginetest.c
 evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 evp_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 evp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 evp_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h
-evp_test.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-evp_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-evp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-evp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+evp_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-evp_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h
-evp_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+evp_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-evp_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h evp_test.c
+evp_test.o: ../include/openssl/x509_vfy.h evp_test.c
 exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
 exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
@@ -652,186 +581,14 @@ exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
 exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 exptest.o: ../include/openssl/symhacks.h exptest.c
-fips_aesavs.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/aes.h
-fips_aesavs.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-fips_aesavs.o: ../include/openssl/bn.h ../include/openssl/crypto.h
-fips_aesavs.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_aesavs.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_aesavs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-fips_aesavs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-fips_aesavs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-fips_aesavs.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-fips_aesavs.o: ../include/openssl/symhacks.h fips_aesavs.c
-fips_desmovs.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_desmovs.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_desmovs.o: ../include/openssl/crypto.h ../include/openssl/des.h
-fips_desmovs.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
-fips_desmovs.o: ../include/openssl/err.h ../include/openssl/evp.h
-fips_desmovs.o: ../include/openssl/fips.h ../include/openssl/lhash.h
-fips_desmovs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips_desmovs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_desmovs.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-fips_desmovs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_desmovs.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-fips_desmovs.o: fips_desmovs.c
-fips_dsatest.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_dsatest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
-fips_dsatest.o: ../include/openssl/des.h ../include/openssl/des_old.h
-fips_dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-fips_dsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-fips_dsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-fips_dsatest.o: ../include/openssl/err.h ../include/openssl/evp.h
-fips_dsatest.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
-fips_dsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-fips_dsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-fips_dsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-fips_dsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-fips_dsatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-fips_dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_dsatest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-fips_dsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-fips_dsatest.o: fips_dsatest.c
-fips_dssvs.o: ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_dssvs.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_dssvs.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-fips_dssvs.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_dssvs.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_dssvs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-fips_dssvs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-fips_dssvs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-fips_dssvs.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-fips_dssvs.o: ../include/openssl/symhacks.h fips_dssvs.c
-fips_hmactest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_hmactest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_hmactest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-fips_hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-fips_hmactest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-fips_hmactest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-fips_hmactest.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_hmactest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-fips_hmactest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips_hmactest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_hmactest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-fips_hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-fips_hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_hmactest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-fips_hmactest.o: ../include/openssl/x509v3.h fips_hmactest.c
-fips_randtest.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/bio.h
-fips_randtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
-fips_randtest.o: ../include/openssl/des.h ../include/openssl/des_old.h
-fips_randtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_randtest.o: ../include/openssl/fips_rand.h ../include/openssl/lhash.h
-fips_randtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_randtest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
-fips_randtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-fips_randtest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
-fips_randtest.o: ../include/openssl/ui_compat.h fips_randtest.c
-fips_rngvs.o: ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_rngvs.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_rngvs.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-fips_rngvs.o: ../include/openssl/crypto.h ../include/openssl/des.h
-fips_rngvs.o: ../include/openssl/des_old.h ../include/openssl/dsa.h
-fips_rngvs.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-fips_rngvs.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-fips_rngvs.o: ../include/openssl/err.h ../include/openssl/evp.h
-fips_rngvs.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
-fips_rngvs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-fips_rngvs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-fips_rngvs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-fips_rngvs.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-fips_rngvs.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-fips_rngvs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_rngvs.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-fips_rngvs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-fips_rngvs.o: ../include/openssl/x509v3.h fips_rngvs.c
-fips_rsagtest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_rsagtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_rsagtest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-fips_rsagtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-fips_rsagtest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-fips_rsagtest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-fips_rsagtest.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_rsagtest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-fips_rsagtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips_rsagtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_rsagtest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-fips_rsagtest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-fips_rsagtest.o: ../include/openssl/sha.h ../include/openssl/stack.h
-fips_rsagtest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-fips_rsagtest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-fips_rsagtest.o: fips_rsagtest.c
-fips_rsastest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_rsastest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_rsastest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-fips_rsastest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-fips_rsastest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-fips_rsastest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-fips_rsastest.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_rsastest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-fips_rsastest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips_rsastest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_rsastest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-fips_rsastest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-fips_rsastest.o: ../include/openssl/sha.h ../include/openssl/stack.h
-fips_rsastest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-fips_rsastest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-fips_rsastest.o: fips_rsastest.c
-fips_rsavtest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_rsavtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_rsavtest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-fips_rsavtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-fips_rsavtest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-fips_rsavtest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-fips_rsavtest.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_rsavtest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-fips_rsavtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips_rsavtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_rsavtest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-fips_rsavtest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-fips_rsavtest.o: ../include/openssl/sha.h ../include/openssl/stack.h
-fips_rsavtest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-fips_rsavtest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-fips_rsavtest.o: fips_rsavtest.c
-fips_shatest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_shatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_shatest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-fips_shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-fips_shatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-fips_shatest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-fips_shatest.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_shatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-fips_shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-fips_shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-fips_shatest.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-fips_shatest.o: ../include/openssl/sha.h ../include/openssl/stack.h
-fips_shatest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-fips_shatest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-fips_shatest.o: fips_shatest.c
-fips_test_suite.o: ../fips/fips_utl.h ../include/openssl/aes.h
-fips_test_suite.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-fips_test_suite.o: ../include/openssl/bn.h ../include/openssl/crypto.h
-fips_test_suite.o: ../include/openssl/des.h ../include/openssl/des_old.h
-fips_test_suite.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-fips_test_suite.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_test_suite.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_test_suite.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-fips_test_suite.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips_test_suite.o: ../include/openssl/opensslconf.h
-fips_test_suite.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-fips_test_suite.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-fips_test_suite.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-fips_test_suite.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_test_suite.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-fips_test_suite.o: fips_test_suite.c
 hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-hmactest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-hmactest.o: ../include/openssl/hmac.h ../include/openssl/md5.h
+hmactest.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-hmactest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-hmactest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-hmactest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+hmactest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h hmactest.c
+hmactest.o: ../include/openssl/symhacks.h hmactest.c
 ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h
 ideatest.o: ../include/openssl/opensslconf.h ideatest.c
 igetest.o: ../include/openssl/aes.h ../include/openssl/e_os2.h
@@ -842,35 +599,34 @@ jpaketest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
 jpaketest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 jpaketest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 jpaketest.o: ../include/openssl/symhacks.h jpaketest.c
-md2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+md2test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
-md2test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+md2test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
-md2test.o: ../include/openssl/evp.h ../include/openssl/fips.h
-md2test.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h
-md2test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 md2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 md2test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 md2test.o: ../include/openssl/symhacks.h md2test.c
 md4test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 md4test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-md4test.o: ../include/openssl/evp.h ../include/openssl/fips.h
+md4test.o: ../include/openssl/evp.h ../include/openssl/md4.h
-md4test.o: ../include/openssl/md4.h ../include/openssl/obj_mac.h
+md4test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-md4test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+md4test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-md4test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+md4test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-md4test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+md4test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md4test.c
-md4test.o: ../include/openssl/symhacks.h md4test.c
 md5test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 md5test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-md5test.o: ../include/openssl/evp.h ../include/openssl/fips.h
+md5test.o: ../include/openssl/evp.h ../include/openssl/md5.h
-md5test.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-md5test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-md5test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-md5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md5test.c
-md5test.o: ../include/openssl/symhacks.h md5test.c
+mdc2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-mdc2test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
+mdc2test.o: ../include/openssl/crypto.h ../include/openssl/des.h
-mdc2test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+mdc2test.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
-mdc2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+mdc2test.o: ../include/openssl/evp.h ../include/openssl/mdc2.h
-mdc2test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mdc2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-mdc2test.o: ../include/openssl/symhacks.h mdc2test.c
+mdc2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mdc2test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+mdc2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+mdc2test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h mdc2test.c
 randtest.o: ../e_os.h ../include/openssl/e_os2.h
 randtest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
 randtest.o: ../include/openssl/rand.h randtest.c
@@ -886,12 +642,11 @@ rc5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 rc5test.o: ../include/openssl/symhacks.h rc5test.c
 rmdtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rmdtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-rmdtest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+rmdtest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h
-rmdtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rmdtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rmdtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rmdtest.o: ../include/openssl/ossl_typ.h ../include/openssl/ripemd.h
+rmdtest.o: ../include/openssl/ripemd.h ../include/openssl/safestack.h
-rmdtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+rmdtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h rmdtest.c
-rmdtest.o: ../include/openssl/symhacks.h rmdtest.c
 rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h
 rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
@@ -902,20 +657,18 @@ rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 rsa_test.o: ../include/openssl/symhacks.h rsa_test.c
 sha1test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 sha1test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-sha1test.o: ../include/openssl/evp.h ../include/openssl/fips.h
+sha1test.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h
-sha1test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+sha1test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sha1test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-sha1test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-sha1test.o: ../include/openssl/sha.h ../include/openssl/stack.h
+sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h sha1test.c
-sha1test.o: ../include/openssl/symhacks.h sha1test.c
 shatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-shatest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+shatest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h
-shatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-shatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-shatest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-shatest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h shatest.c
-shatest.o: ../include/openssl/symhacks.h shatest.c
 ssltest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ssltest.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -924,13 +677,12 @@ ssltest.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
 ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h
-ssltest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ssltest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssltest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h
@@ -939,3 +691,8 @@ ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 ssltest.o: ../include/openssl/x509v3.h ssltest.c
+wp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+wp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+wp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+wp_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+wp_test.o: ../include/openssl/whrlpool.h wp_test.c
diff --git a/src/lib/libssl/src/test/Uss.cnf b/src/lib/libssl/src/test/Uss.cnf
index 98b2e054b7..0c0ebb5f67 100644
--- a/src/lib/libssl/src/test/Uss.cnf
+++ b/src/lib/libssl/src/test/Uss.cnf
@@ -7,7 +7,7 @@ RANDFILE		= ./.rnd
 ####################################################################
 [ req ]
-default_bits            = 1024
+default_bits            = 512
 default_keyfile         = keySS.pem
 distinguished_name      = req_distinguished_name
 encrypt_rsa_key         = no
diff --git a/src/lib/libssl/src/test/maketests.com b/src/lib/libssl/src/test/maketests.com
index 14cbf06088..ca072f1d11 100644
--- a/src/lib/libssl/src/test/maketests.com
+++ b/src/lib/libssl/src/test/maketests.com
@@ -12,9 +12,9 @@ $!  "test" programs for the different types of encryption for OpenSSL.
 $!  It was written so it would try to determine what "C" compiler to
 $!  use or you can specify which "C" compiler to use.
 $!
-$!  The test "executeables" will be placed in a directory called
+$!  The test "executables" will be placed in a directory called
-$!  [.xxx.EXE.TEST] where "xxx" denotes AXP or VAX depending on your machines
+$!  [.xxx.EXE.TEST] where "xxx" denotes ALPHA, IA64, or VAX, depending
-$!  architecture.
+$!  on your machine architecture.
 $!
 $!  Specify DEBUG or NODEBUG P1 to compile with or without debugger
 $!  information.
@@ -44,24 +44,19 @@ $ TCPIP_LIB = ""
 $!
 $! Check Which Architecture We Are Using.
 $!
-$ IF (F$GETSYI("CPU").GE.128) 
+$ if (f$getsyi( "HW_MODEL") .lt. 1024)
-$ THEN
+$ then
-$!
+$    arch = "VAX"
-$!  The Architecture Is AXP.
+$ else
-$!
+$    arch = ""
-$   ARCH := AXP
+$    arch = arch+ f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$!
+$    if (arch .eqs. "") then arch = "UNK"
-$! Else...
+$ endif
-$!
-$ ELSE
-$!
-$!  The Architecture Is VAX.
-$!
-$   ARCH := VAX
 $!
-$! End The Architecture Check.
+$! Define The OBJ and EXE Directories (EXE before CHECK_OPTIONS).
 $!
-$ ENDIF
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST]
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST]
 $!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
@@ -73,7 +68,7 @@ $ GOSUB INITIALISE
 $!
 $! Tell The User What Kind of Machine We Run On.
 $!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$ WRITE SYS$OUTPUT "Compiling On ''ARCH'."
 $!
 $! Define The CRYPTO-LIB We Are To Use.
 $!
@@ -83,39 +78,12 @@ $! Define The SSL We Are To Use.
 $!
 $ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB
 $!
-$! Define The OBJ Directory.
+$! Create the OBJ and EXE Directories, if needed.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST]
-$!
-$! Check To See If The Architecture Specific OBJ Directory Exists.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."")
-$ THEN
-$!
-$!  The EXE Directory Dosen't Exist, So Create It.
-$!
-$   CREATE/DIRECTORY 'OBJ_DIR'
-$!
-$! End The Architecture Specific OBJ Directory Check.
-$!
-$ ENDIF
 $!
-$! Define The EXE Directory.
+$ IF (F$PARSE(OBJ_DIR).EQS."") THEN -
-$!
+   CREATE /DIRECTORY 'OBJ_DIR'
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST]
+$ IF (F$PARSE(EXE_DIR).EQS."") THEN -
-$!
+   CREATE /DIRECTORY 'EXE_DIR'
-$! Check To See If The Architecture Specific EXE Directory Exists.
-$!
-$ IF (F$PARSE(EXE_DIR).EQS."")
-$ THEN
-$!
-$!  The EXE Directory Dosen't Exist, So Create It.
-$!
-$   CREATE/DIRECTORY 'EXE_DIR'
-$!
-$! End The Architecture Specific EXE Directory Check.
-$!
-$ ENDIF
 $!
 $! Check To See If We Have The Proper Libraries.
 $!
@@ -126,20 +94,59 @@ $!
 $ GOSUB CHECK_OPT_FILE
 $!
 $! Define The TEST Files.
+$! NOTE: Some might think this list ugly.  However, it's made this way to
+$! reflect the EXE variable in Makefile as closely as possible,
+$! thereby making it fairly easy to verify that the lists are the same.
 $!
 $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
-               "MD2TEST,MD4TEST,MD5TEST,HMACTEST,"+ -
+               "MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ -
               "RC2TEST,RC4TEST,RC5TEST,"+ -
               "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ -
               "MDC2TEST,RMDTEST,"+ -
               "RANDTEST,DHTEST,ENGINETEST,"+ -
               "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
-               "EVP_TEST"
+               "EVP_TEST,JPAKETEST"
+$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
+$!
+$! Additional directory information.
+$ T_D_BNTEST     := [-.crypto.bn]
+$ T_D_ECTEST     := [-.crypto.ec]
+$ T_D_ECDSATEST  := [-.crypto.ecdsa]
+$ T_D_ECDHTEST   := [-.crypto.ecdh]
+$ T_D_IDEATEST   := [-.crypto.idea]
+$ T_D_MD2TEST    := [-.crypto.md2]
+$ T_D_MD4TEST    := [-.crypto.md4]
+$ T_D_MD5TEST    := [-.crypto.md5]
+$ T_D_HMACTEST   := [-.crypto.hmac]
+$ T_D_WP_TEST    := [-.crypto.whrlpool]
+$ T_D_RC2TEST    := [-.crypto.rc2]
+$ T_D_RC4TEST    := [-.crypto.rc4]
+$ T_D_RC5TEST    := [-.crypto.rc5]
+$ T_D_DESTEST    := [-.crypto.des]
+$ T_D_SHATEST    := [-.crypto.sha]
+$ T_D_SHA1TEST   := [-.crypto.sha]
+$ T_D_SHA256T    := [-.crypto.sha]
+$ T_D_SHA512T    := [-.crypto.sha]
+$ T_D_MDC2TEST   := [-.crypto.mdc2]
+$ T_D_RMDTEST    := [-.crypto.ripemd]
+$ T_D_RANDTEST   := [-.crypto.rand]
+$ T_D_DHTEST     := [-.crypto.dh]
+$ T_D_ENGINETEST := [-.crypto.engine]
+$ T_D_BFTEST     := [-.crypto.bf]
+$ T_D_CASTTEST   := [-.crypto.cast]
+$ T_D_SSLTEST    := [-.ssl]
+$ T_D_EXPTEST    := [-.crypto.bn]
+$ T_D_DSATEST    := [-.crypto.dsa]
+$ T_D_RSA_TEST   := [-.crypto.rsa]
+$ T_D_EVP_TEST   := [-.crypto.evp]
+$ T_D_JPAKETEST  := [-.crypto.jpake]
+$ T_D_IGETEST    := [-.test]
+$!
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
     TCPIP_PROGRAMS = ",SSLTEST,"
 $!
-$!  Define A File Counter And Set It To "0".
+$! Define A File Counter And Set It To "0".
 $!
 $ FILE_COUNTER = 0
 $!
@@ -161,7 +168,7 @@ $ FILE_COUNTER = FILE_COUNTER + 1
 $!
 $! Create The Source File Name.
 $!
-$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$ SOURCE_FILE = "SYS$DISK:" + T_D_'FILE_NAME' + FILE_NAME + ".C"
 $!
 $! Create The Object File Name.
 $!
@@ -195,7 +202,7 @@ $!
 $! Compile The File.
 $!
 $ ON ERROR THEN GOTO NEXT_FILE
-$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ CC /OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $ ON WARNING THEN GOTO NEXT_FILE
 $!
 $! Check If What We Are About To Compile Works Without A TCP/IP Library.
@@ -205,7 +212,8 @@ $ THEN
 $!
 $!  Inform The User That A TCP/IP Library Is Needed To Compile This Program.
 $!
-$   WRITE SYS$OUTPUT FILE_NAME," Needs A TCP/IP Library.  Can't Link.  Skipping..."
+$   WRITE SYS$OUTPUT -
+          FILE_NAME," Needs A TCP/IP Library.  Can't Link.  Skipping..."
 $   GOTO NEXT_FILE
 $!
 $! End The TCP/IP Library Check.
@@ -220,10 +228,12 @@ $ THEN
 $!
 $!  Don't Link With The RSAREF Routines And TCP/IP Library.
 $!
-$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+$   LINK /'DEBUGGER' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' -
        'OBJECT_FILE', -
-        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+        'SSL_LIB' /LIBRARY, -
-        'TCPIP_LIB','OPT_FILE'/OPTION
+        'CRYPTO_LIB' /LIBRARY, -
+        'TCPIP_LIB', -
+        'OPT_FILE' /OPTIONS
 $!
 $! Else...
 $!
@@ -231,10 +241,11 @@ $ ELSE
 $!
 $!  Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
 $!
-$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+$   LINK /'DEBUGGER' /'TRACEBACK' /EXECUTABLE = 'EXE_FILE' -
        'OBJECT_FILE', -
-        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+        'SSL_LIB' /LIBRARY, -
-        'OPT_FILE'/OPTION
+        'CRYPTO_LIB' /LIBRARY, -
+        'OPT_FILE' /OPTIONS
 $!
 $! End The TCP/IP Library Check.
 $!
@@ -273,10 +284,10 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable VAX C Runtime Library.
 !
-SYS$SHARE:VAXCRTL.EXE/SHARE
+SYS$SHARE:VAXCRTL.EXE /SHAREABLE
 $EOD
 $!
 $!  End The Option File Check.
@@ -305,8 +316,8 @@ $DECK
 ! Default System Options File To Link Agianst 
 ! The Sharable C Runtime Library.
 !
-GNU_CC:[000000]GCCLIB/LIBRARY
+GNU_CC:[000000]GCCLIB.OLB /LIBRARY
-SYS$SHARE:VAXCRTL/SHARE
+SYS$SHARE:VAXCRTL.EXE /SHAREABLE
 $EOD
 $!
 $!  End The Option File Check.
@@ -327,7 +338,7 @@ $!
 $   IF (F$SEARCH(OPT_FILE).EQS."")
 $   THEN
 $!
-$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!    Figure Out If We Need A non-VAX Or A VAX Linker Option File.
 $!
 $     IF (ARCH.EQS."VAX")
 $     THEN
@@ -340,26 +351,26 @@ $DECK
 ! Default System Options File To Link Agianst 
 ! The Sharable DEC C Runtime Library.
 !
-SYS$SHARE:DECC$SHR.EXE/SHARE
+SYS$SHARE:DECC$SHR.EXE /SHAREABLE
 $EOD
 $!
 $!    Else...
 $!
 $     ELSE
 $!
-$!      Create The AXP Linker Option File.
+$!      Create The non-VAX Linker Option File.
 $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For AXP To Link Agianst 
+! Default System Options File For non-VAX To Link Agianst 
 ! The Sharable C Runtime Library.
 !
-SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_LIB_SHR.EXE /SHAREABLE
-SYS$SHARE:CMA$OPEN_RTL/SHARE
+SYS$SHARE:CMA$OPEN_RTL.EXE /SHAREABLE
 $EOD
 $!
-$!    End The VAX/AXP DEC C Option File Check.
+$!    End The DEC C Option File Check.
 $!
 $     ENDIF
 $!
@@ -511,7 +522,7 @@ $   ELSE
 $!
 $!  Check To See If We Have VAXC Or DECC.
 $!
-$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
 $     THEN 
 $!
 $!      Looks Like DECC, Set To Use DECC.
@@ -614,14 +625,14 @@ $!    Use DECC...
 $!
 $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
-         THEN CC = "CC/DECC"
+         THEN CC = "CC /DECC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+$     CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL" + -
+           "/NOLIST /PREFIX=ALL" + -
           "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -643,23 +654,23 @@ $!
 $!    Compile Using VAXC.
 $!
 $     CC = "CC"
-$     IF ARCH.EQS."AXP"
+$     IF ARCH.NES."VAX"
 $     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
 $       EXIT
 $     ENDIF
-$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC /VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+$     CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -
           "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
 $!
-$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$     DEFINE /NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -680,12 +691,12 @@ $     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
 $!
 $!    Use GNU C...
 $!
-$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+$     CC = "GCC /NOCASE_HACK /''GCC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -
           "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -715,7 +726,7 @@ $   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $!
 $!  Show user the result
 $!
-$   WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
+$   WRITE /SYMBOL SYS$OUTPUT "Main Compiling Command: ", CC
 $!
 $!  Else The User Entered An Invalid Arguement.
 $!
@@ -749,7 +760,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
 $!
 $!    Done with SOCKETSHR
 $!
@@ -760,7 +771,7 @@ $!
 $   IF P3.EQS."MULTINET"
 $   THEN
 $!
-$!    Set the library to use UXC emulation.
+$!    Set the library to use UCX emulation.
 $!
 $     P3 = "UCX"
 $!
@@ -775,13 +786,13 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
 $     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
 $     THEN
-$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
 $     ELSE
 $       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-          TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+          TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
 $     ENDIF
 $!
 $!    Done with UCX
@@ -795,7 +806,7 @@ $   THEN
 $!
 $!    Set the library to use TCPIP (post UCX).
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Done with TCPIP
 $!
@@ -893,7 +904,7 @@ $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
 $!
 $! Set up the logical name OPENSSL to point at the include directory
 $!
-$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$ DEFINE OPENSSL /NOLOG '__INCLUDE'
 $!
 $! Done
 $!
@@ -907,7 +918,7 @@ $ IF __SAVE_OPENSSL .EQS. ""
 $ THEN
 $   DEASSIGN OPENSSL
 $ ELSE
-$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$   DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
 $ ENDIF
 $!
 $! Done
diff --git a/src/lib/libssl/src/test/tcrl.com b/src/lib/libssl/src/test/tcrl.com
index 86bf9735aa..1f606eb850 100644
--- a/src/lib/libssl/src/test/tcrl.com
+++ b/src/lib/libssl/src/test/tcrl.com
@@ -1,7 +1,9 @@
 $! TCRL.COM  --  Tests crl keys
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       cmd := mcr 'exe_dir'openssl crl
diff --git a/src/lib/libssl/src/test/testca.com b/src/lib/libssl/src/test/testca.com
index c670f2bf5f..ec7e56dad6 100644
--- a/src/lib/libssl/src/test/testca.com
+++ b/src/lib/libssl/src/test/testca.com
@@ -1,8 +1,9 @@
 $! TESTCA.COM
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
-$       exe_dir := sys$disk:[-.'__arch'.exe.apps]
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $
 $       openssl := mcr 'exe_dir'openssl
 $
@@ -11,7 +12,7 @@ $
 $       set noon
 $       if f$search("demoCA.dir") .nes. ""
 $       then
-$           call deltree [.demoCA]*.*
+$           @[-.util]deltree [.demoCA]*.*
 $           set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
 $           delete demoCA.dir;*
 $       endif
@@ -38,7 +39,7 @@ $	@[-.apps]CA.com -verify newcert.pem
 $       if $severity .ne. 1 then exit 3
 $
 $       set noon
-$       call deltree [.demoCA]*.*
+$       @[-.util]deltree [.demoCA]*.*
 $       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
 $       delete demoCA.dir;*
 $       if f$search("newcert.pem") .nes. "" then delete newcert.pem;*
@@ -47,32 +48,3 @@ $	set on
 $!      #usage: CA -newcert|-newreq|-newca|-sign|-verify
 $
 $       exit
-$
-$ deltree: subroutine ! P1 is a name of a directory
-$       on control_y then goto dt_STOP
-$       on warning then goto dt_exit
-$       _dt_def = f$trnlnm("SYS$DISK")+f$directory()
-$       if f$parse(p1) .eqs. "" then exit
-$       set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")'
-$       p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE")
-$       _fp = f$parse(".DIR",p1)
-$ dt_loop:
-$       _f = f$search(_fp)
-$       if _f .eqs. "" then goto dt_loopend
-$       call deltree [.'f$parse(_f,,,"NAME")']*.*
-$       goto dt_loop
-$ dt_loopend:
-$       _fp = f$parse(p1,".;*")
-$       if f$search(_fp) .eqs. "" then goto dt_exit
-$       set noon
-$       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp'
-$       set on
-$       delete/nolog '_fp'
-$ dt_exit:
-$       set default '_dt_def'
-$       exit
-$ dt_STOP:
-$       set default '_dt_def'
-$       stop/id=""
-$       exit
-$       endsubroutine
diff --git a/src/lib/libssl/src/test/testenc.com b/src/lib/libssl/src/test/testenc.com
index 5e6f521f9d..621d9a2126 100644
--- a/src/lib/libssl/src/test/testenc.com
+++ b/src/lib/libssl/src/test/testenc.com
@@ -1,8 +1,9 @@
 $! TESTENC.COM  --  Test encoding and decoding
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
-$       exe_dir := sys$disk:[-.'__arch'.exe.apps]
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $
 $       testsrc := makefile.
 $       test := p.txt
diff --git a/src/lib/libssl/src/test/testgen.com b/src/lib/libssl/src/test/testgen.com
index 5d28ebec72..a4bc574bec 100644
--- a/src/lib/libssl/src/test/testgen.com
+++ b/src/lib/libssl/src/test/testgen.com
@@ -1,7 +1,9 @@
 $! TETSGEN.COM
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       T := testcert
diff --git a/src/lib/libssl/src/test/tests.com b/src/lib/libssl/src/test/tests.com
index 88a33d0531..d151cd3955 100644
--- a/src/lib/libssl/src/test/tests.com
+++ b/src/lib/libssl/src/test/tests.com
@@ -6,11 +6,17 @@ $	__proc = f$element(0,";",f$environment("procedure"))
 $       __here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;"
 $       __save_default = f$environment("default")
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       texe_dir := sys$disk:[-.'__arch'.exe.test]
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
+$       sslroot = f$parse("sys$disk:[-.apps];",,,,"syntax_only") - "].;"+ ".]"
+$       define /translation_attributes = concealed sslroot 'sslroot'
+$
 $       set default '__here'
+$
 $       on control_y then goto exit
 $       on error then goto exit
 $
@@ -18,14 +24,18 @@ $	if p1 .nes. ""
 $       then
 $           tests = p1
 $       else
+$! NOTE: This list reflects the list of dependencies following the
+$! "alltests" target in Makefile.  This should make it easy to see
+$! if there's a difference that needs to be taken care of.
 $           tests := -
        test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-
-        test_md2,test_mdc2,-
+        test_md2,test_mdc2,test_wp,-
-        test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_rd,-
+        test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,-
        test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-
        test_enc,test_x509,test_rsa,test_crl,test_sid,-
        test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
-        test_ss,test_ca,test_engine,test_evp,test_ssl,test_ige,test_jpake
+        test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,-
+        test_jpake,test_cms
 $       endif
 $       tests = f$edit(tests,"COLLAPSE")
 $
@@ -43,6 +53,7 @@ $	MD2TEST :=	md2test
 $       MD4TEST :=      md4test
 $       MD5TEST :=      md5test
 $       HMACTEST :=     hmactest
+$       WPTEST :=       wp_test
 $       RC2TEST :=      rc2test
 $       RC4TEST :=      rc4test
 $       RC5TEST :=      rc5test
@@ -93,6 +104,9 @@ $	return
 $ test_hmac:
 $       mcr 'texe_dir''hmactest'
 $       return
+$ test_wp:
+$       mcr 'texe_dir''wptest'
+$       return
 $ test_md2:
 $       mcr 'texe_dir''md2test'
 $       return
@@ -248,9 +262,22 @@ $	    write sys$output "Generate and certify a test certificate via the 'ca' pro
 $           @testca.com
 $       endif
 $       return
-$ test_rd: 
+$ test_aes: 
-$       write sys$output "test Rijndael"
+$!      write sys$output "test AES"
-$       !mcr 'texe_dir''rdtest'
+$!      !mcr 'texe_dir''aestest'
+$       return
+$ test_tsa:
+$       set noon
+$       define/user sys$output nla0:
+$       mcr 'exe_dir'openssl no-rsa
+$       save_severity=$SEVERITY
+$       set on
+$       if save_severity
+$       then
+$           write sys$output "skipping testtsa.com test -- requires RSA"
+$       else
+$           @testtsa.com
+$       endif
 $       return
 $ test_ige: 
 $       write sys$output "Test IGE mode"
@@ -260,8 +287,13 @@ $ test_jpake:
 $       write sys$output "Test JPAKE"
 $       mcr 'texe_dir''jpaketest'
 $       return
+$ test_cms:
+$       write sys$output "CMS consistency test"
+$       perl CMS-TEST.PL
+$       return
 $
 $
 $ exit:
 $       set default '__save_default'
+$       deassign sslroot
 $       exit
diff --git a/src/lib/libssl/src/test/testss.com b/src/lib/libssl/src/test/testss.com
index 685ae5043d..6598106b09 100644
--- a/src/lib/libssl/src/test/testss.com
+++ b/src/lib/libssl/src/test/testss.com
@@ -1,7 +1,9 @@
 $! TESTSS.COM
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       digest="-md5"
diff --git a/src/lib/libssl/src/test/testssl b/src/lib/libssl/src/test/testssl
index 8ac90ae5ee..f9d7c5d65f 100644
--- a/src/lib/libssl/src/test/testssl
+++ b/src/lib/libssl/src/test/testssl
@@ -142,4 +142,10 @@ else
  fi
 fi
+echo test tls1 with PSK
+$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
+echo test tls1 with PSK via BIO pair
+$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
 exit 0
diff --git a/src/lib/libssl/src/test/testssl.com b/src/lib/libssl/src/test/testssl.com
index 26308f7715..9c83afba04 100644
--- a/src/lib/libssl/src/test/testssl.com
+++ b/src/lib/libssl/src/test/testssl.com
@@ -1,7 +1,9 @@
 $! TESTSSL.COM
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       texe_dir := sys$disk:[-.'__arch'.exe.test]
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
diff --git a/src/lib/libssl/src/test/testtsa.com b/src/lib/libssl/src/test/testtsa.com
new file mode 100644
index 0000000000..e3c586f14a
--- /dev/null
+++ b/src/lib/libssl/src/test/testtsa.com
@@ -0,0 +1,248 @@
+$!
+$! A few very basic tests for the 'ts' time stamping authority command.
+$!
+$
+$       __arch := VAX
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
+$       exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$       openssl := mcr 'f$parse(exe_dir+"openssl.exe")'
+$       OPENSSL_CONF := [-]CAtsa.cnf
+$       ! Because that's what ../apps/CA.sh really looks at
+$       SSLEAY_CONFIG = "-config " + OPENSSL_CONF
+$
+$ error:
+$       subroutine
+$               write sys$error "TSA test failed!"
+$               exit 3
+$       endsubroutine
+$
+$ setup_dir:
+$       subroutine
+$
+$               if f$search("tsa.dir") .nes ""
+$               then
+$                       @[-.util]deltree [.tsa]*.*
+$                       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
+$                       delete tsa.dir;*
+$               endif
+$
+$               create/dir [.tsa]
+$               set default [.tsa]
+$       endsubroutine
+$
+$ clean_up_dir:
+$       subroutine
+$
+$               set default [-]
+$               @[-.util]deltree [.tsa]*.*
+$               set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
+$               delete tsa.dir;*
+$       endsubroutine
+$
+$ create_ca:
+$       subroutine
+$
+$               write sys$output "Creating a new CA for the TSA tests..."
+$               TSDNSECT = "ts_ca_dn"
+$               openssl req -new -x509 -nodes -
+                        -out tsaca.pem -keyout tsacakey.pem
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ create_tsa_cert:
+$       subroutine
+$
+$               INDEX=p1
+$               EXT=p2
+$               TSDNSECT = "ts_cert_dn"
+$
+$               openssl req -new -
+                        -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
+$               if $severity .ne. 1 then call error
+$
+$               write sys$output "Using extension ''EXT'"
+$               openssl x509 -req -
+                        -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
+                        "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" -
+                        -extfile 'OPENSSL_CONF' -extensions "''EXT'"
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ print_request:
+$       subroutine
+$
+$               openssl ts -query -in 'p1' -text
+$       endsubroutine
+$
+$ create_time_stamp_request1: subroutine
+$
+$               openssl ts -query -data [-]testtsa.com -policy tsa_policy1 -
+                        -cert -out req1.tsq
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ create_time_stamp_request2: subroutine
+$
+$               openssl ts -query -data [-]testtsa.com -policy tsa_policy2 -
+                        -no_nonce -out req2.tsq
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ create_time_stamp_request3: subroutine
+$
+$               openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ print_response:
+$       subroutine
+$
+$               openssl ts -reply -in 'p1' -text
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ create_time_stamp_response:
+$       subroutine
+$
+$               openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2'
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ time_stamp_response_token_test:
+$       subroutine
+$
+$               RESPONSE2:='p2'.copy_tsr
+$               TOKEN_DER:='p2'.token_der
+$               openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
+$               if $severity .ne. 1 then call error
+$               openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
+$               if $severity .ne. 1 then call error
+$               backup/compare 'RESPONSE2' 'p2'
+$               if $severity .ne. 1 then call error
+$               openssl ts -reply -in 'p2' -text -token_out
+$               if $severity .ne. 1 then call error
+$               openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out
+$               if $severity .ne. 1 then call error
+$               openssl ts -reply -queryfile 'p1' -text -token_out
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ verify_time_stamp_response:
+$       subroutine
+$
+$               openssl ts -verify -queryfile 'p1' -in 'p2' -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               if $severity .ne. 1 then call error
+$               openssl ts -verify -data 'p3' -in 'p2' -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ verify_time_stamp_token:
+$       subroutine
+$
+$               ! create the token from the response first
+$               openssl ts -reply -in 'p2' -out 'p2'.token -token_out
+$               if $severity .ne. 1 then call error
+$               openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               if $severity .ne. 1 then call error
+$               openssl ts -verify -data 'p3' -in 'p2'.token -token_in -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ verify_time_stamp_response_fail:
+$       subroutine
+$
+$               openssl ts -verify -queryfile 'p1' -in 'p2' -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               ! Checks if the verification failed, as it should have.
+$               if $severity .eq. 1 then call error
+$               write sys$output "Ok"
+$       endsubroutine
+$
+$       ! Main body ----------------------------------------------------------
+$
+$       write sys$output "Setting up TSA test directory..."
+$       call setup_dir
+$
+$       write sys$output "Creating CA for TSA tests..."
+$       call create_ca
+$
+$       write sys$output "Creating tsa_cert1.pem TSA server cert..."
+$       call create_tsa_cert 1 "tsa_cert"
+$
+$       write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
+$       call create_tsa_cert 2 "non_tsa_cert"
+$
+$       write sys$output "Creating req1.req time stamp request for file testtsa..."
+$       call create_time_stamp_request1
+$
+$       write sys$output "Printing req1.req..."
+$       call print_request req1.tsq
+$
+$       write sys$output "Generating valid response for req1.req..."
+$       call create_time_stamp_response req1.tsq resp1.tsr tsa_config1
+$
+$       write sys$output "Printing response..."
+$       call print_response resp1.tsr
+$
+$       write sys$output "Verifying valid response..."
+$       call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com
+$
+$       write sys$output "Verifying valid token..."
+$       call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com
+$
+$       ! The tests below are commented out, because invalid signer certificates
+$       ! can no longer be specified in the config file.
+$
+$       ! write sys$output "Generating _invalid_ response for req1.req..."
+$       ! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
+$
+$       ! write sys$output "Printing response..."
+$       ! call print_response resp1_bad.tsr
+$
+$       ! write sys$output "Verifying invalid response, it should fail..."
+$       ! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
+$
+$       write sys$output "Creating req2.req time stamp request for file testtsa..."
+$       call create_time_stamp_request2
+$
+$       write sys$output "Printing req2.req..."
+$       call print_request req2.tsq
+$
+$       write sys$output "Generating valid response for req2.req..."
+$       call create_time_stamp_response req2.tsq resp2.tsr tsa_config1
+$
+$       write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
+$       call time_stamp_response_token_test req2.tsq resp2.tsr
+$
+$       write sys$output "Printing response..."
+$       call print_response resp2.tsr
+$
+$       write sys$output "Verifying valid response..."
+$       call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com
+$
+$       write sys$output "Verifying response against wrong request, it should fail..."
+$       call verify_time_stamp_response_fail req1.tsq resp2.tsr
+$
+$       write sys$output "Verifying response against wrong request, it should fail..."
+$       call verify_time_stamp_response_fail req2.tsq resp1.tsr
+$
+$       write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
+$       call create_time_stamp_request3
+$
+$       write sys$output "Printing req3.req..."
+$       call print_request req3.tsq
+$
+$       write sys$output "Verifying response against wrong request, it should fail..."
+$       call verify_time_stamp_response_fail req3.tsq resp1.tsr
+$
+$       write sys$output "Cleaning up..."
+$       call clean_up_dir
+$
+$       exit
diff --git a/src/lib/libssl/src/test/times b/src/lib/libssl/src/test/times
index 738d569b8f..6b66eb342e 100644
--- a/src/lib/libssl/src/test/times
+++ b/src/lib/libssl/src/test/times
@@ -1,7 +1,7 @@
 More number for the questions about SSL overheads....
-The following numbers were generated on a pentium pro 200, running linux.
+The following numbers were generated on a Pentium pro 200, running Linux.
 They give an indication of the SSL protocol and encryption overheads.
 The program that generated them is an unreleased version of ssl/ssltest.c
@@ -11,7 +11,7 @@ interface.
 How do I read this?  The protocol and cipher are reasonable obvious.
 The next number is the number of connections being made.  The next is the
-number of bytes exchanged bewteen the client and server side of the protocol.
+number of bytes exchanged between the client and server side of the protocol.
 This is the number of bytes that the client sends to the server, and then
 the server sends back.  Because this is all happening in one process,
 the data is being encrypted, decrypted, encrypted and then decrypted again.
@@ -55,10 +55,10 @@ SSLv3 DES-CBC3-SHA 1000 x 102400  336.61s 323.82s
 What does this all mean?  Well for a server, with no session-id reuse, with
 a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
-a pentium pro 200 running linux can handle the SSLv3 protocol overheads of
+a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of
 about 49 connections a second.  Reality will be quite different :-).
-Remeber the first number is 1000 full ssl handshakes, the second is
+Remember the first number is 1000 full ssl handshakes, the second is
 1 full and 999 with session-id reuse.  The RSA overheads for each exchange
 would be one public and one private operation, but the protocol/MAC/cipher
 cost would be quite similar in both the client and server.
@@ -72,21 +72,21 @@ eric (adding numbers to speculation)
  killer in SSL.  Often delays in the TCP protocol will make session-id
  reuse look slower that new sessions, but this would not be the case on
  a loaded server.
- The TCP round trip latencies, while slowing indervidual connections,
+- The TCP round trip latencies, while slowing individual connections,
  would have minimal impact on throughput.
 - Instead of sending one 102400 byte buffer, one 8k buffer is sent until
 - the required number of bytes are processed.
- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers.
+- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers.
 - A 512bit server key was being used except where noted.
 - No server key verification was being performed on the client side of the
  protocol.  This would slow things down very little.
 - The library being used is SSLeay 0.8.x.
- The normal mesauring system was commands of the form
+- The normal measuring system was commands of the form
  time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
  This modified version of ssltest should be in the next public release of
  SSLeay.
-The general cipher performace number for this platform are
+The general cipher performance number for this platform are
 SSLeay 0.8.2a 04-Sep-1997
 built on Fri Sep  5 17:37:05 EST 1997
diff --git a/src/lib/libssl/src/test/tpkcs7.com b/src/lib/libssl/src/test/tpkcs7.com
index 047834fba4..e107cc141a 100644
--- a/src/lib/libssl/src/test/tpkcs7.com
+++ b/src/lib/libssl/src/test/tpkcs7.com
@@ -1,7 +1,9 @@
 $! TPKCS7.COM  --  Tests pkcs7 keys
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       cmd := mcr 'exe_dir'openssl pkcs7
diff --git a/src/lib/libssl/src/test/tpkcs7d.com b/src/lib/libssl/src/test/tpkcs7d.com
index 193bb72137..5ff653ccee 100644
--- a/src/lib/libssl/src/test/tpkcs7d.com
+++ b/src/lib/libssl/src/test/tpkcs7d.com
@@ -1,7 +1,9 @@
 $! TPKCS7.COM  --  Tests pkcs7 keys
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       cmd := mcr 'exe_dir'openssl pkcs7
diff --git a/src/lib/libssl/src/test/treq.com b/src/lib/libssl/src/test/treq.com
index 5524e485ba..d2594be6a7 100644
--- a/src/lib/libssl/src/test/treq.com
+++ b/src/lib/libssl/src/test/treq.com
@@ -1,7 +1,9 @@
 $! TREQ.COM  --  Tests req keys
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       cmd := mcr 'exe_dir'openssl req -config [-.apps]openssl-vms.cnf
diff --git a/src/lib/libssl/src/test/trsa.com b/src/lib/libssl/src/test/trsa.com
index 6dbe59ef64..d3a8a605b7 100644
--- a/src/lib/libssl/src/test/trsa.com
+++ b/src/lib/libssl/src/test/trsa.com
@@ -1,7 +1,9 @@
 $! TRSA.COM  --  Tests rsa keys
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       set noon
diff --git a/src/lib/libssl/src/test/tsid.com b/src/lib/libssl/src/test/tsid.com
index abd1d4d737..267ace1135 100644
--- a/src/lib/libssl/src/test/tsid.com
+++ b/src/lib/libssl/src/test/tsid.com
@@ -1,7 +1,9 @@
 $! TSID.COM  --  Tests sid keys
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       cmd := mcr 'exe_dir'openssl sess_id
diff --git a/src/lib/libssl/src/test/tverify.com b/src/lib/libssl/src/test/tverify.com
index 021d701d79..01431f4aac 100644
--- a/src/lib/libssl/src/test/tverify.com
+++ b/src/lib/libssl/src/test/tverify.com
@@ -1,29 +1,63 @@
 $! TVERIFY.COM
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
+$!
+$       line_max = 255 ! Could be longer on modern non-VAX.
+$       temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp"
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
-$
+$       cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'"
-$       copy/concatenate [-.certs]*.pem certs.tmp
+$       cmd_len = f$length( cmd)
-$
+$       pems = "[-.certs...]*.pem"
+$!
+$!      Concatenate all the certificate files.
+$!
+$       copy /concatenate 'pems' 'temp_file_name'
+$!
+$!      Loop through all the certificate files.
+$!
+$       args = ""
 $       old_f :=
-$ loop_certs:
+$ loop_file: 
-$       verify := NO
+$           f = f$search( pems)
-$       more := YES
+$           if ((f .nes. "") .and. (f .nes. old_f))
-$       certs :=
+$           then
-$ loop_certs2:
+$             old_f = f
-$       f = f$search("[-.certs]*.pem")
+$!
-$       if f .nes. "" .and. f .nes. old_f
+$!            If this file name would over-extend the command line, then
+$!            run the command now.
+$!
+$             if (cmd_len+ f$length( args)+ 1+ f$length( f) .gt. line_max)
+$             then
+$                if (args .eqs. "") then goto disaster
+$                'cmd''args'
+$                args = ""
+$             endif
+$!            Add the next file to the argument list.
+$             args = args+ " "+ f
+$          else
+$!            No more files in the list
+$             goto loop_file_end
+$          endif
+$       goto loop_file
+$       loop_file_end:
+$!
+$!      Run the command for any left-over arguments.
+$!
+$       if (args .nes. "")
 $       then
-$           certs = certs + " [-.certs]" + f$parse(f,,,"NAME") + ".pem"
+$          'cmd''args'
-$           verify := YES
-$           if f$length(certs) .lt. 180 then goto loop_certs2
-$       else
-$           more := NO
 $       endif
-$       certs = certs - " "
+$!
-$
+$!      Delete the temporary file.
-$       if verify then mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
+$!
-$       if more then goto loop_certs
+$       if (f$search( "''temp_file_name';*") .nes. "") then -
-$
+         delete 'temp_file_name';*
-$       delete certs.tmp;*
+$!
+$       exit
+$!
+$       disaster:
+$       write sys$output "   Command line too long.  Doomed."
+$!
diff --git a/src/lib/libssl/src/test/tx509.com b/src/lib/libssl/src/test/tx509.com
index 7b2592f773..399eb01490 100644
--- a/src/lib/libssl/src/test/tx509.com
+++ b/src/lib/libssl/src/test/tx509.com
@@ -1,7 +1,9 @@
 $! TX509.COM  --  Tests x509 certificates
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       cmd := mcr 'exe_dir'openssl x509
diff --git a/src/lib/libssl/src/times/x86/des3s.cpp b/src/lib/libssl/src/times/x86/des3s.cpp
index 02d527c057..cd2b1126f1 100644
--- a/src/lib/libssl/src/times/x86/des3s.cpp
+++ b/src/lib/libssl/src/times/x86/des3s.cpp
@@ -60,7 +60,7 @@ void main(int argc,char *argv[])
                        des_encrypt3(&data[0],key1,key2,key3);
                        }
-                printf("des %d %d (%d)\n",
+                printf("des3 %d %d (%d)\n",
                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
                }
        }
diff --git a/src/lib/libssl/src/tools/Makefile b/src/lib/libssl/src/tools/Makefile
index 4ca835c4af..bb6fb71f3e 100644
--- a/src/lib/libssl/src/tools/Makefile
+++ b/src/lib/libssl/src/tools/Makefile
@@ -49,6 +49,7 @@ depend:
 dclean:
        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
        mv -f Makefile.new $(MAKEFILE)
+        rm -f c_rehash
 clean:
        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
diff --git a/src/lib/libssl/src/tools/c_rehash b/src/lib/libssl/src/tools/c_rehash
index e614fb5466..6a20011a4c 100644
--- a/src/lib/libssl/src/tools/c_rehash
+++ b/src/lib/libssl/src/tools/c_rehash
@@ -7,6 +7,7 @@
 my $openssl;
 my $dir = "/usr/local/ssl";
+my $prefix = "/usr/local/ssl";
 if(defined $ENV{OPENSSL}) {
        $openssl = $ENV{OPENSSL};
@@ -15,13 +16,23 @@ if(defined $ENV{OPENSSL}) {
        $ENV{OPENSSL} = $openssl;
 }
-$ENV{PATH} .= ":$dir/bin";
+my $pwd;
+eval "require Cwd";
+if (defined(&Cwd::getcwd)) {
+        $pwd=Cwd::getcwd();
+} else {
+        $pwd=`pwd`; chomp($pwd);
+}
+my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter?
+$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); # prefix our path
 if(! -x $openssl) {
        my $found = 0;
-        foreach (split /:/, $ENV{PATH}) {
+        foreach (split /$path_delim/, $ENV{PATH}) {
                if(-x "$_/$openssl") {
                        $found = 1;
+                        $openssl = "$_/$openssl";
                        last;
                }       
        }
@@ -34,11 +45,16 @@ if(! -x $openssl) {
 if(@ARGV) {
        @dirlist = @ARGV;
 } elsif($ENV{SSL_CERT_DIR}) {
-        @dirlist = split /:/, $ENV{SSL_CERT_DIR};
+        @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
 } else {
        $dirlist[0] = "$dir/certs";
 }
+if (-d $dirlist[0]) {
+        chdir $dirlist[0];
+        $openssl="$pwd/$openssl" if (!-x $openssl);
+        chdir $pwd;
+}
 foreach (@dirlist) {
        if(-d $_ and -w $_) {
@@ -101,7 +117,7 @@ sub check_file {
 sub link_hash_cert {
                my $fname = $_[0];
                $fname =~ s/'/'\\''/g;
-                my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
+                my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
                chomp $hash;
                chomp $fprint;
                $fprint =~ s/^.*=//;
@@ -122,7 +138,11 @@ sub link_hash_cert {
                if ($symlink_exists) {
                        symlink $fname, $hash;
                } else {
-                        system ("cp", $fname, $hash);
+                        open IN,"<$fname" or die "can't open $fname for read";
+                        open OUT,">$hash" or die "can't open $hash for write";
+                        print OUT <IN>; # does the job for small text files
+                        close OUT;
+                        close IN;
                }
                $hashlist{$hash} = $fprint;
 }
diff --git a/src/lib/libssl/src/tools/c_rehash.in b/src/lib/libssl/src/tools/c_rehash.in
index 4497cbd9f1..bfc4a69ed4 100644
--- a/src/lib/libssl/src/tools/c_rehash.in
+++ b/src/lib/libssl/src/tools/c_rehash.in
@@ -7,6 +7,7 @@
 my $openssl;
 my $dir;
+my $prefix;
 if(defined $ENV{OPENSSL}) {
        $openssl = $ENV{OPENSSL};
@@ -15,13 +16,23 @@ if(defined $ENV{OPENSSL}) {
        $ENV{OPENSSL} = $openssl;
 }
-$ENV{PATH} .= ":$dir/bin";
+my $pwd;
+eval "require Cwd";
+if (defined(&Cwd::getcwd)) {
+        $pwd=Cwd::getcwd();
+} else {
+        $pwd=`pwd`; chomp($pwd);
+}
+my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter?
+$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); # prefix our path
 if(! -x $openssl) {
        my $found = 0;
-        foreach (split /:/, $ENV{PATH}) {
+        foreach (split /$path_delim/, $ENV{PATH}) {
                if(-x "$_/$openssl") {
                        $found = 1;
+                        $openssl = "$_/$openssl";
                        last;
                }       
        }
@@ -34,11 +45,16 @@ if(! -x $openssl) {
 if(@ARGV) {
        @dirlist = @ARGV;
 } elsif($ENV{SSL_CERT_DIR}) {
-        @dirlist = split /:/, $ENV{SSL_CERT_DIR};
+        @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
 } else {
        $dirlist[0] = "$dir/certs";
 }
+if (-d $dirlist[0]) {
+        chdir $dirlist[0];
+        $openssl="$pwd/$openssl" if (!-x $openssl);
+        chdir $pwd;
+}
 foreach (@dirlist) {
        if(-d $_ and -w $_) {
@@ -101,7 +117,7 @@ sub check_file {
 sub link_hash_cert {
                my $fname = $_[0];
                $fname =~ s/'/'\\''/g;
-                my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
+                my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
                chomp $hash;
                chomp $fprint;
                $fprint =~ s/^.*=//;
@@ -122,7 +138,11 @@ sub link_hash_cert {
                if ($symlink_exists) {
                        symlink $fname, $hash;
                } else {
-                        system ("cp", $fname, $hash);
+                        open IN,"<$fname" or die "can't open $fname for read";
+                        open OUT,">$hash" or die "can't open $hash for write";
+                        print OUT <IN>; # does the job for small text files
+                        close OUT;
+                        close IN;
                }
                $hashlist{$hash} = $fprint;
 }
diff --git a/src/lib/libssl/src/util/ck_errf.pl b/src/lib/libssl/src/util/ck_errf.pl
index 344b422c34..f13af5c50b 100644
--- a/src/lib/libssl/src/util/ck_errf.pl
+++ b/src/lib/libssl/src/util/ck_errf.pl
@@ -7,8 +7,16 @@
 # perl util/ck_errf.pl */*.c */*/*.c
 #
+my $err_strict = 0;
+my $bad = 0;
 foreach $file (@ARGV)
        {
+        if ($file eq "-strict")
+                {
+                $err_strict = 1;
+                next;
+                }
        open(IN,"<$file") || die "unable to open $file\n";
        $func="";
        while (<IN>)
@@ -20,13 +28,13 @@ foreach $file (@ARGV)
                        $func = $1;
                        $func =~ tr/A-Z/a-z/;
                        }
-                if (/([A-Z0-9]+)err\(([^,]+)/)
+                if (/([A-Z0-9]+)err\(([^,]+)/ && ! /ckerr_ignore/)
                        {
                        $errlib=$1;
                        $n=$2;
                        if ($func eq "")
-                                { print "$file:$.:???:$n\n"; next; }
+                                { print "$file:$.:???:$n\n"; $bad = 1; next; }
                        if ($n !~ /([^_]+)_F_(.+)$/)
                                {
@@ -37,14 +45,20 @@ foreach $file (@ARGV)
                        $n=$2;
                        if ($lib ne $errlib)
-                                { print "$file:$.:$func:$n [${errlib}err]\n"; next; }
+                                { print "$file:$.:$func:$n [${errlib}err]\n"; $bad = 1; next; }
                        $n =~ tr/A-Z/a-z/;
                        if (($n ne $func) && ($errlib ne "SYS"))
-                                { print "$file:$.:$func:$n\n"; next; }
+                                { print "$file:$.:$func:$n\n"; $bad = 1; next; }
        #               print "$func:$1\n";
                        }
                }
        close(IN);
        }
+if ($bad && $err_strict)
+        {
+        print STDERR "FATAL: error discrepancy\n";
+        exit 1;
+        }
diff --git a/src/lib/libssl/src/util/clean-depend.pl b/src/lib/libssl/src/util/clean-depend.pl
index 2b2bdb4048..d3525b0ed0 100644
--- a/src/lib/libssl/src/util/clean-depend.pl
+++ b/src/lib/libssl/src/util/clean-depend.pl
@@ -42,6 +42,7 @@ foreach $file (sort keys %files) {
    my @deps = map { $_ =~ s/^\.\///; $_ } @{$files{$file}};
    foreach $dep (sort @deps) {
+        $dep=~s/^\.\///;
        next if $prevdep eq $dep; # to exterminate duplicates...
        $prevdep = $dep;
        $len=0 if $len+length($dep)+1 >= 80;
diff --git a/src/lib/libssl/src/util/cygwin.sh b/src/lib/libssl/src/util/cygwin.sh
index 89d1dda95b..a4f2e740b4 100644
--- a/src/lib/libssl/src/util/cygwin.sh
+++ b/src/lib/libssl/src/util/cygwin.sh
@@ -7,7 +7,7 @@
 # Uncomment when debugging
 #set -x
-CONFIG_OPTIONS="--prefix=/usr shared no-idea no-rc5 no-mdc2"
+CONFIG_OPTIONS="--prefix=/usr shared zlib no-idea no-rc5"
 INSTALL_PREFIX=/tmp/install
 VERSION=
@@ -66,7 +66,7 @@ function create_cygwin_readme()
          ./config ${CONFIG_OPTIONS}
-        The IDEA, RC5 and MDC2 algorithms are disabled due to patent and/or
+        The IDEA and RC5 algorithms are disabled due to patent and/or
        licensing issues.
        EOF
 }
diff --git a/src/lib/libssl/src/util/deltree.com b/src/lib/libssl/src/util/deltree.com
new file mode 100644
index 0000000000..9f36b1a5e9
--- /dev/null
+++ b/src/lib/libssl/src/util/deltree.com
@@ -0,0 +1,34 @@
+$! DELTREE.COM
+$
+$ call deltree 'p1'
+$ exit $status
+$
+$ deltree: subroutine ! P1 is a name of a directory
+$       on control_y then goto dt_STOP
+$       on warning then goto dt_exit
+$       _dt_def = f$trnlnm("SYS$DISK")+f$directory()
+$       if f$parse(p1) .eqs. "" then exit
+$       set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")'
+$       p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE")
+$       _fp = f$parse(".DIR",p1)
+$ dt_loop:
+$       _f = f$search(_fp)
+$       if _f .eqs. "" then goto dt_loopend
+$       call deltree [.'f$parse(_f,,,"NAME")']*.*
+$       goto dt_loop
+$ dt_loopend:
+$       _fp = f$parse(p1,".;*")
+$       if f$search(_fp) .eqs. "" then goto dt_exit
+$       set noon
+$       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp'
+$       set on
+$       delete/nolog '_fp'
+$ dt_exit:
+$       set default '_dt_def'
+$       goto dt_end
+$ dt_STOP:
+$       set default '_dt_def'
+$       stop/id=""
+$       exit
+$ dt_end:
+$       endsubroutine
diff --git a/src/lib/libssl/src/util/domd b/src/lib/libssl/src/util/domd
index 560ebeaf82..bab48cb7a2 100644
--- a/src/lib/libssl/src/util/domd
+++ b/src/lib/libssl/src/util/domd
@@ -14,7 +14,7 @@ if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi
 cp Makefile Makefile.save
 # fake the presence of Kerberos
 touch $TOP/krb5.h
-if [ "$MAKEDEPEND" = "gcc" ]; then
+if expr "$MAKEDEPEND" : '.*gcc$' > /dev/null; then
    args=""
    while [ $# -gt 0 ]; do
        if [ "$1" != "--" ]; then args="$args $1"; fi
@@ -22,13 +22,17 @@ if [ "$MAKEDEPEND" = "gcc" ]; then
    done
    sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp
    echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
-    ${CC:-gcc} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
+    ${MAKEDEPEND} -Werror -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp || exit 1
    ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
+    RC=$?
    rm -f Makefile.tmp
 else
-    ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@
+    ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ && \
    ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new
+    RC=$?
 fi
 mv Makefile.new Makefile
 # unfake the presence of Kerberos
 rm $TOP/krb5.h
+exit $RC
diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num
index 74eb337227..6f3067ae2b 100644
--- a/src/lib/libssl/src/util/libeay.num
+++ b/src/lib/libssl/src/util/libeay.num
@@ -1,9 +1,9 @@
 SSLeay                                  1       EXIST::FUNCTION:
 SSLeay_version                          2       EXIST::FUNCTION:
-ASN1_BIT_STRING_asn1_meth               3       EXIST::FUNCTION:
+ASN1_BIT_STRING_asn1_meth               3       NOEXIST::FUNCTION:
-ASN1_HEADER_free                        4       EXIST::FUNCTION:
+ASN1_HEADER_free                        4       NOEXIST::FUNCTION:
-ASN1_HEADER_new                         5       EXIST::FUNCTION:
+ASN1_HEADER_new                         5       NOEXIST::FUNCTION:
-ASN1_IA5STRING_asn1_meth                6       EXIST::FUNCTION:
+ASN1_IA5STRING_asn1_meth                6       NOEXIST::FUNCTION:
 ASN1_INTEGER_get                        7       EXIST::FUNCTION:
 ASN1_INTEGER_set                        8       EXIST::FUNCTION:
 ASN1_INTEGER_to_BN                      9       EXIST::FUNCTION:
@@ -75,8 +75,8 @@ BIO_new                                 78	EXIST::FUNCTION:
 BIO_new_accept                          79      EXIST::FUNCTION:
 BIO_new_connect                         80      EXIST::FUNCTION:
 BIO_new_fd                              81      EXIST::FUNCTION:
-BIO_new_file                            82      EXIST:!WIN16:FUNCTION:FP_API
+BIO_new_file                            82      EXIST::FUNCTION:FP_API
-BIO_new_fp                              83      EXIST:!WIN16:FUNCTION:FP_API
+BIO_new_fp                              83      EXIST::FUNCTION:FP_API
 BIO_new_socket                          84      EXIST::FUNCTION:
 BIO_pop                                 85      EXIST::FUNCTION:
 BIO_printf                              86      EXIST::FUNCTION:
@@ -86,7 +86,7 @@ BIO_read                                89	EXIST::FUNCTION:
 BIO_s_accept                            90      EXIST::FUNCTION:
 BIO_s_connect                           91      EXIST::FUNCTION:
 BIO_s_fd                                92      EXIST::FUNCTION:
-BIO_s_file                              93      EXIST:!WIN16:FUNCTION:FP_API
+BIO_s_file                              93      EXIST::FUNCTION:FP_API
 BIO_s_mem                               95      EXIST::FUNCTION:
 BIO_s_null                              96      EXIST::FUNCTION:
 BIO_s_proxy_client                      97      NOEXIST::FUNCTION:
@@ -172,7 +172,7 @@ CRYPTO_dbg_realloc                      179	EXIST::FUNCTION:
 CRYPTO_dbg_remalloc                     180     NOEXIST::FUNCTION:
 CRYPTO_free                             181     EXIST::FUNCTION:
 CRYPTO_get_add_lock_callback            182     EXIST::FUNCTION:
-CRYPTO_get_id_callback                  183     EXIST::FUNCTION:
+CRYPTO_get_id_callback                  183     EXIST::FUNCTION:DEPRECATED
 CRYPTO_get_lock_name                    184     EXIST::FUNCTION:
 CRYPTO_get_locking_callback             185     EXIST::FUNCTION:
 CRYPTO_get_mem_functions                186     EXIST::FUNCTION:
@@ -185,10 +185,10 @@ CRYPTO_mem_leaks_fp                     192	EXIST::FUNCTION:FP_API
 CRYPTO_realloc                          193     EXIST::FUNCTION:
 CRYPTO_remalloc                         194     EXIST::FUNCTION:
 CRYPTO_set_add_lock_callback            195     EXIST::FUNCTION:
-CRYPTO_set_id_callback                  196     EXIST::FUNCTION:
+CRYPTO_set_id_callback                  196     EXIST::FUNCTION:DEPRECATED
 CRYPTO_set_locking_callback             197     EXIST::FUNCTION:
 CRYPTO_set_mem_functions                198     EXIST::FUNCTION:
-CRYPTO_thread_id                        199     EXIST::FUNCTION:
+CRYPTO_thread_id                        199     EXIST::FUNCTION:DEPRECATED
 DH_check                                200     EXIST::FUNCTION:DH
 DH_compute_key                          201     EXIST::FUNCTION:DH
 DH_free                                 202     EXIST::FUNCTION:DH
@@ -243,7 +243,7 @@ ERR_print_errors                        250	EXIST::FUNCTION:BIO
 ERR_print_errors_fp                     251     EXIST::FUNCTION:FP_API
 ERR_put_error                           252     EXIST::FUNCTION:
 ERR_reason_error_string                 253     EXIST::FUNCTION:
-ERR_remove_state                        254     EXIST::FUNCTION:
+ERR_remove_state                        254     EXIST::FUNCTION:DEPRECATED
 EVP_BytesToKey                          255     EXIST::FUNCTION:
 EVP_CIPHER_CTX_cleanup                  256     EXIST::FUNCTION:
 EVP_CipherFinal                         257     EXIST::FUNCTION:
@@ -343,7 +343,7 @@ NETSCAPE_SPKI_new                       350	EXIST::FUNCTION:
 NETSCAPE_SPKI_sign                      351     EXIST::FUNCTION:EVP
 NETSCAPE_SPKI_verify                    352     EXIST::FUNCTION:EVP
 OBJ_add_object                          353     EXIST::FUNCTION:
-OBJ_bsearch                             354     EXIST::FUNCTION:
+OBJ_bsearch                             354     NOEXIST::FUNCTION:
 OBJ_cleanup                             355     EXIST::FUNCTION:
 OBJ_cmp                                 356     EXIST::FUNCTION:
 OBJ_create                              357     EXIST::FUNCTION:
@@ -356,9 +356,9 @@ OBJ_nid2sn                              363	EXIST::FUNCTION:
 OBJ_obj2nid                             364     EXIST::FUNCTION:
 OBJ_sn2nid                              365     EXIST::FUNCTION:
 OBJ_txt2nid                             366     EXIST::FUNCTION:
-PEM_ASN1_read                           367     EXIST:!WIN16:FUNCTION:
+PEM_ASN1_read                           367     EXIST::FUNCTION:
 PEM_ASN1_read_bio                       368     EXIST::FUNCTION:BIO
-PEM_ASN1_write                          369     EXIST:!WIN16:FUNCTION:
+PEM_ASN1_write                          369     EXIST::FUNCTION:
 PEM_ASN1_write_bio                      370     EXIST::FUNCTION:BIO
 PEM_SealFinal                           371     EXIST::FUNCTION:RSA
 PEM_SealInit                            372     EXIST::FUNCTION:RSA
@@ -366,14 +366,14 @@ PEM_SealUpdate                          373	EXIST::FUNCTION:RSA
 PEM_SignFinal                           374     EXIST::FUNCTION:
 PEM_SignInit                            375     EXIST::FUNCTION:
 PEM_SignUpdate                          376     EXIST::FUNCTION:
-PEM_X509_INFO_read                      377     EXIST:!WIN16:FUNCTION:
+PEM_X509_INFO_read                      377     EXIST::FUNCTION:
 PEM_X509_INFO_read_bio                  378     EXIST::FUNCTION:BIO
 PEM_X509_INFO_write_bio                 379     EXIST::FUNCTION:BIO
 PEM_dek_info                            380     EXIST::FUNCTION:
 PEM_do_header                           381     EXIST::FUNCTION:
 PEM_get_EVP_CIPHER_INFO                 382     EXIST::FUNCTION:
 PEM_proc_type                           383     EXIST::FUNCTION:
-PEM_read                                384     EXIST:!WIN16:FUNCTION:
+PEM_read                                384     EXIST::FUNCTION:
 PEM_read_DHparams                       385     EXIST:!WIN16:FUNCTION:DH
 PEM_read_DSAPrivateKey                  386     EXIST:!WIN16:FUNCTION:DSA
 PEM_read_DSAparams                      387     EXIST:!WIN16:FUNCTION:DSA
@@ -393,7 +393,7 @@ PEM_read_bio_RSAPrivateKey              400	EXIST::FUNCTION:RSA
 PEM_read_bio_X509                       401     EXIST::FUNCTION:
 PEM_read_bio_X509_CRL                   402     EXIST::FUNCTION:
 PEM_read_bio_X509_REQ                   403     EXIST::FUNCTION:
-PEM_write                               404     EXIST:!WIN16:FUNCTION:
+PEM_write                               404     EXIST::FUNCTION:
 PEM_write_DHparams                      405     EXIST:!WIN16:FUNCTION:DH
 PEM_write_DSAPrivateKey                 406     EXIST:!WIN16:FUNCTION:DSA
 PEM_write_DSAparams                     407     EXIST:!WIN16:FUNCTION:DSA
@@ -469,7 +469,7 @@ RC2_set_key                             476	EXIST::FUNCTION:RC2
 RC4                                     477     EXIST::FUNCTION:RC4
 RC4_options                             478     EXIST::FUNCTION:RC4
 RC4_set_key                             479     EXIST::FUNCTION:RC4
-RSAPrivateKey_asn1_meth                 480     EXIST::FUNCTION:RSA
+RSAPrivateKey_asn1_meth                 480     NOEXIST::FUNCTION:
 RSAPrivateKey_dup                       481     EXIST::FUNCTION:RSA
 RSAPublicKey_dup                        482     EXIST::FUNCTION:RSA
 RSA_PKCS1_SSLeay                        483     EXIST::FUNCTION:RSA
@@ -624,7 +624,7 @@ X509_STORE_set_default_paths            630	EXIST::FUNCTION:STDIO
 X509_VAL_free                           631     EXIST::FUNCTION:
 X509_VAL_new                            632     EXIST::FUNCTION:
 X509_add_ext                            633     EXIST::FUNCTION:
-X509_asn1_meth                          634     EXIST::FUNCTION:
+X509_asn1_meth                          634     NOEXIST::FUNCTION:
 X509_certificate_type                   635     EXIST::FUNCTION:
 X509_check_private_key                  636     EXIST::FUNCTION:
 X509_cmp_current_time                   637     EXIST::FUNCTION:
@@ -704,7 +704,7 @@ bn_sqr_words                            710	EXIST::FUNCTION:
 _ossl_old_crypt                         711     EXIST:!NeXT,!PERL5:FUNCTION:DES
 d2i_ASN1_BIT_STRING                     712     EXIST::FUNCTION:
 d2i_ASN1_BOOLEAN                        713     EXIST::FUNCTION:
-d2i_ASN1_HEADER                         714     EXIST::FUNCTION:
+d2i_ASN1_HEADER                         714     NOEXIST::FUNCTION:
 d2i_ASN1_IA5STRING                      715     EXIST::FUNCTION:
 d2i_ASN1_INTEGER                        716     EXIST::FUNCTION:
 d2i_ASN1_OBJECT                         717     EXIST::FUNCTION:
@@ -809,7 +809,7 @@ i2a_ASN1_OBJECT                         816	EXIST::FUNCTION:BIO
 i2a_ASN1_STRING                         817     EXIST::FUNCTION:BIO
 i2d_ASN1_BIT_STRING                     818     EXIST::FUNCTION:
 i2d_ASN1_BOOLEAN                        819     EXIST::FUNCTION:
-i2d_ASN1_HEADER                         820     EXIST::FUNCTION:
+i2d_ASN1_HEADER                         820     NOEXIST::FUNCTION:
 i2d_ASN1_IA5STRING                      821     EXIST::FUNCTION:
 i2d_ASN1_INTEGER                        822     EXIST::FUNCTION:
 i2d_ASN1_OBJECT                         823     EXIST::FUNCTION:
@@ -950,9 +950,9 @@ ERR_get_next_error_library              966	EXIST::FUNCTION:
 EVP_PKEY_cmp_parameters                 967     EXIST::FUNCTION:
 HMAC_cleanup                            968     NOEXIST::FUNCTION:
 BIO_ptr_ctrl                            969     EXIST::FUNCTION:
-BIO_new_file_internal                   970     EXIST:WIN16:FUNCTION:FP_API
+BIO_new_file_internal                   970     NOEXIST::FUNCTION:
-BIO_new_fp_internal                     971     EXIST:WIN16:FUNCTION:FP_API
+BIO_new_fp_internal                     971     NOEXIST::FUNCTION:
-BIO_s_file_internal                     972     EXIST:WIN16:FUNCTION:FP_API
+BIO_s_file_internal                     972     NOEXIST::FUNCTION:
 BN_BLINDING_convert                     973     EXIST::FUNCTION:
 BN_BLINDING_invert                      974     EXIST::FUNCTION:
 BN_BLINDING_update                      975     EXIST::FUNCTION:
@@ -984,8 +984,8 @@ BIO_ghbn_ctrl                           1003	NOEXIST::FUNCTION:
 CRYPTO_free_ex_data                     1004    EXIST::FUNCTION:
 CRYPTO_get_ex_data                      1005    EXIST::FUNCTION:
 CRYPTO_set_ex_data                      1007    EXIST::FUNCTION:
-ERR_load_CRYPTO_strings                 1009    EXIST:!OS2,!VMS,!WIN16:FUNCTION:
+ERR_load_CRYPTO_strings                 1009    EXIST:!OS2,!VMS:FUNCTION:
-ERR_load_CRYPTOlib_strings              1009    EXIST:OS2,VMS,WIN16:FUNCTION:
+ERR_load_CRYPTOlib_strings              1009    EXIST:OS2,VMS:FUNCTION:
 EVP_PKEY_bits                           1010    EXIST::FUNCTION:
 MD5_Transform                           1011    EXIST::FUNCTION:MD5
 SHA1_Transform                          1012    EXIST::FUNCTION:SHA,SHA1
@@ -1117,11 +1117,11 @@ COMP_compress_block                     1144	EXIST::FUNCTION:
 COMP_expand_block                       1145    EXIST::FUNCTION:
 COMP_rle                                1146    EXIST::FUNCTION:
 COMP_zlib                               1147    EXIST::FUNCTION:
-ms_time_diff                            1148    EXIST::FUNCTION:
+ms_time_diff                            1148    NOEXIST::FUNCTION:
-ms_time_new                             1149    EXIST::FUNCTION:
+ms_time_new                             1149    NOEXIST::FUNCTION:
-ms_time_free                            1150    EXIST::FUNCTION:
+ms_time_free                            1150    NOEXIST::FUNCTION:
-ms_time_cmp                             1151    EXIST::FUNCTION:
+ms_time_cmp                             1151    NOEXIST::FUNCTION:
-ms_time_get                             1152    EXIST::FUNCTION:
+ms_time_get                             1152    NOEXIST::FUNCTION:
 PKCS7_set_attributes                    1153    EXIST::FUNCTION:
 PKCS7_set_signed_attributes             1154    EXIST::FUNCTION:
 X509_ATTRIBUTE_create                   1155    EXIST::FUNCTION:
@@ -1255,8 +1255,8 @@ PKCS12_gen_mac                          1278	EXIST::FUNCTION:
 PKCS12_verify_mac                       1279    EXIST::FUNCTION:
 PKCS12_set_mac                          1280    EXIST::FUNCTION:
 PKCS12_setup_mac                        1281    EXIST::FUNCTION:
-asc2uni                                 1282    EXIST::FUNCTION:
+OPENSSL_asc2uni                         1282    EXIST::FUNCTION:
-uni2asc                                 1283    EXIST::FUNCTION:
+OPENSSL_uni2asc                         1283    EXIST::FUNCTION:
 i2d_PKCS12_BAGS                         1284    EXIST::FUNCTION:
 PKCS12_BAGS_new                         1285    EXIST::FUNCTION:
 d2i_PKCS12_BAGS                         1286    EXIST::FUNCTION:
@@ -2081,7 +2081,7 @@ NETSCAPE_SPKAC_it                       2641	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
 NETSCAPE_SPKAC_it                       2641    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 X509_REVOKED_it                         2642    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 X509_REVOKED_it                         2642    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_STRING_encode                      2643    EXIST::FUNCTION:
+ASN1_STRING_encode                      2643    NOEXIST::FUNCTION:
 EVP_aes_128_ecb                         2644    EXIST::FUNCTION:AES
 KRB5_AUTHENT_free                       2645    EXIST::FUNCTION:
 OCSP_BASICRESP_get_ext_by_critical      2646    EXIST:!VMS:FUNCTION:
@@ -2732,8 +2732,8 @@ EC_POINT_point2oct                      3178	EXIST::FUNCTION:EC
 KRB5_APREQ_free                         3179    EXIST::FUNCTION:
 ASN1_OBJECT_it                          3180    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 ASN1_OBJECT_it                          3180    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_crlID_new                          3181    EXIST:!OS2,!VMS,!WIN16:FUNCTION:
+OCSP_crlID_new                          3181    EXIST:!OS2,!VMS:FUNCTION:
-OCSP_crlID2_new                         3181    EXIST:OS2,VMS,WIN16:FUNCTION:
+OCSP_crlID2_new                         3181    EXIST:OS2,VMS:FUNCTION:
 CONF_modules_load_file                  3182    EXIST::FUNCTION:
 CONF_imodule_set_usr_data               3183    EXIST::FUNCTION:
 ENGINE_set_default_string               3184    EXIST::FUNCTION:ENGINE
@@ -2804,57 +2804,57 @@ OPENSSL_cleanse                         3245	EXIST::FUNCTION:
 ENGINE_setup_bsd_cryptodev              3246    EXIST:__FreeBSD__:FUNCTION:ENGINE
 ERR_release_err_state_table             3247    EXIST::FUNCTION:LHASH
 EVP_aes_128_cfb8                        3248    EXIST::FUNCTION:AES
-FIPS_corrupt_rsa                        3249    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_rsa                        3249    NOEXIST::FUNCTION:
-FIPS_selftest_des                       3250    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_des                       3250    NOEXIST::FUNCTION:
 EVP_aes_128_cfb1                        3251    EXIST::FUNCTION:AES
 EVP_aes_192_cfb8                        3252    EXIST::FUNCTION:AES
-FIPS_mode_set                           3253    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_mode_set                           3253    NOEXIST::FUNCTION:
-FIPS_selftest_dsa                       3254    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_dsa                       3254    NOEXIST::FUNCTION:
 EVP_aes_256_cfb8                        3255    EXIST::FUNCTION:AES
 FIPS_allow_md5                          3256    NOEXIST::FUNCTION:
 DES_ede3_cfb_encrypt                    3257    EXIST::FUNCTION:DES
 EVP_des_ede3_cfb8                       3258    EXIST::FUNCTION:DES
 FIPS_rand_seeded                        3259    NOEXIST::FUNCTION:
-AES_cfbr_encrypt_block                  3260    EXIST::FUNCTION:AES
+AES_cfbr_encrypt_block                  3260    NOEXIST::FUNCTION:
 AES_cfb8_encrypt                        3261    EXIST::FUNCTION:AES
-FIPS_rand_seed                          3262    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_seed                          3262    NOEXIST::FUNCTION:
-FIPS_corrupt_des                        3263    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_des                        3263    NOEXIST::FUNCTION:
 EVP_aes_192_cfb1                        3264    EXIST::FUNCTION:AES
-FIPS_selftest_aes                       3265    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_aes                       3265    NOEXIST::FUNCTION:
 FIPS_set_prng_key                       3266    NOEXIST::FUNCTION:
 EVP_des_cfb8                            3267    EXIST::FUNCTION:DES
-FIPS_corrupt_dsa                        3268    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_dsa                        3268    NOEXIST::FUNCTION:
 FIPS_test_mode                          3269    NOEXIST::FUNCTION:
-FIPS_rand_method                        3270    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_method                        3270    NOEXIST::FUNCTION:
 EVP_aes_256_cfb1                        3271    EXIST::FUNCTION:AES
-ERR_load_FIPS_strings                   3272    EXIST:OPENSSL_FIPS:FUNCTION:
+ERR_load_FIPS_strings                   3272    NOEXIST::FUNCTION:
-FIPS_corrupt_aes                        3273    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_aes                        3273    NOEXIST::FUNCTION:
-FIPS_selftest_sha1                      3274    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_sha1                      3274    NOEXIST::FUNCTION:
-FIPS_selftest_rsa                       3275    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_rsa                       3275    NOEXIST::FUNCTION:
-FIPS_corrupt_sha1                       3276    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_sha1                       3276    NOEXIST::FUNCTION:
 EVP_des_cfb1                            3277    EXIST::FUNCTION:DES
 FIPS_dsa_check                          3278    NOEXIST::FUNCTION:
 AES_cfb1_encrypt                        3279    EXIST::FUNCTION:AES
 EVP_des_ede3_cfb1                       3280    EXIST::FUNCTION:DES
-FIPS_rand_check                         3281    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_check                         3281    NOEXIST::FUNCTION:
 FIPS_md5_allowed                        3282    NOEXIST::FUNCTION:
-FIPS_mode                               3283    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_mode                               3283    NOEXIST::FUNCTION:
-FIPS_selftest_failed                    3284    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_failed                    3284    NOEXIST::FUNCTION:
 sk_is_sorted                            3285    EXIST::FUNCTION:
 X509_check_ca                           3286    EXIST::FUNCTION:
-private_idea_set_encrypt_key            3287    EXIST:OPENSSL_FIPS:FUNCTION:IDEA
+private_idea_set_encrypt_key            3287    NOEXIST::FUNCTION:
 HMAC_CTX_set_flags                      3288    EXIST::FUNCTION:HMAC
-private_SHA_Init                        3289    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0
+private_SHA_Init                        3289    NOEXIST::FUNCTION:
-private_CAST_set_key                    3290    EXIST:OPENSSL_FIPS:FUNCTION:CAST
+private_CAST_set_key                    3290    NOEXIST::FUNCTION:
-private_RIPEMD160_Init                  3291    EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD
+private_RIPEMD160_Init                  3291    NOEXIST::FUNCTION:
-private_RC5_32_set_key                  3292    EXIST:OPENSSL_FIPS:FUNCTION:RC5
+private_RC5_32_set_key                  3292    NOEXIST::FUNCTION:
-private_MD5_Init                        3293    EXIST:OPENSSL_FIPS:FUNCTION:MD5
+private_MD5_Init                        3293    NOEXIST::FUNCTION:
-private_RC4_set_key                     3294    EXIST:OPENSSL_FIPS:FUNCTION:RC4
+private_RC4_set_key                     3294    NOEXIST::FUNCTION:
-private_MDC2_Init                       3295    EXIST:OPENSSL_FIPS:FUNCTION:MDC2
+private_MDC2_Init                       3295    NOEXIST::FUNCTION:
-private_RC2_set_key                     3296    EXIST:OPENSSL_FIPS:FUNCTION:RC2
+private_RC2_set_key                     3296    NOEXIST::FUNCTION:
-private_MD4_Init                        3297    EXIST:OPENSSL_FIPS:FUNCTION:MD4
+private_MD4_Init                        3297    NOEXIST::FUNCTION:
-private_BF_set_key                      3298    EXIST:OPENSSL_FIPS:FUNCTION:BF
+private_BF_set_key                      3298    NOEXIST::FUNCTION:
-private_MD2_Init                        3299    EXIST:OPENSSL_FIPS:FUNCTION:MD2
+private_MD2_Init                        3299    NOEXIST::FUNCTION:
 d2i_PROXY_CERT_INFO_EXTENSION           3300    EXIST::FUNCTION:
 PROXY_POLICY_it                         3301    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 PROXY_POLICY_it                         3301    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2868,13 +2868,13 @@ PROXY_CERT_INFO_EXTENSION_it            3307	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
 PROXY_POLICY_free                       3308    EXIST::FUNCTION:
 PROXY_POLICY_new                        3309    EXIST::FUNCTION:
 BN_MONT_CTX_set_locked                  3310    EXIST::FUNCTION:
-FIPS_selftest_rng                       3311    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_rng                       3311    NOEXIST::FUNCTION:
-EVP_sha384                              3312    EXIST::FUNCTION:SHA,SHA512
+EVP_sha384                              3312    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-EVP_sha512                              3313    EXIST::FUNCTION:SHA,SHA512
+EVP_sha512                              3313    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 EVP_sha224                              3314    EXIST::FUNCTION:SHA,SHA256
 EVP_sha256                              3315    EXIST::FUNCTION:SHA,SHA256
-FIPS_selftest_hmac                      3316    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_hmac                      3316    NOEXIST::FUNCTION:
-FIPS_corrupt_rng                        3317    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_rng                        3317    NOEXIST::FUNCTION:
 BN_mod_exp_mont_consttime               3318    EXIST::FUNCTION:
 RSA_X931_hash_id                        3319    EXIST::FUNCTION:RSA
 RSA_padding_check_X931                  3320    EXIST::FUNCTION:RSA
@@ -2882,7 +2882,7 @@ RSA_verify_PKCS1_PSS                    3321	EXIST::FUNCTION:RSA
 RSA_padding_add_X931                    3322    EXIST::FUNCTION:RSA
 RSA_padding_add_PKCS1_PSS               3323    EXIST::FUNCTION:RSA
 PKCS1_MGF1                              3324    EXIST::FUNCTION:RSA
-BN_X931_generate_Xpq                    3325    EXIST::FUNCTION:
+BN_X931_generate_Xpq                    3325    NOEXIST::FUNCTION:
 RSA_X931_generate_key                   3326    NOEXIST::FUNCTION:
 BN_X931_derive_prime                    3327    NOEXIST::FUNCTION:
 BN_X931_generate_prime                  3328    NOEXIST::FUNCTION:
@@ -2893,43 +2893,43 @@ ERR_set_mark                            3332	EXIST::FUNCTION:
 X509_STORE_CTX_set0_crls                3333    EXIST::FUNCTION:
 ENGINE_set_STORE                        3334    EXIST::FUNCTION:ENGINE
 ENGINE_register_ECDSA                   3335    EXIST::FUNCTION:ENGINE
-STORE_method_set_list_start_function    3336    EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_start_fn            3336    NOEXIST::FUNCTION:
-STORE_meth_set_list_start_fn            3336    EXIST:VMS:FUNCTION:
+STORE_method_set_list_start_function    3336    NOEXIST::FUNCTION:
 BN_BLINDING_invert_ex                   3337    EXIST::FUNCTION:
 NAME_CONSTRAINTS_free                   3338    EXIST::FUNCTION:
-STORE_ATTR_INFO_set_number              3339    EXIST::FUNCTION:
+STORE_ATTR_INFO_set_number              3339    NOEXIST::FUNCTION:
-BN_BLINDING_get_thread_id               3340    EXIST::FUNCTION:
+BN_BLINDING_get_thread_id               3340    EXIST::FUNCTION:DEPRECATED
 X509_STORE_CTX_set0_param               3341    EXIST::FUNCTION:
 POLICY_MAPPING_it                       3342    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 POLICY_MAPPING_it                       3342    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_parse_attrs_start                 3343    EXIST::FUNCTION:
+STORE_parse_attrs_start                 3343    NOEXIST::FUNCTION:
 POLICY_CONSTRAINTS_free                 3344    EXIST::FUNCTION:
 EVP_PKEY_add1_attr_by_NID               3345    EXIST::FUNCTION:
 BN_nist_mod_192                         3346    EXIST::FUNCTION:
 EC_GROUP_get_trinomial_basis            3347    EXIST::FUNCTION:EC
-STORE_set_method                        3348    EXIST::FUNCTION:
+STORE_set_method                        3348    NOEXIST::FUNCTION:
 GENERAL_SUBTREE_free                    3349    EXIST::FUNCTION:
 NAME_CONSTRAINTS_it                     3350    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 NAME_CONSTRAINTS_it                     3350    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 ECDH_get_default_method                 3351    EXIST::FUNCTION:ECDH
 PKCS12_add_safe                         3352    EXIST::FUNCTION:
 EC_KEY_new_by_curve_name                3353    EXIST::FUNCTION:EC
-STORE_method_get_update_store_function  3354    EXIST:!VMS:FUNCTION:
+STORE_meth_get_update_store_fn          3354    NOEXIST::FUNCTION:
-STORE_meth_get_update_store_fn          3354    EXIST:VMS:FUNCTION:
+STORE_method_get_update_store_function  3354    NOEXIST::FUNCTION:
 ENGINE_register_ECDH                    3355    EXIST::FUNCTION:ENGINE
-SHA512_Update                           3356    EXIST::FUNCTION:SHA,SHA512
+SHA512_Update                           3356    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 i2d_ECPrivateKey                        3357    EXIST::FUNCTION:EC
 BN_get0_nist_prime_192                  3358    EXIST::FUNCTION:
-STORE_modify_certificate                3359    EXIST::FUNCTION:
+STORE_modify_certificate                3359    NOEXIST::FUNCTION:
 EC_POINT_set_affine_coordinates_GF2m    3360    EXIST:!VMS:FUNCTION:EC
 EC_POINT_set_affine_coords_GF2m         3360    EXIST:VMS:FUNCTION:EC
 BN_GF2m_mod_exp_arr                     3361    EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_number           3362    EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_number           3362    NOEXIST::FUNCTION:
 X509_keyid_get0                         3363    EXIST::FUNCTION:
 ENGINE_load_gmp                         3364    EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE
 pitem_new                               3365    EXIST::FUNCTION:
 BN_GF2m_mod_mul_arr                     3366    EXIST::FUNCTION:
-STORE_list_public_key_endp              3367    EXIST::FUNCTION:
+STORE_list_public_key_endp              3367    NOEXIST::FUNCTION:
 o2i_ECPublicKey                         3368    EXIST::FUNCTION:EC
 EC_KEY_copy                             3369    EXIST::FUNCTION:EC
 BIO_dump_fp                             3370    EXIST::FUNCTION:FP_API
@@ -2938,25 +2938,25 @@ EC_GROUP_check_discriminant             3372	EXIST::FUNCTION:EC
 i2o_ECPublicKey                         3373    EXIST::FUNCTION:EC
 EC_KEY_precompute_mult                  3374    EXIST::FUNCTION:EC
 a2i_IPADDRESS                           3375    EXIST::FUNCTION:
-STORE_method_set_initialise_function    3376    EXIST:!VMS:FUNCTION:
+STORE_meth_set_initialise_fn            3376    NOEXIST::FUNCTION:
-STORE_meth_set_initialise_fn            3376    EXIST:VMS:FUNCTION:
+STORE_method_set_initialise_function    3376    NOEXIST::FUNCTION:
 X509_STORE_CTX_set_depth                3377    EXIST::FUNCTION:
 X509_VERIFY_PARAM_inherit               3378    EXIST::FUNCTION:
 EC_POINT_point2bn                       3379    EXIST::FUNCTION:EC
-STORE_ATTR_INFO_set_dn                  3380    EXIST::FUNCTION:
+STORE_ATTR_INFO_set_dn                  3380    NOEXIST::FUNCTION:
 X509_policy_tree_get0_policies          3381    EXIST::FUNCTION:
 EC_GROUP_new_curve_GF2m                 3382    EXIST::FUNCTION:EC
-STORE_destroy_method                    3383    EXIST::FUNCTION:
+STORE_destroy_method                    3383    NOEXIST::FUNCTION:
 ENGINE_unregister_STORE                 3384    EXIST::FUNCTION:ENGINE
 EVP_PKEY_get1_EC_KEY                    3385    EXIST::FUNCTION:EC
-STORE_ATTR_INFO_get0_number             3386    EXIST::FUNCTION:
+STORE_ATTR_INFO_get0_number             3386    NOEXIST::FUNCTION:
 ENGINE_get_default_ECDH                 3387    EXIST::FUNCTION:ENGINE
 EC_KEY_get_conv_form                    3388    EXIST::FUNCTION:EC
 ASN1_OCTET_STRING_NDEF_it               3389    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 ASN1_OCTET_STRING_NDEF_it               3389    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_delete_public_key                 3390    EXIST::FUNCTION:
+STORE_delete_public_key                 3390    NOEXIST::FUNCTION:
-STORE_get_public_key                    3391    EXIST::FUNCTION:
+STORE_get_public_key                    3391    NOEXIST::FUNCTION:
-STORE_modify_arbitrary                  3392    EXIST::FUNCTION:
+STORE_modify_arbitrary                  3392    NOEXIST::FUNCTION:
 ENGINE_get_static_state                 3393    EXIST::FUNCTION:ENGINE
 pqueue_iterator                         3394    EXIST::FUNCTION:
 ECDSA_SIG_new                           3395    EXIST::FUNCTION:ECDSA
@@ -2965,14 +2965,14 @@ BN_GF2m_mod_sqr                         3397	EXIST::FUNCTION:
 EC_POINT_bn2point                       3398    EXIST::FUNCTION:EC
 X509_VERIFY_PARAM_set_depth             3399    EXIST::FUNCTION:
 EC_KEY_set_asn1_flag                    3400    EXIST::FUNCTION:EC
-STORE_get_method                        3401    EXIST::FUNCTION:
+STORE_get_method                        3401    NOEXIST::FUNCTION:
 EC_KEY_get_key_method_data              3402    EXIST::FUNCTION:EC
 ECDSA_sign_ex                           3403    EXIST::FUNCTION:ECDSA
-STORE_parse_attrs_end                   3404    EXIST::FUNCTION:
+STORE_parse_attrs_end                   3404    NOEXIST::FUNCTION:
 EC_GROUP_get_point_conversion_form      3405    EXIST:!VMS:FUNCTION:EC
 EC_GROUP_get_point_conv_form            3405    EXIST:VMS:FUNCTION:EC
-STORE_method_set_store_function         3406    EXIST::FUNCTION:
+STORE_method_set_store_function         3406    NOEXIST::FUNCTION:
-STORE_ATTR_INFO_in                      3407    EXIST::FUNCTION:
+STORE_ATTR_INFO_in                      3407    NOEXIST::FUNCTION:
 PEM_read_bio_ECPKParameters             3408    EXIST::FUNCTION:EC
 EC_GROUP_get_pentanomial_basis          3409    EXIST::FUNCTION:EC
 EVP_PKEY_add1_attr_by_txt               3410    EXIST::FUNCTION:
@@ -2980,7 +2980,7 @@ BN_BLINDING_set_flags                   3411	EXIST::FUNCTION:
 X509_VERIFY_PARAM_set1_policies         3412    EXIST::FUNCTION:
 X509_VERIFY_PARAM_set1_name             3413    EXIST::FUNCTION:
 X509_VERIFY_PARAM_set_purpose           3414    EXIST::FUNCTION:
-STORE_get_number                        3415    EXIST::FUNCTION:
+STORE_get_number                        3415    NOEXIST::FUNCTION:
 ECDSA_sign_setup                        3416    EXIST::FUNCTION:ECDSA
 BN_GF2m_mod_solve_quad_arr              3417    EXIST::FUNCTION:
 EC_KEY_up_ref                           3418    EXIST::FUNCTION:EC
@@ -2988,14 +2988,14 @@ POLICY_MAPPING_free                     3419	EXIST::FUNCTION:
 BN_GF2m_mod_div                         3420    EXIST::FUNCTION:
 X509_VERIFY_PARAM_set_flags             3421    EXIST::FUNCTION:
 EC_KEY_free                             3422    EXIST::FUNCTION:EC
-STORE_method_set_list_next_function     3423    EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_next_fn             3423    NOEXIST::FUNCTION:
-STORE_meth_set_list_next_fn             3423    EXIST:VMS:FUNCTION:
+STORE_method_set_list_next_function     3423    NOEXIST::FUNCTION:
 PEM_write_bio_ECPrivateKey              3424    EXIST::FUNCTION:EC
 d2i_EC_PUBKEY                           3425    EXIST::FUNCTION:EC
-STORE_method_get_generate_function      3426    EXIST:!VMS:FUNCTION:
+STORE_meth_get_generate_fn              3426    NOEXIST::FUNCTION:
-STORE_meth_get_generate_fn              3426    EXIST:VMS:FUNCTION:
+STORE_method_get_generate_function      3426    NOEXIST::FUNCTION:
-STORE_method_set_list_end_function      3427    EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_end_fn              3427    NOEXIST::FUNCTION:
-STORE_meth_set_list_end_fn              3427    EXIST:VMS:FUNCTION:
+STORE_method_set_list_end_function      3427    NOEXIST::FUNCTION:
 pqueue_print                            3428    EXIST::FUNCTION:
 EC_GROUP_have_precompute_mult           3429    EXIST::FUNCTION:EC
 EC_KEY_print_fp                         3430    EXIST::FUNCTION:EC,FP_API
@@ -3003,8 +3003,8 @@ BN_GF2m_mod_arr                         3431	EXIST::FUNCTION:
 PEM_write_bio_X509_CERT_PAIR            3432    EXIST::FUNCTION:
 EVP_PKEY_cmp                            3433    EXIST::FUNCTION:
 X509_policy_level_node_count            3434    EXIST::FUNCTION:
-STORE_new_engine                        3435    EXIST::FUNCTION:
+STORE_new_engine                        3435    NOEXIST::FUNCTION:
-STORE_list_public_key_start             3436    EXIST::FUNCTION:
+STORE_list_public_key_start             3436    NOEXIST::FUNCTION:
 X509_VERIFY_PARAM_new                   3437    EXIST::FUNCTION:
 ECDH_get_ex_data                        3438    EXIST::FUNCTION:ECDH
 EVP_PKEY_get_attr                       3439    EXIST::FUNCTION:
@@ -3014,11 +3014,11 @@ ECDH_OpenSSL                            3442	EXIST::FUNCTION:ECDH
 EC_KEY_set_conv_form                    3443    EXIST::FUNCTION:EC
 EC_POINT_dup                            3444    EXIST::FUNCTION:EC
 GENERAL_SUBTREE_new                     3445    EXIST::FUNCTION:
-STORE_list_crl_endp                     3446    EXIST::FUNCTION:
+STORE_list_crl_endp                     3446    NOEXIST::FUNCTION:
 EC_get_builtin_curves                   3447    EXIST::FUNCTION:EC
 X509_policy_node_get0_qualifiers        3448    EXIST:!VMS:FUNCTION:
 X509_pcy_node_get0_qualifiers           3448    EXIST:VMS:FUNCTION:
-STORE_list_crl_end                      3449    EXIST::FUNCTION:
+STORE_list_crl_end                      3449    NOEXIST::FUNCTION:
 EVP_PKEY_set1_EC_KEY                    3450    EXIST::FUNCTION:EC
 BN_GF2m_mod_sqrt_arr                    3451    EXIST::FUNCTION:
 i2d_ECPrivateKey_bio                    3452    EXIST::FUNCTION:BIO,EC
@@ -3026,60 +3026,60 @@ ECPKParameters_print_fp                 3453	EXIST::FUNCTION:EC,FP_API
 pqueue_find                             3454    EXIST::FUNCTION:
 ECDSA_SIG_free                          3455    EXIST::FUNCTION:ECDSA
 PEM_write_bio_ECPKParameters            3456    EXIST::FUNCTION:EC
-STORE_method_set_ctrl_function          3457    EXIST::FUNCTION:
+STORE_method_set_ctrl_function          3457    NOEXIST::FUNCTION:
-STORE_list_public_key_end               3458    EXIST::FUNCTION:
+STORE_list_public_key_end               3458    NOEXIST::FUNCTION:
 EC_KEY_set_private_key                  3459    EXIST::FUNCTION:EC
 pqueue_peek                             3460    EXIST::FUNCTION:
-STORE_get_arbitrary                     3461    EXIST::FUNCTION:
+STORE_get_arbitrary                     3461    NOEXIST::FUNCTION:
-STORE_store_crl                         3462    EXIST::FUNCTION:
+STORE_store_crl                         3462    NOEXIST::FUNCTION:
 X509_policy_node_get0_policy            3463    EXIST::FUNCTION:
 PKCS12_add_safes                        3464    EXIST::FUNCTION:
 BN_BLINDING_convert_ex                  3465    EXIST::FUNCTION:
 X509_policy_tree_free                   3466    EXIST::FUNCTION:
 OPENSSL_ia32cap_loc                     3467    EXIST::FUNCTION:
 BN_GF2m_poly2arr                        3468    EXIST::FUNCTION:
-STORE_ctrl                              3469    EXIST::FUNCTION:
+STORE_ctrl                              3469    NOEXIST::FUNCTION:
-STORE_ATTR_INFO_compare                 3470    EXIST::FUNCTION:
+STORE_ATTR_INFO_compare                 3470    NOEXIST::FUNCTION:
 BN_get0_nist_prime_224                  3471    EXIST::FUNCTION:
 i2d_ECParameters                        3472    EXIST::FUNCTION:EC
 i2d_ECPKParameters                      3473    EXIST::FUNCTION:EC
 BN_GENCB_call                           3474    EXIST::FUNCTION:
 d2i_ECPKParameters                      3475    EXIST::FUNCTION:EC
-STORE_method_set_generate_function      3476    EXIST:!VMS:FUNCTION:
+STORE_meth_set_generate_fn              3476    NOEXIST::FUNCTION:
-STORE_meth_set_generate_fn              3476    EXIST:VMS:FUNCTION:
+STORE_method_set_generate_function      3476    NOEXIST::FUNCTION:
 ENGINE_set_ECDH                         3477    EXIST::FUNCTION:ENGINE
 NAME_CONSTRAINTS_new                    3478    EXIST::FUNCTION:
 SHA256_Init                             3479    EXIST::FUNCTION:SHA,SHA256
 EC_KEY_get0_public_key                  3480    EXIST::FUNCTION:EC
 PEM_write_bio_EC_PUBKEY                 3481    EXIST::FUNCTION:EC
-STORE_ATTR_INFO_set_cstr                3482    EXIST::FUNCTION:
+STORE_ATTR_INFO_set_cstr                3482    NOEXIST::FUNCTION:
-STORE_list_crl_next                     3483    EXIST::FUNCTION:
+STORE_list_crl_next                     3483    NOEXIST::FUNCTION:
-STORE_ATTR_INFO_in_range                3484    EXIST::FUNCTION:
+STORE_ATTR_INFO_in_range                3484    NOEXIST::FUNCTION:
 ECParameters_print                      3485    EXIST::FUNCTION:BIO,EC
-STORE_method_set_delete_function        3486    EXIST:!VMS:FUNCTION:
+STORE_meth_set_delete_fn                3486    NOEXIST::FUNCTION:
-STORE_meth_set_delete_fn                3486    EXIST:VMS:FUNCTION:
+STORE_method_set_delete_function        3486    NOEXIST::FUNCTION:
-STORE_list_certificate_next             3487    EXIST::FUNCTION:
+STORE_list_certificate_next             3487    NOEXIST::FUNCTION:
 ASN1_generate_nconf                     3488    EXIST::FUNCTION:
 BUF_memdup                              3489    EXIST::FUNCTION:
 BN_GF2m_mod_mul                         3490    EXIST::FUNCTION:
-STORE_method_get_list_next_function     3491    EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_next_fn             3491    NOEXIST::FUNCTION:
-STORE_meth_get_list_next_fn             3491    EXIST:VMS:FUNCTION:
+STORE_method_get_list_next_function     3491    NOEXIST::FUNCTION:
-STORE_ATTR_INFO_get0_dn                 3492    EXIST::FUNCTION:
+STORE_ATTR_INFO_get0_dn                 3492    NOEXIST::FUNCTION:
-STORE_list_private_key_next             3493    EXIST::FUNCTION:
+STORE_list_private_key_next             3493    NOEXIST::FUNCTION:
 EC_GROUP_set_seed                       3494    EXIST::FUNCTION:EC
 X509_VERIFY_PARAM_set_trust             3495    EXIST::FUNCTION:
-STORE_ATTR_INFO_free                    3496    EXIST::FUNCTION:
+STORE_ATTR_INFO_free                    3496    NOEXIST::FUNCTION:
-STORE_get_private_key                   3497    EXIST::FUNCTION:
+STORE_get_private_key                   3497    NOEXIST::FUNCTION:
 EVP_PKEY_get_attr_count                 3498    EXIST::FUNCTION:
-STORE_ATTR_INFO_new                     3499    EXIST::FUNCTION:
+STORE_ATTR_INFO_new                     3499    NOEXIST::FUNCTION:
 EC_GROUP_get_curve_GF2m                 3500    EXIST::FUNCTION:EC
-STORE_method_set_revoke_function        3501    EXIST:!VMS:FUNCTION:
+STORE_meth_set_revoke_fn                3501    NOEXIST::FUNCTION:
-STORE_meth_set_revoke_fn                3501    EXIST:VMS:FUNCTION:
+STORE_method_set_revoke_function        3501    NOEXIST::FUNCTION:
-STORE_store_number                      3502    EXIST::FUNCTION:
+STORE_store_number                      3502    NOEXIST::FUNCTION:
 BN_is_prime_ex                          3503    EXIST::FUNCTION:
-STORE_revoke_public_key                 3504    EXIST::FUNCTION:
+STORE_revoke_public_key                 3504    NOEXIST::FUNCTION:
 X509_STORE_CTX_get0_param               3505    EXIST::FUNCTION:
-STORE_delete_arbitrary                  3506    EXIST::FUNCTION:
+STORE_delete_arbitrary                  3506    NOEXIST::FUNCTION:
 PEM_read_X509_CERT_PAIR                 3507    EXIST:!WIN16:FUNCTION:
 X509_STORE_set_depth                    3508    EXIST::FUNCTION:
 ECDSA_get_ex_data                       3509    EXIST::FUNCTION:ECDSA
@@ -3087,40 +3087,40 @@ SHA224                                  3510	EXIST::FUNCTION:SHA,SHA256
 BIO_dump_indent_fp                      3511    EXIST::FUNCTION:FP_API
 EC_KEY_set_group                        3512    EXIST::FUNCTION:EC
 BUF_strndup                             3513    EXIST::FUNCTION:
-STORE_list_certificate_start            3514    EXIST::FUNCTION:
+STORE_list_certificate_start            3514    NOEXIST::FUNCTION:
 BN_GF2m_mod                             3515    EXIST::FUNCTION:
 X509_REQ_check_private_key              3516    EXIST::FUNCTION:
 EC_GROUP_get_seed_len                   3517    EXIST::FUNCTION:EC
-ERR_load_STORE_strings                  3518    EXIST::FUNCTION:
+ERR_load_STORE_strings                  3518    NOEXIST::FUNCTION:
 PEM_read_bio_EC_PUBKEY                  3519    EXIST::FUNCTION:EC
-STORE_list_private_key_end              3520    EXIST::FUNCTION:
+STORE_list_private_key_end              3520    NOEXIST::FUNCTION:
 i2d_EC_PUBKEY                           3521    EXIST::FUNCTION:EC
 ECDSA_get_default_method                3522    EXIST::FUNCTION:ECDSA
 ASN1_put_eoc                            3523    EXIST::FUNCTION:
 X509_STORE_CTX_get_explicit_policy      3524    EXIST:!VMS:FUNCTION:
 X509_STORE_CTX_get_expl_policy          3524    EXIST:VMS:FUNCTION:
 X509_VERIFY_PARAM_table_cleanup         3525    EXIST::FUNCTION:
-STORE_modify_private_key                3526    EXIST::FUNCTION:
+STORE_modify_private_key                3526    NOEXIST::FUNCTION:
 X509_VERIFY_PARAM_free                  3527    EXIST::FUNCTION:
 EC_METHOD_get_field_type                3528    EXIST::FUNCTION:EC
 EC_GFp_nist_method                      3529    EXIST::FUNCTION:EC
-STORE_method_set_modify_function        3530    EXIST:!VMS:FUNCTION:
+STORE_meth_set_modify_fn                3530    NOEXIST::FUNCTION:
-STORE_meth_set_modify_fn                3530    EXIST:VMS:FUNCTION:
+STORE_method_set_modify_function        3530    NOEXIST::FUNCTION:
-STORE_parse_attrs_next                  3531    EXIST::FUNCTION:
+STORE_parse_attrs_next                  3531    NOEXIST::FUNCTION:
-ENGINE_load_padlock                     3532    EXIST::FUNCTION:ENGINE
+ENGINE_load_padlock                     3532    EXIST::FUNCTION:ENGINE,STATIC_ENGINE
 EC_GROUP_set_curve_name                 3533    EXIST::FUNCTION:EC
 X509_CERT_PAIR_it                       3534    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 X509_CERT_PAIR_it                       3534    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_method_get_revoke_function        3535    EXIST:!VMS:FUNCTION:
+STORE_meth_get_revoke_fn                3535    NOEXIST::FUNCTION:
-STORE_meth_get_revoke_fn                3535    EXIST:VMS:FUNCTION:
+STORE_method_get_revoke_function        3535    NOEXIST::FUNCTION:
-STORE_method_set_get_function           3536    EXIST::FUNCTION:
+STORE_method_set_get_function           3536    NOEXIST::FUNCTION:
-STORE_modify_number                     3537    EXIST::FUNCTION:
+STORE_modify_number                     3537    NOEXIST::FUNCTION:
-STORE_method_get_store_function         3538    EXIST::FUNCTION:
+STORE_method_get_store_function         3538    NOEXIST::FUNCTION:
-STORE_store_private_key                 3539    EXIST::FUNCTION:
+STORE_store_private_key                 3539    NOEXIST::FUNCTION:
 BN_GF2m_mod_sqr_arr                     3540    EXIST::FUNCTION:
 RSA_setup_blinding                      3541    EXIST::FUNCTION:RSA
 BIO_s_datagram                          3542    EXIST::FUNCTION:DGRAM
-STORE_Memory                            3543    EXIST::FUNCTION:
+STORE_Memory                            3543    NOEXIST::FUNCTION:
 sk_find_ex                              3544    EXIST::FUNCTION:
 EC_GROUP_set_curve_GF2m                 3545    EXIST::FUNCTION:EC
 ENGINE_set_default_ECDSA                3546    EXIST::FUNCTION:ENGINE
@@ -3128,69 +3128,69 @@ POLICY_CONSTRAINTS_new                  3547	EXIST::FUNCTION:
 BN_GF2m_mod_sqrt                        3548    EXIST::FUNCTION:
 ECDH_set_default_method                 3549    EXIST::FUNCTION:ECDH
 EC_KEY_generate_key                     3550    EXIST::FUNCTION:EC
-SHA384_Update                           3551    EXIST::FUNCTION:SHA,SHA512
+SHA384_Update                           3551    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 BN_GF2m_arr2poly                        3552    EXIST::FUNCTION:
-STORE_method_get_get_function           3553    EXIST::FUNCTION:
+STORE_method_get_get_function           3553    NOEXIST::FUNCTION:
-STORE_method_set_cleanup_function       3554    EXIST:!VMS:FUNCTION:
+STORE_meth_set_cleanup_fn               3554    NOEXIST::FUNCTION:
-STORE_meth_set_cleanup_fn               3554    EXIST:VMS:FUNCTION:
+STORE_method_set_cleanup_function       3554    NOEXIST::FUNCTION:
 EC_GROUP_check                          3555    EXIST::FUNCTION:EC
 d2i_ECPrivateKey_bio                    3556    EXIST::FUNCTION:BIO,EC
 EC_KEY_insert_key_method_data           3557    EXIST::FUNCTION:EC
-STORE_method_get_lock_store_function    3558    EXIST:!VMS:FUNCTION:
+STORE_meth_get_lock_store_fn            3558    NOEXIST::FUNCTION:
-STORE_meth_get_lock_store_fn            3558    EXIST:VMS:FUNCTION:
+STORE_method_get_lock_store_function    3558    NOEXIST::FUNCTION:
 X509_VERIFY_PARAM_get_depth             3559    EXIST::FUNCTION:
 SHA224_Final                            3560    EXIST::FUNCTION:SHA,SHA256
-STORE_method_set_update_store_function  3561    EXIST:!VMS:FUNCTION:
+STORE_meth_set_update_store_fn          3561    NOEXIST::FUNCTION:
-STORE_meth_set_update_store_fn          3561    EXIST:VMS:FUNCTION:
+STORE_method_set_update_store_function  3561    NOEXIST::FUNCTION:
 SHA224_Update                           3562    EXIST::FUNCTION:SHA,SHA256
 d2i_ECPrivateKey                        3563    EXIST::FUNCTION:EC
 ASN1_item_ndef_i2d                      3564    EXIST::FUNCTION:
-STORE_delete_private_key                3565    EXIST::FUNCTION:
+STORE_delete_private_key                3565    NOEXIST::FUNCTION:
 ERR_pop_to_mark                         3566    EXIST::FUNCTION:
 ENGINE_register_all_STORE               3567    EXIST::FUNCTION:ENGINE
 X509_policy_level_get0_node             3568    EXIST::FUNCTION:
 i2d_PKCS7_NDEF                          3569    EXIST::FUNCTION:
 EC_GROUP_get_degree                     3570    EXIST::FUNCTION:EC
 ASN1_generate_v3                        3571    EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_cstr             3572    EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_cstr             3572    NOEXIST::FUNCTION:
 X509_policy_tree_level_count            3573    EXIST::FUNCTION:
 BN_GF2m_add                             3574    EXIST::FUNCTION:
 EC_KEY_get0_group                       3575    EXIST::FUNCTION:EC
-STORE_generate_crl                      3576    EXIST::FUNCTION:
+STORE_generate_crl                      3576    NOEXIST::FUNCTION:
-STORE_store_public_key                  3577    EXIST::FUNCTION:
+STORE_store_public_key                  3577    NOEXIST::FUNCTION:
 X509_CERT_PAIR_free                     3578    EXIST::FUNCTION:
-STORE_revoke_private_key                3579    EXIST::FUNCTION:
+STORE_revoke_private_key                3579    NOEXIST::FUNCTION:
 BN_nist_mod_224                         3580    EXIST::FUNCTION:
-SHA512_Final                            3581    EXIST::FUNCTION:SHA,SHA512
+SHA512_Final                            3581    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-STORE_ATTR_INFO_modify_dn               3582    EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_dn               3582    NOEXIST::FUNCTION:
-STORE_method_get_initialise_function    3583    EXIST:!VMS:FUNCTION:
+STORE_meth_get_initialise_fn            3583    NOEXIST::FUNCTION:
-STORE_meth_get_initialise_fn            3583    EXIST:VMS:FUNCTION:
+STORE_method_get_initialise_function    3583    NOEXIST::FUNCTION:
-STORE_delete_number                     3584    EXIST::FUNCTION:
+STORE_delete_number                     3584    NOEXIST::FUNCTION:
 i2d_EC_PUBKEY_bio                       3585    EXIST::FUNCTION:BIO,EC
 BIO_dgram_non_fatal_error               3586    EXIST::FUNCTION:
 EC_GROUP_get_asn1_flag                  3587    EXIST::FUNCTION:EC
-STORE_ATTR_INFO_in_ex                   3588    EXIST::FUNCTION:
+STORE_ATTR_INFO_in_ex                   3588    NOEXIST::FUNCTION:
-STORE_list_crl_start                    3589    EXIST::FUNCTION:
+STORE_list_crl_start                    3589    NOEXIST::FUNCTION:
 ECDH_get_ex_new_index                   3590    EXIST::FUNCTION:ECDH
-STORE_method_get_modify_function        3591    EXIST:!VMS:FUNCTION:
+STORE_meth_get_modify_fn                3591    NOEXIST::FUNCTION:
-STORE_meth_get_modify_fn                3591    EXIST:VMS:FUNCTION:
+STORE_method_get_modify_function        3591    NOEXIST::FUNCTION:
 v2i_ASN1_BIT_STRING                     3592    EXIST::FUNCTION:
-STORE_store_certificate                 3593    EXIST::FUNCTION:
+STORE_store_certificate                 3593    NOEXIST::FUNCTION:
-OBJ_bsearch_ex                          3594    EXIST::FUNCTION:
+OBJ_bsearch_ex                          3594    NOEXIST::FUNCTION:
 X509_STORE_CTX_set_default              3595    EXIST::FUNCTION:
-STORE_ATTR_INFO_set_sha1str             3596    EXIST::FUNCTION:
+STORE_ATTR_INFO_set_sha1str             3596    NOEXIST::FUNCTION:
 BN_GF2m_mod_inv                         3597    EXIST::FUNCTION:
 BN_GF2m_mod_exp                         3598    EXIST::FUNCTION:
-STORE_modify_public_key                 3599    EXIST::FUNCTION:
+STORE_modify_public_key                 3599    NOEXIST::FUNCTION:
-STORE_method_get_list_start_function    3600    EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_start_fn            3600    NOEXIST::FUNCTION:
-STORE_meth_get_list_start_fn            3600    EXIST:VMS:FUNCTION:
+STORE_method_get_list_start_function    3600    NOEXIST::FUNCTION:
 EC_GROUP_get0_seed                      3601    EXIST::FUNCTION:EC
-STORE_store_arbitrary                   3602    EXIST::FUNCTION:
+STORE_store_arbitrary                   3602    NOEXIST::FUNCTION:
-STORE_method_set_unlock_store_function  3603    EXIST:!VMS:FUNCTION:
+STORE_meth_set_unlock_store_fn          3603    NOEXIST::FUNCTION:
-STORE_meth_set_unlock_store_fn          3603    EXIST:VMS:FUNCTION:
+STORE_method_set_unlock_store_function  3603    NOEXIST::FUNCTION:
 BN_GF2m_mod_div_arr                     3604    EXIST::FUNCTION:
 ENGINE_set_ECDSA                        3605    EXIST::FUNCTION:ENGINE
-STORE_create_method                     3606    EXIST::FUNCTION:
+STORE_create_method                     3606    NOEXIST::FUNCTION:
 ECPKParameters_print                    3607    EXIST::FUNCTION:BIO,EC
 EC_KEY_get0_private_key                 3608    EXIST::FUNCTION:EC
 PEM_write_EC_PUBKEY                     3609    EXIST:!WIN16:FUNCTION:EC
@@ -3198,7 +3198,7 @@ X509_VERIFY_PARAM_set1                  3610	EXIST::FUNCTION:
 ECDH_set_method                         3611    EXIST::FUNCTION:ECDH
 v2i_GENERAL_NAME_ex                     3612    EXIST::FUNCTION:
 ECDH_set_ex_data                        3613    EXIST::FUNCTION:ECDH
-STORE_generate_key                      3614    EXIST::FUNCTION:
+STORE_generate_key                      3614    NOEXIST::FUNCTION:
 BN_nist_mod_521                         3615    EXIST::FUNCTION:
 X509_policy_tree_get0_level             3616    EXIST::FUNCTION:
 EC_GROUP_set_point_conversion_form      3617    EXIST:!VMS:FUNCTION:EC
@@ -3206,7 +3206,7 @@ EC_GROUP_set_point_conv_form            3617	EXIST:VMS:FUNCTION:EC
 PEM_read_EC_PUBKEY                      3618    EXIST:!WIN16:FUNCTION:EC
 i2d_ECDSA_SIG                           3619    EXIST::FUNCTION:ECDSA
 ECDSA_OpenSSL                           3620    EXIST::FUNCTION:ECDSA
-STORE_delete_crl                        3621    EXIST::FUNCTION:
+STORE_delete_crl                        3621    NOEXIST::FUNCTION:
 EC_KEY_get_enc_flags                    3622    EXIST::FUNCTION:EC
 ASN1_const_check_infinite_end           3623    EXIST::FUNCTION:
 EVP_PKEY_delete_attr                    3624    EXIST::FUNCTION:
@@ -3214,31 +3214,31 @@ ECDSA_set_default_method                3625	EXIST::FUNCTION:ECDSA
 EC_POINT_set_compressed_coordinates_GF2m 3626   EXIST:!VMS:FUNCTION:EC
 EC_POINT_set_compr_coords_GF2m          3626    EXIST:VMS:FUNCTION:EC
 EC_GROUP_cmp                            3627    EXIST::FUNCTION:EC
-STORE_revoke_certificate                3628    EXIST::FUNCTION:
+STORE_revoke_certificate                3628    NOEXIST::FUNCTION:
 BN_get0_nist_prime_256                  3629    EXIST::FUNCTION:
-STORE_method_get_delete_function        3630    EXIST:!VMS:FUNCTION:
+STORE_meth_get_delete_fn                3630    NOEXIST::FUNCTION:
-STORE_meth_get_delete_fn                3630    EXIST:VMS:FUNCTION:
+STORE_method_get_delete_function        3630    NOEXIST::FUNCTION:
 SHA224_Init                             3631    EXIST::FUNCTION:SHA,SHA256
 PEM_read_ECPrivateKey                   3632    EXIST:!WIN16:FUNCTION:EC
-SHA512_Init                             3633    EXIST::FUNCTION:SHA,SHA512
+SHA512_Init                             3633    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-STORE_parse_attrs_endp                  3634    EXIST::FUNCTION:
+STORE_parse_attrs_endp                  3634    NOEXIST::FUNCTION:
 BN_set_negative                         3635    EXIST::FUNCTION:
 ERR_load_ECDSA_strings                  3636    EXIST::FUNCTION:ECDSA
 EC_GROUP_get_basis_type                 3637    EXIST::FUNCTION:EC
-STORE_list_public_key_next              3638    EXIST::FUNCTION:
+STORE_list_public_key_next              3638    NOEXIST::FUNCTION:
 i2v_ASN1_BIT_STRING                     3639    EXIST::FUNCTION:
-STORE_OBJECT_free                       3640    EXIST::FUNCTION:
+STORE_OBJECT_free                       3640    NOEXIST::FUNCTION:
 BN_nist_mod_384                         3641    EXIST::FUNCTION:
 i2d_X509_CERT_PAIR                      3642    EXIST::FUNCTION:
 PEM_write_ECPKParameters                3643    EXIST:!WIN16:FUNCTION:EC
 ECDH_compute_key                        3644    EXIST::FUNCTION:ECDH
-STORE_ATTR_INFO_get0_sha1str            3645    EXIST::FUNCTION:
+STORE_ATTR_INFO_get0_sha1str            3645    NOEXIST::FUNCTION:
 ENGINE_register_all_ECDH                3646    EXIST::FUNCTION:ENGINE
 pqueue_pop                              3647    EXIST::FUNCTION:
-STORE_ATTR_INFO_get0_cstr               3648    EXIST::FUNCTION:
+STORE_ATTR_INFO_get0_cstr               3648    NOEXIST::FUNCTION:
 POLICY_CONSTRAINTS_it                   3649    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 POLICY_CONSTRAINTS_it                   3649    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_get_ex_new_index                  3650    EXIST::FUNCTION:
+STORE_get_ex_new_index                  3650    NOEXIST::FUNCTION:
 EVP_PKEY_get_attr_by_OBJ                3651    EXIST::FUNCTION:
 X509_VERIFY_PARAM_add0_policy           3652    EXIST::FUNCTION:
 BN_GF2m_mod_solve_quad                  3653    EXIST::FUNCTION:
@@ -3259,20 +3259,20 @@ EC_KEY_set_enc_flags                    3665	EXIST::FUNCTION:EC
 ECDSA_verify                            3666    EXIST::FUNCTION:ECDSA
 EC_POINT_point2hex                      3667    EXIST::FUNCTION:EC
 ENGINE_get_STORE                        3668    EXIST::FUNCTION:ENGINE
-SHA512                                  3669    EXIST::FUNCTION:SHA,SHA512
+SHA512                                  3669    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-STORE_get_certificate                   3670    EXIST::FUNCTION:
+STORE_get_certificate                   3670    NOEXIST::FUNCTION:
 ECDSA_do_sign_ex                        3671    EXIST::FUNCTION:ECDSA
 ECDSA_do_verify                         3672    EXIST::FUNCTION:ECDSA
 d2i_ECPrivateKey_fp                     3673    EXIST::FUNCTION:EC,FP_API
-STORE_delete_certificate                3674    EXIST::FUNCTION:
+STORE_delete_certificate                3674    NOEXIST::FUNCTION:
-SHA512_Transform                        3675    EXIST::FUNCTION:SHA,SHA512
+SHA512_Transform                        3675    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 X509_STORE_set1_param                   3676    EXIST::FUNCTION:
-STORE_method_get_ctrl_function          3677    EXIST::FUNCTION:
+STORE_method_get_ctrl_function          3677    NOEXIST::FUNCTION:
-STORE_free                              3678    EXIST::FUNCTION:
+STORE_free                              3678    NOEXIST::FUNCTION:
 PEM_write_ECPrivateKey                  3679    EXIST:!WIN16:FUNCTION:EC
-STORE_method_get_unlock_store_function  3680    EXIST:!VMS:FUNCTION:
+STORE_meth_get_unlock_store_fn          3680    NOEXIST::FUNCTION:
-STORE_meth_get_unlock_store_fn          3680    EXIST:VMS:FUNCTION:
+STORE_method_get_unlock_store_function  3680    NOEXIST::FUNCTION:
-STORE_get_ex_data                       3681    EXIST::FUNCTION:
+STORE_get_ex_data                       3681    NOEXIST::FUNCTION:
 EC_KEY_set_public_key                   3682    EXIST::FUNCTION:EC
 PEM_read_ECPKParameters                 3683    EXIST:!WIN16:FUNCTION:EC
 X509_CERT_PAIR_new                      3684    EXIST::FUNCTION:
@@ -3282,8 +3282,8 @@ DSA_generate_parameters_ex              3687	EXIST::FUNCTION:DSA
 ECParameters_print_fp                   3688    EXIST::FUNCTION:EC,FP_API
 X509V3_NAME_from_section                3689    EXIST::FUNCTION:
 EVP_PKEY_add1_attr                      3690    EXIST::FUNCTION:
-STORE_modify_crl                        3691    EXIST::FUNCTION:
+STORE_modify_crl                        3691    NOEXIST::FUNCTION:
-STORE_list_private_key_start            3692    EXIST::FUNCTION:
+STORE_list_private_key_start            3692    NOEXIST::FUNCTION:
 POLICY_MAPPINGS_it                      3693    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 POLICY_MAPPINGS_it                      3693    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 GENERAL_SUBTREE_it                      3694    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -3292,7 +3292,7 @@ EC_GROUP_get_curve_name                 3695	EXIST::FUNCTION:EC
 PEM_write_X509_CERT_PAIR                3696    EXIST:!WIN16:FUNCTION:
 BIO_dump_indent_cb                      3697    EXIST::FUNCTION:
 d2i_X509_CERT_PAIR                      3698    EXIST::FUNCTION:
-STORE_list_private_key_endp             3699    EXIST::FUNCTION:
+STORE_list_private_key_endp             3699    NOEXIST::FUNCTION:
 asn1_const_Finish                       3700    EXIST::FUNCTION:
 i2d_EC_PUBKEY_fp                        3701    EXIST::FUNCTION:EC,FP_API
 BN_nist_mod_256                         3702    EXIST::FUNCTION:
@@ -3302,47 +3302,47 @@ BN_BLINDING_create_param                3705	EXIST::FUNCTION:
 ECDSA_size                              3706    EXIST::FUNCTION:ECDSA
 d2i_EC_PUBKEY_bio                       3707    EXIST::FUNCTION:BIO,EC
 BN_get0_nist_prime_521                  3708    EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_sha1str          3709    EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_sha1str          3709    NOEXIST::FUNCTION:
 BN_generate_prime_ex                    3710    EXIST::FUNCTION:
 EC_GROUP_new_by_curve_name              3711    EXIST::FUNCTION:EC
 SHA256_Final                            3712    EXIST::FUNCTION:SHA,SHA256
 DH_generate_parameters_ex               3713    EXIST::FUNCTION:DH
 PEM_read_bio_ECPrivateKey               3714    EXIST::FUNCTION:EC
-STORE_method_get_cleanup_function       3715    EXIST:!VMS:FUNCTION:
+STORE_meth_get_cleanup_fn               3715    NOEXIST::FUNCTION:
-STORE_meth_get_cleanup_fn               3715    EXIST:VMS:FUNCTION:
+STORE_method_get_cleanup_function       3715    NOEXIST::FUNCTION:
 ENGINE_get_ECDH                         3716    EXIST::FUNCTION:ENGINE
 d2i_ECDSA_SIG                           3717    EXIST::FUNCTION:ECDSA
 BN_is_prime_fasttest_ex                 3718    EXIST::FUNCTION:
 ECDSA_sign                              3719    EXIST::FUNCTION:ECDSA
 X509_policy_check                       3720    EXIST::FUNCTION:
 EVP_PKEY_get_attr_by_NID                3721    EXIST::FUNCTION:
-STORE_set_ex_data                       3722    EXIST::FUNCTION:
+STORE_set_ex_data                       3722    NOEXIST::FUNCTION:
 ENGINE_get_ECDSA                        3723    EXIST::FUNCTION:ENGINE
 EVP_ecdsa                               3724    EXIST::FUNCTION:SHA
 BN_BLINDING_get_flags                   3725    EXIST::FUNCTION:
 PKCS12_add_cert                         3726    EXIST::FUNCTION:
-STORE_OBJECT_new                        3727    EXIST::FUNCTION:
+STORE_OBJECT_new                        3727    NOEXIST::FUNCTION:
 ERR_load_ECDH_strings                   3728    EXIST::FUNCTION:ECDH
 EC_KEY_dup                              3729    EXIST::FUNCTION:EC
 EVP_CIPHER_CTX_rand_key                 3730    EXIST::FUNCTION:
 ECDSA_set_method                        3731    EXIST::FUNCTION:ECDSA
 a2i_IPADDRESS_NC                        3732    EXIST::FUNCTION:
 d2i_ECParameters                        3733    EXIST::FUNCTION:EC
-STORE_list_certificate_end              3734    EXIST::FUNCTION:
+STORE_list_certificate_end              3734    NOEXIST::FUNCTION:
-STORE_get_crl                           3735    EXIST::FUNCTION:
+STORE_get_crl                           3735    NOEXIST::FUNCTION:
 X509_POLICY_NODE_print                  3736    EXIST::FUNCTION:
-SHA384_Init                             3737    EXIST::FUNCTION:SHA,SHA512
+SHA384_Init                             3737    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 EC_GF2m_simple_method                   3738    EXIST::FUNCTION:EC
 ECDSA_set_ex_data                       3739    EXIST::FUNCTION:ECDSA
-SHA384_Final                            3740    EXIST::FUNCTION:SHA,SHA512
+SHA384_Final                            3740    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 PKCS7_set_digest                        3741    EXIST::FUNCTION:
 EC_KEY_print                            3742    EXIST::FUNCTION:BIO,EC
-STORE_method_set_lock_store_function    3743    EXIST:!VMS:FUNCTION:
+STORE_meth_set_lock_store_fn            3743    NOEXIST::FUNCTION:
-STORE_meth_set_lock_store_fn            3743    EXIST:VMS:FUNCTION:
+STORE_method_set_lock_store_function    3743    NOEXIST::FUNCTION:
 ECDSA_get_ex_new_index                  3744    EXIST::FUNCTION:ECDSA
-SHA384                                  3745    EXIST::FUNCTION:SHA,SHA512
+SHA384                                  3745    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 POLICY_MAPPING_new                      3746    EXIST::FUNCTION:
-STORE_list_certificate_endp             3747    EXIST::FUNCTION:
+STORE_list_certificate_endp             3747    NOEXIST::FUNCTION:
 X509_STORE_CTX_get0_policy_tree         3748    EXIST::FUNCTION:
 EC_GROUP_set_asn1_flag                  3749    EXIST::FUNCTION:EC
 EC_KEY_check_key                        3750    EXIST::FUNCTION:EC
@@ -3350,13 +3350,13 @@ d2i_EC_PUBKEY_fp                        3751	EXIST::FUNCTION:EC,FP_API
 PKCS7_set0_type_other                   3752    EXIST::FUNCTION:
 PEM_read_bio_X509_CERT_PAIR             3753    EXIST::FUNCTION:
 pqueue_next                             3754    EXIST::FUNCTION:
-STORE_method_get_list_end_function      3755    EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_end_fn              3755    NOEXIST::FUNCTION:
-STORE_meth_get_list_end_fn              3755    EXIST:VMS:FUNCTION:
+STORE_method_get_list_end_function      3755    NOEXIST::FUNCTION:
 EVP_PKEY_add1_attr_by_OBJ               3756    EXIST::FUNCTION:
 X509_VERIFY_PARAM_set_time              3757    EXIST::FUNCTION:
 pqueue_new                              3758    EXIST::FUNCTION:
 ENGINE_set_default_ECDH                 3759    EXIST::FUNCTION:ENGINE
-STORE_new_method                        3760    EXIST::FUNCTION:
+STORE_new_method                        3760    NOEXIST::FUNCTION:
 PKCS12_add_key                          3761    EXIST::FUNCTION:
 DSO_merge                               3762    EXIST::FUNCTION:
 EC_POINT_hex2point                      3763    EXIST::FUNCTION:EC
@@ -3366,7 +3366,7 @@ pqueue_insert                           3766	EXIST::FUNCTION:
 pitem_free                              3767    EXIST::FUNCTION:
 BN_GF2m_mod_inv_arr                     3768    EXIST::FUNCTION:
 ENGINE_unregister_ECDSA                 3769    EXIST::FUNCTION:ENGINE
-BN_BLINDING_set_thread_id               3770    EXIST::FUNCTION:
+BN_BLINDING_set_thread_id               3770    EXIST::FUNCTION:DEPRECATED
 get_rfc3526_prime_8192                  3771    EXIST::FUNCTION:
 X509_VERIFY_PARAM_clear_flags           3772    EXIST::FUNCTION:
 get_rfc2409_prime_1024                  3773    EXIST::FUNCTION:
@@ -3385,7 +3385,7 @@ Camellia_cfb128_encrypt                 3785	EXIST::FUNCTION:CAMELLIA
 Camellia_cfb1_encrypt                   3786    EXIST::FUNCTION:CAMELLIA
 Camellia_cfb8_encrypt                   3787    EXIST::FUNCTION:CAMELLIA
 Camellia_ctr128_encrypt                 3788    EXIST::FUNCTION:CAMELLIA
-Camellia_cfbr_encrypt_block             3789    EXIST::FUNCTION:CAMELLIA
+Camellia_cfbr_encrypt_block             3789    NOEXIST::FUNCTION:
 Camellia_decrypt                        3790    EXIST::FUNCTION:CAMELLIA
 Camellia_ecb_encrypt                    3791    EXIST::FUNCTION:CAMELLIA
 Camellia_encrypt                        3792    EXIST::FUNCTION:CAMELLIA
@@ -3585,7 +3585,7 @@ CMS_data_create                         3975	EXIST::FUNCTION:CMS
 i2d_CMS_bio                             3976    EXIST::FUNCTION:CMS
 CMS_EncryptedData_set1_key              3977    EXIST::FUNCTION:CMS
 CMS_decrypt                             3978    EXIST::FUNCTION:CMS
-int_smime_write_ASN1                    3979    EXIST::FUNCTION:
+int_smime_write_ASN1                    3979    NOEXIST::FUNCTION:
 CMS_unsigned_delete_attr                3980    EXIST::FUNCTION:CMS
 CMS_unsigned_get_attr_count             3981    EXIST::FUNCTION:CMS
 CMS_add_smimecap                        3982    EXIST::FUNCTION:CMS
@@ -3657,53 +3657,52 @@ ENGINE_set_ld_ssl_clnt_cert_fn          4044	EXIST:VMS:FUNCTION:ENGINE
 ENGINE_get_ssl_client_cert_function     4045    EXIST:!VMS:FUNCTION:ENGINE
 ENGINE_get_ssl_client_cert_fn           4045    EXIST:VMS:FUNCTION:ENGINE
 ENGINE_load_ssl_client_cert             4046    EXIST::FUNCTION:ENGINE
-ENGINE_load_capi                        4047    EXIST::FUNCTION:CAPIENG,ENGINE
+ENGINE_load_capi                        4047    EXIST::FUNCTION:ENGINE,STATIC_ENGINE
 OPENSSL_isservice                       4048    EXIST::FUNCTION:
-FIPS_dsa_sig_decode                     4049    EXIST:OPENSSL_FIPS:FUNCTION:DSA
+FIPS_dsa_sig_decode                     4049    NOEXIST::FUNCTION:
 EVP_CIPHER_CTX_clear_flags              4050    EXIST::FUNCTION:
-FIPS_rand_status                        4051    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_status                        4051    NOEXIST::FUNCTION:
-FIPS_rand_set_key                       4052    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_set_key                       4052    NOEXIST::FUNCTION:
-CRYPTO_set_mem_info_functions           4053    EXIST::FUNCTION:
+CRYPTO_set_mem_info_functions           4053    NOEXIST::FUNCTION:
-RSA_X931_generate_key_ex                4054    EXIST::FUNCTION:RSA
+RSA_X931_generate_key_ex                4054    NOEXIST::FUNCTION:
-int_ERR_set_state_func                  4055    EXIST:OPENSSL_FIPS:FUNCTION:
+int_ERR_set_state_func                  4055    NOEXIST::FUNCTION:
-int_EVP_MD_set_engine_callbacks         4056    EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_EVP_MD_set_engine_callbacks         4056    NOEXIST::FUNCTION:
-int_CRYPTO_set_do_dynlock_callback      4057    EXIST:!VMS:FUNCTION:
+int_CRYPTO_set_do_dynlock_callback      4057    NOEXIST::FUNCTION:
-int_CRYPTO_set_do_dynlock_cb            4057    EXIST:VMS:FUNCTION:
+FIPS_rng_stick                          4058    NOEXIST::FUNCTION:
-FIPS_rng_stick                          4058    EXIST:OPENSSL_FIPS:FUNCTION:
 EVP_CIPHER_CTX_set_flags                4059    EXIST::FUNCTION:
-BN_X931_generate_prime_ex               4060    EXIST::FUNCTION:
+BN_X931_generate_prime_ex               4060    NOEXIST::FUNCTION:
-FIPS_selftest_check                     4061    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_check                     4061    NOEXIST::FUNCTION:
-FIPS_rand_set_dt                        4062    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_set_dt                        4062    NOEXIST::FUNCTION:
-CRYPTO_dbg_pop_info                     4063    EXIST::FUNCTION:
+CRYPTO_dbg_pop_info                     4063    NOEXIST::FUNCTION:
-FIPS_dsa_free                           4064    EXIST:OPENSSL_FIPS:FUNCTION:DSA
+FIPS_dsa_free                           4064    NOEXIST::FUNCTION:
-RSA_X931_derive_ex                      4065    EXIST::FUNCTION:RSA
+RSA_X931_derive_ex                      4065    NOEXIST::FUNCTION:
-FIPS_rsa_new                            4066    EXIST:OPENSSL_FIPS:FUNCTION:RSA
+FIPS_rsa_new                            4066    NOEXIST::FUNCTION:
-FIPS_rand_bytes                         4067    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_bytes                         4067    NOEXIST::FUNCTION:
-fips_cipher_test                        4068    EXIST:OPENSSL_FIPS:FUNCTION:
+fips_cipher_test                        4068    NOEXIST::FUNCTION:
 EVP_CIPHER_CTX_test_flags               4069    EXIST::FUNCTION:
-CRYPTO_malloc_debug_init                4070    EXIST::FUNCTION:
+CRYPTO_malloc_debug_init                4070    NOEXIST::FUNCTION:
-CRYPTO_dbg_push_info                    4071    EXIST::FUNCTION:
+CRYPTO_dbg_push_info                    4071    NOEXIST::FUNCTION:
-FIPS_corrupt_rsa_keygen                 4072    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_rsa_keygen                 4072    NOEXIST::FUNCTION:
-FIPS_dh_new                             4073    EXIST:OPENSSL_FIPS:FUNCTION:DH
+FIPS_dh_new                             4073    NOEXIST::FUNCTION:
-FIPS_corrupt_dsa_keygen                 4074    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_dsa_keygen                 4074    NOEXIST::FUNCTION:
-FIPS_dh_free                            4075    EXIST:OPENSSL_FIPS:FUNCTION:DH
+FIPS_dh_free                            4075    NOEXIST::FUNCTION:
-fips_pkey_signature_test                4076    EXIST:OPENSSL_FIPS:FUNCTION:
+fips_pkey_signature_test                4076    NOEXIST::FUNCTION:
-EVP_add_alg_module                      4077    EXIST::FUNCTION:
+EVP_add_alg_module                      4077    NOEXIST::FUNCTION:
-int_RAND_init_engine_callbacks          4078    EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_RAND_init_engine_callbacks          4078    NOEXIST::FUNCTION:
-int_EVP_CIPHER_set_engine_callbacks     4079    EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_EVP_CIPHER_set_engine_callbacks     4079    NOEXIST::FUNCTION:
-int_EVP_MD_init_engine_callbacks        4080    EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_EVP_MD_init_engine_callbacks        4080    NOEXIST::FUNCTION:
-FIPS_rand_test_mode                     4081    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_test_mode                     4081    NOEXIST::FUNCTION:
-FIPS_rand_reset                         4082    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_reset                         4082    NOEXIST::FUNCTION:
-FIPS_dsa_new                            4083    EXIST:OPENSSL_FIPS:FUNCTION:DSA
+FIPS_dsa_new                            4083    NOEXIST::FUNCTION:
-int_RAND_set_callbacks                  4084    EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_RAND_set_callbacks                  4084    NOEXIST::FUNCTION:
-BN_X931_derive_prime_ex                 4085    EXIST::FUNCTION:
+BN_X931_derive_prime_ex                 4085    NOEXIST::FUNCTION:
-int_ERR_lib_init                        4086    EXIST:OPENSSL_FIPS:FUNCTION:
+int_ERR_lib_init                        4086    NOEXIST::FUNCTION:
-int_EVP_CIPHER_init_engine_callbacks    4087    EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_EVP_CIPHER_init_engine_callbacks    4087    NOEXIST::FUNCTION:
-FIPS_rsa_free                           4088    EXIST:OPENSSL_FIPS:FUNCTION:RSA
+FIPS_rsa_free                           4088    NOEXIST::FUNCTION:
-FIPS_dsa_sig_encode                     4089    EXIST:OPENSSL_FIPS:FUNCTION:DSA
+FIPS_dsa_sig_encode                     4089    NOEXIST::FUNCTION:
-CRYPTO_dbg_remove_all_info              4090    EXIST::FUNCTION:
+CRYPTO_dbg_remove_all_info              4090    NOEXIST::FUNCTION:
-OPENSSL_init                            4091    EXIST::FUNCTION:
+OPENSSL_init                            4091    NOEXIST::FUNCTION:
-private_Camellia_set_key                4092    EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA
+private_Camellia_set_key                4092    NOEXIST::FUNCTION:
 CRYPTO_strdup                           4093    EXIST::FUNCTION:
 JPAKE_STEP3A_process                    4094    EXIST::FUNCTION:JPAKE
 JPAKE_STEP1_release                     4095    EXIST::FUNCTION:JPAKE
@@ -3725,3 +3724,457 @@ JPAKE_STEP2_release                     4110	EXIST::FUNCTION:JPAKE
 JPAKE_STEP3A_init                       4111    EXIST::FUNCTION:JPAKE
 ERR_load_JPAKE_strings                  4112    EXIST::FUNCTION:JPAKE
 JPAKE_STEP2_init                        4113    EXIST::FUNCTION:JPAKE
+pqueue_size                             4114    EXIST::FUNCTION:
+i2d_TS_ACCURACY                         4115    EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT_fp                   4116    EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT                      4117    EXIST::FUNCTION:
+EVP_PKEY_print_public                   4118    EXIST::FUNCTION:
+EVP_PKEY_CTX_new                        4119    EXIST::FUNCTION:
+i2d_TS_TST_INFO                         4120    EXIST::FUNCTION:
+EVP_PKEY_asn1_find                      4121    EXIST::FUNCTION:
+DSO_METHOD_beos                         4122    EXIST::FUNCTION:
+TS_CONF_load_cert                       4123    EXIST::FUNCTION:
+TS_REQ_get_ext                          4124    EXIST::FUNCTION:
+EVP_PKEY_sign_init                      4125    EXIST::FUNCTION:
+ASN1_item_print                         4126    EXIST::FUNCTION:
+TS_TST_INFO_set_nonce                   4127    EXIST::FUNCTION:
+TS_RESP_dup                             4128    EXIST::FUNCTION:
+ENGINE_register_pkey_meths              4129    EXIST::FUNCTION:ENGINE
+EVP_PKEY_asn1_add0                      4130    EXIST::FUNCTION:
+PKCS7_add0_attrib_signing_time          4131    EXIST::FUNCTION:
+i2d_TS_TST_INFO_fp                      4132    EXIST::FUNCTION:
+BIO_asn1_get_prefix                     4133    EXIST::FUNCTION:
+TS_TST_INFO_set_time                    4134    EXIST::FUNCTION:
+EVP_PKEY_meth_set_decrypt               4135    EXIST::FUNCTION:
+EVP_PKEY_set_type_str                   4136    EXIST::FUNCTION:
+EVP_PKEY_CTX_get_keygen_info            4137    EXIST::FUNCTION:
+TS_REQ_set_policy_id                    4138    EXIST::FUNCTION:
+d2i_TS_RESP_fp                          4139    EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth_engine        4140    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_get_pkey_asn1_meth_eng           4140    EXIST:VMS:FUNCTION:ENGINE
+WHIRLPOOL_Init                          4141    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+TS_RESP_set_status_info                 4142    EXIST::FUNCTION:
+EVP_PKEY_keygen                         4143    EXIST::FUNCTION:
+EVP_DigestSignInit                      4144    EXIST::FUNCTION:
+TS_ACCURACY_set_millis                  4145    EXIST::FUNCTION:
+TS_REQ_dup                              4146    EXIST::FUNCTION:
+GENERAL_NAME_dup                        4147    EXIST::FUNCTION:
+ASN1_SEQUENCE_ANY_it                    4148    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SEQUENCE_ANY_it                    4148    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+WHIRLPOOL                               4149    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+X509_STORE_get1_crls                    4150    EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth               4151    EXIST::FUNCTION:ENGINE
+EVP_PKEY_asn1_new                       4152    EXIST::FUNCTION:
+BIO_new_NDEF                            4153    EXIST::FUNCTION:
+ENGINE_get_pkey_meth                    4154    EXIST::FUNCTION:ENGINE
+TS_MSG_IMPRINT_set_algo                 4155    EXIST::FUNCTION:
+i2d_TS_TST_INFO_bio                     4156    EXIST::FUNCTION:
+TS_TST_INFO_set_ordering                4157    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_by_OBJ              4158    EXIST::FUNCTION:
+CRYPTO_THREADID_set_pointer             4159    EXIST::FUNCTION:
+TS_CONF_get_tsa_section                 4160    EXIST::FUNCTION:
+SMIME_write_ASN1                        4161    EXIST::FUNCTION:
+TS_RESP_CTX_set_signer_key              4162    EXIST::FUNCTION:
+EVP_PKEY_encrypt_old                    4163    EXIST::FUNCTION:
+EVP_PKEY_encrypt_init                   4164    EXIST::FUNCTION:
+CRYPTO_THREADID_cpy                     4165    EXIST::FUNCTION:
+ASN1_PCTX_get_cert_flags                4166    EXIST::FUNCTION:
+i2d_ESS_SIGNING_CERT                    4167    EXIST::FUNCTION:
+TS_CONF_load_key                        4168    EXIST::FUNCTION:
+i2d_ASN1_SEQUENCE_ANY                   4169    EXIST::FUNCTION:
+d2i_TS_MSG_IMPRINT_bio                  4170    EXIST::FUNCTION:
+EVP_PKEY_asn1_set_public                4171    EXIST::FUNCTION:
+b2i_PublicKey_bio                       4172    EXIST::FUNCTION:
+BIO_asn1_set_prefix                     4173    EXIST::FUNCTION:
+EVP_PKEY_new_mac_key                    4174    EXIST::FUNCTION:
+BIO_new_CMS                             4175    EXIST::FUNCTION:CMS
+CRYPTO_THREADID_cmp                     4176    EXIST::FUNCTION:
+TS_REQ_ext_free                         4177    EXIST::FUNCTION:
+EVP_PKEY_asn1_set_free                  4178    EXIST::FUNCTION:
+EVP_PKEY_get0_asn1                      4179    EXIST::FUNCTION:
+d2i_NETSCAPE_X509                       4180    EXIST::FUNCTION:
+EVP_PKEY_verify_recover_init            4181    EXIST::FUNCTION:
+EVP_PKEY_CTX_set_data                   4182    EXIST::FUNCTION:
+EVP_PKEY_keygen_init                    4183    EXIST::FUNCTION:
+TS_RESP_CTX_set_status_info             4184    EXIST::FUNCTION:
+TS_MSG_IMPRINT_get_algo                 4185    EXIST::FUNCTION:
+TS_REQ_print_bio                        4186    EXIST::FUNCTION:
+EVP_PKEY_CTX_ctrl_str                   4187    EXIST::FUNCTION:
+EVP_PKEY_get_default_digest_nid         4188    EXIST::FUNCTION:
+PEM_write_bio_PKCS7_stream              4189    EXIST::FUNCTION:
+TS_MSG_IMPRINT_print_bio                4190    EXIST::FUNCTION:
+BN_asc2bn                               4191    EXIST::FUNCTION:
+TS_REQ_get_policy_id                    4192    EXIST::FUNCTION:
+ENGINE_set_default_pkey_asn1_meths      4193    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_set_def_pkey_asn1_meths          4193    EXIST:VMS:FUNCTION:ENGINE
+d2i_TS_ACCURACY                         4194    EXIST::FUNCTION:
+DSO_global_lookup                       4195    EXIST::FUNCTION:
+TS_CONF_set_tsa_name                    4196    EXIST::FUNCTION:
+i2d_ASN1_SET_ANY                        4197    EXIST::FUNCTION:
+ENGINE_load_gost                        4198    EXIST::FUNCTION:ENGINE,GOST,STATIC_ENGINE
+WHIRLPOOL_BitUpdate                     4199    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+ASN1_PCTX_get_flags                     4200    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_by_NID              4201    EXIST::FUNCTION:
+TS_RESP_new                             4202    EXIST::FUNCTION:
+ESS_CERT_ID_dup                         4203    EXIST::FUNCTION:
+TS_STATUS_INFO_dup                      4204    EXIST::FUNCTION:
+TS_REQ_delete_ext                       4205    EXIST::FUNCTION:
+EVP_DigestVerifyFinal                   4206    EXIST::FUNCTION:
+EVP_PKEY_print_params                   4207    EXIST::FUNCTION:
+i2d_CMS_bio_stream                      4208    EXIST::FUNCTION:CMS
+TS_REQ_get_msg_imprint                  4209    EXIST::FUNCTION:
+OBJ_find_sigid_by_algs                  4210    EXIST::FUNCTION:
+TS_TST_INFO_get_serial                  4211    EXIST::FUNCTION:
+TS_REQ_get_nonce                        4212    EXIST::FUNCTION:
+X509_PUBKEY_set0_param                  4213    EXIST::FUNCTION:
+EVP_PKEY_CTX_set0_keygen_info           4214    EXIST::FUNCTION:
+DIST_POINT_set_dpname                   4215    EXIST::FUNCTION:
+i2d_ISSUING_DIST_POINT                  4216    EXIST::FUNCTION:
+ASN1_SET_ANY_it                         4217    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SET_ANY_it                         4217    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_PKEY_CTX_get_data                   4218    EXIST::FUNCTION:
+TS_STATUS_INFO_print_bio                4219    EXIST::FUNCTION:
+EVP_PKEY_derive_init                    4220    EXIST::FUNCTION:
+d2i_TS_TST_INFO                         4221    EXIST::FUNCTION:
+EVP_PKEY_asn1_add_alias                 4222    EXIST::FUNCTION:
+d2i_TS_RESP_bio                         4223    EXIST::FUNCTION:
+OTHERNAME_cmp                           4224    EXIST::FUNCTION:
+GENERAL_NAME_set0_value                 4225    EXIST::FUNCTION:
+PKCS7_RECIP_INFO_get0_alg               4226    EXIST::FUNCTION:
+TS_RESP_CTX_new                         4227    EXIST::FUNCTION:
+TS_RESP_set_tst_info                    4228    EXIST::FUNCTION:
+PKCS7_final                             4229    EXIST::FUNCTION:
+EVP_PKEY_base_id                        4230    EXIST::FUNCTION:
+TS_RESP_CTX_set_signer_cert             4231    EXIST::FUNCTION:
+TS_REQ_set_msg_imprint                  4232    EXIST::FUNCTION:
+EVP_PKEY_CTX_ctrl                       4233    EXIST::FUNCTION:
+TS_CONF_set_digests                     4234    EXIST::FUNCTION:
+d2i_TS_MSG_IMPRINT                      4235    EXIST::FUNCTION:
+EVP_PKEY_meth_set_ctrl                  4236    EXIST::FUNCTION:
+TS_REQ_get_ext_by_NID                   4237    EXIST::FUNCTION:
+PKCS5_pbe_set0_algor                    4238    EXIST::FUNCTION:
+BN_BLINDING_thread_id                   4239    EXIST::FUNCTION:
+TS_ACCURACY_new                         4240    EXIST::FUNCTION:
+X509_CRL_METHOD_free                    4241    EXIST::FUNCTION:
+ASN1_PCTX_get_nm_flags                  4242    EXIST::FUNCTION:
+EVP_PKEY_meth_set_sign                  4243    EXIST::FUNCTION:
+CRYPTO_THREADID_current                 4244    EXIST::FUNCTION:
+EVP_PKEY_decrypt_init                   4245    EXIST::FUNCTION:
+NETSCAPE_X509_free                      4246    EXIST::FUNCTION:
+i2b_PVK_bio                             4247    EXIST::FUNCTION:RC4
+EVP_PKEY_print_private                  4248    EXIST::FUNCTION:
+GENERAL_NAME_get0_value                 4249    EXIST::FUNCTION:
+b2i_PVK_bio                             4250    EXIST::FUNCTION:RC4
+ASN1_UTCTIME_adj                        4251    EXIST::FUNCTION:
+TS_TST_INFO_new                         4252    EXIST::FUNCTION:
+EVP_MD_do_all_sorted                    4253    EXIST::FUNCTION:
+TS_CONF_set_default_engine              4254    EXIST::FUNCTION:
+TS_ACCURACY_set_seconds                 4255    EXIST::FUNCTION:
+TS_TST_INFO_get_time                    4256    EXIST::FUNCTION:
+PKCS8_pkey_get0                         4257    EXIST::FUNCTION:
+EVP_PKEY_asn1_get0                      4258    EXIST::FUNCTION:
+OBJ_add_sigid                           4259    EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_sign                  4260    EXIST::FUNCTION:
+EVP_PKEY_paramgen_init                  4261    EXIST::FUNCTION:
+EVP_PKEY_sign                           4262    EXIST::FUNCTION:
+OBJ_sigid_free                          4263    EXIST::FUNCTION:
+EVP_PKEY_meth_set_init                  4264    EXIST::FUNCTION:
+d2i_ESS_ISSUER_SERIAL                   4265    EXIST::FUNCTION:
+ISSUING_DIST_POINT_new                  4266    EXIST::FUNCTION:
+ASN1_TIME_adj                           4267    EXIST::FUNCTION:
+TS_OBJ_print_bio                        4268    EXIST::FUNCTION:
+EVP_PKEY_meth_set_verify_recover        4269    EXIST:!VMS:FUNCTION:
+EVP_PKEY_meth_set_vrfy_recover          4269    EXIST:VMS:FUNCTION:
+TS_RESP_get_status_info                 4270    EXIST::FUNCTION:
+CMS_stream                              4271    EXIST::FUNCTION:CMS
+EVP_PKEY_CTX_set_cb                     4272    EXIST::FUNCTION:
+PKCS7_to_TS_TST_INFO                    4273    EXIST::FUNCTION:
+ASN1_PCTX_get_oid_flags                 4274    EXIST::FUNCTION:
+TS_TST_INFO_add_ext                     4275    EXIST::FUNCTION:
+EVP_PKEY_meth_set_derive                4276    EXIST::FUNCTION:
+i2d_TS_RESP_fp                          4277    EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT_bio                  4278    EXIST::FUNCTION:
+TS_RESP_CTX_set_accuracy                4279    EXIST::FUNCTION:
+TS_REQ_set_nonce                        4280    EXIST::FUNCTION:
+ESS_CERT_ID_new                         4281    EXIST::FUNCTION:
+ENGINE_pkey_asn1_find_str               4282    EXIST::FUNCTION:ENGINE
+TS_REQ_get_ext_count                    4283    EXIST::FUNCTION:
+BUF_reverse                             4284    EXIST::FUNCTION:
+TS_TST_INFO_print_bio                   4285    EXIST::FUNCTION:
+d2i_ISSUING_DIST_POINT                  4286    EXIST::FUNCTION:
+ENGINE_get_pkey_meths                   4287    EXIST::FUNCTION:ENGINE
+i2b_PrivateKey_bio                      4288    EXIST::FUNCTION:
+i2d_TS_RESP                             4289    EXIST::FUNCTION:
+b2i_PublicKey                           4290    EXIST::FUNCTION:
+TS_VERIFY_CTX_cleanup                   4291    EXIST::FUNCTION:
+TS_STATUS_INFO_free                     4292    EXIST::FUNCTION:
+TS_RESP_verify_token                    4293    EXIST::FUNCTION:
+OBJ_bsearch_ex_                         4294    EXIST::FUNCTION:
+ASN1_bn_print                           4295    EXIST::FUNCTION:BIO
+EVP_PKEY_asn1_get_count                 4296    EXIST::FUNCTION:
+ENGINE_register_pkey_asn1_meths         4297    EXIST::FUNCTION:ENGINE
+ASN1_PCTX_set_nm_flags                  4298    EXIST::FUNCTION:
+EVP_DigestVerifyInit                    4299    EXIST::FUNCTION:
+ENGINE_set_default_pkey_meths           4300    EXIST::FUNCTION:ENGINE
+TS_TST_INFO_get_policy_id               4301    EXIST::FUNCTION:
+TS_REQ_get_cert_req                     4302    EXIST::FUNCTION:
+X509_CRL_set_meth_data                  4303    EXIST::FUNCTION:
+PKCS8_pkey_set0                         4304    EXIST::FUNCTION:
+ASN1_STRING_copy                        4305    EXIST::FUNCTION:
+d2i_TS_TST_INFO_fp                      4306    EXIST::FUNCTION:
+X509_CRL_match                          4307    EXIST::FUNCTION:
+EVP_PKEY_asn1_set_private               4308    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_d2i                 4309    EXIST::FUNCTION:
+TS_RESP_CTX_add_policy                  4310    EXIST::FUNCTION:
+d2i_TS_RESP                             4311    EXIST::FUNCTION:
+TS_CONF_load_certs                      4312    EXIST::FUNCTION:
+TS_TST_INFO_get_msg_imprint             4313    EXIST::FUNCTION:
+ERR_load_TS_strings                     4314    EXIST::FUNCTION:
+TS_TST_INFO_get_version                 4315    EXIST::FUNCTION:
+EVP_PKEY_CTX_dup                        4316    EXIST::FUNCTION:
+EVP_PKEY_meth_set_verify                4317    EXIST::FUNCTION:
+i2b_PublicKey_bio                       4318    EXIST::FUNCTION:
+TS_CONF_set_certs                       4319    EXIST::FUNCTION:
+EVP_PKEY_asn1_get0_info                 4320    EXIST::FUNCTION:
+TS_VERIFY_CTX_free                      4321    EXIST::FUNCTION:
+TS_REQ_get_ext_by_critical              4322    EXIST::FUNCTION:
+TS_RESP_CTX_set_serial_cb               4323    EXIST::FUNCTION:
+X509_CRL_get_meth_data                  4324    EXIST::FUNCTION:
+TS_RESP_CTX_set_time_cb                 4325    EXIST::FUNCTION:
+TS_MSG_IMPRINT_get_msg                  4326    EXIST::FUNCTION:
+TS_TST_INFO_ext_free                    4327    EXIST::FUNCTION:
+TS_REQ_get_version                      4328    EXIST::FUNCTION:
+TS_REQ_add_ext                          4329    EXIST::FUNCTION:
+EVP_PKEY_CTX_set_app_data               4330    EXIST::FUNCTION:
+OBJ_bsearch_                            4331    EXIST::FUNCTION:
+EVP_PKEY_meth_set_verifyctx             4332    EXIST::FUNCTION:
+i2d_PKCS7_bio_stream                    4333    EXIST::FUNCTION:
+CRYPTO_THREADID_set_numeric             4334    EXIST::FUNCTION:
+PKCS7_sign_add_signer                   4335    EXIST::FUNCTION:
+d2i_TS_TST_INFO_bio                     4336    EXIST::FUNCTION:
+TS_TST_INFO_get_ordering                4337    EXIST::FUNCTION:
+TS_RESP_print_bio                       4338    EXIST::FUNCTION:
+TS_TST_INFO_get_exts                    4339    EXIST::FUNCTION:
+HMAC_CTX_copy                           4340    EXIST::FUNCTION:HMAC
+PKCS5_pbe2_set_iv                       4341    EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meths              4342    EXIST::FUNCTION:ENGINE
+b2i_PrivateKey                          4343    EXIST::FUNCTION:
+EVP_PKEY_CTX_get_app_data               4344    EXIST::FUNCTION:
+TS_REQ_set_cert_req                     4345    EXIST::FUNCTION:
+CRYPTO_THREADID_set_callback            4346    EXIST::FUNCTION:
+TS_CONF_set_serial                      4347    EXIST::FUNCTION:
+TS_TST_INFO_free                        4348    EXIST::FUNCTION:
+d2i_TS_REQ_fp                           4349    EXIST::FUNCTION:
+TS_RESP_verify_response                 4350    EXIST::FUNCTION:
+i2d_ESS_ISSUER_SERIAL                   4351    EXIST::FUNCTION:
+TS_ACCURACY_get_seconds                 4352    EXIST::FUNCTION:
+EVP_CIPHER_do_all                       4353    EXIST::FUNCTION:
+b2i_PrivateKey_bio                      4354    EXIST::FUNCTION:
+OCSP_CERTID_dup                         4355    EXIST::FUNCTION:
+X509_PUBKEY_get0_param                  4356    EXIST::FUNCTION:
+TS_MSG_IMPRINT_dup                      4357    EXIST::FUNCTION:
+PKCS7_print_ctx                         4358    EXIST::FUNCTION:
+i2d_TS_REQ_bio                          4359    EXIST::FUNCTION:
+EVP_whirlpool                           4360    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+EVP_PKEY_asn1_set_param                 4361    EXIST::FUNCTION:
+EVP_PKEY_meth_set_encrypt               4362    EXIST::FUNCTION:
+ASN1_PCTX_set_flags                     4363    EXIST::FUNCTION:
+i2d_ESS_CERT_ID                         4364    EXIST::FUNCTION:
+TS_VERIFY_CTX_new                       4365    EXIST::FUNCTION:
+TS_RESP_CTX_set_extension_cb            4366    EXIST::FUNCTION:
+ENGINE_register_all_pkey_meths          4367    EXIST::FUNCTION:ENGINE
+TS_RESP_CTX_set_status_info_cond        4368    EXIST:!VMS:FUNCTION:
+TS_RESP_CTX_set_stat_info_cond          4368    EXIST:VMS:FUNCTION:
+EVP_PKEY_verify                         4369    EXIST::FUNCTION:
+WHIRLPOOL_Final                         4370    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+X509_CRL_METHOD_new                     4371    EXIST::FUNCTION:
+EVP_DigestSignFinal                     4372    EXIST::FUNCTION:
+TS_RESP_CTX_set_def_policy              4373    EXIST::FUNCTION:
+NETSCAPE_X509_it                        4374    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_X509_it                        4374    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_RESP_create_response                 4375    EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_get0_algs             4376    EXIST::FUNCTION:
+TS_TST_INFO_get_nonce                   4377    EXIST::FUNCTION:
+EVP_PKEY_decrypt_old                    4378    EXIST::FUNCTION:
+TS_TST_INFO_set_policy_id               4379    EXIST::FUNCTION:
+TS_CONF_set_ess_cert_id_chain           4380    EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_pkey                  4381    EXIST::FUNCTION:
+d2i_TS_REQ                              4382    EXIST::FUNCTION:
+EVP_PKEY_asn1_find_str                  4383    EXIST::FUNCTION:
+BIO_f_asn1                              4384    EXIST::FUNCTION:
+ESS_SIGNING_CERT_new                    4385    EXIST::FUNCTION:
+EVP_PBE_find                            4386    EXIST::FUNCTION:
+X509_CRL_get0_by_cert                   4387    EXIST::FUNCTION:
+EVP_PKEY_derive                         4388    EXIST::FUNCTION:
+i2d_TS_REQ                              4389    EXIST::FUNCTION:
+TS_TST_INFO_delete_ext                  4390    EXIST::FUNCTION:
+ESS_ISSUER_SERIAL_free                  4391    EXIST::FUNCTION:
+ASN1_PCTX_set_str_flags                 4392    EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth_str           4393    EXIST::FUNCTION:ENGINE
+TS_CONF_set_signer_key                  4394    EXIST::FUNCTION:
+TS_ACCURACY_get_millis                  4395    EXIST::FUNCTION:
+TS_RESP_get_token                       4396    EXIST::FUNCTION:
+TS_ACCURACY_dup                         4397    EXIST::FUNCTION:
+ENGINE_register_all_pkey_asn1_meths     4398    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_reg_all_pkey_asn1_meths          4398    EXIST:VMS:FUNCTION:ENGINE
+X509_CRL_set_default_method             4399    EXIST::FUNCTION:
+CRYPTO_THREADID_hash                    4400    EXIST::FUNCTION:
+CMS_ContentInfo_print_ctx               4401    EXIST::FUNCTION:CMS
+TS_RESP_free                            4402    EXIST::FUNCTION:
+ISSUING_DIST_POINT_free                 4403    EXIST::FUNCTION:
+ESS_ISSUER_SERIAL_new                   4404    EXIST::FUNCTION:
+CMS_add1_crl                            4405    EXIST::FUNCTION:CMS
+PKCS7_add1_attrib_digest                4406    EXIST::FUNCTION:
+TS_RESP_CTX_add_md                      4407    EXIST::FUNCTION:
+TS_TST_INFO_dup                         4408    EXIST::FUNCTION:
+ENGINE_set_pkey_asn1_meths              4409    EXIST::FUNCTION:ENGINE
+PEM_write_bio_Parameters                4410    EXIST::FUNCTION:
+TS_TST_INFO_get_accuracy                4411    EXIST::FUNCTION:
+X509_CRL_get0_by_serial                 4412    EXIST::FUNCTION:
+TS_TST_INFO_set_version                 4413    EXIST::FUNCTION:
+TS_RESP_CTX_get_tst_info                4414    EXIST::FUNCTION:
+TS_RESP_verify_signature                4415    EXIST::FUNCTION:
+CRYPTO_THREADID_get_callback            4416    EXIST::FUNCTION:
+TS_TST_INFO_get_tsa                     4417    EXIST::FUNCTION:
+TS_STATUS_INFO_new                      4418    EXIST::FUNCTION:
+EVP_PKEY_CTX_get_cb                     4419    EXIST::FUNCTION:
+TS_REQ_get_ext_d2i                      4420    EXIST::FUNCTION:
+GENERAL_NAME_set0_othername             4421    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_count               4422    EXIST::FUNCTION:
+TS_RESP_CTX_get_request                 4423    EXIST::FUNCTION:
+i2d_NETSCAPE_X509                       4424    EXIST::FUNCTION:
+ENGINE_get_pkey_meth_engine             4425    EXIST::FUNCTION:ENGINE
+EVP_PKEY_meth_set_signctx               4426    EXIST::FUNCTION:
+EVP_PKEY_asn1_copy                      4427    EXIST::FUNCTION:
+ASN1_TYPE_cmp                           4428    EXIST::FUNCTION:
+EVP_CIPHER_do_all_sorted                4429    EXIST::FUNCTION:
+EVP_PKEY_CTX_free                       4430    EXIST::FUNCTION:
+ISSUING_DIST_POINT_it                   4431    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ISSUING_DIST_POINT_it                   4431    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_TS_MSG_IMPRINT_fp                   4432    EXIST::FUNCTION:
+X509_STORE_get1_certs                   4433    EXIST::FUNCTION:
+EVP_PKEY_CTX_get_operation              4434    EXIST::FUNCTION:
+d2i_ESS_SIGNING_CERT                    4435    EXIST::FUNCTION:
+TS_CONF_set_ordering                    4436    EXIST::FUNCTION:
+EVP_PBE_alg_add_type                    4437    EXIST::FUNCTION:
+TS_REQ_set_version                      4438    EXIST::FUNCTION:
+EVP_PKEY_get0                           4439    EXIST::FUNCTION:
+BIO_asn1_set_suffix                     4440    EXIST::FUNCTION:
+i2d_TS_STATUS_INFO                      4441    EXIST::FUNCTION:
+EVP_MD_do_all                           4442    EXIST::FUNCTION:
+TS_TST_INFO_set_accuracy                4443    EXIST::FUNCTION:
+PKCS7_add_attrib_content_type           4444    EXIST::FUNCTION:
+ERR_remove_thread_state                 4445    EXIST::FUNCTION:
+EVP_PKEY_meth_add0                      4446    EXIST::FUNCTION:
+TS_TST_INFO_set_tsa                     4447    EXIST::FUNCTION:
+EVP_PKEY_meth_new                       4448    EXIST::FUNCTION:
+WHIRLPOOL_Update                        4449    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+TS_CONF_set_accuracy                    4450    EXIST::FUNCTION:
+ASN1_PCTX_set_oid_flags                 4451    EXIST::FUNCTION:
+ESS_SIGNING_CERT_dup                    4452    EXIST::FUNCTION:
+d2i_TS_REQ_bio                          4453    EXIST::FUNCTION:
+X509_time_adj_ex                        4454    EXIST::FUNCTION:
+TS_RESP_CTX_add_flags                   4455    EXIST::FUNCTION:
+d2i_TS_STATUS_INFO                      4456    EXIST::FUNCTION:
+TS_MSG_IMPRINT_set_msg                  4457    EXIST::FUNCTION:
+BIO_asn1_get_suffix                     4458    EXIST::FUNCTION:
+TS_REQ_free                             4459    EXIST::FUNCTION:
+EVP_PKEY_meth_free                      4460    EXIST::FUNCTION:
+TS_REQ_get_exts                         4461    EXIST::FUNCTION:
+TS_RESP_CTX_set_clock_precision_digits  4462    EXIST:!VMS:FUNCTION:
+TS_RESP_CTX_set_clk_prec_digits         4462    EXIST:VMS:FUNCTION:
+TS_RESP_CTX_add_failure_info            4463    EXIST::FUNCTION:
+i2d_TS_RESP_bio                         4464    EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_peerkey               4465    EXIST::FUNCTION:
+PEM_write_bio_CMS_stream                4466    EXIST::FUNCTION:CMS
+TS_REQ_new                              4467    EXIST::FUNCTION:
+TS_MSG_IMPRINT_new                      4468    EXIST::FUNCTION:
+EVP_PKEY_meth_find                      4469    EXIST::FUNCTION:
+EVP_PKEY_id                             4470    EXIST::FUNCTION:
+TS_TST_INFO_set_serial                  4471    EXIST::FUNCTION:
+a2i_GENERAL_NAME                        4472    EXIST::FUNCTION:
+TS_CONF_set_crypto_device               4473    EXIST::FUNCTION:
+EVP_PKEY_verify_init                    4474    EXIST::FUNCTION:
+TS_CONF_set_policies                    4475    EXIST::FUNCTION:
+ASN1_PCTX_new                           4476    EXIST::FUNCTION:
+ESS_CERT_ID_free                        4477    EXIST::FUNCTION:
+ENGINE_unregister_pkey_meths            4478    EXIST::FUNCTION:ENGINE
+TS_MSG_IMPRINT_free                     4479    EXIST::FUNCTION:
+TS_VERIFY_CTX_init                      4480    EXIST::FUNCTION:
+PKCS7_stream                            4481    EXIST::FUNCTION:
+TS_RESP_CTX_set_certs                   4482    EXIST::FUNCTION:
+TS_CONF_set_def_policy                  4483    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_adj                4484    EXIST::FUNCTION:
+NETSCAPE_X509_new                       4485    EXIST::FUNCTION:
+TS_ACCURACY_free                        4486    EXIST::FUNCTION:
+TS_RESP_get_tst_info                    4487    EXIST::FUNCTION:
+EVP_PKEY_derive_set_peer                4488    EXIST::FUNCTION:
+PEM_read_bio_Parameters                 4489    EXIST::FUNCTION:
+TS_CONF_set_clock_precision_digits      4490    EXIST:!VMS:FUNCTION:
+TS_CONF_set_clk_prec_digits             4490    EXIST:VMS:FUNCTION:
+ESS_ISSUER_SERIAL_dup                   4491    EXIST::FUNCTION:
+TS_ACCURACY_get_micros                  4492    EXIST::FUNCTION:
+ASN1_PCTX_get_str_flags                 4493    EXIST::FUNCTION:
+NAME_CONSTRAINTS_check                  4494    EXIST::FUNCTION:
+ASN1_BIT_STRING_check                   4495    EXIST::FUNCTION:
+X509_check_akid                         4496    EXIST::FUNCTION:
+ENGINE_unregister_pkey_asn1_meths       4497    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_unreg_pkey_asn1_meths            4497    EXIST:VMS:FUNCTION:ENGINE
+ASN1_PCTX_free                          4498    EXIST::FUNCTION:
+PEM_write_bio_ASN1_stream               4499    EXIST::FUNCTION:
+i2d_ASN1_bio_stream                     4500    EXIST::FUNCTION:
+TS_X509_ALGOR_print_bio                 4501    EXIST::FUNCTION:
+EVP_PKEY_meth_set_cleanup               4502    EXIST::FUNCTION:
+EVP_PKEY_asn1_free                      4503    EXIST::FUNCTION:
+ESS_SIGNING_CERT_free                   4504    EXIST::FUNCTION:
+TS_TST_INFO_set_msg_imprint             4505    EXIST::FUNCTION:
+GENERAL_NAME_cmp                        4506    EXIST::FUNCTION:
+d2i_ASN1_SET_ANY                        4507    EXIST::FUNCTION:
+ENGINE_set_pkey_meths                   4508    EXIST::FUNCTION:ENGINE
+i2d_TS_REQ_fp                           4509    EXIST::FUNCTION:
+d2i_ASN1_SEQUENCE_ANY                   4510    EXIST::FUNCTION:
+GENERAL_NAME_get0_otherName             4511    EXIST::FUNCTION:
+d2i_ESS_CERT_ID                         4512    EXIST::FUNCTION:
+OBJ_find_sigid_algs                     4513    EXIST::FUNCTION:
+EVP_PKEY_meth_set_keygen                4514    EXIST::FUNCTION:
+PKCS5_PBKDF2_HMAC                       4515    EXIST::FUNCTION:
+EVP_PKEY_paramgen                       4516    EXIST::FUNCTION:
+EVP_PKEY_meth_set_paramgen              4517    EXIST::FUNCTION:
+BIO_new_PKCS7                           4518    EXIST::FUNCTION:
+EVP_PKEY_verify_recover                 4519    EXIST::FUNCTION:
+TS_ext_print_bio                        4520    EXIST::FUNCTION:
+TS_ASN1_INTEGER_print_bio               4521    EXIST::FUNCTION:
+check_defer                             4522    EXIST::FUNCTION:
+DSO_pathbyaddr                          4523    EXIST::FUNCTION:
+EVP_PKEY_set_type                       4524    EXIST::FUNCTION:
+TS_ACCURACY_set_micros                  4525    EXIST::FUNCTION:
+TS_REQ_to_TS_VERIFY_CTX                 4526    EXIST::FUNCTION:
+EVP_PKEY_meth_set_copy                  4527    EXIST::FUNCTION:
+ASN1_PCTX_set_cert_flags                4528    EXIST::FUNCTION:
+TS_TST_INFO_get_ext                     4529    EXIST::FUNCTION:
+EVP_PKEY_asn1_set_ctrl                  4530    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_by_critical         4531    EXIST::FUNCTION:
+EVP_PKEY_CTX_new_id                     4532    EXIST::FUNCTION:
+TS_REQ_get_ext_by_OBJ                   4533    EXIST::FUNCTION:
+TS_CONF_set_signer_cert                 4534    EXIST::FUNCTION:
+X509_NAME_hash_old                      4535    EXIST::FUNCTION:
+ASN1_TIME_set_string                    4536    EXIST::FUNCTION:
+EVP_MD_flags                            4537    EXIST::FUNCTION:
+TS_RESP_CTX_free                        4538    EXIST::FUNCTION:
+DSAparams_dup                           4539    EXIST::FUNCTION:DSA
+DHparams_dup                            4540    EXIST::FUNCTION:DH
+OCSP_REQ_CTX_add1_header                4541    EXIST::FUNCTION:
+OCSP_REQ_CTX_set1_req                   4542    EXIST::FUNCTION:
+X509_STORE_set_verify_cb                4543    EXIST::FUNCTION:
+X509_STORE_CTX_get0_current_crl         4544    EXIST::FUNCTION:
+X509_STORE_CTX_get0_parent_ctx          4545    EXIST::FUNCTION:
+X509_STORE_CTX_get0_current_issuer      4546    EXIST:!VMS:FUNCTION:
+X509_STORE_CTX_get0_cur_issuer          4546    EXIST:VMS:FUNCTION:
+X509_issuer_name_hash_old               4547    EXIST::FUNCTION:MD5
+X509_subject_name_hash_old              4548    EXIST::FUNCTION:MD5
+EVP_CIPHER_CTX_copy                     4549    EXIST::FUNCTION:
+UI_method_get_prompt_constructor        4550    EXIST:!VMS:FUNCTION:
+UI_method_get_prompt_constructr         4550    EXIST:VMS:FUNCTION:
+UI_method_set_prompt_constructor        4551    EXIST:!VMS:FUNCTION:
+UI_method_set_prompt_constructr         4551    EXIST:VMS:FUNCTION:
+EVP_read_pw_string_min                  4552    EXIST::FUNCTION:
diff --git a/src/lib/libssl/src/util/mk1mf.pl b/src/lib/libssl/src/util/mk1mf.pl
index f2b92b2b25..280e9de1ad 100644
--- a/src/lib/libssl/src/util/mk1mf.pl
+++ b/src/lib/libssl/src/util/mk1mf.pl
@@ -6,36 +6,56 @@
 #
 $INSTALLTOP="/usr/local/ssl";
+$OPENSSLDIR="/usr/local/ssl";
 $OPTIONS="";
 $ssl_version="";
 $banner="\t\@echo Building OpenSSL";
-my $no_static_engine = 0;
+my $no_static_engine = 1;
 my $engines = "";
 local $zlib_opt = 0;    # 0 = no zlib, 1 = static, 2 = dynamic
 local $zlib_lib = "";
+local $perl_asm = 0;    # 1 to autobuild asm files from perl scripts
+# Options to import from top level Makefile
+my %mf_import = (
+        VERSION        => \$ssl_version,
+        OPTIONS        => \$OPTIONS,
+        INSTALLTOP     => \$INSTALLTOP,
+        OPENSSLDIR     => \$OPENSSLDIR,
+        PLATFORM       => \$mf_platform,
+        CFLAG          => \$mf_cflag,
+        DEPFLAG        => \$mf_depflag,
+        CPUID_OBJ      => \$mf_cpuid_asm,
+        BN_ASM         => \$mf_bn_asm,
+        DES_ENC        => \$mf_des_asm,
+        AES_ENC        => \$mf_aes_asm,
+        BF_ENC         => \$mf_bf_asm,
+        CAST_ENC       => \$mf_cast_asm,
+        RC4_ENC        => \$mf_rc4_asm,
+        RC5_ENC        => \$mf_rc5_asm,
+        MD5_ASM_OBJ    => \$mf_md5_asm,
+        SHA1_ASM_OBJ   => \$mf_sha_asm,
+        RMD160_ASM_OBJ => \$mf_rmd_asm,
+        WP_ASM_OBJ     => \$mf_wp_asm,
+        CMLL_ENC       => \$mf_cm_asm
+);
-local $fips_canister_path = "";
-my $fips_premain_dso_exe_path = "";
-my $fips_premain_c_path = "";
-my $fips_sha1_exe_path = "";
-local $fipscanisterbuild = 0;
-local $fipsdso = 0;
-my $fipslibdir = "";
-my $baseaddr = "";
-my $ex_l_libs = "";
 open(IN,"<Makefile") || die "unable to open Makefile!\n";
 while(<IN>) {
-    $ssl_version=$1 if (/^VERSION=(.*)$/);
+    my ($mf_opt, $mf_ref);
-    $OPTIONS=$1 if (/^OPTIONS=(.*)$/);
+    while (($mf_opt, $mf_ref) = each %mf_import) {
-    $INSTALLTOP=$1 if (/^INSTALLTOP=(.*$)/);
+        if (/^$mf_opt\s*=\s*(.*)$/) {
+           $$mf_ref = $1;
+        }
+    }
 }
 close(IN);
+$debug = 1 if $mf_platform =~ /^debug-/;
 die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq "";
 $infile="MINFO";
@@ -58,6 +78,7 @@ $infile="MINFO";
        "netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets",
        "netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets",
        "default","cc under unix",
+        "auto", "auto detect from top level Makefile"
        );
 $platform="";
@@ -144,6 +165,12 @@ $bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
 $NT=0;
 push(@INC,"util/pl","pl");
+if ($platform eq "auto") {
+        $platform = $mf_platform;
+        print STDERR "Imported platform $mf_platform\n";
+}
 if (($platform =~ /VC-(.+)/))
        {
        $FLAVOR=$1;
@@ -228,13 +255,12 @@ $cflags.=" -DOPENSSL_NO_DES"  if $no_des;
 $cflags.=" -DOPENSSL_NO_RSA"  if $no_rsa;
 $cflags.=" -DOPENSSL_NO_DSA"  if $no_dsa;
 $cflags.=" -DOPENSSL_NO_DH"   if $no_dh;
+$cflags.=" -DOPENSSL_NO_WHIRLPOOL"   if $no_whirlpool;
 $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
 $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
 $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
 $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
 $cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
-$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
-$cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng;
 $cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
 $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
 $cflags.=" -DOPENSSL_NO_EC"   if $no_ec;
@@ -242,7 +268,7 @@ $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
 $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
 $cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
 $cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
-$cflags.=" -DOPENSSL_FIPS"    if $fips;
+$cflags.=" -DOPENSSL_NO_JPAKE"    if $no_jpake;
 $cflags.= " -DZLIB" if $zlib_opt;
 $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
@@ -264,9 +290,9 @@ else
 $ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
 %shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
-                  "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO",
+                  "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
-                  "FIPS" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
 if ($msdos)
        {
@@ -280,6 +306,7 @@ if ($msdos)
 $link="$bin_dir$link" if ($link !~ /^\$/);
 $INSTALLTOP =~ s|/|$o|g;
+$OPENSSLDIR =~ s|/|$o|g;
 #############################################
 # We parse in input file and 'store' info for later printing.
@@ -294,21 +321,11 @@ for (;;)
                {
                if ($lib ne "")
                        {
-                        if ($fips && $dir =~ /^fips/)
+                        $uc=$lib;
-                                {
+                        $uc =~ s/^lib(.*)\.a/$1/;
-                                $uc = "FIPS";
+                        $uc =~ tr/a-z/A-Z/;
-                                }
+                        $lib_nam{$uc}=$uc;
-                        else
+                        $lib_obj{$uc}.=$libobj." ";
-                                {
-                                $uc=$lib;
-                                $uc =~ s/^lib(.*)\.a/$1/;
-                                $uc =~ tr/a-z/A-Z/;
-                                }
-                        if (($uc ne "FIPS") || $fipscanisterbuild)
-                                {
-                                $lib_nam{$uc}=$uc;
-                                $lib_obj{$uc}.=$libobj." ";
-                                }
                        }
                last if ($val eq "FINISHED");
                $lib="";
@@ -351,130 +368,11 @@ for (;;)
        if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine)
                { $engines.=$val }
-        if ($key eq "FIPS_EX_OBJ")
-                { 
-                $fips_ex_obj=&var_add("crypto",$val,0);
-                }
-        if ($key eq "FIPSLIBDIR")
-                {
-                $fipslibdir=$val;
-                $fipslibdir =~ s/\/$//;
-                $fipslibdir =~ s/\//$o/g;
-                }
-        if ($key eq "BASEADDR")
-                { $baseaddr=$val;}
        if (!($_=<IN>))
                { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
        }
 close(IN);
-if ($fips)
-        {
-         
-        foreach (split " ", $fips_ex_obj)
-                {
-                $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/);
-                }
-        $fips_exclude_obj{"cpu_win32"} = 1;
-        $fips_exclude_obj{"bn_asm"} = 1;
-        $fips_exclude_obj{"des_enc"} = 1;
-        $fips_exclude_obj{"fcrypt_b"} = 1;
-        $fips_exclude_obj{"aes_core"} = 1;
-        $fips_exclude_obj{"aes_cbc"} = 1;
-        my @ltmp = split " ", $lib_obj{"CRYPTO"};
-        $lib_obj{"CRYPTO"} = "";
-        foreach(@ltmp)
-                {
-                if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1})
-                        {
-                        if ($fipscanisterbuild)
-                                {
-                                $lib_obj{"FIPS"} .= "$_ ";
-                                }
-                        }
-                else
-                        {
-                        $lib_obj{"CRYPTO"} .= "$_ ";
-                        }
-                }
-        }
-if ($fipscanisterbuild)
-        {
-        $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq "";
-        $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c";
-        }
-else
-        {
-        if ($fips_canister_path eq "")
-                {
-                $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib";
-                }
-        if ($fips_premain_c_path eq "")
-                {
-                $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
-                }
-        }
-if ($fips)
-        {
-        if ($fips_sha1_exe_path eq "")
-                {
-                $fips_sha1_exe_path =
-                        "\$(BIN_D)${o}fips_standalone_sha1$exep";
-                }
-        }
-        else
-        {
-        $fips_sha1_exe_path = "";
-        }
-if ($fips_premain_dso_exe_path eq "")
-        {
-        $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
-        }
-#       $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
-#$ex_l_libs .= " \$(L_FIPS)" if $fipsdso;
-if ($fips)
-        {
-        if (!$shlib)
-                {
-                $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
-                $ex_l_libs .= " \$(O_FIPSCANISTER)";
-                $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild;
-                }
-        if ($fipscanisterbuild)
-                {
-                $fipslibdir = "\$(LIB_D)";
-                }
-        else
-                {
-                if ($fipslibdir eq "")
-                        {
-                        open (IN, "util/fipslib_path.txt") || fipslib_error();
-                        $fipslibdir = <IN>;
-                        chomp $fipslibdir;
-                        close IN;
-                        }
-                fips_check_files($fipslibdir,
-                                "fipscanister.lib", "fipscanister.lib.sha1",
-                                "fips_premain.c", "fips_premain.c.sha1");
-                }
-        }
 if ($shlib)
        {
        $extra_install= <<"EOF";
@@ -520,6 +418,7 @@ $defs .= $preamble if defined $preamble;
 $defs.= <<"EOF";
 INSTALLTOP=$INSTALLTOP
+OPENSSLDIR=$OPENSSLDIR
 # Set your compiler options
 PLATFORM=$platform
@@ -540,32 +439,6 @@ SRC_D=$src_dir
 LINK=$link
 LFLAGS=$lflags
 RSC=$rsc
-FIPSLINK=\$(PERL) util${o}fipslink.pl
-AES_ASM_OBJ=$aes_asm_obj
-AES_ASM_SRC=$aes_asm_src
-BN_ASM_OBJ=$bn_asm_obj
-BN_ASM_SRC=$bn_asm_src
-BNCO_ASM_OBJ=$bnco_asm_obj
-BNCO_ASM_SRC=$bnco_asm_src
-DES_ENC_OBJ=$des_enc_obj
-DES_ENC_SRC=$des_enc_src
-BF_ENC_OBJ=$bf_enc_obj
-BF_ENC_SRC=$bf_enc_src
-CAST_ENC_OBJ=$cast_enc_obj
-CAST_ENC_SRC=$cast_enc_src
-RC4_ENC_OBJ=$rc4_enc_obj
-RC4_ENC_SRC=$rc4_enc_src
-RC5_ENC_OBJ=$rc5_enc_obj
-RC5_ENC_SRC=$rc5_enc_src
-MD5_ASM_OBJ=$md5_asm_obj
-MD5_ASM_SRC=$md5_asm_src
-SHA1_ASM_OBJ=$sha1_asm_obj
-SHA1_ASM_SRC=$sha1_asm_src
-RMD160_ASM_OBJ=$rmd160_asm_obj
-RMD160_ASM_SRC=$rmd160_asm_src
-CPUID_ASM_OBJ=$cpuid_asm_obj
-CPUID_ASM_SRC=$cpuid_asm_src
 # The output directory for everything intersting
 OUT_D=$out_dir
@@ -584,17 +457,6 @@ MKLIB=$bin_dir$mklib
 MLFLAGS=$mlflags
 ASM=$bin_dir$asm
-# FIPS validated module and support file locations
-E_PREMAIN_DSO=fips_premain_dso
-FIPSLIB_D=$fipslibdir
-BASEADDR=$baseaddr
-FIPS_PREMAIN_SRC=$fips_premain_c_path
-O_FIPSCANISTER=$fips_canister_path
-FIPS_SHA1_EXE=$fips_sha1_exe_path
-PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
 ######################################################
 # You should not need to touch anything below this point
 ######################################################
@@ -602,7 +464,6 @@ PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
 E_EXE=openssl
 SSL=$ssl
 CRYPTO=$crypto
-LIBFIPS=libosslfips
 # BIN_D  - Binary output directory
 # TEST_D - Binary test file output directory
@@ -623,14 +484,12 @@ INCL_D=\$(TMP_D)
 O_SSL=     \$(LIB_D)$o$plib\$(SSL)$shlibp
 O_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
-O_FIPS=    \$(LIB_D)$o$plib\$(LIBFIPS)$shlibp
 SO_SSL=    $plib\$(SSL)$so_shlibp
 SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
 L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
 L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
-L_FIPS=    \$(LIB_D)$o$plib\$(LIBFIPS)$libp
-L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
+L_LIBS= \$(L_SSL) \$(L_CRYPTO)
 ######################################################
 # Don't touch anything below this point
@@ -640,13 +499,13 @@ INC=-I\$(INC_D) -I\$(INCL_D)
 APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
 LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
 SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
-LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
 #############################################
 EOF
 $rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
 banner:
 $banner
@@ -683,8 +542,9 @@ install: all
        \$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\"
        \$(MKDIR) \"\$(INSTALLTOP)${o}lib\"
        \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\"
-        \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep\" \"\$(INSTALLTOP)${o}bin\"
+        \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\"
-        \$(CP) \"apps${o}openssl.cnf\" \"\$(INSTALLTOP)\"
+        \$(MKDIR) \"\$(OPENSSLDIR)\"
+        \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\"
 $extra_install
@@ -761,26 +621,6 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
 $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
 $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
-# Special case rules for fips_start and fips_end fips_premain_dso
-if ($fips)
-        {
-        if ($fipscanisterbuild)
-                {
-                $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
-                        "fips${o}fips_canister.c",
-                        "-DFIPS_START \$(SHLIB_CFLAGS)");
-                $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
-                        "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
-                }
-        $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
-                "fips${o}sha${o}fips_standalone_sha1.c",
-                "\$(SHLIB_CFLAGS)");
-        $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
-                "fips${o}fips_premain.c",
-                "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
-        }
 foreach (values %lib_nam)
        {
        $lib_obj=$lib_obj{$_};
@@ -792,78 +632,14 @@ foreach (values %lib_nam)
                next;
                }
-        if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS")))
-                {
-                if ($cpuid_asm_obj ne "")
-                        {
-                        $lib_obj =~ s/(\S*\/cryptlib\S*)/$1 \$(CPUID_ASM_OBJ)/;
-                        $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src);
-                        }
-                if ($aes_asm_obj ne "")
-                        {
-                        $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/;
-                        $lib_obj =~ s/\s\S*\/aes_cbc\S*//;
-                        $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src);
-                        }
-                if ($sha1_asm_obj ne "")
-                        {
-                        $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
-                        $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
-                        }
-                if ($bn_asm_obj ne "")
-                        {
-                        $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
-                        $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
-                        }
-                if ($bnco_asm_obj ne "")
-                        {
-                        $lib_obj .= "\$(BNCO_ASM_OBJ)";
-                        $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src);
-                        }
-                if ($des_enc_obj ne "")
-                        {
-                        $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
-                        $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
-                        $rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
-                        }
-                }
-        if (($bf_enc_obj ne "") && ($_ eq "CRYPTO"))
-                {
-                $lib_obj =~ s/\s\S*\/bf_enc\S*/ \$(BF_ENC_OBJ)/;
-                $rules.=&do_asm_rule($bf_enc_obj,$bf_enc_src);
-                }
-        if (($cast_enc_obj ne "") && ($_ eq "CRYPTO"))
-                {
-                $lib_obj =~ s/(\s\S*\/c_enc\S*)/ \$(CAST_ENC_OBJ)/;
-                $rules.=&do_asm_rule($cast_enc_obj,$cast_enc_src);
-                }
-        if (($rc4_enc_obj ne "") && ($_ eq "CRYPTO"))
-                {
-                $lib_obj =~ s/\s\S*\/rc4_enc\S*/ \$(RC4_ENC_OBJ)/;
-                $rules.=&do_asm_rule($rc4_enc_obj,$rc4_enc_src);
-                }
-        if (($rc5_enc_obj ne "") && ($_ eq "CRYPTO"))
-                {
-                $lib_obj =~ s/\s\S*\/rc5_enc\S*/ \$(RC5_ENC_OBJ)/;
-                $rules.=&do_asm_rule($rc5_enc_obj,$rc5_enc_src);
-                }
-        if (($md5_asm_obj ne "") && ($_ eq "CRYPTO"))
-                {
-                $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/;
-                $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src);
-                }
-        if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO"))
-                {
-                $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/;
-                $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src);
-                }
        $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
        $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
        $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
        }
 # hack to add version info on MSVC
-if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) {
+if (($platform eq "VC-WIN32") || ($platform eq "VC-WIN64A")
+        || ($platform eq "VC-WIN64I") || ($platform eq "VC-NT")) {
    $rules.= <<"EOF";
 \$(OBJ_D)\\\$(CRYPTO).res: ms\\version32.rc
        \$(RSC) /fo"\$(OBJ_D)\\\$(CRYPTO).res" /d CRYPTO ms\\version32.rc
@@ -871,43 +647,15 @@ if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) {
 \$(OBJ_D)\\\$(SSL).res: ms\\version32.rc
        \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc
-\$(OBJ_D)\\\$(LIBFIPS).res: ms\\version32.rc
-        \$(RSC) /fo"\$(OBJ_D)\\\$(LIBFIPS).res" /d FIPS ms\\version32.rc
 EOF
 }
 $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
 foreach (split(/\s+/,$test))
        {
-        my $t_libs;
        $t=&bname($_);
-        my $ltype;
-        # Check to see if test program is FIPS
-        if ($fips && /fips/)
-                {
-                # If fipsdso link to libosslfips.dll 
-                # otherwise perform static link to 
-                # $(O_FIPSCANISTER)
-                if ($fipsdso)
-                        {
-                        $t_libs = "\$(L_FIPS)";
-                        $ltype = 0;
-                        }
-                else
-                        {
-                        $t_libs = "\$(O_FIPSCANISTER)";
-                        $ltype = 2;
-                        }
-                }
-        else
-                {
-                $t_libs = "\$(L_LIBS)";
-                $ltype = 0;
-                }
        $tt="\$(OBJ_D)${o}$t${obj}";
-        $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype);
+        $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
        }
 $defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp);
@@ -921,69 +669,9 @@ foreach (split(/\s+/,$engines))
 $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
+$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
-if ($fips)
+$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
-        {
-        if ($shlib)
-                {
-                if ($fipsdso)
-                        {
-                        $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
-                                        "\$(O_CRYPTO)", "$crypto",
-                                        $shlib, "", "");
-                        $rules.= &do_lib_rule(
-                                "\$(O_FIPSCANISTER)",
-                                "\$(O_FIPS)", "\$(LIBFIPS)",
-                                $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
-                        $rules.= &do_sdef_rule();
-                        }
-                else
-                        {
-                        $rules.= &do_lib_rule(
-                                "\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
-                                "\$(O_CRYPTO)", "$crypto",
-                                $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
-                        }
-                }
-        else
-                {
-                $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
-                        "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
-                $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)",
-                        "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
-                }
-        }
-        else
-        {
-        $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
-                                                        "\$(SO_CRYPTO)");
-        }
-if ($fips)
-        {
-        if ($fipscanisterbuild)
-                {
-                $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)",
-                                        "\$(OBJ_D)${o}fips_start$obj",
-                                        "\$(FIPSOBJ)",
-                                        "\$(OBJ_D)${o}fips_end$obj",
-                                        "\$(FIPS_SHA1_EXE)", "");
-                $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
-                                        "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj \$(SHA1_ASM_OBJ)",
-                                        "","\$(EX_LIBS)", 1);
-                }
-        else
-                {
-                $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
-                                        "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)",
-                                        "","", 1);
-                }
-        $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
-        
-        }
-$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0);
 print $defs;
@@ -1022,7 +710,6 @@ sub var_add
        return("") if $no_ec   && $dir =~ /\/ec/;
        return("") if $no_cms  && $dir =~ /\/cms/;
        return("") if $no_jpake  && $dir =~ /\/jpake/;
-        return("") if !$fips   && $dir =~ /^fips/;
        if ($no_des && $dir =~ /\/des/)
                {
                if ($val =~ /read_pwd/)
@@ -1034,6 +721,7 @@ sub var_add
        return("") if $no_sock && $dir =~ /\/proxy/;
        return("") if $no_bf   && $dir =~ /\/bf/;
        return("") if $no_cast && $dir =~ /\/cast/;
+        return("") if $no_whirlpool && $dir =~ /\/whrlpool/;
        $val =~ s/^\s*(.*)\s*$/$1/;
        @a=split(/\s+/,$val);
@@ -1051,8 +739,8 @@ sub var_add
        @a=grep(!/^e_camellia$/,@a) if $no_camellia;
        @a=grep(!/^e_seed$/,@a) if $no_seed;
-        @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
+        #@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
-        @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
+        #@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
        @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
@@ -1126,6 +814,7 @@ sub do_defs
                else    { $pf=$postfix; }
                if ($_ =~ /BN_ASM/)     { $t="$_ "; }
                elsif ($_ =~ /BNCO_ASM/){ $t="$_ "; }
+                elsif ($_ =~ /AES_ASM/){ $t="$_ "; }
                elsif ($_ =~ /DES_ENC/) { $t="$_ "; }
                elsif ($_ =~ /BF_ENC/)  { $t="$_ "; }
                elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
@@ -1133,8 +822,8 @@ sub do_defs
                elsif ($_ =~ /RC5_ENC/) { $t="$_ "; }
                elsif ($_ =~ /MD5_ASM/) { $t="$_ "; }
                elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; }
-                elsif ($_ =~ /AES_ASM/){ $t="$_ "; }
                elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; }
+                elsif ($_ =~ /WHIRLPOOL_ASM/){ $t="$_ "; }
                elsif ($_ =~ /CPUID_ASM/){ $t="$_ "; }
                else    { $t="$location${o}$_$pf "; }
@@ -1142,7 +831,7 @@ sub do_defs
                $ret.=$t;
                }
        # hack to add version info on MSVC
-        if ($shlib && (($platform eq "VC-WIN32") || ($platform eq "VC-NT")))
+        if ($shlib && (($platform eq "VC-WIN32") || ($platfrom eq "VC-WIN64I") || ($platform eq "VC-WIN64A") || ($platform eq "VC-NT")))
                {
                if ($var eq "CRYPTOOBJ")
                        { $ret.="\$(OBJ_D)\\\$(CRYPTO).res "; }
@@ -1162,6 +851,13 @@ sub bname
        return($ret);
        }
+# return the leading path
+sub dname
+        {
+        my $ret=shift;
+        $ret =~ s/(^.*)[\\\/][^\\\/]+$/$1/;
+        return($ret);
+        }
 ##############################################################
 # do a rule for each file that says 'compile' to new direcory
@@ -1169,19 +865,61 @@ sub bname
 sub do_compile_rule
        {
        local($to,$files,$ex)=@_;
-        local($ret,$_,$n);
+        local($ret,$_,$n,$d,$s);
-        
        $files =~ s/\//$o/g if $o ne '/';
        foreach (split(/\s+/,$files))
                {
                $n=&bname($_);
-                $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex)
+                $d=&dname($_);
+                if (-f "${_}.c")
+                        {
+                        $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex)
+                        }
+                elsif (-f ($s="${d}${o}asm${o}${n}.pl") or
+                       ($s=~s/sha256/sha512/ and -f $s) or
+                       -f ($s="${d}${o}${n}.pl"))
+                        {
+                        $ret.=&perlasm_compile_target("$to${o}$n$obj",$s,$n);
+                        }
+                elsif (-f ($s="${d}${o}asm${o}${n}.S") or
+                       -f ($s="${d}${o}${n}.S"))
+                        {
+                        $ret.=&Sasm_compile_target("$to${o}$n$obj",$s,$n);
+                        }
+                else    { die "no rule for $_"; }
                }
        return($ret);
        }
 ##############################################################
 # do a rule for each file that says 'compile' to new direcory
+sub perlasm_compile_target
+        {
+        my($target,$source,$bname)=@_;
+        my($ret);
+        $bname =~ s/(.*)\.[^\.]$/$1/;
+        $ret ="\$(TMP_D)$o$bname.asm: $source\n";
+        $ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n\n";
+        $ret.="$target: \$(TMP_D)$o$bname.asm\n";
+        $ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n";
+        return($ret);
+        }
+sub Sasm_compile_target
+        {
+        my($target,$source,$bname)=@_;
+        my($ret);
+        $bname =~ s/(.*)\.[^\.]$/$1/;
+        $ret ="\$(TMP_D)$o$bname.asm: $source\n";
+        $ret.="\t\$(CC) -E \$(CFLAG) $source >\$\@\n\n";
+        $ret.="$target: \$(TMP_D)$o$bname.asm\n";
+        $ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n";
+        return($ret);
+        }
 sub cc_compile_target
        {
        local($target,$source,$ex_flags)=@_;
@@ -1204,13 +942,25 @@ sub do_asm_rule
        $target =~ s/\//$o/g if $o ne "/";
        $src =~ s/\//$o/g if $o ne "/";
-        @s=split(/\s+/,$src);
        @t=split(/\s+/,$target);
+        @s=split(/\s+/,$src);
        for ($i=0; $i<=$#s; $i++)
                {
-                $ret.="$t[$i]: $s[$i]\n";
+                my $objfile = $t[$i];
-                $ret.="\t\$(ASM) $afile$t[$i] \$(SRC_D)$o$s[$i]\n\n";
+                my $srcfile = $s[$i];
+                if ($perl_asm == 1)
+                        {
+                        my $plasm = $objfile;
+                        $plasm =~ s/${obj}/.pl/;
+                        $ret.="$srcfile: $plasm\n";
+                        $ret.="\t\$(PERL) $plasm $asmtype \$(CFLAG) >$srcfile\n\n";
+                        }
+                $ret.="$objfile: $srcfile\n";
+                $ret.="\t\$(ASM) $afile$objfile \$(SRC_D)$o$srcfile\n\n";
                }
        return($ret);
        }
@@ -1274,6 +1024,7 @@ sub read_options
                "no-sha1" => \$no_sha1,
                "no-ripemd" => \$no_ripemd,
                "no-mdc2" => \$no_mdc2,
+                "no-whirlpool" => \$no_whirlpool,
                "no-patents" => 
                        [\$no_rc2, \$no_rc4, \$no_rc5, \$no_idea, \$no_rsa],
                "no-rsa" => \$no_rsa,
@@ -1282,7 +1033,6 @@ sub read_options
                "no-hmac" => \$no_hmac,
                "no-asm" => \$no_asm,
                "nasm" => \$nasm,
-                "ml64" => \$ml64,
                "nw-nasm" => \$nw_nasm,
                "nw-mwasm" => \$nw_mwasm,
                "gaswin" => \$gaswin,
@@ -1291,7 +1041,6 @@ sub read_options
                "no-tlsext" => \$no_tlsext,
                "no-cms" => \$no_cms,
                "no-jpake" => \$no_jpake,
-                "no-capieng" => \$no_capieng,
                "no-err" => \$no_err,
                "no-sock" => \$no_sock,
                "no-krb5" => \$no_krb5,
@@ -1316,11 +1065,9 @@ sub read_options
                "no-rfc3779" => 0,
                "no-montasm" => 0,
                "no-shared" => 0,
+                "no-store" => 0,
                "no-zlib" => 0,
                "no-zlib-dynamic" => 0,
-                "fips" => \$fips,
-                "fipscanisterbuild" => [\$fips, \$fipscanisterbuild],
-                "fipsdso" => [\$fips, \$fipscanisterbuild, \$fipsdso],
                );
        if (exists $valid_options{$_})
@@ -1397,31 +1144,3 @@ sub read_options
        else { return(0); }
        return(1);
        }
-sub fipslib_error
-        {
-        print STDERR "***FIPS module directory sanity check failed***\n";
-        print STDERR "FIPS module build failed, or was deleted\n";
-        print STDERR "Please rebuild FIPS module.\n"; 
-        exit 1;
-        }
-sub fips_check_files
-        {
-        my $dir = shift @_;
-        my $ret = 1;
-        if (!-d $dir)
-                {
-                print STDERR "FIPS module directory $dir does not exist\n";
-                fipslib_error();
-                }
-        foreach (@_)
-                {
-                if (!-f "$dir${o}$_")
-                        {
-                        print STDERR "FIPS module file $_ does not exist!\n";
-                        $ret = 0;
-                        }
-                }
-        fipslib_error() if ($ret == 0);
-        }
diff --git a/src/lib/libssl/src/util/mkdef.pl b/src/lib/libssl/src/util/mkdef.pl
index 5ae9ebb619..a4a17e3ae9 100644
--- a/src/lib/libssl/src/util/mkdef.pl
+++ b/src/lib/libssl/src/util/mkdef.pl
@@ -69,7 +69,7 @@ my $do_ctestall = 0;
 my $do_checkexist = 0;
 my $VMSVAX=0;
-my $VMSAlpha=0;
+my $VMSNonVAX=0;
 my $VMS=0;
 my $W32=0;
 my $W16=0;
@@ -79,12 +79,13 @@ my $OS2=0;
 my $safe_stack_def = 0;
 my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
-                        "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS"); 
+                        "EXPORT_VAR_AS_FUNCTION", "ZLIB" );
 my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
 my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
                         "SHA256", "SHA512", "RIPEMD",
-                         "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES", "CAMELLIA", "SEED",
+                         "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA",
+                         "HMAC", "AES", "CAMELLIA", "SEED", "GOST",
                         # Envelope "algorithms"
                         "EVP", "X509", "ASN1_TYPEDEFS",
                         # Helper "algorithms"
@@ -94,14 +95,16 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
                         # Engines
                         "STATIC_ENGINE", "ENGINE", "HW", "GMP",
-                         # RFC3779 support 
+                         # RFC3779
                         "RFC3779",
-                         # TLS extension support
+                         # TLS
-                         "TLSEXT",
+                         "TLSEXT", "PSK",
                         # CMS
                         "CMS",
                         # CryptoAPI Engine
                         "CAPIENG",
+                         # SSL v2
+                         "SSL2",
                         # JPAKE
                         "JPAKE",
                         # Deprecated functions
@@ -118,14 +121,15 @@ close(IN);
 # defined with ifndef(NO_XXX) are not included in the .def file, and everything
 # in directory xxx is ignored.
 my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
-my $no_cast;
+my $no_cast; my $no_whirlpool; my $no_camellia; my $no_seed;
 my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
 my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
-my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia;
+my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
-my $no_seed;
+my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated;
+my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
-my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake;
+my $no_jpake; my $no_ssl2;
-my $fips;
+my $zlib;
 foreach (@ARGV, split(/ /, $options))
@@ -141,17 +145,15 @@ foreach (@ARGV, split(/ /, $options))
                $VMS=1;
                $VMSVAX=1;
        }
-        if ($_ eq "VMS-Alpha") {
+        if ($_ eq "VMS-NonVAX") {
                $VMS=1;
-                $VMSAlpha=1;
+                $VMSNonVAX=1;
        }
        $VMS=1 if $_ eq "VMS";
        $OS2=1 if $_ eq "OS2";
-        $fips=1 if /^fips/;
+        if ($_ eq "zlib" || $_ eq "enable-zlib" || $_ eq "zlib-dynamic"
+                         || $_ eq "enable-zlib-dynamic") {
-        if ($_ eq "zlib" || $_ eq "zlib-dynamic"
+                $zlib = 1;
-                         || $_ eq "enable-zlib-dynamic") {
-                $zlib = 1;
        }
        $do_ssl=1 if $_ eq "ssleay";
@@ -180,6 +182,7 @@ foreach (@ARGV, split(/ /, $options))
        elsif (/^no-des$/)      { $no_des=1; $no_mdc2=1; }
        elsif (/^no-bf$/)       { $no_bf=1; }
        elsif (/^no-cast$/)     { $no_cast=1; }
+        elsif (/^no-whirlpool$/)     { $no_whirlpool=1; }
        elsif (/^no-md2$/)      { $no_md2=1; }
        elsif (/^no-md4$/)      { $no_md4=1; }
        elsif (/^no-md5$/)      { $no_md5=1; }
@@ -212,6 +215,7 @@ foreach (@ARGV, split(/ /, $options))
        elsif (/^no-rfc3779$/)  { $no_rfc3779=1; }
        elsif (/^no-tlsext$/)   { $no_tlsext=1; }
        elsif (/^no-cms$/)      { $no_cms=1; }
+        elsif (/^no-ssl2$/)     { $no_ssl2=1; }
        elsif (/^no-capieng$/)  { $no_capieng=1; }
        elsif (/^no-jpake$/)    { $no_jpake=1; }
        }
@@ -260,6 +264,7 @@ $crypto.=" crypto/rc5/rc5.h" ; # unless $no_rc5;
 $crypto.=" crypto/rc2/rc2.h" ; # unless $no_rc2;
 $crypto.=" crypto/bf/blowfish.h" ; # unless $no_bf;
 $crypto.=" crypto/cast/cast.h" ; # unless $no_cast;
+$crypto.=" crypto/whrlpool/whrlpool.h" ;
 $crypto.=" crypto/md2/md2.h" ; # unless $no_md2;
 $crypto.=" crypto/md4/md4.h" ; # unless $no_md4;
 $crypto.=" crypto/md5/md5.h" ; # unless $no_md5;
@@ -301,17 +306,16 @@ $crypto.=" crypto/pkcs12/pkcs12.h";
 $crypto.=" crypto/x509/x509.h";
 $crypto.=" crypto/x509/x509_vfy.h";
 $crypto.=" crypto/x509v3/x509v3.h";
+$crypto.=" crypto/ts/ts.h";
 $crypto.=" crypto/rand/rand.h";
 $crypto.=" crypto/comp/comp.h" ; # unless $no_comp;
 $crypto.=" crypto/ocsp/ocsp.h";
 $crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
 $crypto.=" crypto/krb5/krb5_asn.h";
-$crypto.=" crypto/tmdiff.h";
+#$crypto.=" crypto/store/store.h";
-$crypto.=" crypto/store/store.h";
 $crypto.=" crypto/pqueue/pqueue.h";
 $crypto.=" crypto/cms/cms.h";
 $crypto.=" crypto/jpake/jpake.h";
-$crypto.=" fips/fips.h fips/rand/fips_rand.h";
 my $symhacks="crypto/symhacks.h";
@@ -885,6 +889,7 @@ sub do_defs
                        s/\{\}/\(\)/gs;
                        s/STACK_OF\(\)/void/gs;
+                        s/LHASH_OF\(\)/void/gs;
                        print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug;
                        if (/^\#INFO:([^:]*):(.*)$/) {
@@ -961,6 +966,25 @@ sub do_defs
        $platform{"PEM_write_NS_CERT_SEQ"} = "VMS";
        $platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS";
        $platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS";
+        $platform{"EVP_sha384"} = "!VMSVAX";
+        $platform{"EVP_sha512"} = "!VMSVAX";
+        $platform{"SHA384_Init"} = "!VMSVAX";
+        $platform{"SHA384_Transform"} = "!VMSVAX";
+        $platform{"SHA384_Update"} = "!VMSVAX";
+        $platform{"SHA384_Final"} = "!VMSVAX";
+        $platform{"SHA384"} = "!VMSVAX";
+        $platform{"SHA512_Init"} = "!VMSVAX";
+        $platform{"SHA512_Transform"} = "!VMSVAX";
+        $platform{"SHA512_Update"} = "!VMSVAX";
+        $platform{"SHA512_Final"} = "!VMSVAX";
+        $platform{"SHA512"} = "!VMSVAX";
+        $platform{"WHIRLPOOL_Init"} = "!VMSVAX";
+        $platform{"WHIRLPOOL"} = "!VMSVAX";
+        $platform{"WHIRLPOOL_BitUpdate"} = "!VMSVAX";
+        $platform{"EVP_whirlpool"} = "!VMSVAX";
+        $platform{"WHIRLPOOL_Final"} = "!VMSVAX";
+        $platform{"WHIRLPOOL_Update"} = "!VMSVAX";
        # Info we know about
@@ -1085,6 +1109,8 @@ sub is_valid
                if ($platforms) {
                        # platforms
+                        if ($keyword eq "VMSVAX" && $VMSVAX) { return 1; }
+                        if ($keyword eq "VMSNonVAX" && $VMSNonVAX) { return 1; }
                        if ($keyword eq "VMS" && $VMS) { return 1; }
                        if ($keyword eq "WIN32" && $W32) { return 1; }
                        if ($keyword eq "WIN16" && $W16) { return 1; }
@@ -1097,9 +1123,6 @@ sub is_valid
                        if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) {
                                return 1;
                        }
-                        if ($keyword eq "OPENSSL_FIPS" && $fips) {
-                                return 1;
-                        }
                        if ($keyword eq "ZLIB" && $zlib) { return 1; }
                        return 0;
                } else {
@@ -1117,6 +1140,7 @@ sub is_valid
                        if ($keyword eq "SHA" && $no_sha) { return 0; }
                        if ($keyword eq "RIPEMD" && $no_ripemd) { return 0; }
                        if ($keyword eq "MDC2" && $no_mdc2) { return 0; }
+                        if ($keyword eq "WHIRLPOOL" && $no_whirlpool) { return 0; }
                        if ($keyword eq "RSA" && $no_rsa) { return 0; }
                        if ($keyword eq "DSA" && $no_dsa) { return 0; }
                        if ($keyword eq "DH" && $no_dh) { return 0; }
@@ -1143,7 +1167,9 @@ sub is_valid
                        if ($keyword eq "GMP" && $no_gmp) { return 0; }
                        if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
                        if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
+                        if ($keyword eq "PSK" && $no_psk) { return 0; }
                        if ($keyword eq "CMS" && $no_cms) { return 0; }
+                        if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
                        if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
                        if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
                        if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
diff --git a/src/lib/libssl/src/util/mkerr.pl b/src/lib/libssl/src/util/mkerr.pl
index 554bebb159..15b774f277 100644
--- a/src/lib/libssl/src/util/mkerr.pl
+++ b/src/lib/libssl/src/util/mkerr.pl
@@ -1,6 +1,7 @@
 #!/usr/local/bin/perl -w
 my $config = "crypto/err/openssl.ec";
+my $hprefix = "openssl/";
 my $debug = 0;
 my $rebuild = 0;
 my $static = 1;
@@ -12,11 +13,16 @@ my $staticloader = "";
 my $pack_errcode;
 my $load_errcode;
+my $errcount;
 while (@ARGV) {
        my $arg = $ARGV[0];
        if($arg eq "-conf") {
                shift @ARGV;
                $config = shift @ARGV;
+        } elsif($arg eq "-hprefix") {
+                shift @ARGV;
+                $hprefix = shift @ARGV;
        } elsif($arg eq "-debug") {
                $debug = 1;
                shift @ARGV;
@@ -38,14 +44,78 @@ while (@ARGV) {
        } elsif($arg eq "-write") {
                $dowrite = 1;
                shift @ARGV;
+        } elsif($arg eq "-help" || $arg eq "-h" || $arg eq "-?" || $arg eq "--help") {
+                print STDERR <<"EOF";
+mkerr.pl [options] ...
+Options:
+  -conf F       Use the config file F instead of the default one:
+                  crypto/err/openssl.ec
+  -hprefix P    Prepend the filenames in generated #include <header>
+                statements with prefix P. Default: 'openssl/' (without
+                the quotes, naturally)
+  -debug        Turn on debugging verbose output on stderr.
+  -rebuild      Rebuild all header and C source files, irrespective of the
+                fact if any error or function codes have been added/removed.
+                Default: only update files for libraries which saw change
+                         (of course, this requires '-write' as well, or no
+                          files will be touched!)
+  -recurse      scan a preconfigured set of directories / files for error and
+                function codes:
+                  (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <apps/*.c>)
+                When this option is NOT specified, the filelist is taken from
+                the commandline instead. Here, wildcards may be embedded. (Be
+                sure to escape those to prevent the shell from expanding them
+                for you when you wish mkerr.pl to do so instead.)
+                Default: take file list to scan from the command line.
+  -reindex      Discard the numeric values previously assigned to the error
+                and function codes as extracted from the scanned header files;
+                instead renumber all of them starting from 100. (Note that
+                the numbers assigned through 'R' records in the config file
+                remain intact.)
+                Default: keep previously assigned numbers. (You are warned
+                         when collisions are detected.)
+  -nostatic     Generates a different source code, where these additional 
+                functions are generated for each library specified in the
+                config file:
+                  void ERR_load_<LIB>_strings(void);
+                  void ERR_unload_<LIB>_strings(void);
+                  void ERR_<LIB>_error(int f, int r, char *fn, int ln);
+                  #define <LIB>err(f,r) ERR_<LIB>_error(f,r,__FILE__,__LINE__)
+                while the code facilitates the use of these in an environment
+                where the error support routines are dynamically loaded at 
+                runtime.
+                Default: 'static' code generation.
+  -staticloader Prefix generated functions with the 'static' scope modifier.
+                Default: don't write any scope modifier prefix.
+  -write        Actually (over)write the generated code to the header and C 
+                source files as assigned to each library through the config 
+                file.
+                Default: don't write.
+  -help / -h / -? / --help            Show this help text.
+  ...           Additional arguments are added to the file list to scan,
+                assuming '-recurse' was NOT specified on the command line.
+EOF
+                exit 1;
        } else {
                last;
        }
 }
 if($recurse) {
-        @source = ( <crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>,
+        @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>);
-                        <fips/*.c>, <fips/*/*.c>);
 } else {
        @source = @ARGV;
 }
@@ -64,8 +134,8 @@ while(<IN>)
                $cskip{$3} = $1;
                if($3 ne "NONE") {
                        $csrc{$1} = $3;
-                        $fmax{$1} = 99;
+                        $fmax{$1} = 100;
-                        $rmax{$1} = 99;
+                        $rmax{$1} = 100;
                        $fassigned{$1} = ":";
                        $rassigned{$1} = ":";
                        $fnew{$1} = 0;
@@ -191,7 +261,8 @@ while (($hdr, $lib) = each %libinc)
                        if($1 eq "R") {
                                $rcodes{$name} = $code;
                                if ($rassigned{$lib} =~ /:$code:/) {
-                                        print STDERR "!! ERROR: $lib reason code $code assigned twice\n";
+                                        print STDERR "!! ERROR: $lib reason code $code assigned twice (collision at $name)\n";
+                                        ++$errcount;
                                }
                                $rassigned{$lib} .= "$code:";
                                if(!(exists $rextra{$name}) &&
@@ -200,7 +271,8 @@ while (($hdr, $lib) = each %libinc)
                                }
                        } else {
                                if ($fassigned{$lib} =~ /:$code:/) {
-                                        print STDERR "!! ERROR: $lib function code $code assigned twice\n";
+                                        print STDERR "!! ERROR: $lib function code $code assigned twice (collision at $name)\n";
+                                        ++$errcount;
                                }
                                $fassigned{$lib} .= "$code:";
                                if($code > $fmax{$lib}) {
@@ -231,6 +303,7 @@ while (($hdr, $lib) = each %libinc)
                if ($rmax{$lib} >= 1000) {
                        print STDERR "!! ERROR: SSL error codes 1000+ are reserved for alerts.\n";
                        print STDERR "!!        Any new alerts must be added to $config.\n";
+                        ++$errcount;
                        print STDERR "\n";
                }
        }
@@ -255,6 +328,9 @@ foreach $file (@source) {
        print STDERR "File loaded: ".$file."\r" if $debug;
        open(IN, "<$file") || die "Can't open source file $file\n";
        while(<IN>) {
+                # skip obsoleted source files entirely!
+                last if(/^#error\s+obsolete/);
                if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) {
                        next unless exists $csrc{$2};
                        next if($1 eq "BIO_F_BUFFER_CTX");
@@ -264,6 +340,7 @@ foreach $file (@source) {
                                $fnew{$2}++;
                        }
                        $notrans{$1} = 1 unless exists $ftrans{$3};
+                        print STDERR "Function: $1\t= $fcodes{$1} (lib: $2, name: $3)\n" if $debug; 
                }
                if(/(([A-Z0-9]+)_R_[A-Z0-9_]+)/) {
                        next unless exists $csrc{$2};
@@ -272,6 +349,7 @@ foreach $file (@source) {
                                $rcodes{$1} = "X";
                                $rnew{$2}++;
                        }
+                        print STDERR "Reason: $1\t= $rcodes{$1} (lib: $2)\n" if $debug; 
                } 
        }
        close IN;
@@ -313,7 +391,7 @@ foreach $lib (keys %csrc)
        } else {
            push @out,
 "/* ====================================================================\n",
-" * Copyright (c) 2001-2008 The OpenSSL Project.  All rights reserved.\n",
+" * Copyright (c) 2001-2010 The OpenSSL Project.  All rights reserved.\n",
 " *\n",
 " * Redistribution and use in source and binary forms, with or without\n",
 " * modification, are permitted provided that the following conditions\n",
@@ -369,6 +447,10 @@ foreach $lib (keys %csrc)
 "#ifndef HEADER_${lib}_ERR_H\n",
 "#define HEADER_${lib}_ERR_H\n",
 "\n",
+"#ifdef  __cplusplus\n",
+"extern \"C\" {\n",
+"#endif\n",
+"\n",
 "/* BEGIN ERROR CODES */\n";
        }
        open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n";
@@ -455,14 +537,21 @@ EOF
                        if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) {
                                $err_reason_strings{$1} = $2;
                        }
+                        if (/\b${lib}_F_(\w*)\b.*\"(.*)\"/) {
+                                if (!exists $ftrans{$1} && ($1 ne $2)) {
+                                        print STDERR "WARNING: Mismatched function string $2\n";
+                                        $ftrans{$1} = $2;
+                                }
+                        }
                }
                close(IN);
        }
        my $hincf;
        if($static) {
                $hfile =~ /([^\/]+)$/;
-                $hincf = "<openssl/$1>";
+                $hincf = "<${hprefix}$1>";
        } else {
                $hincf = "\"$hfile\"";
        }
@@ -487,7 +576,7 @@ EOF
        print OUT <<"EOF";
 /* $cfile */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -713,3 +802,9 @@ if($debug && defined(@runref) ) {
                print STDERR "$_\n";
        }
 }
+if($errcount) {
+        print STDERR "There were errors, failing...\n\n";
+        exit $errcount;
+}
diff --git a/src/lib/libssl/src/util/mkfiles.pl b/src/lib/libssl/src/util/mkfiles.pl
index 67fb8694c8..6d15831450 100644
--- a/src/lib/libssl/src/util/mkfiles.pl
+++ b/src/lib/libssl/src/util/mkfiles.pl
@@ -26,6 +26,7 @@ my @dirs = (
 "crypto/aes",
 "crypto/camellia",
 "crypto/seed",
+"crypto/modes",
 "crypto/bn",
 "crypto/rsa",
 "crypto/dsa",
@@ -46,6 +47,7 @@ my @dirs = (
 "crypto/pem",
 "crypto/x509",
 "crypto/x509v3",
+"crypto/cms",
 "crypto/conf",
 "crypto/jpake",
 "crypto/txt_db",
@@ -56,25 +58,20 @@ my @dirs = (
 "crypto/ocsp",
 "crypto/ui",
 "crypto/krb5",
-"crypto/store",
+#"crypto/store",
 "crypto/pqueue",
-"crypto/cms",
+"crypto/whrlpool",
-"fips",
+"crypto/ts",
-"fips/aes",
-"fips/des",
-"fips/dsa",
-"fips/dh",
-"fips/hmac",
-"fips/rand",
-"fips/rsa",
-"fips/sha",
 "ssl",
 "apps",
 "engines",
+"engines/ccgost",
 "test",
 "tools"
 );
+%top;
 foreach (@dirs) {
        &files_dir ($_, "Makefile");
 }
@@ -118,8 +115,8 @@ while (<IN>)
                $o =~ s/\s+$//;
                $o =~ s/\s+/ /g;
-                $o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g;
+                $o =~ s/\$[({]([^)}]+)[)}]/$top{$1} or $sym{$1}/ge;
-                $sym{$s}=$o;
+                $sym{$s}=($top{$s} or $o);
                }
        }
@@ -129,6 +126,15 @@ foreach (sort keys %sym)
        {
        print "$_=$sym{$_}\n";
        }
+if ($dir eq "." && defined($sym{"BUILDENV"}))
+        {
+        foreach (split(' ',$sym{"BUILDENV"}))
+                {
+                /^(.+)=/;
+                $top{$1}=$sym{$1};
+                }
+        }
 print "RELATIVE_DIRECTORY=\n";
 close (IN);
diff --git a/src/lib/libssl/src/util/mklink.pl b/src/lib/libssl/src/util/mklink.pl
index eacc327882..61db12c68f 100644
--- a/src/lib/libssl/src/util/mklink.pl
+++ b/src/lib/libssl/src/util/mklink.pl
@@ -15,21 +15,13 @@
 # Apart from this, this script should be able to handle even the most
 # pathological cases.
-my $pwd;
+use Cwd;
-eval 'use Cwd;';
-if ($@)
-        {
-        $pwd = `pwd`;
-        }
-else
-        {
-        $pwd = getcwd();
-        }
 my $from = shift;
 my @files = @ARGV;
 my @from_path = split(/[\\\/]/, $from);
+my $pwd = getcwd();
 chomp($pwd);
 my @pwd_path = split(/[\\\/]/, $pwd);
@@ -59,6 +51,7 @@ my $to = join('/', @to_path);
 my $file;
 $symlink_exists=eval {symlink("",""); 1};
+if ($^O eq "msys") { $symlink_exists=0 };
 foreach $file (@files) {
    my $err = "";
    if ($symlink_exists) {
diff --git a/src/lib/libssl/src/util/mkstack.pl b/src/lib/libssl/src/util/mkstack.pl
index 2a968f395f..6a43757c95 100644
--- a/src/lib/libssl/src/util/mkstack.pl
+++ b/src/lib/libssl/src/util/mkstack.pl
@@ -21,7 +21,7 @@ while (@ARGV) {
 }
-@source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <ssl/*.[ch]>);
+@source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <ssl/*.[ch]>, <apps/*.[ch]>);
 foreach $file (@source) {
        next if -l $file;
@@ -31,11 +31,19 @@ foreach $file (@source) {
        while(<IN>) {
                if (/^DECLARE_STACK_OF\(([^)]+)\)/) {
                        push @stacklst, $1;
-                } if (/^DECLARE_ASN1_SET_OF\(([^)]+)\)/) {
+                }
+                if (/^DECLARE_SPECIAL_STACK_OF\(([^,\s]+)\s*,\s*([^>\s]+)\)/) {
+                        push @sstacklst, [$1, $2];
+                }
+                if (/^DECLARE_ASN1_SET_OF\(([^)]+)\)/) {
                        push @asn1setlst, $1;
-                } if (/^DECLARE_PKCS12_STACK_OF\(([^)]+)\)/) {
+                }
+                if (/^DECLARE_PKCS12_STACK_OF\(([^)]+)\)/) {
                        push @p12stklst, $1;
                }
+                if (/^DECLARE_LHASH_OF\(([^)]+)\)/) {
+                        push @lhashlst, $1;
+                }
        }
        close(IN);
 }
@@ -65,7 +73,7 @@ while(<IN>) {
        foreach $type_thing (sort @stacklst) {
                $new_stackfile .= <<EOF;
-#define sk_${type_thing}_new(st) SKM_sk_new($type_thing, (st))
+#define sk_${type_thing}_new(cmp) SKM_sk_new($type_thing, (cmp))
 #define sk_${type_thing}_new_null() SKM_sk_new_null($type_thing)
 #define sk_${type_thing}_free(st) SKM_sk_free($type_thing, (st))
 #define sk_${type_thing}_num(st) SKM_sk_num($type_thing, (st))
@@ -88,6 +96,39 @@ while(<IN>) {
 #define sk_${type_thing}_is_sorted(st) SKM_sk_is_sorted($type_thing, (st))
 EOF
        }
+        foreach $type_thing (sort @sstacklst) {
+            my $t1 = $type_thing->[0];
+            my $t2 = $type_thing->[1];
+            $new_stackfile .= <<EOF;
+#define sk_${t1}_new(cmp) ((STACK_OF($t1) *)sk_new(CHECKED_SK_CMP_FUNC($t2, cmp)))
+#define sk_${t1}_new_null() ((STACK_OF($t1) *)sk_new_null())
+#define sk_${t1}_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val))
+#define sk_${t1}_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val))
+#define sk_${t1}_value(st, i) (($t1)sk_value(CHECKED_PTR_OF(STACK_OF($t1), st), i))
+#define sk_${t1}_num(st) SKM_sk_num($t1, st)
+#define sk_${t1}_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_SK_FREE_FUNC2($t1, free_func))
+#define sk_${t1}_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val), i)
+#define sk_${t1}_free(st) SKM_sk_free(${t1}, st)
+#define sk_${t1}_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), i, CHECKED_PTR_OF($t2, val))
+#define sk_${t1}_zero(st) SKM_sk_zero($t1, (st))
+#define sk_${t1}_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val))
+#define sk_${t1}_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF($t1), st), CHECKED_CONST_PTR_OF($t2, val))
+#define sk_${t1}_delete(st, i) SKM_sk_delete($t1, (st), (i))
+#define sk_${t1}_delete_ptr(st, ptr) ($t1 *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, ptr))
+#define sk_${t1}_set_cmp_func(st, cmp)  \\
+        ((int (*)(const $t2 * const *,const $t2 * const *)) \\
+        sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_SK_CMP_FUNC($t2, cmp)))
+#define sk_${t1}_dup(st) SKM_sk_dup($t1, st)
+#define sk_${t1}_shift(st) SKM_sk_shift($t1, (st))
+#define sk_${t1}_pop(st) ($t2 *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st))
+#define sk_${t1}_sort(st) SKM_sk_sort($t1, (st))
+#define sk_${t1}_is_sorted(st) SKM_sk_is_sorted($t1, (st))
+EOF
+        }
        foreach $type_thing (sort @asn1setlst) {
                $new_stackfile .= <<EOF;
@@ -108,6 +149,31 @@ EOF
        SKM_PKCS12_decrypt_d2i($type_thing, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
 EOF
        }
+        foreach $type_thing (sort @lhashlst) {
+                my $lc_tt = lc $type_thing;
+                $new_stackfile .= <<EOF;
+#define lh_${type_thing}_new() LHM_lh_new(${type_thing},${lc_tt})
+#define lh_${type_thing}_insert(lh,inst) LHM_lh_insert(${type_thing},lh,inst)
+#define lh_${type_thing}_retrieve(lh,inst) LHM_lh_retrieve(${type_thing},lh,inst)
+#define lh_${type_thing}_delete(lh,inst) LHM_lh_delete(${type_thing},lh,inst)
+#define lh_${type_thing}_doall(lh,fn) LHM_lh_doall(${type_thing},lh,fn)
+#define lh_${type_thing}_doall_arg(lh,fn,arg_type,arg) \\
+  LHM_lh_doall_arg(${type_thing},lh,fn,arg_type,arg)
+#define lh_${type_thing}_error(lh) LHM_lh_error(${type_thing},lh)
+#define lh_${type_thing}_num_items(lh) LHM_lh_num_items(${type_thing},lh)
+#define lh_${type_thing}_down_load(lh) LHM_lh_down_load(${type_thing},lh)
+#define lh_${type_thing}_node_stats_bio(lh,out) \\
+  LHM_lh_node_stats_bio(${type_thing},lh,out)
+#define lh_${type_thing}_node_usage_stats_bio(lh,out) \\
+  LHM_lh_node_usage_stats_bio(${type_thing},lh,out)
+#define lh_${type_thing}_stats_bio(lh,out) \\
+  LHM_lh_stats_bio(${type_thing},lh,out)
+#define lh_${type_thing}_free(lh) LHM_lh_free(${type_thing},lh)
+EOF
+        }
        $new_stackfile .= "/* End of util/mkstack.pl block, you may now edit :-) */\n";
        $inside_block = 2;
 }
diff --git a/src/lib/libssl/src/util/pl/BC-32.pl b/src/lib/libssl/src/util/pl/BC-32.pl
index 99b8c058d2..1f1e13fb40 100644
--- a/src/lib/libssl/src/util/pl/BC-32.pl
+++ b/src/lib/libssl/src/util/pl/BC-32.pl
@@ -117,7 +117,7 @@ ___
        else
                {
                local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
-                $ex.=' wsock32.lib gdi32.lib';
+                $ex.=' ws2_32.lib gdi32.lib';
                $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
                }
        $ret.="\n";
diff --git a/src/lib/libssl/src/util/pl/Mingw32.pl b/src/lib/libssl/src/util/pl/Mingw32.pl
index 8f0483fb93..fe3fb27a78 100644
--- a/src/lib/libssl/src/util/pl/Mingw32.pl
+++ b/src/lib/libssl/src/util/pl/Mingw32.pl
@@ -19,7 +19,7 @@ $cc='gcc';
 if ($debug)
        { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; }
 else
-        { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -march=i486 -Wall"; }
+        { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -mcpu=i486 -Wall"; }
 if ($gaswin and !$no_asm)
        {
@@ -43,8 +43,6 @@ if ($gaswin and !$no_asm)
        $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s';
        $sha1_asm_obj='$(OBJ_D)\s1-win32.o';
        $sha1_asm_src='crypto/sha/asm/s1-win32.s';
-        $cpuid_asm_obj='$(OBJ_D)\cpu-win32.o';
-        $cpuid_asm_src='crypto/cpu-win32.s';
        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
        }
@@ -57,7 +55,7 @@ $link='${CC}';
 $lflags='${CFLAGS}';
 $efile='-o ';
 $exep='';
-$ex_libs="-lwsock32 -lgdi32";
+$ex_libs="-lws2_32 -lgdi32";
 # static library stuff
 $mklib='ar r';
diff --git a/src/lib/libssl/src/util/pl/VC-32.pl b/src/lib/libssl/src/util/pl/VC-32.pl
index 85121c8ed1..c3e29fda96 100644
--- a/src/lib/libssl/src/util/pl/VC-32.pl
+++ b/src/lib/libssl/src/util/pl/VC-32.pl
@@ -4,21 +4,7 @@
 #
 $ssl=   "ssleay32";
+$crypto="libeay32";
-if ($fips && !$shlib)
-        {
-        $crypto="libeayfips32";
-        $crypto_compat = "libeaycompat32.lib";
-        }
-else
-        {
-        $crypto="libeay32";
-        }
-if ($fipscanisterbuild)
-        {
-        $fips_canister_path = "\$(LIB_D)\\fipscanister.lib";
-        }
 $o='\\';
 $cp='$(PERL) util/copy.pl';
@@ -27,6 +13,10 @@ $rm='del /Q';
 $zlib_lib="zlib1.lib";
+# Santize -L options for ms link
+$l_flags =~ s/-L("\[^"]+")/\/libpath:$1/g;
+$l_flags =~ s/-L(\S+)/\/libpath:$1/g;
 # C compiler stuff
 $cc='cl';
 if ($FLAVOR =~ /WIN64/)
@@ -42,14 +32,28 @@ if ($FLAVOR =~ /WIN64/)
    # per 0.9.8 release remaining warnings were explicitly examined and
    # considered safe to ignore.
    # 
-    $base_cflags=' /W3 /Gs0 /GF /Gy /nologo -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DOPENSSL_SYSNAME_WIN32 -DOPENSSL_SYSNAME_WINNT -DUNICODE -D_UNICODE';
+    $base_cflags= " $mf_cflag";
-    $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE';        # shut up VC8
-    $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE';       # shut up VC8
    my $f = $shlib?' /MD':' /MT';
    $lib_cflag='/Zl' if (!$shlib);      # remove /DEFAULTLIBs from static lib
    $opt_cflags=$f.' /Ox';
    $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
    $lflags="/nologo /subsystem:console /opt:ref";
+    *::perlasm_compile_target = sub {
+        my ($target,$source,$bname)=@_;
+        my $ret;
+        $bname =~ s/(.*)\.[^\.]$/$1/;
+        $ret=<<___;
+\$(TMP_D)$o$bname.asm: $source
+        set ASM=\$(ASM)
+        \$(PERL) $source \$\@
+$target: \$(TMP_D)$o$bname.asm
+        \$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm
+___
+        }
    }
 elsif ($FLAVOR =~ /CE/)
    {
@@ -99,18 +103,18 @@ elsif ($FLAVOR =~ /CE/)
    }
    $cc='$(CC)';
-    $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include -DOPENSSL_SMALL_FOOTPRINT';
+    $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -DOPENSSL_SMALL_FOOTPRINT';
    $base_cflags.=" $wcecdefs";
+    $base_cflags.=' -I$(WCECOMPAT)/include'             if (defined($ENV{'WCECOMPAT'}));
+    $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include' if (defined($ENV{'PORTSDK_LIBPATH'}));
    $opt_cflags=' /MC /O1i';    # optimize for space, but with intrinsics...
    $dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG';
    $lflags="/nologo /opt:ref $wcelflag";
    }
 else    # Win32
    {
-    $base_cflags=' /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+    $base_cflags= " $mf_cflag";
-    $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE';        # shut up VC8
+    my $f = $shlib?' /MD':' /MT';
-    $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE';       # shut up VC8
-    my $f = $shlib || $fips ?' /MD':' /MT';
    $lib_cflag='/Zl' if (!$shlib);      # remove /DEFAULTLIBs from static lib
    $opt_cflags=$f.' /Ox /O2 /Ob2';
    $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
@@ -118,22 +122,28 @@ else	# Win32
    }
 $mlflags='';
-$out_def="out32"; $out_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/);
+$out_def ="out32";      $out_def.="dll"                 if ($shlib);
-$tmp_def="tmp32"; $tmp_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/);
+                        $out_def.='_$(TARGETCPU)'       if ($FLAVOR =~ /CE/);
+$tmp_def ="tmp32";      $tmp_def.="dll"                 if ($shlib);
+                        $tmp_def.='_$(TARGETCPU)'       if ($FLAVOR =~ /CE/);
 $inc_def="inc32";
 if ($debug)
        {
        $cflags=$dbg_cflags.$base_cflags;
-        $lflags.=" /debug";
-        $mlflags.=' /debug';
        }
 else
        {
        $cflags=$opt_cflags.$base_cflags;
        }
+# generate symbols.pdb unconditionally
+$app_cflag.=" /Zi /Fd$tmp_def/app";
+$lib_cflag.=" /Zi /Fd$tmp_def/lib";
+$lflags.=" /debug";
 $obj='.obj';
+$asm_suffix='.asm';
 $ofile="/Fo";
 # EXE linking stuff
@@ -143,26 +153,23 @@ $efile="/out:";
 $exep='.exe';
 if ($no_sock)           { $ex_libs=''; }
 elsif ($FLAVOR =~ /CE/) { $ex_libs='winsock.lib'; }
-else                    { $ex_libs='wsock32.lib'; }
+else                    { $ex_libs='ws2_32.lib'; }
 if ($FLAVOR =~ /CE/)
        {
-        $ex_libs.=' $(WCECOMPAT)/lib/wcecompatex.lib';
+        $ex_libs.=' $(WCECOMPAT)/lib/wcecompatex.lib'   if (defined($ENV{'WCECOMPAT'}));
+        $ex_libs.=' $(PORTSDK_LIBPATH)/portlib.lib'     if (defined($ENV{'PORTSDK_LIBPATH'}));
        $ex_libs.=' /nodefaultlib:oldnames.lib coredll.lib corelibc.lib' if ($ENV{'TARGETCPU'} eq "X86");
        }
 else
        {
-        $ex_libs.=' gdi32.lib crypt32.lib advapi32.lib user32.lib';
+        $ex_libs.=' gdi32.lib advapi32.lib crypt32.lib user32.lib';
-        $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);
+        $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/ and `cl 2>&1` =~ /14\.00\.4[0-9]{4}\./);
+        # WIN32 UNICODE build gets linked with unicows.lib for
+        # backward compatibility with Win9x.
+        $ex_libs="unicows.lib $ex_libs" if ($FLAVOR =~ /WIN32/ and $cflags =~ /\-DUNICODE/);
        }
-# As native NT API is pure UNICODE, our WIN-NT build defaults to UNICODE,
-# but gets linked with unicows.lib to ensure backward compatibility.
-if ($FLAVOR =~ /NT/)
-        {
-        $cflags.=" -DOPENSSL_SYSNAME_WINNT -DUNICODE -D_UNICODE";
-        $ex_libs="unicows.lib $ex_libs";
-        }
 # static library stuff
 $mklib='lib /nologo';
 $ranlib='';
@@ -173,23 +180,30 @@ $lfile='/out:';
 $shlib_ex_obj="";
 $app_ex_obj="setargv.obj" if ($FLAVOR !~ /CE/);
-if ($nasm) {
+if ($FLAVOR =~ /WIN64A/) {
+        if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) {
+                $asm='nasm -f win64 -DNEAR -Ox -g';
+                $afile='-o ';
+        } else {
+                $asm='ml64 /c /Cp /Cx /Zi';
+                $afile='/Fo';
+        }
+} elsif ($FLAVOR =~ /WIN64I/) {
+        $asm='ias -d debug';
+        $afile="-o ";
+} elsif ($nasm) {
        my $ver=`nasm -v 2>NUL`;
        my $vew=`nasmw -v 2>NUL`;
        # pick newest version
        $asm=($ver gt $vew?"nasm":"nasmw")." -f win32";
+        $asmtype="win32n";
        $afile='-o ';
-} elsif ($ml64) {
-        $asm='ml64 /c /Cp /Cx';
-        $asm.=' /Zi' if $debug;
-        $afile='/Fo';
 } else {
-        $asm='ml /nologo /Cp /coff /c /Cx';
+        $asm='ml /nologo /Cp /coff /c /Cx /Zi';
-        $asm.=" /Zi" if $debug;
        $afile='/Fo';
+        $asmtype="win32";
 }
-$aes_asm_obj='';
 $bn_asm_obj='';
 $bn_asm_src='';
 $des_enc_obj='';
@@ -198,56 +212,26 @@ $bf_enc_obj='';
 $bf_enc_src='';
 if (!$no_asm)
-    {
-    if ($FLAVOR =~ "WIN32")
-        {
-        $aes_asm_obj='crypto\aes\asm\a_win32.obj';
-        $aes_asm_src='crypto\aes\asm\a_win32.asm';
-        $bn_asm_obj='crypto\bn\asm\bn_win32.obj crypto\bn\asm\mt_win32.obj';
-        $bn_asm_src='crypto\bn\asm\bn_win32.asm crypto\bn\asm\mt_win32.asm';
-        $bnco_asm_obj='crypto\bn\asm\co_win32.obj';
-        $bnco_asm_src='crypto\bn\asm\co_win32.asm';
-        $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
-        $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
-        $bf_enc_obj='crypto\bf\asm\b_win32.obj';
-        $bf_enc_src='crypto\bf\asm\b_win32.asm';
-        $cast_enc_obj='crypto\cast\asm\c_win32.obj';
-        $cast_enc_src='crypto\cast\asm\c_win32.asm';
-        $rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
-        $rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
-        $rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
-        $rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
-        $md5_asm_obj='crypto\md5\asm\m5_win32.obj';
-        $md5_asm_src='crypto\md5\asm\m5_win32.asm';
-        $sha1_asm_obj='crypto\sha\asm\s1_win32.obj crypto\sha\asm\sha512-sse2.obj';
-        $sha1_asm_src='crypto\sha\asm\s1_win32.asm crypto\sha\asm\sha512-sse2.asm';
-        $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
-        $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
-        $cpuid_asm_obj='crypto\cpu_win32.obj';
-        $cpuid_asm_src='crypto\cpu_win32.asm';
-        $cflags.=" -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
-        }
-    elsif ($FLAVOR =~ "WIN64A")
        {
-        $aes_asm_obj='$(OBJ_D)\aes-x86_64.obj';
+        win32_import_asm($mf_bn_asm, "bn", \$bn_asm_obj, \$bn_asm_src);
-        $aes_asm_src='crypto\aes\asm\aes-x86_64.asm';
+        win32_import_asm($mf_aes_asm, "aes", \$aes_asm_obj, \$aes_asm_src);
-        $bn_asm_obj='$(OBJ_D)\x86_64-mont.obj $(OBJ_D)\bn_asm.obj';
+        win32_import_asm($mf_des_asm, "des", \$des_enc_obj, \$des_enc_src);
-        $bn_asm_src='crypto\bn\asm\x86_64-mont.asm';
+        win32_import_asm($mf_bf_asm, "bf", \$bf_enc_obj, \$bf_enc_src);
-        $sha1_asm_obj='$(OBJ_D)\sha1-x86_64.obj $(OBJ_D)\sha256-x86_64.obj $(OBJ_D)\sha512-x86_64.obj';
+        win32_import_asm($mf_cast_asm, "cast", \$cast_enc_obj, \$cast_enc_src);
-        $sha1_asm_src='crypto\sha\asm\sha1-x86_64.asm crypto\sha\asm\sha256-x86_64.asm crypto\sha\asm\sha512-x86_64.asm';
+        win32_import_asm($mf_rc4_asm, "rc4", \$rc4_enc_obj, \$rc4_enc_src);
-        $cpuid_asm_obj='$(OBJ_D)\cpuid-x86_64.obj';
+        win32_import_asm($mf_rc5_asm, "rc5", \$rc5_enc_obj, \$rc5_enc_src);
-        $cpuid_asm_src='crypto\cpuid-x86_64.asm';
+        win32_import_asm($mf_md5_asm, "md5", \$md5_asm_obj, \$md5_asm_src);
-        $cflags.=" -DOPENSSL_CPUID_OBJ -DAES_ASM -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM";
+        win32_import_asm($mf_sha_asm, "sha", \$sha1_asm_obj, \$sha1_asm_src);
+        win32_import_asm($mf_rmd_asm, "ripemd", \$rmd160_asm_obj, \$rmd160_asm_src);
+        win32_import_asm($mf_wp_asm, "whrlpool", \$whirlpool_asm_obj, \$whirlpool_asm_src);
+        win32_import_asm($mf_cpuid_asm, "", \$cpuid_asm_obj, \$cpuid_asm_src);
+        $perl_asm = 1;
        }
-    }
 if ($shlib && $FLAVOR !~ /CE/)
        {
        $mlflags.=" $lflags /dll";
-#       $cflags =~ s| /MD| /MT|;
+        $lib_cflag.=" -D_WINDLL";
-        $lib_cflag=" -D_WINDLL";
-        $out_def="out32dll";
-        $tmp_def="tmp32dll";
        #
        # Engage Applink...
        #
@@ -267,8 +251,8 @@ $(INCO_D)\applink.c:	ms\applink.c
 EXHEADER= $(EXHEADER) $(INCO_D)\applink.c
 LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj
+CRYPTOOBJ=$(OBJ_D)\uplink.obj $(CRYPTOOBJ)
 ___
-$banner .= "CRYPTOOBJ=\$(OBJ_D)\\uplink.obj \$(CRYPTOOBJ)\n";
        $banner.=<<'___' if ($FLAVOR =~ /WIN64/);
 CRYPTOOBJ=ms\uptable.obj $(CRYPTOOBJ)
 ___
@@ -276,120 +260,35 @@ ___
 elsif ($shlib && $FLAVOR =~ /CE/)
        {
        $mlflags.=" $lflags /dll";
-        $lib_cflag=" -D_WINDLL -D_DLL";
+        $lflags.=' /entry:mainCRTstartup' if(defined($ENV{'PORTSDK_LIBPATH'}));
-        $out_def='out32dll_$(TARGETCPU)';
+        $lib_cflag.=" -D_WINDLL -D_DLL";
-        $tmp_def='tmp32dll_$(TARGETCPU)';
        }
-$cflags.=" /Fd$out_def";
 sub do_lib_rule
        {
-        my($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
+        local($objs,$target,$name,$shlib)=@_;
        local($ret);
        $taget =~ s/\//$o/g if $o ne '/';
-        my $base_arg;
+        if ($name ne "")
-        if ($base_addr ne "")
-                {
-                $base_arg= " /base:$base_addr";
-                }
-        else
-                {
-                $base_arg = "";
-                }
-        if ($target =~ /O_CRYPTO/ && $fipsdso)
-                {
-                $name = "/def:ms/libeayfips.def";
-                }
-        elsif ($name ne "")
                {
                $name =~ tr/a-z/A-Z/;
                $name = "/def:ms/${name}.def";
                }
 #       $target="\$(LIB_D)$o$target";
-#       $ret.="$target: $objs\n";
+        $ret.="$target: $objs\n";
        if (!$shlib)
                {
 #               $ret.="\t\$(RM) \$(O_$Name)\n";
-                $ex =' ';
+                $ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs\n<<\n";
-                $ret.="$target: $objs\n";
-                $ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs $ex\n<<\n";
                }
        else
                {
-                my $ex = "";            
+                local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)';
-                if ($target =~ /O_SSL/)
-                        {
-                        $ex .= " \$(L_CRYPTO)";
-                        #$ex .= " \$(L_FIPS)" if $fipsdso;
-                        }
-                my $fipstarget;
-                if ($fipsdso)
-                        {
-                        $fipstarget = "O_FIPS";
-                        }
-                else
-                        {
-                        $fipstarget = "O_CRYPTO";
-                        }
-                if ($name eq "")
-                        {
-                        $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);
-                        if ($target =~ /capi/)
-                                {
-                                $ex.=' crypt32.lib advapi32.lib';
-                                }
-                        }
-                elsif ($FLAVOR =~ /CE/)
-                        {
-                        $ex.=' winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib';
-                        }
-                else
-                        {
-                        $ex.=' unicows.lib' if ($FLAVOR =~ /NT/);
-                        $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
-                        $ex.=' crypt32.lib';
-                        $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);
-                        }
                $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
+                $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n  \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n";
-                if ($fips && $target =~ /$fipstarget/)
+                $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n";
-                        {
-                        $ex.= $mwex unless $fipscanisterbuild;
-                        $ret.="$target: $objs \$(PREMAIN_DSO_EXE)";
-                        if ($fipsdso)
-                                {
-                                $ex.=" \$(OBJ_D)\\\$(LIBFIPS).res";
-                                $ret.=" \$(OBJ_D)\\\$(LIBFIPS).res";
-                                $ret.=" ms/\$(LIBFIPS).def";
-                                }
-                        $ret.="\n\tSET FIPS_LINK=\$(LINK)\n";
-                        $ret.="\tSET FIPS_CC=\$(CC)\n";
-                        $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
-                        $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
-                        $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
-                        $ret.="\tSET FIPS_TARGET=$target\n";
-                        $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
-                        $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target ";
-                        $ret.="$name @<<\n  \$(SHLIB_EX_OBJ) $objs ";
-                        $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
-                        }
-                else
-                        {
-                        $ret.="$target: $objs";
-                        if ($target =~ /O_CRYPTO/ && $fipsdso)
-                                {
-                                $ret .= " \$(O_FIPS)";
-                                $ex .= " \$(L_FIPS)";
-                                }
-                        $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
-                        }
-        $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n";
                }
        $ret.="\n";
        return($ret);
@@ -397,64 +296,43 @@ sub do_lib_rule
 sub do_link_rule
        {
-        my($target,$files,$dep_libs,$libs,$standalone)=@_;
+        local($target,$files,$dep_libs,$libs)=@_;
        local($ret,$_);
+        
        $file =~ s/\//$o/g if $o ne '/';
        $n=&bname($targer);
        $ret.="$target: $files $dep_libs\n";
-        if ($standalone == 1)
+        $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
-                {
+        $ret.="  \$(APP_EX_OBJ) $files $libs\n<<\n";
-                $ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
+        $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n";
-                $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild);
+        return($ret);
-                $ret.="$files $libs\n<<\n";
+        }
-                }
-        elsif ($standalone == 2)
+sub win32_import_asm
+        {
+        my ($mf_var, $asm_name, $oref, $sref) = @_;
+        my $asm_dir;
+        if ($asm_name eq "")
                {
-                $ret.="\tSET FIPS_LINK=\$(LINK)\n";
+                $asm_dir = "crypto\\";
-                $ret.="\tSET FIPS_CC=\$(CC)\n";
-                $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
-                $ret.="\tSET PREMAIN_DSO_EXE=\n";
-                $ret.="\tSET FIPS_TARGET=$target\n";
-                $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
-                $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
-                $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n";
-                $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
                }
        else
                {
-                $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
+                $asm_dir = "crypto\\$asm_name\\asm\\";
-                $ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n";
                }
-        $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n";
-        return($ret);
-        }
-sub do_rlink_rule
+        $$oref = "";
-        {
+        $mf_var =~ s/\.o$/.obj/g;
-        local($target,$rl_start, $rl_mid, $rl_end,$dep_libs,$libs)=@_;
-        local($ret,$_);
-        my $files = "$rl_start $rl_mid $rl_end";
-        $file =~ s/\//$o/g if $o ne '/';
+        foreach (split(/ /, $mf_var))
-        $n=&bname($targer);
+                {
-        $ret.="$target: $files $dep_libs \$(FIPS_SHA1_EXE)\n";
+                $$oref .= $asm_dir . $_ . " ";
-        $ret.="\t\$(PERL) ms\\segrenam.pl \$\$a $rl_start\n";
+                }
-        $ret.="\t\$(PERL) ms\\segrenam.pl \$\$b $rl_mid\n";
+        $$oref =~ s/ $//;
-        $ret.="\t\$(PERL) ms\\segrenam.pl \$\$c $rl_end\n";
+        $$sref = $$oref;
-        $ret.="\t\$(MKLIB) $lfile$target @<<\n\t$files\n<<\n";
+        $$sref =~ s/\.obj/.asm/g;
-        $ret.="\t\$(FIPS_SHA1_EXE) $target > ${target}.sha1\n";
-        $ret.="\t\$(PERL) util${o}copy.pl -stripcr fips${o}fips_premain.c \$(LIB_D)${o}fips_premain.c\n";
-        $ret.="\t\$(CP) fips${o}fips_premain.c.sha1 \$(LIB_D)${o}fips_premain.c.sha1\n";
-        $ret.="\n";
-        return($ret);
-        }
-sub do_sdef_rule
-        {
-        my $ret = "ms/\$(LIBFIPS).def: \$(O_FIPSCANISTER)\n";
-        $ret.="\t\$(PERL) util/mksdef.pl \$(MLFLAGS) /out:dummy.dll /def:ms/libeay32.def @<<\n  \$(O_FIPSCANISTER)\n<<\n";
-        $ret.="\n";
-        return $ret;
        }
 1;
diff --git a/src/lib/libssl/src/util/pod2man.pl b/src/lib/libssl/src/util/pod2man.pl
index 546d1ec186..025d914f2e 100644
--- a/src/lib/libssl/src/util/pod2man.pl
+++ b/src/lib/libssl/src/util/pod2man.pl
@@ -425,7 +425,7 @@ if ($name ne 'something') {
            }
            next if /^=cut\b/;  # DB_File and Net::Ping have =cut before NAME
            next if /^=pod\b/;  # It is OK to have =pod before NAME
-            next if /^=for\s+comment\b/;  # It is OK to have =for comment before NAME
+            next if /^=(for|begin|end)\s+comment\b/;  # It is OK to have =for =begin or =end comment before NAME
            die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;
        }
        die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;
diff --git a/src/lib/libssl/src/util/point.sh b/src/lib/libssl/src/util/point.sh
index 4790e08f8a..da39899cb1 100644
--- a/src/lib/libssl/src/util/point.sh
+++ b/src/lib/libssl/src/util/point.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 rm -f "$2"
-if test "$OSTYPE" = msdosdjgpp; then
+if test "$OSTYPE" = msdosdjgpp || test "x$PLATFORM" = xmingw ; then
    cp "$1" "$2"
 else
    ln -s "$1" "$2"
diff --git a/src/lib/libssl/src/util/selftest.pl b/src/lib/libssl/src/util/selftest.pl
index 4778c5ab01..7b32e9f4ff 100644
--- a/src/lib/libssl/src/util/selftest.pl
+++ b/src/lib/libssl/src/util/selftest.pl
@@ -78,7 +78,7 @@ print OUT "\n";
 print "Checking compiler...\n";
 if (open(TEST,">cctest.c")) {
-    print TEST "#include <stdio.h>\n#include <errno.h>\nmain(){printf(\"Hello world\\n\");}\n";
+    print TEST "#include <stdio.h>\n#include <stdlib.h>\n#include <errno.h>\nmain(){printf(\"Hello world\\n\");}\n";
    close(TEST);
    system("$cc -o cctest cctest.c");
    if (`./cctest` !~ /Hello world/) {
@@ -96,7 +96,7 @@ if (open(TEST,">cctest.c")) {
    print OUT "Can't create cctest.c\n";
 }
 if (open(TEST,">cctest.c")) {
-    print TEST "#include <openssl/opensslv.h>\nmain(){printf(OPENSSL_VERSION_TEXT);}\n";
+    print TEST "#include <stdio.h>\n#include <stdlib.h>\n#include <openssl/opensslv.h>\nmain(){printf(OPENSSL_VERSION_TEXT);}\n";
    close(TEST);
    system("$cc -o cctest -Iinclude cctest.c");
    $cctest = `./cctest`;
diff --git a/src/lib/libssl/src/util/shlib_wrap.sh b/src/lib/libssl/src/util/shlib_wrap.sh
index a2f62d696f..9416d593d2 100755
--- a/src/lib/libssl/src/util/shlib_wrap.sh
+++ b/src/lib/libssl/src/util/shlib_wrap.sh
@@ -80,7 +80,7 @@ if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then
        # it into a script makes it possible to do so on multi-ABI
        # platforms.
        case "$SYSNAME" in
-        *BSD)   LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;;  # *BSD
+        *BSD|QNX)       LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;;  # *BSD, QNX
        *)      LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" ;;  # SunOS, Linux, ELF HP-UX
        esac
        _RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"      # Tru64, o32 IRIX
@@ -88,4 +88,6 @@ if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then
        export LD_PRELOAD _RLD_LIST DYLD_INSERT_LIBRARIES
 fi
-exec "$@"
+cmd="$1${EXE_EXT}"
+shift
+exec "$cmd" "$@"
diff --git a/src/lib/libssl/src/util/ssleay.num b/src/lib/libssl/src/util/ssleay.num
index 2055cc1597..15a58e7b13 100644
--- a/src/lib/libssl/src/util/ssleay.num
+++ b/src/lib/libssl/src/util/ssleay.num
@@ -98,9 +98,9 @@ SSLeay_add_ssl_algorithms               109	NOEXIST::FUNCTION:
 SSLv23_client_method                    110     EXIST::FUNCTION:RSA
 SSLv23_method                           111     EXIST::FUNCTION:RSA
 SSLv23_server_method                    112     EXIST::FUNCTION:RSA
-SSLv2_client_method                     113     EXIST::FUNCTION:RSA
+SSLv2_client_method                     113     EXIST::FUNCTION:RSA,SSL2
-SSLv2_method                            114     EXIST::FUNCTION:RSA
+SSLv2_method                            114     EXIST::FUNCTION:RSA,SSL2
-SSLv2_server_method                     115     EXIST::FUNCTION:RSA
+SSLv2_server_method                     115     EXIST::FUNCTION:RSA,SSL2
 SSLv3_client_method                     116     EXIST::FUNCTION:
 SSLv3_method                            117     EXIST::FUNCTION:
 SSLv3_server_method                     118     EXIST::FUNCTION:
@@ -117,8 +117,8 @@ SSL_CIPHER_get_bits                     128	EXIST::FUNCTION:
 SSL_CIPHER_get_version                  129     EXIST::FUNCTION:
 SSL_CIPHER_get_name                     130     EXIST::FUNCTION:
 BIO_ssl_shutdown                        131     EXIST::FUNCTION:BIO
-SSL_SESSION_cmp                         132     EXIST::FUNCTION:
+SSL_SESSION_cmp                         132     NOEXIST::FUNCTION:
-SSL_SESSION_hash                        133     EXIST::FUNCTION:
+SSL_SESSION_hash                        133     NOEXIST::FUNCTION:
 SSL_SESSION_get_time                    134     EXIST::FUNCTION:
 SSL_SESSION_set_time                    135     EXIST::FUNCTION:
 SSL_SESSION_get_timeout                 136     EXIST::FUNCTION:
@@ -242,3 +242,20 @@ SSL_set_SSL_CTX                         290	EXIST::FUNCTION:
 SSL_get_servername                      291     EXIST::FUNCTION:TLSEXT
 SSL_get_servername_type                 292     EXIST::FUNCTION:TLSEXT
 SSL_CTX_set_client_cert_engine          293     EXIST::FUNCTION:ENGINE
+SSL_CTX_use_psk_identity_hint           294     EXIST::FUNCTION:PSK
+SSL_CTX_set_psk_client_callback         295     EXIST::FUNCTION:PSK
+PEM_write_bio_SSL_SESSION               296     EXIST::FUNCTION:
+SSL_get_psk_identity_hint               297     EXIST::FUNCTION:PSK
+SSL_set_psk_server_callback             298     EXIST::FUNCTION:PSK
+SSL_use_psk_identity_hint               299     EXIST::FUNCTION:PSK
+SSL_set_psk_client_callback             300     EXIST::FUNCTION:PSK
+PEM_read_SSL_SESSION                    301     EXIST:!WIN16:FUNCTION:
+PEM_read_bio_SSL_SESSION                302     EXIST::FUNCTION:
+SSL_CTX_set_psk_server_callback         303     EXIST::FUNCTION:PSK
+SSL_get_psk_identity                    304     EXIST::FUNCTION:PSK
+PEM_write_SSL_SESSION                   305     EXIST:!WIN16:FUNCTION:
+SSL_set_session_ticket_ext              306     EXIST::FUNCTION:
+SSL_set_session_secret_cb               307     EXIST::FUNCTION:
+SSL_set_session_ticket_ext_cb           308     EXIST::FUNCTION:
+SSL_set1_param                          309     EXIST::FUNCTION:
+SSL_CTX_set1_param                      310     EXIST::FUNCTION:
diff --git a/src/lib/libssl/test/Makefile b/src/lib/libssl/test/Makefile
index 228ee368cd..3912f82427 100644
--- a/src/lib/libssl/test/Makefile
+++ b/src/lib/libssl/test/Makefile
@@ -5,7 +5,7 @@
 DIR=            test
 TOP=            ..
 CC=             cc
-INCLUDES=       -I$(TOP) -I../include $(KRB5_INCLUDES) -I$(TOP)/fips
+INCLUDES=       -I$(TOP) -I../include $(KRB5_INCLUDES)
 CFLAG=          -g
 MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 PERL=           perl
@@ -27,7 +27,6 @@ DLIBCRYPTO= ../libcrypto.a
 DLIBSSL= ../libssl.a
 LIBCRYPTO= -L.. -lcrypto
 LIBSSL= -L.. -lssl
-LIBFIPS= -L.. -lfips
 BNTEST=         bntest
 ECTEST=         ectest
@@ -45,6 +44,7 @@ MD2TEST=	md2test
 MD4TEST=        md4test
 MD5TEST=        md5test
 HMACTEST=       hmactest
+WPTEST=         wp_test
 RC2TEST=        rc2test
 RC4TEST=        rc4test
 RC5TEST=        rc5test
@@ -60,66 +60,40 @@ RSATEST=	rsa_test
 ENGINETEST=     enginetest
 EVPTEST=        evp_test
 IGETEST=        igetest
-FIPS_SHATEST=   fips_shatest
+JPAKETEST=      jpaketest
-FIPS_DESTEST=   fips_desmovs
+ASN1TEST=       asn1test
-FIPS_RANDTEST=  fips_randtest
-FIPS_AESTEST=   fips_aesavs
-FIPS_HMACTEST=  fips_hmactest
-FIPS_RSAVTEST=  fips_rsavtest
-FIPS_RSASTEST=  fips_rsastest
-FIPS_RSAGTEST=  fips_rsagtest
-FIPS_DSATEST=   fips_dsatest
-FIPS_DSSVS=     fips_dssvs
-FIPS_RNGVS=     fips_rngvs
-FIPS_TEST_SUITE=fips_test_suite
 TESTS=          alltests
 EXE=    $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT)  $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \
-        $(MD2TEST)$(EXE_EXT)  $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) \
+        $(MD2TEST)$(EXE_EXT)  $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) $(WPTEST)$(EXE_EXT) \
        $(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \
        $(DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \
        $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
        $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
        $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
-        $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) \
+        $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) \
-        $(FIPS_SHATEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) \
+        $(ASN1TEST)$(EXE_EXT)
-        $(FIPS_RANDTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) \
-        $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \
-        $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \
-        $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) \
-        $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) jpaketest$(EXE_EXT)
 # $(METHTEST)$(EXE_EXT)
 OBJ=    $(BNTEST).o $(ECTEST).o  $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
        $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
-        $(HMACTEST).o \
+        $(HMACTEST).o $(WPTEST).o \
        $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
        $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(SHA256TEST).o $(SHA512TEST).o \
        $(MDC2TEST).o $(RMDTEST).o \
        $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
        $(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o \
-        $(EVPTEST).o $(IGETEST).o \
+        $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o
-        $(FIPS_SHATEST).o $(FIPS_DESTEST).o $(FIPS_RANDTEST).o \
-        $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \
-        $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o \
-        $(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_TEST_SUITE).o \
-        jpaketest.o
 SRC=    $(BNTEST).c $(ECTEST).c  $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
        $(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \
-        $(HMACTEST).c \
+        $(HMACTEST).c $(WPTEST).c \
        $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
        $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
        $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
        $(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c \
-        $(EVPTEST).c $(IGETEST).c \
+        $(EVPTEST).c $(IGETEST).c $(JPAKETEST).c $(ASN1TEST).c
-        $(FIPS_SHATEST).c $(FIPS_DESTEST).c $(FIPS_RANDTEST).c \
-        $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \
-        $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c \
-        $(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_TEST_SUITE).c \
-        jpaketest.c
 EXHEADER= 
 HEADER= $(EXHEADER)
@@ -156,12 +130,13 @@ apps:
 alltests: \
        test_des test_idea test_sha test_md4 test_md5 test_hmac \
-        test_md2 test_mdc2 \
+        test_md2 test_mdc2 test_wp \
        test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
        test_rand test_bn test_ec test_ecdsa test_ecdh \
        test_enc test_x509 test_rsa test_crl test_sid \
        test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
-        test_ss test_ca test_engine test_evp test_ssl test_ige test_jpake
+        test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \
+        test_jpake test_cms
 test_evp:
        ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
@@ -177,9 +152,6 @@ test_sha:
        ../util/shlib_wrap.sh ./$(SHA1TEST)
        ../util/shlib_wrap.sh ./$(SHA256TEST)
        ../util/shlib_wrap.sh ./$(SHA512TEST)
-        if [ -n "$(FIPSCANLIB)" ]; then \
-          ../util/shlib_wrap.sh ./$(FIPS_SHATEST) < SHAmix.r | diff -w SHAmix.x - ; \
-        fi
 test_mdc2:
        ../util/shlib_wrap.sh ./$(MDC2TEST)
@@ -193,6 +165,9 @@ test_md4:
 test_hmac:
        ../util/shlib_wrap.sh ./$(HMACTEST)
+test_wp:
+        ../util/shlib_wrap.sh ./$(WPTEST)
 test_md2:
        ../util/shlib_wrap.sh ./$(MD2TEST)
@@ -216,12 +191,9 @@ test_rc5:
 test_rand:
        ../util/shlib_wrap.sh ./$(RANDTEST)
-        if [ -n "$(FIPSCANLIB)" ]; then \
-          ../util/shlib_wrap.sh ./$(FIPS_RANDTEST); \
-        fi
 test_enc:
-        sh ./testenc
+        @sh ./testenc
 test_x509:
        echo test normal x509v1 certificate
@@ -283,9 +255,6 @@ test_dsa:
        @echo "Generate a set of DSA parameters"
        ../util/shlib_wrap.sh ./$(DSATEST)
        ../util/shlib_wrap.sh ./$(DSATEST) -app2_1
-        if [ -n "$(FIPSCANLIB)" ]; then \
-          ../util/shlib_wrap.sh ./$(FIPS_DSATEST); \
-        fi
 test_gen:
        @echo "Generate and verify a certificate request"
@@ -305,9 +274,6 @@ test_engine:
 test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
                intP1.ss intP2.ss
        @echo "test SSL protocol"
-        @if [ -n "$(FIPSCANLIB)" ]; then \
-          sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
-        fi
        ../util/shlib_wrap.sh ./$(SSLTEST) -test_cipherlist
        @sh ./testssl keyU.ss certU.ss certCA.ss
        @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
@@ -325,13 +291,24 @@ test_aes: #$(AESTEST)
 #       @echo "test Rijndael"
 #       ../util/shlib_wrap.sh ./$(AESTEST)
+test_tsa:
+        @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
+          echo "skipping testtsa test -- requires RSA"; \
+        else \
+          sh ./testtsa; \
+        fi
 test_ige: $(IGETEST)$(EXE_EXT)
        @echo "Test IGE mode"
        ../util/shlib_wrap.sh ./$(IGETEST)
-test_jpake: jpaketest$(EXE_EXT)
+test_jpake: $(JPAKETEST)$(EXE_EXT)
        @echo "Test JPAKE"
-        ../util/shlib_wrap.sh ./jpaketest
+        ../util/shlib_wrap.sh ./$(JPAKETEST)
+test_cms:
+        @echo "CMS consistency test"
+        $(PERL) cms-test.pl
 lint:
        lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -346,9 +323,11 @@ depend:
 dclean:
        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
        mv -f Makefile.new $(MAKEFILE)
+        rm -f $(SRC) $(SHA256TEST).c $(SHA512TEST).c evptests.txt newkey.pem testkey.pem \
+                        testreq.pem
 clean:
-        rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log dummytest
+        rm -f .rnd tmp.bntest tmp.bctest *.o *.obj *.dll lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log dummytest
 $(DLIBSSL):
        (cd ..; $(MAKE) DIRS=ssl all)
@@ -360,7 +339,6 @@ BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
                shlib_target="$(SHLIB_TARGET)"; \
        fi; \
        LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
-        [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
        $(MAKE) -f $(TOP)/Makefile.shared -e \
                APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
                LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
@@ -396,71 +374,6 @@ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
 $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
        @target=$(SHA512TEST); $(BUILD_CMD)
-FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
-                shlib_target="$(SHLIB_TARGET)"; \
-        fi; \
-        if [ "$(FIPSCANLIB)" = "libfips" ]; then \
-                LIBRARIES="-L$(TOP) -lfips"; \
-        elif [ -n "$(FIPSCANLIB)" ]; then \
-                FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
-                LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \
-        else \
-                LIBRARIES="$(LIBCRYPTO)"; \
-        fi; \
-        $(MAKE) -f $(TOP)/Makefile.shared -e \
-                CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
-                LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
-                link_app.$${shlib_target}
-FIPS_CRYPTO_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
-                shlib_target="$(SHLIB_TARGET)"; \
-        fi; \
-        LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
-        if [ -z "$(SHARED_LIBS)" -a -n "$(FIPSCANLIB)" ] ; then \
-                FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
-        fi; \
-        [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
-        $(MAKE) -f $(TOP)/Makefile.shared -e \
-                CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
-                LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
-                link_app.$${shlib_target}
-$(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_SHATEST); $(FIPS_BUILD_CMD)
-$(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD)
-$(FIPS_DESTEST)$(EXE_EXT): $(FIPS_DESTEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_DESTEST); $(FIPS_BUILD_CMD)
-$(FIPS_HMACTEST)$(EXE_EXT): $(FIPS_HMACTEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_HMACTEST); $(FIPS_BUILD_CMD)
-$(FIPS_RANDTEST)$(EXE_EXT): $(FIPS_RANDTEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_RANDTEST); $(FIPS_BUILD_CMD)
-$(FIPS_RSAVTEST)$(EXE_EXT): $(FIPS_RSAVTEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_RSAVTEST); $(FIPS_BUILD_CMD)
-$(FIPS_RSASTEST)$(EXE_EXT): $(FIPS_RSASTEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_RSASTEST); $(FIPS_BUILD_CMD)
-$(FIPS_RSAGTEST)$(EXE_EXT): $(FIPS_RSAGTEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_RSAGTEST); $(FIPS_BUILD_CMD)
-$(FIPS_DSATEST)$(EXE_EXT): $(FIPS_DSATEST).o $(DLIBCRYPTO)
-        @target=$(FIPS_DSATEST); $(FIPS_BUILD_CMD)
-$(FIPS_DSSVS)$(EXE_EXT): $(FIPS_DSSVS).o $(DLIBCRYPTO)
-        @target=$(FIPS_DSSVS); $(FIPS_BUILD_CMD)
-$(FIPS_RNGVS)$(EXE_EXT): $(FIPS_RNGVS).o $(DLIBCRYPTO)
-        @target=$(FIPS_RNGVS); $(FIPS_BUILD_CMD)
-$(FIPS_TEST_SUITE)$(EXE_EXT): $(FIPS_TEST_SUITE).o $(DLIBCRYPTO)
-        @target=$(FIPS_TEST_SUITE); $(FIPS_BUILD_CMD)
 $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
        @target=$(RMDTEST); $(BUILD_CMD)
@@ -476,6 +389,9 @@ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
 $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
        @target=$(HMACTEST); $(BUILD_CMD)
+$(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+        @target=$(WPTEST); $(BUILD_CMD)
 $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
        @target=$(RC2TEST); $(BUILD_CMD)
@@ -507,7 +423,7 @@ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
        @target=$(METHTEST); $(BUILD_CMD)
 $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
-        @target=$(SSLTEST); $(FIPS_CRYPTO_BUILD_CMD)
+        @target=$(SSLTEST); $(BUILD_CMD)
 $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
        @target=$(ENGINETEST); $(BUILD_CMD)
@@ -524,8 +440,11 @@ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
 $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
        @target=$(IGETEST); $(BUILD_CMD)
-jpaketest$(EXE_EXT): jpaketest.o $(DLIBCRYPTO)
+$(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
-        @target=jpaketest; $(BUILD_CMD)
+        @target=$(JPAKETEST); $(BUILD_CMD)
+$(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+        @target=$(ASN1TEST); $(BUILD_CMD)
 #$(AESTEST).o: $(AESTEST).c
 #       $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
@@ -538,10 +457,22 @@ jpaketest$(EXE_EXT): jpaketest.o $(DLIBCRYPTO)
 #       fi
 dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
-        @target=dummytest$; $(BUILD_CMD)
+        @target=dummytest; $(BUILD_CMD)
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+asn1test.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
+asn1test.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+asn1test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+asn1test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+asn1test.o: ../include/openssl/ecdsa.h ../include/openssl/evp.h
+asn1test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+asn1test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+asn1test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+asn1test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+asn1test.o: ../include/openssl/sha.h ../include/openssl/stack.h
+asn1test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+asn1test.o: ../include/openssl/x509_vfy.h asn1test.c
 bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h
 bftest.o: ../include/openssl/opensslconf.h bftest.c
 bntest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
@@ -550,15 +481,14 @@ bntest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 bntest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 bntest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-bntest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+bntest.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-bntest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-bntest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-bntest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+bntest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+bntest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+bntest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c
-bntest.o: ../include/openssl/x509_vfy.h bntest.c
 casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
 casttest.o: ../include/openssl/opensslconf.h casttest.c
 destest.o: ../include/openssl/des.h ../include/openssl/des_old.h
@@ -597,54 +527,53 @@ ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h
-ecdsatest.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ecdsatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ecdsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ecdsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ecdsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+ecdsatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ecdsatest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ecdsatest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+ecdsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ecdsatest.o: ../include/openssl/x509_vfy.h ecdsatest.c
+ecdsatest.o: ecdsatest.c
 ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ectest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 ectest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 ectest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ectest.o: ../include/openssl/err.h ../include/openssl/evp.h
-ectest.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ectest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ectest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ectest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+ectest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ectest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+ectest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ectest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ectest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+ectest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ectest.c
-ectest.o: ../include/openssl/x509_vfy.h ectest.c
 enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 enginetest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
 enginetest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 enginetest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h
-enginetest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+enginetest.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-enginetest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+enginetest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-enginetest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+enginetest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-enginetest.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+enginetest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-enginetest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-enginetest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+enginetest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-enginetest.o: ../include/openssl/x509_vfy.h enginetest.c
+enginetest.o: enginetest.c
 evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 evp_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 evp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 evp_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h
-evp_test.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-evp_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-evp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-evp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+evp_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-evp_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h
-evp_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+evp_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-evp_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h evp_test.c
+evp_test.o: ../include/openssl/x509_vfy.h evp_test.c
 exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
 exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
@@ -652,186 +581,14 @@ exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
 exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 exptest.o: ../include/openssl/symhacks.h exptest.c
-fips_aesavs.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/aes.h
-fips_aesavs.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-fips_aesavs.o: ../include/openssl/bn.h ../include/openssl/crypto.h
-fips_aesavs.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_aesavs.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_aesavs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-fips_aesavs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-fips_aesavs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-fips_aesavs.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-fips_aesavs.o: ../include/openssl/symhacks.h fips_aesavs.c
-fips_desmovs.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_desmovs.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_desmovs.o: ../include/openssl/crypto.h ../include/openssl/des.h
-fips_desmovs.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
-fips_desmovs.o: ../include/openssl/err.h ../include/openssl/evp.h
-fips_desmovs.o: ../include/openssl/fips.h ../include/openssl/lhash.h
-fips_desmovs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips_desmovs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_desmovs.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-fips_desmovs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_desmovs.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-fips_desmovs.o: fips_desmovs.c
-fips_dsatest.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_dsatest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
-fips_dsatest.o: ../include/openssl/des.h ../include/openssl/des_old.h
-fips_dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-fips_dsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-fips_dsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-fips_dsatest.o: ../include/openssl/err.h ../include/openssl/evp.h
-fips_dsatest.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
-fips_dsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-fips_dsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-fips_dsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-fips_dsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-fips_dsatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-fips_dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_dsatest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-fips_dsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-fips_dsatest.o: fips_dsatest.c
-fips_dssvs.o: ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_dssvs.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_dssvs.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-fips_dssvs.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_dssvs.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_dssvs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-fips_dssvs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-fips_dssvs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-fips_dssvs.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-fips_dssvs.o: ../include/openssl/symhacks.h fips_dssvs.c
-fips_hmactest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_hmactest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_hmactest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-fips_hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-fips_hmactest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-fips_hmactest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-fips_hmactest.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_hmactest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-fips_hmactest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips_hmactest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_hmactest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-fips_hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-fips_hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_hmactest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-fips_hmactest.o: ../include/openssl/x509v3.h fips_hmactest.c
-fips_randtest.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/bio.h
-fips_randtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
-fips_randtest.o: ../include/openssl/des.h ../include/openssl/des_old.h
-fips_randtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_randtest.o: ../include/openssl/fips_rand.h ../include/openssl/lhash.h
-fips_randtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_randtest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
-fips_randtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-fips_randtest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
-fips_randtest.o: ../include/openssl/ui_compat.h fips_randtest.c
-fips_rngvs.o: ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_rngvs.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_rngvs.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-fips_rngvs.o: ../include/openssl/crypto.h ../include/openssl/des.h
-fips_rngvs.o: ../include/openssl/des_old.h ../include/openssl/dsa.h
-fips_rngvs.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-fips_rngvs.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-fips_rngvs.o: ../include/openssl/err.h ../include/openssl/evp.h
-fips_rngvs.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
-fips_rngvs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-fips_rngvs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-fips_rngvs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-fips_rngvs.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-fips_rngvs.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-fips_rngvs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_rngvs.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-fips_rngvs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-fips_rngvs.o: ../include/openssl/x509v3.h fips_rngvs.c
-fips_rsagtest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_rsagtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_rsagtest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-fips_rsagtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-fips_rsagtest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-fips_rsagtest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-fips_rsagtest.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_rsagtest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-fips_rsagtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips_rsagtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_rsagtest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-fips_rsagtest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-fips_rsagtest.o: ../include/openssl/sha.h ../include/openssl/stack.h
-fips_rsagtest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-fips_rsagtest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-fips_rsagtest.o: fips_rsagtest.c
-fips_rsastest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_rsastest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_rsastest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-fips_rsastest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-fips_rsastest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-fips_rsastest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-fips_rsastest.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_rsastest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-fips_rsastest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips_rsastest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_rsastest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-fips_rsastest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-fips_rsastest.o: ../include/openssl/sha.h ../include/openssl/stack.h
-fips_rsastest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-fips_rsastest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-fips_rsastest.o: fips_rsastest.c
-fips_rsavtest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_rsavtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_rsavtest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-fips_rsavtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-fips_rsavtest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-fips_rsavtest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-fips_rsavtest.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_rsavtest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-fips_rsavtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips_rsavtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_rsavtest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-fips_rsavtest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-fips_rsavtest.o: ../include/openssl/sha.h ../include/openssl/stack.h
-fips_rsavtest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-fips_rsavtest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-fips_rsavtest.o: fips_rsavtest.c
-fips_shatest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
-fips_shatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-fips_shatest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-fips_shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-fips_shatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-fips_shatest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-fips_shatest.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_shatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-fips_shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-fips_shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-fips_shatest.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-fips_shatest.o: ../include/openssl/sha.h ../include/openssl/stack.h
-fips_shatest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-fips_shatest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-fips_shatest.o: fips_shatest.c
-fips_test_suite.o: ../fips/fips_utl.h ../include/openssl/aes.h
-fips_test_suite.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-fips_test_suite.o: ../include/openssl/bn.h ../include/openssl/crypto.h
-fips_test_suite.o: ../include/openssl/des.h ../include/openssl/des_old.h
-fips_test_suite.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-fips_test_suite.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_test_suite.o: ../include/openssl/evp.h ../include/openssl/fips.h
-fips_test_suite.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-fips_test_suite.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips_test_suite.o: ../include/openssl/opensslconf.h
-fips_test_suite.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-fips_test_suite.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-fips_test_suite.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-fips_test_suite.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_test_suite.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-fips_test_suite.o: fips_test_suite.c
 hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-hmactest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-hmactest.o: ../include/openssl/hmac.h ../include/openssl/md5.h
+hmactest.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-hmactest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-hmactest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-hmactest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+hmactest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h hmactest.c
+hmactest.o: ../include/openssl/symhacks.h hmactest.c
 ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h
 ideatest.o: ../include/openssl/opensslconf.h ideatest.c
 igetest.o: ../include/openssl/aes.h ../include/openssl/e_os2.h
@@ -842,35 +599,34 @@ jpaketest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
 jpaketest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 jpaketest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 jpaketest.o: ../include/openssl/symhacks.h jpaketest.c
-md2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+md2test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
-md2test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+md2test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
-md2test.o: ../include/openssl/evp.h ../include/openssl/fips.h
-md2test.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h
-md2test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 md2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 md2test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 md2test.o: ../include/openssl/symhacks.h md2test.c
 md4test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 md4test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-md4test.o: ../include/openssl/evp.h ../include/openssl/fips.h
+md4test.o: ../include/openssl/evp.h ../include/openssl/md4.h
-md4test.o: ../include/openssl/md4.h ../include/openssl/obj_mac.h
+md4test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-md4test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+md4test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-md4test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+md4test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-md4test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+md4test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md4test.c
-md4test.o: ../include/openssl/symhacks.h md4test.c
 md5test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 md5test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-md5test.o: ../include/openssl/evp.h ../include/openssl/fips.h
+md5test.o: ../include/openssl/evp.h ../include/openssl/md5.h
-md5test.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-md5test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-md5test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-md5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md5test.c
-md5test.o: ../include/openssl/symhacks.h md5test.c
+mdc2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-mdc2test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
+mdc2test.o: ../include/openssl/crypto.h ../include/openssl/des.h
-mdc2test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+mdc2test.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
-mdc2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+mdc2test.o: ../include/openssl/evp.h ../include/openssl/mdc2.h
-mdc2test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mdc2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-mdc2test.o: ../include/openssl/symhacks.h mdc2test.c
+mdc2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mdc2test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+mdc2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+mdc2test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h mdc2test.c
 randtest.o: ../e_os.h ../include/openssl/e_os2.h
 randtest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
 randtest.o: ../include/openssl/rand.h randtest.c
@@ -886,12 +642,11 @@ rc5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 rc5test.o: ../include/openssl/symhacks.h rc5test.c
 rmdtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rmdtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-rmdtest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+rmdtest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h
-rmdtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rmdtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rmdtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rmdtest.o: ../include/openssl/ossl_typ.h ../include/openssl/ripemd.h
+rmdtest.o: ../include/openssl/ripemd.h ../include/openssl/safestack.h
-rmdtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+rmdtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h rmdtest.c
-rmdtest.o: ../include/openssl/symhacks.h rmdtest.c
 rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h
 rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
@@ -902,20 +657,18 @@ rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 rsa_test.o: ../include/openssl/symhacks.h rsa_test.c
 sha1test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 sha1test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-sha1test.o: ../include/openssl/evp.h ../include/openssl/fips.h
+sha1test.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h
-sha1test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+sha1test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sha1test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-sha1test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-sha1test.o: ../include/openssl/sha.h ../include/openssl/stack.h
+sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h sha1test.c
-sha1test.o: ../include/openssl/symhacks.h sha1test.c
 shatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-shatest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+shatest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h
-shatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-shatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-shatest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-shatest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h shatest.c
-shatest.o: ../include/openssl/symhacks.h shatest.c
 ssltest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ssltest.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -924,13 +677,12 @@ ssltest.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
 ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h
-ssltest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ssltest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssltest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h
@@ -939,3 +691,8 @@ ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 ssltest.o: ../include/openssl/x509v3.h ssltest.c
+wp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+wp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+wp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+wp_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+wp_test.o: ../include/openssl/whrlpool.h wp_test.c
diff --git a/src/lib/libssl/test/maketests.com b/src/lib/libssl/test/maketests.com
index 14cbf06088..ca072f1d11 100644
--- a/src/lib/libssl/test/maketests.com
+++ b/src/lib/libssl/test/maketests.com
@@ -12,9 +12,9 @@ $!  "test" programs for the different types of encryption for OpenSSL.
 $!  It was written so it would try to determine what "C" compiler to
 $!  use or you can specify which "C" compiler to use.
 $!
-$!  The test "executeables" will be placed in a directory called
+$!  The test "executables" will be placed in a directory called
-$!  [.xxx.EXE.TEST] where "xxx" denotes AXP or VAX depending on your machines
+$!  [.xxx.EXE.TEST] where "xxx" denotes ALPHA, IA64, or VAX, depending
-$!  architecture.
+$!  on your machine architecture.
 $!
 $!  Specify DEBUG or NODEBUG P1 to compile with or without debugger
 $!  information.
@@ -44,24 +44,19 @@ $ TCPIP_LIB = ""
 $!
 $! Check Which Architecture We Are Using.
 $!
-$ IF (F$GETSYI("CPU").GE.128) 
+$ if (f$getsyi( "HW_MODEL") .lt. 1024)
-$ THEN
+$ then
-$!
+$    arch = "VAX"
-$!  The Architecture Is AXP.
+$ else
-$!
+$    arch = ""
-$   ARCH := AXP
+$    arch = arch+ f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$!
+$    if (arch .eqs. "") then arch = "UNK"
-$! Else...
+$ endif
-$!
-$ ELSE
-$!
-$!  The Architecture Is VAX.
-$!
-$   ARCH := VAX
 $!
-$! End The Architecture Check.
+$! Define The OBJ and EXE Directories (EXE before CHECK_OPTIONS).
 $!
-$ ENDIF
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST]
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST]
 $!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
@@ -73,7 +68,7 @@ $ GOSUB INITIALISE
 $!
 $! Tell The User What Kind of Machine We Run On.
 $!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$ WRITE SYS$OUTPUT "Compiling On ''ARCH'."
 $!
 $! Define The CRYPTO-LIB We Are To Use.
 $!
@@ -83,39 +78,12 @@ $! Define The SSL We Are To Use.
 $!
 $ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB
 $!
-$! Define The OBJ Directory.
+$! Create the OBJ and EXE Directories, if needed.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST]
-$!
-$! Check To See If The Architecture Specific OBJ Directory Exists.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."")
-$ THEN
-$!
-$!  The EXE Directory Dosen't Exist, So Create It.
-$!
-$   CREATE/DIRECTORY 'OBJ_DIR'
-$!
-$! End The Architecture Specific OBJ Directory Check.
-$!
-$ ENDIF
 $!
-$! Define The EXE Directory.
+$ IF (F$PARSE(OBJ_DIR).EQS."") THEN -
-$!
+   CREATE /DIRECTORY 'OBJ_DIR'
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST]
+$ IF (F$PARSE(EXE_DIR).EQS."") THEN -
-$!
+   CREATE /DIRECTORY 'EXE_DIR'
-$! Check To See If The Architecture Specific EXE Directory Exists.
-$!
-$ IF (F$PARSE(EXE_DIR).EQS."")
-$ THEN
-$!
-$!  The EXE Directory Dosen't Exist, So Create It.
-$!
-$   CREATE/DIRECTORY 'EXE_DIR'
-$!
-$! End The Architecture Specific EXE Directory Check.
-$!
-$ ENDIF
 $!
 $! Check To See If We Have The Proper Libraries.
 $!
@@ -126,20 +94,59 @@ $!
 $ GOSUB CHECK_OPT_FILE
 $!
 $! Define The TEST Files.
+$! NOTE: Some might think this list ugly.  However, it's made this way to
+$! reflect the EXE variable in Makefile as closely as possible,
+$! thereby making it fairly easy to verify that the lists are the same.
 $!
 $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
-               "MD2TEST,MD4TEST,MD5TEST,HMACTEST,"+ -
+               "MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ -
               "RC2TEST,RC4TEST,RC5TEST,"+ -
               "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ -
               "MDC2TEST,RMDTEST,"+ -
               "RANDTEST,DHTEST,ENGINETEST,"+ -
               "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
-               "EVP_TEST"
+               "EVP_TEST,JPAKETEST"
+$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
+$!
+$! Additional directory information.
+$ T_D_BNTEST     := [-.crypto.bn]
+$ T_D_ECTEST     := [-.crypto.ec]
+$ T_D_ECDSATEST  := [-.crypto.ecdsa]
+$ T_D_ECDHTEST   := [-.crypto.ecdh]
+$ T_D_IDEATEST   := [-.crypto.idea]
+$ T_D_MD2TEST    := [-.crypto.md2]
+$ T_D_MD4TEST    := [-.crypto.md4]
+$ T_D_MD5TEST    := [-.crypto.md5]
+$ T_D_HMACTEST   := [-.crypto.hmac]
+$ T_D_WP_TEST    := [-.crypto.whrlpool]
+$ T_D_RC2TEST    := [-.crypto.rc2]
+$ T_D_RC4TEST    := [-.crypto.rc4]
+$ T_D_RC5TEST    := [-.crypto.rc5]
+$ T_D_DESTEST    := [-.crypto.des]
+$ T_D_SHATEST    := [-.crypto.sha]
+$ T_D_SHA1TEST   := [-.crypto.sha]
+$ T_D_SHA256T    := [-.crypto.sha]
+$ T_D_SHA512T    := [-.crypto.sha]
+$ T_D_MDC2TEST   := [-.crypto.mdc2]
+$ T_D_RMDTEST    := [-.crypto.ripemd]
+$ T_D_RANDTEST   := [-.crypto.rand]
+$ T_D_DHTEST     := [-.crypto.dh]
+$ T_D_ENGINETEST := [-.crypto.engine]
+$ T_D_BFTEST     := [-.crypto.bf]
+$ T_D_CASTTEST   := [-.crypto.cast]
+$ T_D_SSLTEST    := [-.ssl]
+$ T_D_EXPTEST    := [-.crypto.bn]
+$ T_D_DSATEST    := [-.crypto.dsa]
+$ T_D_RSA_TEST   := [-.crypto.rsa]
+$ T_D_EVP_TEST   := [-.crypto.evp]
+$ T_D_JPAKETEST  := [-.crypto.jpake]
+$ T_D_IGETEST    := [-.test]
+$!
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
     TCPIP_PROGRAMS = ",SSLTEST,"
 $!
-$!  Define A File Counter And Set It To "0".
+$! Define A File Counter And Set It To "0".
 $!
 $ FILE_COUNTER = 0
 $!
@@ -161,7 +168,7 @@ $ FILE_COUNTER = FILE_COUNTER + 1
 $!
 $! Create The Source File Name.
 $!
-$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$ SOURCE_FILE = "SYS$DISK:" + T_D_'FILE_NAME' + FILE_NAME + ".C"
 $!
 $! Create The Object File Name.
 $!
@@ -195,7 +202,7 @@ $!
 $! Compile The File.
 $!
 $ ON ERROR THEN GOTO NEXT_FILE
-$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ CC /OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $ ON WARNING THEN GOTO NEXT_FILE
 $!
 $! Check If What We Are About To Compile Works Without A TCP/IP Library.
@@ -205,7 +212,8 @@ $ THEN
 $!
 $!  Inform The User That A TCP/IP Library Is Needed To Compile This Program.
 $!
-$   WRITE SYS$OUTPUT FILE_NAME," Needs A TCP/IP Library.  Can't Link.  Skipping..."
+$   WRITE SYS$OUTPUT -
+          FILE_NAME," Needs A TCP/IP Library.  Can't Link.  Skipping..."
 $   GOTO NEXT_FILE
 $!
 $! End The TCP/IP Library Check.
@@ -220,10 +228,12 @@ $ THEN
 $!
 $!  Don't Link With The RSAREF Routines And TCP/IP Library.
 $!
-$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+$   LINK /'DEBUGGER' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' -
        'OBJECT_FILE', -
-        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+        'SSL_LIB' /LIBRARY, -
-        'TCPIP_LIB','OPT_FILE'/OPTION
+        'CRYPTO_LIB' /LIBRARY, -
+        'TCPIP_LIB', -
+        'OPT_FILE' /OPTIONS
 $!
 $! Else...
 $!
@@ -231,10 +241,11 @@ $ ELSE
 $!
 $!  Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
 $!
-$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+$   LINK /'DEBUGGER' /'TRACEBACK' /EXECUTABLE = 'EXE_FILE' -
        'OBJECT_FILE', -
-        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+        'SSL_LIB' /LIBRARY, -
-        'OPT_FILE'/OPTION
+        'CRYPTO_LIB' /LIBRARY, -
+        'OPT_FILE' /OPTIONS
 $!
 $! End The TCP/IP Library Check.
 $!
@@ -273,10 +284,10 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable VAX C Runtime Library.
 !
-SYS$SHARE:VAXCRTL.EXE/SHARE
+SYS$SHARE:VAXCRTL.EXE /SHAREABLE
 $EOD
 $!
 $!  End The Option File Check.
@@ -305,8 +316,8 @@ $DECK
 ! Default System Options File To Link Agianst 
 ! The Sharable C Runtime Library.
 !
-GNU_CC:[000000]GCCLIB/LIBRARY
+GNU_CC:[000000]GCCLIB.OLB /LIBRARY
-SYS$SHARE:VAXCRTL/SHARE
+SYS$SHARE:VAXCRTL.EXE /SHAREABLE
 $EOD
 $!
 $!  End The Option File Check.
@@ -327,7 +338,7 @@ $!
 $   IF (F$SEARCH(OPT_FILE).EQS."")
 $   THEN
 $!
-$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!    Figure Out If We Need A non-VAX Or A VAX Linker Option File.
 $!
 $     IF (ARCH.EQS."VAX")
 $     THEN
@@ -340,26 +351,26 @@ $DECK
 ! Default System Options File To Link Agianst 
 ! The Sharable DEC C Runtime Library.
 !
-SYS$SHARE:DECC$SHR.EXE/SHARE
+SYS$SHARE:DECC$SHR.EXE /SHAREABLE
 $EOD
 $!
 $!    Else...
 $!
 $     ELSE
 $!
-$!      Create The AXP Linker Option File.
+$!      Create The non-VAX Linker Option File.
 $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For AXP To Link Agianst 
+! Default System Options File For non-VAX To Link Agianst 
 ! The Sharable C Runtime Library.
 !
-SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_LIB_SHR.EXE /SHAREABLE
-SYS$SHARE:CMA$OPEN_RTL/SHARE
+SYS$SHARE:CMA$OPEN_RTL.EXE /SHAREABLE
 $EOD
 $!
-$!    End The VAX/AXP DEC C Option File Check.
+$!    End The DEC C Option File Check.
 $!
 $     ENDIF
 $!
@@ -511,7 +522,7 @@ $   ELSE
 $!
 $!  Check To See If We Have VAXC Or DECC.
 $!
-$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
 $     THEN 
 $!
 $!      Looks Like DECC, Set To Use DECC.
@@ -614,14 +625,14 @@ $!    Use DECC...
 $!
 $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
-         THEN CC = "CC/DECC"
+         THEN CC = "CC /DECC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+$     CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL" + -
+           "/NOLIST /PREFIX=ALL" + -
           "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -643,23 +654,23 @@ $!
 $!    Compile Using VAXC.
 $!
 $     CC = "CC"
-$     IF ARCH.EQS."AXP"
+$     IF ARCH.NES."VAX"
 $     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
 $       EXIT
 $     ENDIF
-$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC /VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+$     CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -
           "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
 $!
-$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$     DEFINE /NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -680,12 +691,12 @@ $     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
 $!
 $!    Use GNU C...
 $!
-$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+$     CC = "GCC /NOCASE_HACK /''GCC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -
           "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -715,7 +726,7 @@ $   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $!
 $!  Show user the result
 $!
-$   WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
+$   WRITE /SYMBOL SYS$OUTPUT "Main Compiling Command: ", CC
 $!
 $!  Else The User Entered An Invalid Arguement.
 $!
@@ -749,7 +760,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
 $!
 $!    Done with SOCKETSHR
 $!
@@ -760,7 +771,7 @@ $!
 $   IF P3.EQS."MULTINET"
 $   THEN
 $!
-$!    Set the library to use UXC emulation.
+$!    Set the library to use UCX emulation.
 $!
 $     P3 = "UCX"
 $!
@@ -775,13 +786,13 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
 $     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
 $     THEN
-$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
 $     ELSE
 $       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-          TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+          TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
 $     ENDIF
 $!
 $!    Done with UCX
@@ -795,7 +806,7 @@ $   THEN
 $!
 $!    Set the library to use TCPIP (post UCX).
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Done with TCPIP
 $!
@@ -893,7 +904,7 @@ $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
 $!
 $! Set up the logical name OPENSSL to point at the include directory
 $!
-$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$ DEFINE OPENSSL /NOLOG '__INCLUDE'
 $!
 $! Done
 $!
@@ -907,7 +918,7 @@ $ IF __SAVE_OPENSSL .EQS. ""
 $ THEN
 $   DEASSIGN OPENSSL
 $ ELSE
-$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$   DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
 $ ENDIF
 $!
 $! Done
diff --git a/src/lib/libssl/test/tcrl.com b/src/lib/libssl/test/tcrl.com
index 86bf9735aa..1f606eb850 100644
--- a/src/lib/libssl/test/tcrl.com
+++ b/src/lib/libssl/test/tcrl.com
@@ -1,7 +1,9 @@
 $! TCRL.COM  --  Tests crl keys
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       cmd := mcr 'exe_dir'openssl crl
diff --git a/src/lib/libssl/test/testca.com b/src/lib/libssl/test/testca.com
index c670f2bf5f..ec7e56dad6 100644
--- a/src/lib/libssl/test/testca.com
+++ b/src/lib/libssl/test/testca.com
@@ -1,8 +1,9 @@
 $! TESTCA.COM
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
-$       exe_dir := sys$disk:[-.'__arch'.exe.apps]
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $
 $       openssl := mcr 'exe_dir'openssl
 $
@@ -11,7 +12,7 @@ $
 $       set noon
 $       if f$search("demoCA.dir") .nes. ""
 $       then
-$           call deltree [.demoCA]*.*
+$           @[-.util]deltree [.demoCA]*.*
 $           set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
 $           delete demoCA.dir;*
 $       endif
@@ -38,7 +39,7 @@ $	@[-.apps]CA.com -verify newcert.pem
 $       if $severity .ne. 1 then exit 3
 $
 $       set noon
-$       call deltree [.demoCA]*.*
+$       @[-.util]deltree [.demoCA]*.*
 $       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
 $       delete demoCA.dir;*
 $       if f$search("newcert.pem") .nes. "" then delete newcert.pem;*
@@ -47,32 +48,3 @@ $	set on
 $!      #usage: CA -newcert|-newreq|-newca|-sign|-verify
 $
 $       exit
-$
-$ deltree: subroutine ! P1 is a name of a directory
-$       on control_y then goto dt_STOP
-$       on warning then goto dt_exit
-$       _dt_def = f$trnlnm("SYS$DISK")+f$directory()
-$       if f$parse(p1) .eqs. "" then exit
-$       set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")'
-$       p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE")
-$       _fp = f$parse(".DIR",p1)
-$ dt_loop:
-$       _f = f$search(_fp)
-$       if _f .eqs. "" then goto dt_loopend
-$       call deltree [.'f$parse(_f,,,"NAME")']*.*
-$       goto dt_loop
-$ dt_loopend:
-$       _fp = f$parse(p1,".;*")
-$       if f$search(_fp) .eqs. "" then goto dt_exit
-$       set noon
-$       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp'
-$       set on
-$       delete/nolog '_fp'
-$ dt_exit:
-$       set default '_dt_def'
-$       exit
-$ dt_STOP:
-$       set default '_dt_def'
-$       stop/id=""
-$       exit
-$       endsubroutine
diff --git a/src/lib/libssl/test/testenc.com b/src/lib/libssl/test/testenc.com
index 5e6f521f9d..621d9a2126 100644
--- a/src/lib/libssl/test/testenc.com
+++ b/src/lib/libssl/test/testenc.com
@@ -1,8 +1,9 @@
 $! TESTENC.COM  --  Test encoding and decoding
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
-$       exe_dir := sys$disk:[-.'__arch'.exe.apps]
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $
 $       testsrc := makefile.
 $       test := p.txt
diff --git a/src/lib/libssl/test/testgen.com b/src/lib/libssl/test/testgen.com
index 5d28ebec72..a4bc574bec 100644
--- a/src/lib/libssl/test/testgen.com
+++ b/src/lib/libssl/test/testgen.com
@@ -1,7 +1,9 @@
 $! TETSGEN.COM
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       T := testcert
diff --git a/src/lib/libssl/test/tests.com b/src/lib/libssl/test/tests.com
index 88a33d0531..d151cd3955 100644
--- a/src/lib/libssl/test/tests.com
+++ b/src/lib/libssl/test/tests.com
@@ -6,11 +6,17 @@ $	__proc = f$element(0,";",f$environment("procedure"))
 $       __here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;"
 $       __save_default = f$environment("default")
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       texe_dir := sys$disk:[-.'__arch'.exe.test]
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
+$       sslroot = f$parse("sys$disk:[-.apps];",,,,"syntax_only") - "].;"+ ".]"
+$       define /translation_attributes = concealed sslroot 'sslroot'
+$
 $       set default '__here'
+$
 $       on control_y then goto exit
 $       on error then goto exit
 $
@@ -18,14 +24,18 @@ $	if p1 .nes. ""
 $       then
 $           tests = p1
 $       else
+$! NOTE: This list reflects the list of dependencies following the
+$! "alltests" target in Makefile.  This should make it easy to see
+$! if there's a difference that needs to be taken care of.
 $           tests := -
        test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-
-        test_md2,test_mdc2,-
+        test_md2,test_mdc2,test_wp,-
-        test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_rd,-
+        test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,-
        test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-
        test_enc,test_x509,test_rsa,test_crl,test_sid,-
        test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
-        test_ss,test_ca,test_engine,test_evp,test_ssl,test_ige,test_jpake
+        test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,-
+        test_jpake,test_cms
 $       endif
 $       tests = f$edit(tests,"COLLAPSE")
 $
@@ -43,6 +53,7 @@ $	MD2TEST :=	md2test
 $       MD4TEST :=      md4test
 $       MD5TEST :=      md5test
 $       HMACTEST :=     hmactest
+$       WPTEST :=       wp_test
 $       RC2TEST :=      rc2test
 $       RC4TEST :=      rc4test
 $       RC5TEST :=      rc5test
@@ -93,6 +104,9 @@ $	return
 $ test_hmac:
 $       mcr 'texe_dir''hmactest'
 $       return
+$ test_wp:
+$       mcr 'texe_dir''wptest'
+$       return
 $ test_md2:
 $       mcr 'texe_dir''md2test'
 $       return
@@ -248,9 +262,22 @@ $	    write sys$output "Generate and certify a test certificate via the 'ca' pro
 $           @testca.com
 $       endif
 $       return
-$ test_rd: 
+$ test_aes: 
-$       write sys$output "test Rijndael"
+$!      write sys$output "test AES"
-$       !mcr 'texe_dir''rdtest'
+$!      !mcr 'texe_dir''aestest'
+$       return
+$ test_tsa:
+$       set noon
+$       define/user sys$output nla0:
+$       mcr 'exe_dir'openssl no-rsa
+$       save_severity=$SEVERITY
+$       set on
+$       if save_severity
+$       then
+$           write sys$output "skipping testtsa.com test -- requires RSA"
+$       else
+$           @testtsa.com
+$       endif
 $       return
 $ test_ige: 
 $       write sys$output "Test IGE mode"
@@ -260,8 +287,13 @@ $ test_jpake:
 $       write sys$output "Test JPAKE"
 $       mcr 'texe_dir''jpaketest'
 $       return
+$ test_cms:
+$       write sys$output "CMS consistency test"
+$       perl CMS-TEST.PL
+$       return
 $
 $
 $ exit:
 $       set default '__save_default'
+$       deassign sslroot
 $       exit
diff --git a/src/lib/libssl/test/testss.com b/src/lib/libssl/test/testss.com
index 685ae5043d..6598106b09 100644
--- a/src/lib/libssl/test/testss.com
+++ b/src/lib/libssl/test/testss.com
@@ -1,7 +1,9 @@
 $! TESTSS.COM
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       digest="-md5"
diff --git a/src/lib/libssl/test/testssl.com b/src/lib/libssl/test/testssl.com
index 26308f7715..9c83afba04 100644
--- a/src/lib/libssl/test/testssl.com
+++ b/src/lib/libssl/test/testssl.com
@@ -1,7 +1,9 @@
 $! TESTSSL.COM
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       texe_dir := sys$disk:[-.'__arch'.exe.test]
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
diff --git a/src/lib/libssl/test/testtsa.com b/src/lib/libssl/test/testtsa.com
new file mode 100644
index 0000000000..e3c586f14a
--- /dev/null
+++ b/src/lib/libssl/test/testtsa.com
@@ -0,0 +1,248 @@
+$!
+$! A few very basic tests for the 'ts' time stamping authority command.
+$!
+$
+$       __arch := VAX
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
+$       exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$       openssl := mcr 'f$parse(exe_dir+"openssl.exe")'
+$       OPENSSL_CONF := [-]CAtsa.cnf
+$       ! Because that's what ../apps/CA.sh really looks at
+$       SSLEAY_CONFIG = "-config " + OPENSSL_CONF
+$
+$ error:
+$       subroutine
+$               write sys$error "TSA test failed!"
+$               exit 3
+$       endsubroutine
+$
+$ setup_dir:
+$       subroutine
+$
+$               if f$search("tsa.dir") .nes ""
+$               then
+$                       @[-.util]deltree [.tsa]*.*
+$                       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
+$                       delete tsa.dir;*
+$               endif
+$
+$               create/dir [.tsa]
+$               set default [.tsa]
+$       endsubroutine
+$
+$ clean_up_dir:
+$       subroutine
+$
+$               set default [-]
+$               @[-.util]deltree [.tsa]*.*
+$               set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
+$               delete tsa.dir;*
+$       endsubroutine
+$
+$ create_ca:
+$       subroutine
+$
+$               write sys$output "Creating a new CA for the TSA tests..."
+$               TSDNSECT = "ts_ca_dn"
+$               openssl req -new -x509 -nodes -
+                        -out tsaca.pem -keyout tsacakey.pem
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ create_tsa_cert:
+$       subroutine
+$
+$               INDEX=p1
+$               EXT=p2
+$               TSDNSECT = "ts_cert_dn"
+$
+$               openssl req -new -
+                        -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
+$               if $severity .ne. 1 then call error
+$
+$               write sys$output "Using extension ''EXT'"
+$               openssl x509 -req -
+                        -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
+                        "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" -
+                        -extfile 'OPENSSL_CONF' -extensions "''EXT'"
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ print_request:
+$       subroutine
+$
+$               openssl ts -query -in 'p1' -text
+$       endsubroutine
+$
+$ create_time_stamp_request1: subroutine
+$
+$               openssl ts -query -data [-]testtsa.com -policy tsa_policy1 -
+                        -cert -out req1.tsq
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ create_time_stamp_request2: subroutine
+$
+$               openssl ts -query -data [-]testtsa.com -policy tsa_policy2 -
+                        -no_nonce -out req2.tsq
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ create_time_stamp_request3: subroutine
+$
+$               openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ print_response:
+$       subroutine
+$
+$               openssl ts -reply -in 'p1' -text
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ create_time_stamp_response:
+$       subroutine
+$
+$               openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2'
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ time_stamp_response_token_test:
+$       subroutine
+$
+$               RESPONSE2:='p2'.copy_tsr
+$               TOKEN_DER:='p2'.token_der
+$               openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
+$               if $severity .ne. 1 then call error
+$               openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
+$               if $severity .ne. 1 then call error
+$               backup/compare 'RESPONSE2' 'p2'
+$               if $severity .ne. 1 then call error
+$               openssl ts -reply -in 'p2' -text -token_out
+$               if $severity .ne. 1 then call error
+$               openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out
+$               if $severity .ne. 1 then call error
+$               openssl ts -reply -queryfile 'p1' -text -token_out
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ verify_time_stamp_response:
+$       subroutine
+$
+$               openssl ts -verify -queryfile 'p1' -in 'p2' -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               if $severity .ne. 1 then call error
+$               openssl ts -verify -data 'p3' -in 'p2' -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ verify_time_stamp_token:
+$       subroutine
+$
+$               ! create the token from the response first
+$               openssl ts -reply -in 'p2' -out 'p2'.token -token_out
+$               if $severity .ne. 1 then call error
+$               openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               if $severity .ne. 1 then call error
+$               openssl ts -verify -data 'p3' -in 'p2'.token -token_in -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               if $severity .ne. 1 then call error
+$       endsubroutine
+$
+$ verify_time_stamp_response_fail:
+$       subroutine
+$
+$               openssl ts -verify -queryfile 'p1' -in 'p2' -
+                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$               ! Checks if the verification failed, as it should have.
+$               if $severity .eq. 1 then call error
+$               write sys$output "Ok"
+$       endsubroutine
+$
+$       ! Main body ----------------------------------------------------------
+$
+$       write sys$output "Setting up TSA test directory..."
+$       call setup_dir
+$
+$       write sys$output "Creating CA for TSA tests..."
+$       call create_ca
+$
+$       write sys$output "Creating tsa_cert1.pem TSA server cert..."
+$       call create_tsa_cert 1 "tsa_cert"
+$
+$       write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
+$       call create_tsa_cert 2 "non_tsa_cert"
+$
+$       write sys$output "Creating req1.req time stamp request for file testtsa..."
+$       call create_time_stamp_request1
+$
+$       write sys$output "Printing req1.req..."
+$       call print_request req1.tsq
+$
+$       write sys$output "Generating valid response for req1.req..."
+$       call create_time_stamp_response req1.tsq resp1.tsr tsa_config1
+$
+$       write sys$output "Printing response..."
+$       call print_response resp1.tsr
+$
+$       write sys$output "Verifying valid response..."
+$       call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com
+$
+$       write sys$output "Verifying valid token..."
+$       call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com
+$
+$       ! The tests below are commented out, because invalid signer certificates
+$       ! can no longer be specified in the config file.
+$
+$       ! write sys$output "Generating _invalid_ response for req1.req..."
+$       ! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
+$
+$       ! write sys$output "Printing response..."
+$       ! call print_response resp1_bad.tsr
+$
+$       ! write sys$output "Verifying invalid response, it should fail..."
+$       ! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
+$
+$       write sys$output "Creating req2.req time stamp request for file testtsa..."
+$       call create_time_stamp_request2
+$
+$       write sys$output "Printing req2.req..."
+$       call print_request req2.tsq
+$
+$       write sys$output "Generating valid response for req2.req..."
+$       call create_time_stamp_response req2.tsq resp2.tsr tsa_config1
+$
+$       write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
+$       call time_stamp_response_token_test req2.tsq resp2.tsr
+$
+$       write sys$output "Printing response..."
+$       call print_response resp2.tsr
+$
+$       write sys$output "Verifying valid response..."
+$       call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com
+$
+$       write sys$output "Verifying response against wrong request, it should fail..."
+$       call verify_time_stamp_response_fail req1.tsq resp2.tsr
+$
+$       write sys$output "Verifying response against wrong request, it should fail..."
+$       call verify_time_stamp_response_fail req2.tsq resp1.tsr
+$
+$       write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
+$       call create_time_stamp_request3
+$
+$       write sys$output "Printing req3.req..."
+$       call print_request req3.tsq
+$
+$       write sys$output "Verifying response against wrong request, it should fail..."
+$       call verify_time_stamp_response_fail req3.tsq resp1.tsr
+$
+$       write sys$output "Cleaning up..."
+$       call clean_up_dir
+$
+$       exit
diff --git a/src/lib/libssl/test/tpkcs7.com b/src/lib/libssl/test/tpkcs7.com
index 047834fba4..e107cc141a 100644
--- a/src/lib/libssl/test/tpkcs7.com
+++ b/src/lib/libssl/test/tpkcs7.com
@@ -1,7 +1,9 @@
 $! TPKCS7.COM  --  Tests pkcs7 keys
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       cmd := mcr 'exe_dir'openssl pkcs7
diff --git a/src/lib/libssl/test/tpkcs7d.com b/src/lib/libssl/test/tpkcs7d.com
index 193bb72137..5ff653ccee 100644
--- a/src/lib/libssl/test/tpkcs7d.com
+++ b/src/lib/libssl/test/tpkcs7d.com
@@ -1,7 +1,9 @@
 $! TPKCS7.COM  --  Tests pkcs7 keys
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       cmd := mcr 'exe_dir'openssl pkcs7
diff --git a/src/lib/libssl/test/treq.com b/src/lib/libssl/test/treq.com
index 5524e485ba..d2594be6a7 100644
--- a/src/lib/libssl/test/treq.com
+++ b/src/lib/libssl/test/treq.com
@@ -1,7 +1,9 @@
 $! TREQ.COM  --  Tests req keys
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       cmd := mcr 'exe_dir'openssl req -config [-.apps]openssl-vms.cnf
diff --git a/src/lib/libssl/test/trsa.com b/src/lib/libssl/test/trsa.com
index 6dbe59ef64..d3a8a605b7 100644
--- a/src/lib/libssl/test/trsa.com
+++ b/src/lib/libssl/test/trsa.com
@@ -1,7 +1,9 @@
 $! TRSA.COM  --  Tests rsa keys
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       set noon
diff --git a/src/lib/libssl/test/tsid.com b/src/lib/libssl/test/tsid.com
index abd1d4d737..267ace1135 100644
--- a/src/lib/libssl/test/tsid.com
+++ b/src/lib/libssl/test/tsid.com
@@ -1,7 +1,9 @@
 $! TSID.COM  --  Tests sid keys
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       cmd := mcr 'exe_dir'openssl sess_id
diff --git a/src/lib/libssl/test/tverify.com b/src/lib/libssl/test/tverify.com
index 021d701d79..01431f4aac 100644
--- a/src/lib/libssl/test/tverify.com
+++ b/src/lib/libssl/test/tverify.com
@@ -1,29 +1,63 @@
 $! TVERIFY.COM
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
+$!
+$       line_max = 255 ! Could be longer on modern non-VAX.
+$       temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp"
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
-$
+$       cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'"
-$       copy/concatenate [-.certs]*.pem certs.tmp
+$       cmd_len = f$length( cmd)
-$
+$       pems = "[-.certs...]*.pem"
+$!
+$!      Concatenate all the certificate files.
+$!
+$       copy /concatenate 'pems' 'temp_file_name'
+$!
+$!      Loop through all the certificate files.
+$!
+$       args = ""
 $       old_f :=
-$ loop_certs:
+$ loop_file: 
-$       verify := NO
+$           f = f$search( pems)
-$       more := YES
+$           if ((f .nes. "") .and. (f .nes. old_f))
-$       certs :=
+$           then
-$ loop_certs2:
+$             old_f = f
-$       f = f$search("[-.certs]*.pem")
+$!
-$       if f .nes. "" .and. f .nes. old_f
+$!            If this file name would over-extend the command line, then
+$!            run the command now.
+$!
+$             if (cmd_len+ f$length( args)+ 1+ f$length( f) .gt. line_max)
+$             then
+$                if (args .eqs. "") then goto disaster
+$                'cmd''args'
+$                args = ""
+$             endif
+$!            Add the next file to the argument list.
+$             args = args+ " "+ f
+$          else
+$!            No more files in the list
+$             goto loop_file_end
+$          endif
+$       goto loop_file
+$       loop_file_end:
+$!
+$!      Run the command for any left-over arguments.
+$!
+$       if (args .nes. "")
 $       then
-$           certs = certs + " [-.certs]" + f$parse(f,,,"NAME") + ".pem"
+$          'cmd''args'
-$           verify := YES
-$           if f$length(certs) .lt. 180 then goto loop_certs2
-$       else
-$           more := NO
 $       endif
-$       certs = certs - " "
+$!
-$
+$!      Delete the temporary file.
-$       if verify then mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
+$!
-$       if more then goto loop_certs
+$       if (f$search( "''temp_file_name';*") .nes. "") then -
-$
+         delete 'temp_file_name';*
-$       delete certs.tmp;*
+$!
+$       exit
+$!
+$       disaster:
+$       write sys$output "   Command line too long.  Doomed."
+$!
diff --git a/src/lib/libssl/test/tx509.com b/src/lib/libssl/test/tx509.com
index 7b2592f773..399eb01490 100644
--- a/src/lib/libssl/test/tx509.com
+++ b/src/lib/libssl/test/tx509.com
@@ -1,7 +1,9 @@
 $! TX509.COM  --  Tests x509 certificates
 $
 $       __arch := VAX
-$       if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$       if f$getsyi("cpu") .ge. 128 then -
+           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$       if __arch .eqs. "" then __arch := UNK
 $       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
 $       cmd := mcr 'exe_dir'openssl x509
author	djm <>	2010-10-01 22:54:19 +0000
committer	djm <>	2010-10-01 22:54:19 +0000
commit	242690ab2a8e991b85b4735c4e0bac0ec7bd3481 (patch)
tree	a55c90bd6ea9329d2afb5540220340cadd107178 /src/lib
parent	5d1f64994b96668ba794f5211364ed54dd7ee08d (diff)
download	openbsd-242690ab2a8e991b85b4735c4e0bac0ec7bd3481.tar.gz openbsd-242690ab2a8e991b85b4735c4e0bac0ec7bd3481.tar.bz2 openbsd-242690ab2a8e991b85b4735c4e0bac0ec7bd3481.zip